diff options
| author | Bean Huo <beanhuo@micron.com> | 2025-11-08 02:05:17 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2026-01-11 17:21:22 +0300 |
| commit | ef2bbc11b82b72e5672ffcd310ff298e2d1dfc8a (patch) | |
| tree | 8643ffea0887a62b793cd402d32d6f180a44f2b7 /drivers/ufs | |
| parent | 907bf69c6b6ce5d038eec7a599d67b45b62624bc (diff) | |
| download | linux-ef2bbc11b82b72e5672ffcd310ff298e2d1dfc8a.tar.xz | |
scsi: ufs: core: fix incorrect buffer duplication in ufshcd_read_string_desc()
[ Upstream commit d794b499f948801f54d67ddbc34a6eac5a6d150a ]
The function ufshcd_read_string_desc() was duplicating memory starting
from the beginning of struct uc_string_id, which included the length and
type fields. As a result, the allocated buffer contained unwanted
metadata in addition to the string itself.
The correct behavior is to duplicate only the Unicode character array in
the structure. Update the code so that only the actual string content is
copied into the new buffer.
Fixes: 5f57704dbcfe ("scsi: ufs: Use kmemdup in ufshcd_read_string_desc()")
Reviewed-by: Avri Altman <avri.altman@sandisk.com>
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Bean Huo <beanhuo@micron.com>
Link: https://patch.msgid.link/20251107230518.4060231-3-beanhuo@iokpp.de
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'drivers/ufs')
| -rw-r--r-- | drivers/ufs/core/ufshcd.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index 01a7c1720ce1..9d6a47abe4bc 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -3738,7 +3738,7 @@ int ufshcd_read_string_desc(struct ufs_hba *hba, u8 desc_index, str[ret++] = '\0'; } else { - str = kmemdup(uc_str, uc_str->len, GFP_KERNEL); + str = kmemdup(uc_str->uc, uc_str->len, GFP_KERNEL); if (!str) { ret = -ENOMEM; goto out; |