From: Mark Lord <mlord@pobox.com>
To: Greg KH <gregkh@suse.de>
Cc: linux-kernel@vger.kernel.org, stable@kernel.org,
Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
Michael Krufky <mkrufky@linuxtv.org>,
Chuck Ebbert <cebbert@redhat.com>,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, Jeff Garzik <jeff@garzik.org>
Subject: Re: [patch 34/37] libata bugfix: HDIO_DRIVE_TASK
Date: Fri, 30 Mar 2007 17:42:13 -0400 [thread overview]
Message-ID: <460D8435.3060503@pobox.com> (raw)
In-Reply-To: <20070330210659.GK29450@kroah.com>
Greg KH wrote:
> -stable review patch. If anyone has any objections, please let us know.
>
> ------------------
> From: Mark Lord <liml@rtr.ca>
>
> libata bugfix: HDIO_DRIVE_TASK
>
> I was trying to use HDIO_DRIVE_TASK for something today,
> and discovered that the libata implementation does not copy
> over the upper four LBA bits from args[6].
>
> This is serious, as any tools using this ioctl would have their
> commands applied to the wrong sectors on the drive, possibly resulting
> in disk corruption.
>
> Ideally, newer apps should use SG_IO/ATA_16 directly,
> avoiding this bug. But with libata poised to displace drivers/ide,
> better compatibility here is a must.
>
> This patch fixes libata to use the upper four LBA bits passed
> in from the ioctl.
>
> The original drivers/ide implementation copies over all bits
> except for the master/slave select bit. With this patch,
> libata will copy only the four high-order LBA bits,
> just in case there are assumptions elsewhere in libata (?).
>
> Signed-off-by: Mark Lord <mlord@pobox.com>
> Cc: Chuck Ebbert <cebbert@redhat.com>
> Signed-off-by: Jeff Garzik <jeff@garzik.org>
> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
..
Mmmm.. I've just noticed another bit we should be preserving there,
both for *stable* and current mainline.
Instead of:
> + scsi_cmd[13] = args[6] & 0x0f;
We should be doing:
> + scsi_cmd[13] = args[6] & 0x4f;
As-is, the patch still helps, but it is not as useful as it could be.
Here's the fixed version. I'm also sending out a 2.6.21 patch via Jeff.
Signed-off-by: Mark Lord <mlord@pobox.com>
---
drivers/ata/libata-scsi.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
@@ -295,6 +295,7 @@ int ata_task_ioctl(struct scsi_device *s
scsi_cmd[8] = args[3];
scsi_cmd[10] = args[4];
scsi_cmd[12] = args[5];
+ scsi_cmd[13] = args[6] & 0x4f;
scsi_cmd[14] = args[0];
/* Good values for timeout and retries? Values below
--
Mark Lord
Real-Time Remedies Inc.
mlord@pobox.com
next prev parent reply other threads:[~2007-03-30 23:03 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20070330205938.984247529@mini.kroah.org>
2007-03-30 21:03 ` [patch 00/37] 2.6.20-stable review Greg KH
2007-03-30 21:03 ` [patch 01/37] ide: clear bmdma status in ide_intr() for ICHx controllers (revised #4) Greg KH
2007-03-30 21:03 ` [patch 02/37] ide: remove clearing bmdma status from cdrom_decode_status() (rev #4) Greg KH
2007-03-30 21:03 ` [patch 03/37] sata_nv: delay on switching between NCQ and non-NCQ commands Greg KH
2007-03-30 21:04 ` [patch 04/37] UML - fix epoll Greg KH
2007-03-30 21:04 ` [patch 05/37] UML - host VDSO fix Greg KH
2007-03-30 21:04 ` [patch 06/37] UML - Fix static linking Greg KH
2007-03-30 21:04 ` Greg KH
2007-03-31 1:21 ` [uml-devel] " Blaisorblade
2007-03-30 21:04 ` [patch 07/37] UML - use correct register file size everywhere Greg KH
2007-03-30 21:04 ` [patch 08/37] uml: fix unreasonably long udelay Greg KH
2007-03-30 21:04 ` [patch 09/37] ieee1394: dv1394: fix CardBus card ejection Greg KH
2007-03-30 21:04 ` [patch 10/37] NET: Fix packet classidier NULL pointer OOPS Greg KH
2007-03-30 21:04 ` [patch 11/37] NET_SCHED: Fix ingress qdisc locking Greg KH
2007-03-30 21:04 ` [patch 12/37] IPV6: Fix ipv6 round-robin locking Greg KH
2007-03-30 21:04 ` [patch 13/37] PPP: Fix PPP skb leak Greg KH
2007-03-30 21:04 ` [patch 14/37] DCCP: Fix exploitable hole in DCCP socket options Greg KH
2007-03-30 21:04 ` [patch 15/37] VIDEO: Fix FFB DAC revision probing Greg KH
2007-03-30 21:04 ` [patch 16/37] NET: Fix sock_attach_fd() failure in sys_accept() Greg KH
2007-03-30 21:04 ` Greg KH
2007-03-30 21:04 ` [patch 17/37] SPARC: Fix sparc builds with gcc-4.2.x Greg KH
2007-03-30 21:05 ` [patch 18/37] Fix decnet endianness Greg KH
2007-03-30 21:05 ` [patch 19/37] NET: Fix FIB rules compatability Greg KH
2007-03-30 21:05 ` [patch 20/37] DVB: fix nxt200x rf input switching Greg KH
2007-03-30 21:05 ` [patch 21/37] V4L: radio: Fix error in Kbuild file Greg KH
2007-03-30 21:05 ` [patch 22/37] V4L: Fix SECAM handling on saa7115 Greg KH
2007-03-30 21:06 ` [patch 23/37] V4L: msp_attach must return 0 if no msp3400 was found Greg KH
2007-03-30 21:06 ` [patch 24/37] DVB: isl6421: dont reference freed memory Greg KH
2007-03-30 21:06 ` [patch 25/37] dvb-core: fix several locking related problems Greg KH
2007-03-30 21:06 ` [patch 26/37] V4L: saa7146: Fix allocation of clipping memory Greg KH
2007-03-30 21:06 ` [patch 27/37] jmicron: make ide jmicron driver play nice with libata ones Greg KH
2007-03-30 21:06 ` [patch 28/37] i2o: block IO errors on i2o disk Greg KH
2007-03-30 21:06 ` [patch 29/37] ide: revert "ide: fix drive side 80c cable check, take 2" for now Greg KH
2007-03-30 21:06 ` [patch 30/37] CIFS: Allow reset of file to ATTR_NORMAL when archive bit not set Greg KH
2007-03-30 21:06 ` [patch 31/37] CIFS: reset mode when client notices that ATTR_READONLY is no longer set Greg KH
2007-03-30 21:06 ` [patch 32/37] CRYPTO: api: scatterwalk_copychunks() fails to advance through scatterlist Greg KH
2007-03-31 1:41 ` Patrick McHardy
2007-03-31 2:14 ` Herbert Xu
2007-03-31 2:31 ` Patrick McHardy
2007-03-31 3:11 ` Greg KH
2007-03-31 3:45 ` Herbert Xu
2007-03-31 21:35 ` J. Bruce Fields
2007-03-30 21:06 ` [patch 33/37] libata: clear TF before IDENTIFYing Greg KH
2007-03-30 21:06 ` [patch 34/37] libata bugfix: HDIO_DRIVE_TASK Greg KH
2007-03-30 21:42 ` Mark Lord [this message]
2007-03-30 21:59 ` Greg KH
2007-03-30 21:45 ` libata bugfix: preserve LBA bit for HDIO_DRIVE_TASK Mark Lord
2007-03-31 3:36 ` Tejun Heo
2007-03-31 16:55 ` Mark Lord
2007-03-31 17:05 ` Tejun Heo
2007-04-04 6:08 ` Jeff Garzik
2007-03-30 21:07 ` [patch 35/37] libata: sata_mv: dont touch reserved bits in EDMA config register Greg KH
2007-03-30 21:07 ` [patch 36/37] libata: sata_mv: Fix 50xx irq mask Greg KH
2007-03-30 21:07 ` [patch 37/37] generic_serial: fix decoding of baud rate Greg KH
2007-03-30 21:10 ` [patch 00/37] 2.6.20-stable review Greg KH
2007-04-04 14:28 ` Chuck Ebbert
2007-04-04 21:23 ` [stable] " Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=460D8435.3060503@pobox.com \
--to=mlord@pobox.com \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=cebbert@redhat.com \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=gregkh@suse.de \
--cc=jeff@garzik.org \
--cc=jmforbes@linuxtx.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mkrufky@linuxtv.org \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox