Re: [patch 34/37] libata bugfix: HDIO_DRIVE_TASK

Fri, 30 Mar 2007 15:04:11 -0800 

Greg KH wrote:

-stable review patch.  If anyone has any objections, please let us know.

------------------
From: Mark Lord <[EMAIL PROTECTED]>

libata bugfix: HDIO_DRIVE_TASK

I was trying to use HDIO_DRIVE_TASK for something today,
and discovered that the libata implementation does not copy
over the upper four LBA bits from args[6].

This is serious, as any tools using this ioctl would have their
commands applied to the wrong sectors on the drive, possibly resulting
in disk corruption.

Ideally, newer apps should use SG_IO/ATA_16 directly,
avoiding this bug.  But with libata poised to displace drivers/ide,
better compatibility here is a must.

This patch fixes libata to use the upper four LBA bits passed
in from the ioctl.

The original drivers/ide implementation copies over all bits
except for the master/slave select bit.  With this patch,
libata will copy only the four high-order LBA bits,
just in case there are assumptions elsewhere in libata (?).

Signed-off-by: Mark Lord <[EMAIL PROTECTED]>
Cc: Chuck Ebbert <[EMAIL PROTECTED]>
Signed-off-by: Jeff Garzik <[EMAIL PROTECTED]>
Signed-off-by: Greg Kroah-Hartman <[EMAIL PROTECTED]>

..

Mmmm.. I've just noticed another bit we should  be preserving there,
both for *stable* and current mainline.

Instead of:


+       scsi_cmd[13] = args[6] & 0x0f;


We should be doing:


+       scsi_cmd[13] = args[6] & 0x4f;


As-is, the patch still helps, but it is not as useful as it could be.
Here's the fixed version.  I'm also sending out a 2.6.21 patch via Jeff.

Signed-off-by: Mark Lord <[EMAIL PROTECTED]>
---
drivers/ata/libata-scsi.c |    1 +
1 file changed, 1 insertion(+)

--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
@@ -295,6 +295,7 @@ int ata_task_ioctl(struct scsi_device *s
        scsi_cmd[8]  = args[3];
        scsi_cmd[10] = args[4];
        scsi_cmd[12] = args[5];
+       scsi_cmd[13] = args[6] & 0x4f;
        scsi_cmd[14] = args[0];

        /* Good values for timeout and retries?  Values below

--
Mark Lord
Real-Time Remedies Inc.
[EMAIL PROTECTED] - 
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to