>
>
> From: Jaegeuk Kim <jaeg...@google.com>
>
> Kernel stack violation when getting unit_descriptor/wb_buf_alloc_units from
> rpmb lun. The reason is the unit descriptor length is different per LU.
>
> The lengh of Normal LU is 45, while the one of rpmb LU is 35.
>
> int ufshcd_read_desc_param(struct ufs_hba *hba, ...)
> {
> param_offset=41;
> param_size=4;
> buff_len=45;
> ...
> buff_len=35 by rpmb LU;
>
> if (is_kmalloc) {
> /* Make sure we don't copy more data than available */
> if (param_offset + param_size > buff_len)
> param_size = buff_len - param_offset;
> --> param_size = 250;
> memcpy(param_read_buf, &desc_buf[param_offset], param_size);
> --> memcpy(param_read_buf, desc_buf+41, 250);
>
> [ 141.868974][ T9174] Kernel panic - not syncing: stack-protector: Kernel
> stack is corrupted in: wb_buf_alloc_units_show+0x11c/0x11c
> }
> }
>
> Signed-off-by: Jaegeuk Kim <jaeg...@kernel.org>
Reviewed-by: Avri Altman <avri.alt...@wdc.com>
