[PATCH] 2.6.21 fix lba48 bug in libata fill_result

linux-ide.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] 2.6.21 fix lba48 bug in libata fill_result_tf()
@ 2007-04-02 20:20 Mark Lord
  2007-04-02 21:44 ` Mark Lord
  2007-04-04  6:08 ` Jeff Garzik
  0 siblings, 2 replies; 5+ messages in thread
From: Mark Lord @ 2007-04-02 20:20 UTC (permalink / raw)
  To: IDE/ATA development list, Tejun Heo; +Cc: Alan Cox, Jeff Garzik, Ric Wheeler

Tejun,

Current 2.6.21 libata does the following:

void ata_tf_read(struct ata_port *ap, struct ata_taskfile *tf)
{
        struct ata_ioports *ioaddr = &ap->ioaddr;

        tf->command = ata_check_status(ap);
	...
        if (tf->flags & ATA_TFLAG_LBA48) {
                iowrite8(tf->ctl | ATA_HOB, ioaddr->ctl_addr);
                tf->hob_feature = ioread8(ioaddr->error_addr);
                ...
        }
}
...
static void fill_result_tf(struct ata_queued_cmd *qc)
{
        struct ata_port *ap = qc->ap;

        ap->ops->tf_read(ap, &qc->result_tf);
        qc->result_tf.flags = qc->tf.flags;
}

Based on this, those last two statements fill_result_tf()
appear to me to be in the wrong order, in that the tf->flags
are uninitialized at the point where tf_read() is invoked.
So for lba48 commands, tf_read() won't be reading back the
full lba48 register contents..

Correct?

This patch corrects fill_result_tf() so that the flags
get copied to result_tf before they are used by tf_read().

Signed-off-by:  Mark Lord <mlord@pobox.com>
---
--- linux/drivers/ata/libata-core.c.orig	2007-03-21 12:46:06.000000000 -0400
+++ linux/drivers/ata/libata-core.c	2007-04-02 16:16:28.000000000 -0400
@@ -4763,8 +4763,8 @@
 {
 	struct ata_port *ap = qc->ap;
 
-	ap->ops->tf_read(ap, &qc->result_tf);
 	qc->result_tf.flags = qc->tf.flags;
+	ap->ops->tf_read(ap, &qc->result_tf);
 }
 
 /**

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] 2.6.21 fix lba48 bug in libata fill_result_tf()
  2007-04-02 20:20 [PATCH] 2.6.21 fix lba48 bug in libata fill_result_tf() Mark Lord
@ 2007-04-02 21:44 ` Mark Lord
  2007-04-03 11:54   ` Tejun Heo
  2007-04-04  6:08 ` Jeff Garzik
  1 sibling, 1 reply; 5+ messages in thread
From: Mark Lord @ 2007-04-02 21:44 UTC (permalink / raw)
  To: Tejun Heo; +Cc: IDE/ATA development list, Alan Cox, Jeff Garzik, Ric Wheeler

Mark Lord wrote:
>
> This patch corrects fill_result_tf() so that the flags
> get copied to result_tf before they are used by tf_read().
> 
> Signed-off-by:  Mark Lord <mlord@pobox.com>
> ---
> --- linux/drivers/ata/libata-core.c.orig    2007-03-21 
> 12:46:06.000000000 -0400
> +++ linux/drivers/ata/libata-core.c    2007-04-02 16:16:28.000000000 -0400
> @@ -4763,8 +4763,8 @@
> {
>     struct ata_port *ap = qc->ap;
> 
> -    ap->ops->tf_read(ap, &qc->result_tf);
>     qc->result_tf.flags = qc->tf.flags;
> +    ap->ops->tf_read(ap, &qc->result_tf);
> }
> 
> /**
> 

If I understand this correctly, the impact of (not patching) this
is that error-handling for LBA48 accesses is broken.  Right, Tejun?

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] 2.6.21 fix lba48 bug in libata fill_result_tf()
  2007-04-02 21:44 ` Mark Lord
@ 2007-04-03 11:54   ` Tejun Heo
  2007-04-03 15:29     ` Mark Lord
  0 siblings, 1 reply; 5+ messages in thread
From: Tejun Heo @ 2007-04-03 11:54 UTC (permalink / raw)
  To: Mark Lord; +Cc: IDE/ATA development list, Alan Cox, Jeff Garzik, Ric Wheeler

Mark Lord wrote:
> Mark Lord wrote:
>>
>> This patch corrects fill_result_tf() so that the flags
>> get copied to result_tf before they are used by tf_read().
>>
>> Signed-off-by:  Mark Lord <mlord@pobox.com>
>> ---
>> --- linux/drivers/ata/libata-core.c.orig    2007-03-21
>> 12:46:06.000000000 -0400
>> +++ linux/drivers/ata/libata-core.c    2007-04-02 16:16:28.000000000
>> -0400
>> @@ -4763,8 +4763,8 @@
>> {
>>     struct ata_port *ap = qc->ap;
>>
>> -    ap->ops->tf_read(ap, &qc->result_tf);
>>     qc->result_tf.flags = qc->tf.flags;
>> +    ap->ops->tf_read(ap, &qc->result_tf);
>> }
>>
>> /**
>>
> 
> If I understand this correctly, the impact of (not patching) this
> is that error-handling for LBA48 accesses is broken.  Right, Tejun?

Yes, you're right.  Thanks for fixing this.

Acked-by: Tejun Heo <htejun@gmail.com>

-- 
tejun

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] 2.6.21 fix lba48 bug in libata fill_result_tf()
  2007-04-03 11:54   ` Tejun Heo
@ 2007-04-03 15:29     ` Mark Lord
  0 siblings, 0 replies; 5+ messages in thread
From: Mark Lord @ 2007-04-03 15:29 UTC (permalink / raw)
  To: Tejun Heo; +Cc: IDE/ATA development list, Alan Cox, Jeff Garzik, Ric Wheeler

Tejun Heo wrote:
> Mark Lord wrote:
>> Mark Lord wrote:
>>> This patch corrects fill_result_tf() so that the flags
>>> get copied to result_tf before they are used by tf_read().
>>>
>>> Signed-off-by:  Mark Lord <mlord@pobox.com>
>>> ---
>>> --- linux/drivers/ata/libata-core.c.orig    2007-03-21
>>> 12:46:06.000000000 -0400
>>> +++ linux/drivers/ata/libata-core.c    2007-04-02 16:16:28.000000000
>>> -0400
>>> @@ -4763,8 +4763,8 @@
>>> {
>>>     struct ata_port *ap = qc->ap;
>>>
>>> -    ap->ops->tf_read(ap, &qc->result_tf);
>>>     qc->result_tf.flags = qc->tf.flags;
>>> +    ap->ops->tf_read(ap, &qc->result_tf);
>>> }
>>>
>>> /**
>>>
>> If I understand this correctly, the impact of (not patching) this
>> is that error-handling for LBA48 accesses is broken.  Right, Tejun?
> 
> Yes, you're right.  Thanks for fixing this.
> 
> Acked-by: Tejun Heo <htejun@gmail.com>

This should really go into 2.6.21, as well as be backported
to the 2.6.20.xx point releases.

Where's Jeff?


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] 2.6.21 fix lba48 bug in libata fill_result_tf()
  2007-04-02 20:20 [PATCH] 2.6.21 fix lba48 bug in libata fill_result_tf() Mark Lord
  2007-04-02 21:44 ` Mark Lord
@ 2007-04-04  6:08 ` Jeff Garzik
  1 sibling, 0 replies; 5+ messages in thread
From: Jeff Garzik @ 2007-04-04  6:08 UTC (permalink / raw)
  To: Mark Lord; +Cc: IDE/ATA development list, Tejun Heo, Alan Cox, Ric Wheeler

Mark Lord wrote:
> Tejun,
> 
> Current 2.6.21 libata does the following:
> 
> void ata_tf_read(struct ata_port *ap, struct ata_taskfile *tf)
> {
>        struct ata_ioports *ioaddr = &ap->ioaddr;
> 
>        tf->command = ata_check_status(ap);
>     ...
>        if (tf->flags & ATA_TFLAG_LBA48) {
>                iowrite8(tf->ctl | ATA_HOB, ioaddr->ctl_addr);
>                tf->hob_feature = ioread8(ioaddr->error_addr);
>                ...
>        }
> }
> ...
> static void fill_result_tf(struct ata_queued_cmd *qc)
> {
>        struct ata_port *ap = qc->ap;
> 
>        ap->ops->tf_read(ap, &qc->result_tf);
>        qc->result_tf.flags = qc->tf.flags;
> }
> 
> Based on this, those last two statements fill_result_tf()
> appear to me to be in the wrong order, in that the tf->flags
> are uninitialized at the point where tf_read() is invoked.
> So for lba48 commands, tf_read() won't be reading back the
> full lba48 register contents..
> 
> Correct?
> 
> This patch corrects fill_result_tf() so that the flags
> get copied to result_tf before they are used by tf_read().
> 
> Signed-off-by:  Mark Lord <mlord@pobox.com>

applied



^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2007-04-04  6:08 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-04-02 20:20 [PATCH] 2.6.21 fix lba48 bug in libata fill_result_tf() Mark Lord
2007-04-02 21:44 ` Mark Lord
2007-04-03 11:54   ` Tejun Heo
2007-04-03 15:29     ` Mark Lord
2007-04-04  6:08 ` Jeff Garzik

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).