From: tom.ty89@gmail.com
To: tj@kernel.org, hare@suse.de
Cc: linux-ide@vger.kernel.org, linux-scsi@vger.kernel.org,
Tom Yan <tom.ty89@gmail.com>
Subject: [PATCH] libata-scsi: fix read-only bits checking in ata_mselect_*()
Date: Wed, 20 Jul 2016 06:50:14 +0800 [thread overview]
Message-ID: <578eaead.0198620a.7cf53.28c1@mx.google.com> (raw)
In-Reply-To: <578e979d.d40c620a.f5800.0924@mx.google.com>
From: Tom Yan <tom.ty89@gmail.com>
Commit 7780081c1f04 ("libata-scsi: Set information sense field for
invalid parameter") changed how ata_mselect_*() make sure read-only
bits are not modified. The new implementation introduced a bug that
the read-only bits in the byte that has a changeable bit will not
be checked.
Added the necessary check, with comments explaining the heuristic.
Signed-off-by: Tom Yan <tom.ty89@gmail.com>
diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c
index 06afe63..005d186 100644
--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
@@ -3617,8 +3617,18 @@ static int ata_mselect_caching(struct ata_queued_cmd *qc,
*/
ata_msense_caching(dev->id, mpage, false);
for (i = 0; i < CACHE_MPAGE_LEN - 2; i++) {
- if (i == 0)
- continue;
+ /* Check the first byte */
+ if (i == 0) {
+ /* except the WCE bit */
+ if (mpage[i + 2] & 0xfb != buf[i] & 0xfb) {
+ continue;
+ } else {
+ *fp = i;
+ return -EINVAL;
+ }
+ }
+
+ /* Check the remaining bytes */
if (mpage[i + 2] != buf[i]) {
*fp = i;
return -EINVAL;
@@ -3672,8 +3682,18 @@ static int ata_mselect_control(struct ata_queued_cmd *qc,
*/
ata_msense_control(dev, mpage, false);
for (i = 0; i < CONTROL_MPAGE_LEN - 2; i++) {
- if (i == 0)
- continue;
+ /* Check the first byte */
+ if (i == 0) {
+ /* except the D_SENSE bit */
+ if (mpage[i + 2] & 0xfb != buf[i] & 0xfb) {
+ continue;
+ } else {
+ *fp = i;
+ return -EINVAL;
+ }
+ }
+
+ /* Check the remaining bytes */
if (mpage[2 + i] != buf[i]) {
*fp = i;
return -EINVAL;
--
2.9.0
next prev parent reply other threads:[~2016-07-19 22:50 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20160712133703.2076-1-me>
2016-07-12 13:37 ` [PATCH v3 2/2] libata-scsi: better style in ata_msense_caching() tom.ty89
2016-07-12 14:48 ` Tejun Heo
2016-07-12 16:20 ` Tom Yan
2016-07-12 17:20 ` Tejun Heo
2016-07-12 17:54 ` Tom Yan
2016-07-19 20:39 ` [PATCH v4] libata-scsi: better style in ata_msense_*() tom.ty89
2016-07-19 20:44 ` Tom Yan
2016-07-19 21:11 ` [PATCH v4] libata-scsi: minor cleanup in ata_mselect_*() tom.ty89
2016-07-19 22:50 ` tom.ty89 [this message]
2016-07-19 22:59 ` [PATCH] libata-scsi: fix read-only bits checking " Tom Yan
2016-07-19 22:59 ` [PATCH v2] " tom.ty89
2016-07-20 15:25 ` Tejun Heo
2016-07-20 17:20 ` Tejun Heo
2016-07-19 23:03 ` [PATCH v4] libata-scsi: minor cleanup " Tom Yan
2016-07-20 15:22 ` Tejun Heo
2016-07-20 15:22 ` [PATCH v4] libata-scsi: better style in ata_msense_*() Tejun Heo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=578eaead.0198620a.7cf53.28c1@mx.google.com \
--to=tom.ty89@gmail.com \
--cc=hare@suse.de \
--cc=linux-ide@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.