All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] libata bugfix: HDIO_DRIVE_TASK
@ 2007-02-07 16:40 Mark Lord
  2007-02-20 15:49 ` Jeff Garzik
  0 siblings, 1 reply; 2+ messages in thread
From: Mark Lord @ 2007-02-07 16:40 UTC (permalink / raw)
  To: Tejun Heo, Jeff Garzik, IDE/ATA development list

I was trying to use HDIO_DRIVE_TASK for something today,
and discovered that the libata implementation does not copy
over the upper four LBA bits from args[6].

This is serious, as any tools using this ioctl would have their
commands applied to the wrong sectors on the drive, possibly resulting
in disk corruption.

Ideally, newer apps should use SG_IO/ATA_16 directly,
avoiding this bug.  But with libata poised to displace drivers/ide,
better compatibility here is a must.

This patch fixes libata to use the upper four LBA bits passed
in from the ioctl.

The original drivers/ide implementation copies over all bits
except for the master/slave select bit.  With this patch,
libata will copy only the four high-order LBA bits,
just in case there are assumptions elsewhere in libata (?).

Signed-Off-By:  Mark Lord <mlord@pobox.com>
---
--- linux/drivers/ata/libata-scsi.c.orig	2007-02-02 12:30:21.000000000 -0500
+++ linux/drivers/ata/libata-scsi.c	2007-02-07 11:32:52.000000000 -0500
@@ -295,6 +295,7 @@
 	scsi_cmd[8]  = args[3];
 	scsi_cmd[10] = args[4];
 	scsi_cmd[12] = args[5];
+	scsi_cmd[13] = args[6] & 0x0f;
 	scsi_cmd[14] = args[0];
 
 	/* Good values for timeout and retries?  Values below

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [PATCH] libata bugfix: HDIO_DRIVE_TASK
  2007-02-07 16:40 [PATCH] libata bugfix: HDIO_DRIVE_TASK Mark Lord
@ 2007-02-20 15:49 ` Jeff Garzik
  0 siblings, 0 replies; 2+ messages in thread
From: Jeff Garzik @ 2007-02-20 15:49 UTC (permalink / raw)
  To: Mark Lord; +Cc: Tejun Heo, IDE/ATA development list

Mark Lord wrote:
> I was trying to use HDIO_DRIVE_TASK for something today,
> and discovered that the libata implementation does not copy
> over the upper four LBA bits from args[6].
> 
> This is serious, as any tools using this ioctl would have their
> commands applied to the wrong sectors on the drive, possibly resulting
> in disk corruption.
> 
> Ideally, newer apps should use SG_IO/ATA_16 directly,
> avoiding this bug.  But with libata poised to displace drivers/ide,
> better compatibility here is a must.
> 
> This patch fixes libata to use the upper four LBA bits passed
> in from the ioctl.
> 
> The original drivers/ide implementation copies over all bits
> except for the master/slave select bit.  With this patch,
> libata will copy only the four high-order LBA bits,
> just in case there are assumptions elsewhere in libata (?).
> 
> Signed-Off-By:  Mark Lord <mlord@pobox.com>

applied



^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2007-02-20 15:49 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-02-07 16:40 [PATCH] libata bugfix: HDIO_DRIVE_TASK Mark Lord
2007-02-20 15:49 ` Jeff Garzik

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.