| Message ID | 20240205104905.24929-1-alice.chao@mediatek.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel+bounces-52432-ouuuleilei=gmail.com@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a05:7301:168b:b0:106:860b:bbdd with SMTP id
ma11csp792854dyb;
Mon, 5 Feb 2024 02:49:37 -0800 (PST)
X-Google-Smtp-Source:
AGHT+IEMIEhYnirLebuU2UucCAtmFM9btWO+fJDFZh+rzlIc5cVoi/83AheZEU71rIX46i9MyTC5
X-Received: by 2002:a17:906:6849:b0:a35:3718:997c with SMTP id
a9-20020a170906684900b00a353718997cmr5525821ejs.28.1707130177209;
Mon, 05 Feb 2024 02:49:37 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1707130177; cv=pass;
d=google.com; s=arc-20160816;
b=sLNqDK4hSyblWAAq3r8EAZyW8OOGXPwuB/Ic9gB7PkOxOy8ztDEulwNGse3aR5cYfO
EXstqSw//kGIg7afBtZdMfZV99eG0it0tiuKN1S3zeZSItM5VzOGutaKae7BIdPlJ1ec
Sc1JfdCs3b6m/noAqj6yaGovuVdQj9sHtOH96Jyez//fC62qAyMtehyQzZ/7TPw1CCGE
5F2yyDl2EiAWSIcmZy+TYTgnp5ciE9sIFCNjzVDjUI4CZcFYYk3vO3vu6JeJ4wp3Ez9Q
veog/WeH6mqfg52yFGQt95MEEveV1xzlfkdkEXXyq78ICY5C5/BMmRpQPRNITYdVmVHT
5+sg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=mime-version:list-unsubscribe:list-subscribe:list-id:precedence
:message-id:date:subject:cc:to:from:dkim-signature;
bh=fUeRA0Jda+Lyqu/i6W8IEQOOKZJBQt/IPjmrmBJEcYo=;
fh=oMD7f8Fz6Xq2/q3riCyx9wsE/tb8QYlr7Q9yH7HdULI=;
b=PsBqzRDHt8JYnAV/shJte1vzw/CkJi4VJRutB9HVECkpfS8rpaYqwTjnLWibHwM7Oq
AA96aAwHYhh1N4D6LZEe3SNvlZb1/wHimMfyiOMEzCgzAWQb2fDG3vgp7WfQNRznQyd7
yuzwBX+YGrP2nOcFNQUsDb+dny3exQFZkTgOiLCPeVIzlfN2c2+p9UlxNvKjU7jik1Qq
tYlN7qa97B5HoMoVXTbgF/bq0vx2wxSLXIZbslmGv2LbfmawlCQFDlsZcFzrpDVK53Oc
CV6XsmMf5W5cpgJEap05Frt8RB/BYny7xLHJr4GiqPCQftI0aIkjj8FBfd2Dd6lgEvrC
XntQ==;
dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
dkim=pass header.i=@mediatek.com header.s=dk header.b=YIsXeHju;
arc=pass (i=1 spf=pass spfdomain=mediatek.com dkim=pass
dkdomain=mediatek.com dmarc=pass fromdomain=mediatek.com);
spf=pass (google.com: domain of
linux-kernel+bounces-52432-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:4601:e00::3 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-52432-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE)
header.from=mediatek.com
X-Forwarded-Encrypted: i=1;
AJvYcCUdBp7Ewz/pe4zLDSjMv+UdG9V5cdL2FbxCZjX3y+iycLM8CQFJzrRe/IOzWbCBh9+6WAAsaYSeXNgpHYOIKMiHRs37iA==
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org.
[2604:1380:4601:e00::3])
by mx.google.com with ESMTPS id
p9-20020a17090628c900b00a377ad32186si1869763ejd.542.2024.02.05.02.49.37
for <ouuuleilei@gmail.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Mon, 05 Feb 2024 02:49:37 -0800 (PST)
Received-SPF: pass (google.com: domain of
linux-kernel+bounces-52432-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3;
Authentication-Results: mx.google.com;
dkim=pass header.i=@mediatek.com header.s=dk header.b=YIsXeHju;
arc=pass (i=1 spf=pass spfdomain=mediatek.com dkim=pass
dkdomain=mediatek.com dmarc=pass fromdomain=mediatek.com);
spf=pass (google.com: domain of
linux-kernel+bounces-52432-ouuuleilei=gmail.com@vger.kernel.org designates
2604:1380:4601:e00::3 as permitted sender)
smtp.mailfrom="linux-kernel+bounces-52432-ouuuleilei=gmail.com@vger.kernel.org";
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE)
header.from=mediatek.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org
[52.25.139.140])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by am.mirrors.kernel.org (Postfix) with ESMTPS id CC6A71F21273
for <ouuuleilei@gmail.com>; Mon, 5 Feb 2024 10:49:36 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
by smtp.subspace.kernel.org (Postfix) with ESMTP id 7D84517735;
Mon, 5 Feb 2024 10:49:22 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
dkim=pass (1024-bit key) header.d=mediatek.com header.i=@mediatek.com
header.b="YIsXeHju"
Received: from mailgw01.mediatek.com (unknown [60.244.123.138])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1171317586;
Mon, 5 Feb 2024 10:49:16 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
arc=none smtp.client-ip=60.244.123.138
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
t=1707130159; cv=none;
b=Xa2Q14HtkXZJOiUjAqzo9VbMvsnZe1dk0wCq+QlXJIMrHJP0LdEi3/7nEgE28PWG4lVIyCAAZ5dht1gs4hi3zuRyqDdJLmFB2E+v7ULyztK+pZs7gawThKENQ8yIGYkXfvbeC50NLbwhHQkEabiKEUoEmuMGj7ME+2PlQ+h+iSg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
s=arc-20240116; t=1707130159; c=relaxed/simple;
bh=govUFsIU8oUtrCbGqxjAUy8sqpOQeqhvoaRkgz6Ypo4=;
h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type;
b=B8yQfsj27viKS9vtx5GB3C2nE3XY5w21lcSSOK0woYJ1j3/CtHiy4w2qiWPZ98GpLpnrO1OA/Vc/M2dGTJNmzCXAiYgbjTYBOFzlnjCaRzwLMImsZna1CBGQqsyGSmO7xZRUCHWrLsb6Y3h4RqHow5J5uSafa8NJaLYEHE2Hf3o=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=mediatek.com;
spf=pass smtp.mailfrom=mediatek.com;
dkim=pass (1024-bit key) header.d=mediatek.com header.i=@mediatek.com
header.b=YIsXeHju; arc=none smtp.client-ip=60.244.123.138
Authentication-Results: smtp.subspace.kernel.org;
dmarc=pass (p=quarantine dis=none) header.from=mediatek.com
Authentication-Results: smtp.subspace.kernel.org;
spf=pass smtp.mailfrom=mediatek.com
X-UUID: 30e95b26c41411ee9e680517dc993faa-20240205
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=mediatek.com; s=dk;
h=Content-Type:MIME-Version:Message-ID:Date:Subject:CC:To:From;
bh=fUeRA0Jda+Lyqu/i6W8IEQOOKZJBQt/IPjmrmBJEcYo=;
b=YIsXeHjux330gf2denmnvznBQxMRhpKW9FqauUIxZxwLTPkRK2sQjNP2yRp0h3P8fCnaA1cZrnyIS9U6UvuUJrrbDI9nu/5g1AKC2nPQqpwbiJr8F2xhw8+D3iNPbyHMLNqxhsuqjYDXU/fUNLwPPB1FE7kFbV5C3VtySqBLRL4=;
X-CID-P-RULE: Release_Ham
X-CID-O-INFO: VERSION:1.1.37,REQID:2045a737-53c4-4def-862a-8da50850b13b,IP:0,U
RL:0,TC:0,Content:0,EDM:0,RT:0,SF:0,FILE:0,BULK:0,RULE:Release_Ham,ACTION:
release,TS:0
X-CID-META: VersionHash:6f543d0,CLOUDID:a83988fe-c16b-4159-a099-3b9d0558e447,B
ulkID:nil,BulkQuantity:0,Recheck:0,SF:102,TC:nil,Content:0,EDM:-3,IP:nil,U
RL:0,File:nil,RT:nil,Bulk:nil,QS:nil,BEC:nil,COL:0,OSI:0,OSA:0,AV:0,LES:1,
SPR:NO,DKR:0,DKP:0,BRR:0,BRE:0
X-CID-BVR: 0
X-CID-BAS: 0,_,0,_
X-CID-FACTOR: TF_CID_SPAM_SNR
X-UUID: 30e95b26c41411ee9e680517dc993faa-20240205
Received: from mtkmbs13n2.mediatek.inc [(172.21.101.108)] by
mailgw01.mediatek.com
(envelope-from <alice.chao@mediatek.com>)
(Generic MTA with TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 256/256)
with ESMTP id 1851177890; Mon, 05 Feb 2024 18:49:09 +0800
Received: from mtkmbs11n1.mediatek.inc (172.21.101.185) by
mtkmbs10n2.mediatek.inc (172.21.101.183) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1118.26; Mon, 5 Feb 2024 18:49:07 +0800
Received: from mtksdccf07.mediatek.inc (172.21.84.99) by
mtkmbs11n1.mediatek.inc (172.21.101.73) with Microsoft SMTP Server id
15.2.1118.26 via Frontend Transport; Mon, 5 Feb 2024 18:49:07 +0800
From: <alice.chao@mediatek.com>
To: Alim Akhtar <alim.akhtar@samsung.com>, Avri Altman <avri.altman@wdc.com>,
Bart Van Assche <bvanassche@acm.org>, "James E.J. Bottomley"
<jejb@linux.ibm.com>, "Martin K. Petersen" <martin.petersen@oracle.com>,
Matthias Brugger <matthias.bgg@gmail.com>, AngeloGioacchino Del Regno
<angelogioacchino.delregno@collabora.com>
CC: <wsd_upstream@mediatek.com>, <stanley.chu@mediatek.com>,
<peter.wang@mediatek.com>, <powen.kao@mediatek.com>,
<naomi.chu@mediatek.com>, <cc.chou@mediatek.com>, <tun-yu.yu@mediatek.com>,
<chun-hung.wu@mediatek.com>, <casper.li@mediatek.com>, Alice Chao
<alice.chao@mediatek.com>, <linux-scsi@vger.kernel.org>,
<linux-kernel@vger.kernel.org>, <linux-arm-kernel@lists.infradead.org>,
<linux-mediatek@lists.infradead.org>
Subject: [PATCH v1 1/1] ufs: core: fix shift issue in ufshcd_clear_cmd
Date: Mon, 5 Feb 2024 18:49:04 +0800
Message-ID: <20240205104905.24929-1-alice.chao@mediatek.com>
X-Mailer: git-send-email 2.18.0
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain
X-TM-AS-Product-Ver: SMEX-14.0.0.3152-9.1.1006-23728.005
X-TM-AS-Result: No-10--4.721700-8.000000
X-TMASE-MatchedRID: KISk8WdGcXBCI2iUrGleqpdc7I2df+ms2D9FbDg9BP42/UwdvFG5IpBn
0Y6NyRFo+hJFNJdQq3OnwZyfnQYxDBLekAZjy1WtdXu122+iJtrXAvRa0tfJGvuoLVXE/uWaDbI
Geo4FmxIppITnGCYXcdLS2IFgBJ3tVQ7O/4REy+v62mDKTRDEUkJfxXUWJFGS31GU/N5W5BB91D
unZtIaFuLzNWBegCW2xl8lw85EaVQLbigRnpKlKTpcQTtiHDgWu7FQYXTUmCAUzE8GbcbxJmrYG
6Z2cg1Fe4VlQFoik74zs1tzCvb5Hw==
X-TM-AS-User-Approved-Sender: No
X-TM-AS-User-Blocked-Sender: No
X-TMASE-Result: 10--4.721700-8.000000
X-TMASE-Version: SMEX-14.0.0.3152-9.1.1006-23728.005
X-TM-SNTS-SMTP:
CDD062A06CE60E35FB211DAD39DB59CF632CD39BD23F74EAC619151C171A39CD2000:8
X-MTK: N
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1790055732954406727
X-GMAIL-MSGID: 1790055732954406727
|
| Series |
[v1,1/1] ufs: core: fix shift issue in ufshcd_clear_cmd
|
|
Commit Message
Alice Chao
Feb. 5, 2024, 10:49 a.m. UTC
From: Alice Chao <alice.chao@mediatek.com> When task_tag > 32 (in mcq mode), 1U << task_tag will out of bound for u32 mask. Fix this bug to prevent SHIFT_ISSUE (Bitwise shifts that are out of bounds for their data type). [name:debug_monitors&]Unexpected kernel BRK exception at EL1 [name:traps&]Internal error: BRK handler: 00000000f2005514 [#1] PREEMPT SMP [name:mediatek_cpufreq_hw&]cpufreq stop DVFS log done [name:mrdump&]Kernel Offset: 0x1ba5800000 from 0xffffffc008000000 [name:mrdump&]PHYS_OFFSET: 0x80000000 [name:mrdump&]pstate: 22400005 (nzCv daif +PAN -UAO) [name:mrdump&]pc : [0xffffffdbaf52bb2c] ufshcd_clear_cmd+0x280/0x288 [name:mrdump&]lr : [0xffffffdbaf52a774] ufshcd_wait_for_dev_cmd+0x3e4/0x82c [name:mrdump&]sp : ffffffc0081471b0 <snip> Workqueue: ufs_eh_wq_0 ufshcd_err_handler Call trace: dump_backtrace+0xf8/0x144 show_stack+0x18/0x24 dump_stack_lvl+0x78/0x9c dump_stack+0x18/0x44 mrdump_common_die+0x254/0x480 [mrdump] ipanic_die+0x20/0x30 [mrdump] notify_die+0x15c/0x204 die+0x10c/0x5f8 arm64_notify_die+0x74/0x13c do_debug_exception+0x164/0x26c el1_dbg+0x64/0x80 el1h_64_sync_handler+0x3c/0x90 el1h_64_sync+0x68/0x6c ufshcd_clear_cmd+0x280/0x288 ufshcd_wait_for_dev_cmd+0x3e4/0x82c ufshcd_exec_dev_cmd+0x5bc/0x9ac ufshcd_verify_dev_init+0x84/0x1c8 ufshcd_probe_hba+0x724/0x1ce0 ufshcd_host_reset_and_restore+0x260/0x574 ufshcd_reset_and_restore+0x138/0xbd0 ufshcd_err_handler+0x1218/0x2f28 process_one_work+0x5fc/0x1140 worker_thread+0x7d8/0xe20 kthread+0x25c/0x468 ret_from_fork+0x10/0x20 Signed-off-by: Alice Chao <alice.chao@mediatek.com> --- drivers/ufs/core/ufshcd.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
Comments
On Mon, Feb 5, 2024 at 7:27 PM <alice.chao@mediatek.com> wrote: > > From: Alice Chao <alice.chao@mediatek.com> > > When task_tag > 32 (in mcq mode), 1U << task_tag will out of bound > for u32 mask. Fix this bug to prevent SHIFT_ISSUE (Bitwise shifts > that are out of bounds for their data type). > > [name:debug_monitors&]Unexpected kernel BRK exception at EL1 > [name:traps&]Internal error: BRK handler: 00000000f2005514 [#1] PREEMPT SMP > [name:mediatek_cpufreq_hw&]cpufreq stop DVFS log done > [name:mrdump&]Kernel Offset: 0x1ba5800000 from 0xffffffc008000000 > [name:mrdump&]PHYS_OFFSET: 0x80000000 > [name:mrdump&]pstate: 22400005 (nzCv daif +PAN -UAO) > [name:mrdump&]pc : [0xffffffdbaf52bb2c] ufshcd_clear_cmd+0x280/0x288 > [name:mrdump&]lr : [0xffffffdbaf52a774] ufshcd_wait_for_dev_cmd+0x3e4/0x82c > [name:mrdump&]sp : ffffffc0081471b0 > <snip> > Workqueue: ufs_eh_wq_0 ufshcd_err_handler > Call trace: > dump_backtrace+0xf8/0x144 > show_stack+0x18/0x24 > dump_stack_lvl+0x78/0x9c > dump_stack+0x18/0x44 > mrdump_common_die+0x254/0x480 [mrdump] > ipanic_die+0x20/0x30 [mrdump] > notify_die+0x15c/0x204 > die+0x10c/0x5f8 > arm64_notify_die+0x74/0x13c > do_debug_exception+0x164/0x26c > el1_dbg+0x64/0x80 > el1h_64_sync_handler+0x3c/0x90 > el1h_64_sync+0x68/0x6c > ufshcd_clear_cmd+0x280/0x288 > ufshcd_wait_for_dev_cmd+0x3e4/0x82c > ufshcd_exec_dev_cmd+0x5bc/0x9ac > ufshcd_verify_dev_init+0x84/0x1c8 > ufshcd_probe_hba+0x724/0x1ce0 > ufshcd_host_reset_and_restore+0x260/0x574 > ufshcd_reset_and_restore+0x138/0xbd0 > ufshcd_err_handler+0x1218/0x2f28 > process_one_work+0x5fc/0x1140 > worker_thread+0x7d8/0xe20 > kthread+0x25c/0x468 > ret_from_fork+0x10/0x20 > > Signed-off-by: Alice Chao <alice.chao@mediatek.com> Reviewed-by: Stanley Jhu <chu.stanley@gmail.com>
On 2/5/24 02:49, alice.chao@mediatek.com wrote: > When task_tag > 32 (in mcq mode), 1U << task_tag will out of bound ^^^^^^^^^^^^^ task_tag >= 32 and sizeof(unsigned int) == 4 > for u32 mask. Fix this bug to prevent SHIFT_ISSUE (Bitwise shifts > that are out of bounds for their data type). Anyway: Reviewed-by: Bart Van Assche <bvanassche@acm.org>
On Mon, 05 Feb 2024 18:49:04 +0800, alice.chao@mediatek.com wrote: > When task_tag > 32 (in mcq mode), 1U << task_tag will out of bound > for u32 mask. Fix this bug to prevent SHIFT_ISSUE (Bitwise shifts > that are out of bounds for their data type). > > [name:debug_monitors&]Unexpected kernel BRK exception at EL1 > [name:traps&]Internal error: BRK handler: 00000000f2005514 [#1] PREEMPT SMP > [name:mediatek_cpufreq_hw&]cpufreq stop DVFS log done > [name:mrdump&]Kernel Offset: 0x1ba5800000 from 0xffffffc008000000 > [name:mrdump&]PHYS_OFFSET: 0x80000000 > [name:mrdump&]pstate: 22400005 (nzCv daif +PAN -UAO) > [name:mrdump&]pc : [0xffffffdbaf52bb2c] ufshcd_clear_cmd+0x280/0x288 > [name:mrdump&]lr : [0xffffffdbaf52a774] ufshcd_wait_for_dev_cmd+0x3e4/0x82c > [name:mrdump&]sp : ffffffc0081471b0 > <snip> > Workqueue: ufs_eh_wq_0 ufshcd_err_handler > Call trace: > dump_backtrace+0xf8/0x144 > show_stack+0x18/0x24 > dump_stack_lvl+0x78/0x9c > dump_stack+0x18/0x44 > mrdump_common_die+0x254/0x480 [mrdump] > ipanic_die+0x20/0x30 [mrdump] > notify_die+0x15c/0x204 > die+0x10c/0x5f8 > arm64_notify_die+0x74/0x13c > do_debug_exception+0x164/0x26c > el1_dbg+0x64/0x80 > el1h_64_sync_handler+0x3c/0x90 > el1h_64_sync+0x68/0x6c > ufshcd_clear_cmd+0x280/0x288 > ufshcd_wait_for_dev_cmd+0x3e4/0x82c > ufshcd_exec_dev_cmd+0x5bc/0x9ac > ufshcd_verify_dev_init+0x84/0x1c8 > ufshcd_probe_hba+0x724/0x1ce0 > ufshcd_host_reset_and_restore+0x260/0x574 > ufshcd_reset_and_restore+0x138/0xbd0 > ufshcd_err_handler+0x1218/0x2f28 > process_one_work+0x5fc/0x1140 > worker_thread+0x7d8/0xe20 > kthread+0x25c/0x468 > ret_from_fork+0x10/0x20 > > [...] Applied to 6.8/scsi-fixes, thanks! [1/1] ufs: core: fix shift issue in ufshcd_clear_cmd https://git.kernel.org/mkp/scsi/c/b513d30d59bb
diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index 029d017fc1b6..c6cff4aa440a 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -3057,7 +3057,7 @@ bool ufshcd_cmd_inflight(struct scsi_cmnd *cmd) */ static int ufshcd_clear_cmd(struct ufs_hba *hba, u32 task_tag) { - u32 mask = 1U << task_tag; + u32 mask; unsigned long flags; int err; @@ -3075,6 +3075,8 @@ static int ufshcd_clear_cmd(struct ufs_hba *hba, u32 task_tag) return 0; } + mask = 1U << task_tag; + /* clear outstanding transaction before retry */ spin_lock_irqsave(hba->host->host_lock, flags); ufshcd_utrl_clear(hba, mask);