[PATCH v3] scsi: ufs: Fix a possible use before initialization case

[Nathan Chancellor]

On Wed, Jun 09, 2021 at 01:24:00AM -0700, Can Guo wrote:
> In ufshcd_exec_dev_cmd(), if error happens before lrpb is initialized,
> then we should bail out instead of letting trace record the error.
> 
> Fixes: a45f937110fa6 ("scsi: ufs: Optimize host lock on transfer requests send/compl paths")
> Reported-by: kernel test robot <lkp at intel.com>
> Reviewed-by: Stanley Chu <stanley.chu at mediatek.com>
> Signed-off-by: Can Guo <cang at codeaurora.org>

Reviewed-by: Nathan Chancellor <nathan at kernel.org>

> ---
> 
> Change since V2:
> - Removed unused goto out_put_tag
> 
> Change since V1:
> - Use codeaurora mail in Signed-off-by tag
> 
>  drivers/scsi/ufs/ufshcd.c | 5 ++---
>  1 file changed, 2 insertions(+), 3 deletions(-)
> 
> diff --git a/drivers/scsi/ufs/ufshcd.c b/drivers/scsi/ufs/ufshcd.c
> index fe1b5f4..25fe18a 100644
> --- a/drivers/scsi/ufs/ufshcd.c
> +++ b/drivers/scsi/ufs/ufshcd.c
> @@ -2980,7 +2980,7 @@ static int ufshcd_exec_dev_cmd(struct ufs_hba *hba,
>  	WARN_ON(lrbp->cmd);
>  	err = ufshcd_compose_dev_cmd(hba, lrbp, cmd_type, tag);
>  	if (unlikely(err))
> -		goto out_put_tag;
> +		goto out;
>  
>  	hba->dev_cmd.complete = &wait;
>  
> @@ -2990,11 +2990,10 @@ static int ufshcd_exec_dev_cmd(struct ufs_hba *hba,
>  
>  	ufshcd_send_command(hba, tag);
>  	err = ufshcd_wait_for_dev_cmd(hba, lrbp, timeout);
> -out:
>  	ufshcd_add_query_upiu_trace(hba, err ? UFS_QUERY_ERR : UFS_QUERY_COMP,
>  				    (struct utp_upiu_req *)lrbp->ucd_rsp_ptr);
>  
> -out_put_tag:
> +out:
>  	blk_put_request(req);
>  out_unlock:
>  	up_read(&hba->clk_scaling_lock);
> -- 
> Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project.
>