scsi: ufs: Fix unexpected values get from ufshcd_read_desc_param() (f18893ca) · Commits · e / devices / android_kernel_fairphone_FP4

drivers/scsi/ufs/ufshcd.c

+12 −5

Original line number	Diff line number	Diff line
		@@ -4550,14 +4550,21 @@ int ufshcd_read_desc_param(struct ufs_hba *hba,

		/* Sanity checks */
		if (ret \|\| !buff_len) {
		dev_err(hba->dev, "%s: Failed to get full descriptor length",
		dev_err(hba->dev, "%s: Failed to get full descriptor length\n",
		__func__);
		return ret;
		}

		if (param_offset >= buff_len \|\|
		param_offset + param_size > buff_len) {
		dev_err(hba->dev, "%s: Invalid offset 0x%x or size 0x%x in descriptor IDN 0x%x, length 0x%x\n",
		__func__, param_offset, param_size, desc_id, buff_len);
		return -EINVAL;
		}

		/* Check whether we need temp memory */
		if (param_offset != 0 \|\| param_size < buff_len) {
		desc_buf = kmalloc(buff_len, GFP_KERNEL);
		if (param_offset != 0) {
		desc_buf = kzalloc(buff_len, GFP_KERNEL);
		if (!desc_buf)
		return -ENOMEM;
		} else {
		@@ -4571,14 +4578,14 @@ int ufshcd_read_desc_param(struct ufs_hba *hba,
		desc_buf, &buff_len);

		if (ret) {
		dev_err(hba->dev, "%s: Failed reading descriptor. desc_id %d, desc_index %d, param_offset %d, ret %d",
		dev_err(hba->dev, "%s: Failed reading descriptor. desc_id %d, desc_index %d, param_offset %d, ret %d\n",
		__func__, desc_id, desc_index, param_offset, ret);
		goto out;
		}

		/* Sanity check */
		if (desc_buf[QUERY_DESC_DESC_TYPE_OFFSET] != desc_id) {
		dev_err(hba->dev, "%s: invalid desc_id %d in descriptor header",
		dev_err(hba->dev, "%s: invalid desc_id %d in descriptor header\n",
		__func__, desc_buf[QUERY_DESC_DESC_TYPE_OFFSET]);
		ret = -EINVAL;
		goto out;