From: Hannes Reinecke <hare@suse.de>
To: Niklas Cassel <cassel@kernel.org>,
"Martin K. Petersen" <martin.petersen@oracle.com>,
Damien Le Moal <dlemoal@kernel.org>
Cc: Ilia Baryshnikov <qwelias@gmail.com>, linux-ide@vger.kernel.org
Subject: Re: [PATCH 2/2] ata: libata-core: Set capacity to zero for a security locked drive
Date: Thu, 20 Nov 2025 08:24:55 +0100 [thread overview]
Message-ID: <dd977220-710d-4c8b-af89-b8de1a49c408@suse.de> (raw)
In-Reply-To: <20251119141313.2220084-4-cassel@kernel.org>
On 11/19/25 15:13, Niklas Cassel wrote:
> For Security locked drives (drives that have Security enabled, and have
> not been Security unlocked by boot firmware), the automatic partition
> scanning will result in the user being spammed with errors such as:
>
> ata5.00: failed command: READ DMA
> ata5.00: cmd c8/00:08:00:00:00/00:00:00:00:00/e0 tag 7 dma 4096 in
> res 51/04:08:00:00:00/00:00:00:00:00/e0 Emask 0x1 (device error)
> ata5.00: status: { DRDY ERR }
> ata5.00: error: { ABRT }
> sd 4:0:0:0: [sda] tag#7 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_OK cmd_age=0s
> sd 4:0:0:0: [sda] tag#7 Sense Key : Aborted Command [current]
> sd 4:0:0:0: [sda] tag#7 Add. Sense: No additional sense information
>
> during boot, because most commands except for IDENTIFY will be aborted by
> a Security locked drive.
>
> For a Security locked drive, set capacity to zero, so that no automatic
> partition scanning will happen.
>
> If the user later unlocks the drive using e.g. hdparm, the close() by the
> user space application should trigger a revalidation of the drive.
>
> Signed-off-by: Niklas Cassel <cassel@kernel.org>
> ---
> drivers/ata/libata-core.c | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
> index 2a210719c4ce..f48fb63d7e85 100644
> --- a/drivers/ata/libata-core.c
> +++ b/drivers/ata/libata-core.c
> @@ -3006,6 +3006,16 @@ int ata_dev_configure(struct ata_device *dev)
> }
>
> dev->n_sectors = ata_id_n_sectors(id);
> + if (ata_id_is_locked(id)) {
> + /*
> + * If Security locked, set capacity to zero to prevent
> + * any I/O, e.g. partition scanning, as any I/O to a
> + * locked drive will result in user visible errors.
> + */
> + ata_dev_info(dev,
> + "Security locked, setting capacity to zero\n");
> + dev->n_sectors = 0;
> + }
>
> /* get current R/W Multiple count setting */
> if ((dev->id[47] >> 8) == 0x80 && (dev->id[59] & 0x100)) {
Reviewed-by: Hannes Reinecke <hare@suse.de>
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare@suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
next prev parent reply other threads:[~2025-11-20 7:24 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-11-19 14:13 [PATCH 1/2] ata: libata-scsi: Fix system suspend for a security locked drive Niklas Cassel
2025-11-19 14:13 ` [PATCH 2/2] ata: libata-core: Set capacity to zero " Niklas Cassel
2025-11-20 3:31 ` Damien Le Moal
2025-11-20 3:49 ` Martin K. Petersen
2025-11-20 7:24 ` Hannes Reinecke [this message]
2025-11-20 3:29 ` [PATCH 1/2] ata: libata-scsi: Fix system suspend " Damien Le Moal
2025-11-20 3:48 ` Martin K. Petersen
2025-11-20 7:24 ` Hannes Reinecke
2025-11-20 12:45 ` Niklas Cassel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dd977220-710d-4c8b-af89-b8de1a49c408@suse.de \
--to=hare@suse.de \
--cc=cassel@kernel.org \
--cc=dlemoal@kernel.org \
--cc=linux-ide@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=qwelias@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox