Thread (6 messages) 6 messages, 3 authors, 2008-08-14

Re: [PATCH] LBA28/LBA48 off-by-one bug in ata.h

From: Alan Cox <hidden>
Date: 2008-08-14 23:15:46

quoted
 "28-bit LBA command is being used to access LBAs 29-bits in length"
http://www.hitachigst.com/hddt/knowtree.nsf/cffe836ed7c12018862565b000530c74/b531b8bce8745fb78825740f00580e23

Also, *BSDs seems to have similar fix included sometime around ~2004,
through I have not checked out exact portion of the code.
By a very strict pessimal reading of the spec I would agree with you
quoted
I do not subscribe to the list, so Cc: me if further discussion is
needed.

Best Regards,
--
Taisuke Yamada
--- linux-2.6.24/include/linux/ata.h.orig       2008-05-03 16:08:13.224811900 +0900
+++ linux-2.6.24/include/linux/ata.h    2008-04-01 20:33:44.460619700 +0900
@@ -599,7 +599,7 @@ static inline int ata_ok(u8 status)
 static inline int lba_28_ok(u64 block, u32 n_block)
 {
       /* check the ending block number */
-       return ((block + n_block - 1) < ((u64)1 << 28)) && (n_block <= 256);
+       return ((block + n_block) < ((u64)1 << 28)) && (n_block <= 256);
 }
(needs a signed off from the original author)

but

Acked-by: Alan Cox <redacted>

I'm happy with this Jeff and I think it should go in promptly (didn't
realise it hadn't done so before). Whether the -1 is right could be
argued in debate about fine points of the spec but it has no real impact
to do this and if drives actually care about this in some cases we
clearly should.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help