RE: [PATCH v3] scsi: ufs: WB is only available on LUN #0 to #7

From: Avri Altman
Date: Mon Jan 11 2021 - 05:08:59 EST

Next message: Sebastian A. Siewior: "Re: [RFC PATCH 0/1] net: arcnet: Fix RESET sequence"
Previous message: Daniel Vetter: "Re: [PATCH V4 3/3] drm/vkms: Add information about module options"
In reply to: Jaegeuk Kim: "[PATCH v3] scsi: ufs: WB is only available on LUN #0 to #7"
Next in thread: Martin K. Petersen: "Re: [PATCH v3] scsi: ufs: WB is only available on LUN #0 to #7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>
>
> From: Jaegeuk Kim <jaegeuk@xxxxxxxxxx>
>
> Kernel stack violation when getting unit_descriptor/wb_buf_alloc_units from
> rpmb lun. The reason is the unit descriptor length is different per LU.
>
> The lengh of Normal LU is 45, while the one of rpmb LU is 35.
>
> int ufshcd_read_desc_param(struct ufs_hba *hba, ...)
> {
> param_offset=41;
> param_size=4;
> buff_len=45;
> ...
> buff_len=35 by rpmb LU;
>
> if (is_kmalloc) {
> /* Make sure we don't copy more data than available */
> if (param_offset + param_size > buff_len)
> param_size = buff_len - param_offset;
> --> param_size = 250;
> memcpy(param_read_buf, &desc_buf[param_offset], param_size);
> --> memcpy(param_read_buf, desc_buf+41, 250);
>
> [ 141.868974][ T9174] Kernel panic - not syncing: stack-protector: Kernel
> stack is corrupted in: wb_buf_alloc_units_show+0x11c/0x11c
> }
> }
>
> Signed-off-by: Jaegeuk Kim <jaegeuk@xxxxxxxxxx>
Reviewed-by: Avri Altman <avri.altman@xxxxxxx>

Next message: Sebastian A. Siewior: "Re: [RFC PATCH 0/1] net: arcnet: Fix RESET sequence"
Previous message: Daniel Vetter: "Re: [PATCH V4 3/3] drm/vkms: Add information about module options"
In reply to: Jaegeuk Kim: "[PATCH v3] scsi: ufs: WB is only available on LUN #0 to #7"
Next in thread: Martin K. Petersen: "Re: [PATCH v3] scsi: ufs: WB is only available on LUN #0 to #7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]