RE: [PATCH v2 2/3] scsi: ufs: core: fix incorrect buffer duplication in ufshcd_read_string_desc()
From: Avri Altman
Date: Wed Oct 01 2025 - 06:03:33 EST
> From: Bean Huo <beanhuo@xxxxxxxxxx>
>
> The function ufshcd_read_string_desc() was duplicating memory starting from
> the beginning of struct uc_string_id, which included the length and type
> fields. As a result, the allocated buffer contained unwanted metadata in
> addition to the string itself.
>
> The correct behavior is to duplicate only the Unicode character array in the
> structure. Update the code so that only the actual string content is copied into
> the new buffer.
2 Nits - only If you'll have another spin:
Nit 1: maybe add one more sentence: This does not imply any ABI change as there are no current callers with SD_RAW
Nit 2: you might want to remove the duplicate definitions of SD_ASCII_STD & SD_RAW
>
> Fixes: 5f57704dbcfe ("scsi: ufs: Use kmemdup in ufshcd_read_string_desc()")
> Signed-off-by: Bean Huo <beanhuo@xxxxxxxxxx>
Reviewed-by: Avri Altman <avri.altman@xxxxxxxxxxx>
> ---
> drivers/ufs/core/ufshcd.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index
> 2e1fa8cf83f5..79c7588be28a 100644
> --- a/drivers/ufs/core/ufshcd.c
> +++ b/drivers/ufs/core/ufshcd.c
> @@ -3823,7 +3823,7 @@ int ufshcd_read_string_desc(struct ufs_hba *hba,
> u8 desc_index,
> str[ret++] = '\0';
>
> } else {
> - str = kmemdup(uc_str, uc_str->len, GFP_KERNEL);
> + str = kmemdup(uc_str->uc, uc_str->len, GFP_KERNEL);
> if (!str) {
> ret = -ENOMEM;
> goto out;
> --
> 2.34.1