From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: stable-review@kernel.org, torvalds@linux-foundation.org,
akpm@linux-foundation.org, alan@lxorguk.ukuu.org.uk,
Tejun Heo <tj@kernel.org>, Jeff Garzik <jgarzik@redhat.com>
Subject: [patch 06/10] libata: fix off-by-one error in ata_tf_read_block()
Date: Wed, 16 Sep 2009 15:13:26 -0700 [thread overview]
Message-ID: <20090916221506.492585155@mini.kroah.org> (raw)
In-Reply-To: <20090916221529.GA28162@kroah.com>
[-- Attachment #1: libata-fix-off-by-one-error-in-ata_tf_read_block.patch --]
[-- Type: text/plain, Size: 1247 bytes --]
2.6.27-stable review patch. If anyone has any objections, please let us know.
------------------
From: Tejun Heo <htejun@gmail.com>
commit ac8672ea922bde59acf50eaa1eaa1640a6395fd2 upstream.
ata_tf_read_block() has off-by-one error when converting CHS address
to LBA. The bug isn't very visible because ata_tf_read_block() is
used only when generating sense data for a failed RW command and CHS
addressing isn't used too often these days.
This problem was spotted by Atsushi Nemoto.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/ata/libata-core.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
@@ -565,7 +565,13 @@ u64 ata_tf_read_block(struct ata_taskfil
head = tf->device & 0xf;
sect = tf->lbal;
- block = (cyl * dev->heads + head) * dev->sectors + sect;
+ if (!sect) {
+ ata_dev_printk(dev, KERN_WARNING, "device reported "
+ "invalid CHS sector 0\n");
+ sect = 1; /* oh well */
+ }
+
+ block = (cyl * dev->heads + head) * dev->sectors + sect - 1;
}
return block;
next prev parent reply other threads:[~2009-09-16 22:18 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20090916221320.283781925@mini.kroah.org>
2009-09-16 22:15 ` [patch 00/10] 2.6.27.35-stable review Greg KH
2009-09-16 22:13 ` [patch 01/10] binfmt_elf: fix PT_INTERP bss handling Greg KH
2009-09-16 22:13 ` [patch 02/10] powerpc/ps3: Workaround for flash memory I/O error Greg KH
2009-09-16 22:13 ` [patch 03/10] TPM: Fixup boot probe timeout for tpm_tis driver Greg KH
2009-09-16 22:13 ` [patch 04/10] udf: Use device size when drive reported bogus number of written blocks Greg KH
2009-09-16 22:13 ` [patch 05/10] ALSA: cs46xx - Fix minimum period size Greg KH
2009-09-16 22:13 ` Greg KH [this message]
2009-09-16 22:13 ` [patch 07/10] powerpc/pseries: Fix to handle slb resize across migration Greg KH
2009-09-16 22:13 ` [patch 08/10] sound: oxygen: work around MCE when changing volume Greg KH
2009-09-16 22:13 ` [patch 09/10] Short write in nfsd becomes a full write to the client Greg KH
2009-09-16 22:13 ` [patch 10/10] nfsd: fix hung up of nfs client while sync write data to nfs server Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090916221506.492585155@mini.kroah.org \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=jgarzik@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable-review@kernel.org \
--cc=stable@kernel.org \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.