[PATCH v1] scsi: ufs: scsi_get_lba error fix by check cmd opcode
Bart Van Assche
bvanassche at acm.org
Mon Mar 7 09:52:20 PST 2022
On 3/7/22 03:17, peter.wang at mediatek.com wrote:
> When ufs init without scmd->device->sector_size set,
> scsi_get_lba will get a wrong shift number and ubsan error.
> shift exponent 4294967286 is too large for 64-bit type
> 'sector_t' (aka 'unsigned long long')
> Call scsi_get_lba only when opcode is READ_10/WRITE_10/UNMAP.
Hmm ... how can it happen that sector_size has not been set? I think
that can only happen for LUNs of type SCSI DISK if sd_read_capacity()
fails? If sd_read_capacity() fails I think the sd driver is expected to
set the capacity to zero?
rq->__sector == -1 for flush requests and the type of that member
(sector_t) is unsigned. I think that it is allowed for a shift left of
an unsigned type to overflow. From the C standard: "The result of E1 <<
E2 is E1 left-shifted E2 bit positions; vacated bits are filled with
zeros. If E1 has an unsigned type, the value of the result is E1 × 2E2 ,
reduced modulo one more than the maximum value representable in the
result type."
Thanks,
Bart.
More information about the Linux-mediatek
mailing list