[PATCH #upstream-fixes] libata: fix off-by-one error in ata_tf_read_block()
From: Tejun Heo
Date: Sun Aug 16 2009 - 08:21:52 EST
ata_tf_read_block() has off-by-one error when converting CHS address
to LBA. The bug isn't very visible because ata_tf_read_block() is
used only when generating sense data for a failed RW command and CHS
addressing isn't used too often these days.
This problem was spotted by Atsushi Nemoto.
Signed-off-by: Tejun Heo <tj@xxxxxxxxxx>
Reported-by: Atsushi Nemoto <anemo@xxxxxxxxxxxxx>
---
> Well, I expect fix by you (or other libata hackers) since I think you
> can write better warning message and changelog than me ;)
In that case, sure. Thanks a lot for the nice spotting. :-)
drivers/ata/libata-core.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
index 072ba5e..e71149b 100644
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
@@ -709,7 +709,13 @@ u64 ata_tf_read_block(struct ata_taskfile *tf, struct ata_device *dev)
head = tf->device & 0xf;
sect = tf->lbal;
- block = (cyl * dev->heads + head) * dev->sectors + sect;
+ if (!sect) {
+ ata_dev_printk(dev, KERN_WARNING, "device reported "
+ "invalid CHS sector 0\n");
+ sect = 1; /* oh well */
+ }
+
+ block = (cyl * dev->heads + head) * dev->sectors + sect - 1;
}
return block;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/