From: Robert Hancock <hancockr@shaw.ca>
To: Roland Dreier <rdreier@cisco.com>
Cc: "Phillip O'Donnell" <phillip.odonnell@gmail.com>,
jeff@garzik.org, Oskar Liljeblad <oskar@osk.mine.nu>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] libata: Avoid overflow in ata_tf_to_lba48() when tf->hba_lbal > 127
Date: Wed, 29 Oct 2008 18:39:26 -0600 [thread overview]
Message-ID: <4909023E.60806@shaw.ca> (raw)
In-Reply-To: <fa.fIxdVik0iPc+lS+sd5ef+ZoALzQ@ifi.uio.no>
Roland Dreier wrote:
> In ata_tf_to_lba48(), when evaluating
>
> (tf->hob_lbal & 0xff) << 24
>
> the expression is promoted to signed int (since int can hold all values
> of u8). However, if hob_lbal is 128 or more, then it is treated as a
> negative signed value and sign-extended when promoted to u64 to | into
> sectors, which leads to the MSB 32 bits of section getting set
> incorrectly.
>
> For example, Phillip O'Donnell <phillip.odonnell@gmail.com> reported
> that a 1.5GB drive caused:
>
> ata3.00: HPA detected: current 2930277168, native 18446744072344861488
>
> where 2930277168 == 0xAEA87B30 and 18446744072344861488 == 0xffffffffaea87b30
> which shows the problem when hob_lbal is 0xae.
>
> Fix this by adding a cast to u64, just as is used by for hob_lbah and
> hob_lbam in the function.
>
> Reported-by: Phillip O'Donnell <phillip.odonnell@gmail.com>
> Signed-off-by: Roland Dreier <rolandd@cisco.com>
This should be pushed to -stable as well once it's merged..
next prev parent reply other threads:[~2008-10-30 0:39 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <fa.01zEaARwrup2dCOTuHTYxzuS9BI@ifi.uio.no>
2008-10-28 23:19 ` sata errors with Seagate 1.5TB on AMD 780G/SB700 motherboard Robert Hancock
2008-10-29 18:58 ` Oskar Liljeblad
2008-10-29 20:17 ` Alan Cox
2008-10-29 20:23 ` Ric Wheeler
2008-10-29 20:52 ` Phillip O'Donnell
2008-10-29 22:37 ` Ric Wheeler
2008-11-07 11:33 ` Kasper Sandberg
2008-11-07 12:27 ` Ric Wheeler
[not found] ` <fa.Dwk+NgWNu7+JRcsgOPCxSr7y5SQ@ifi.uio.no>
[not found] ` <fa.fIxdVik0iPc+lS+sd5ef+ZoALzQ@ifi.uio.no>
2008-10-30 0:39 ` Robert Hancock [this message]
2008-10-28 17:01 Oskar Liljeblad
2008-10-28 23:25 ` Phillip O'Donnell
2008-10-28 23:52 ` [PATCH] libata: Avoid overflow in ata_tf_to_lba48() when tf->hba_lbal > 127 Roland Dreier
2008-10-29 2:04 ` Phillip O'Donnell
2008-10-29 13:28 ` Phillip O'Donnell
2008-10-31 5:45 ` Jeff Garzik
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4909023E.60806@shaw.ca \
--to=hancockr@shaw.ca \
--cc=jeff@garzik.org \
--cc=linux-kernel@vger.kernel.org \
--cc=oskar@osk.mine.nu \
--cc=phillip.odonnell@gmail.com \
--cc=rdreier@cisco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox