Re: [PATCH] LBA28/LBA48 off-by-one bug in ata.h
From: Alan Cox <hidden>
Date: 2008-08-14 23:15:46
quoted
"28-bit LBA command is being used to access LBAs 29-bits in length" http://www.hitachigst.com/hddt/knowtree.nsf/cffe836ed7c12018862565b000530c74/b531b8bce8745fb78825740f00580e23 Also, *BSDs seems to have similar fix included sometime around ~2004, through I have not checked out exact portion of the code.
By a very strict pessimal reading of the spec I would agree with you
quoted
I do not subscribe to the list, so Cc: me if further discussion is needed. Best Regards, -- Taisuke Yamada--- linux-2.6.24/include/linux/ata.h.orig 2008-05-03 16:08:13.224811900 +0900 +++ linux-2.6.24/include/linux/ata.h 2008-04-01 20:33:44.460619700 +0900@@ -599,7 +599,7 @@ static inline int ata_ok(u8 status) static inline int lba_28_ok(u64 block, u32 n_block) { /* check the ending block number */ - return ((block + n_block - 1) < ((u64)1 << 28)) && (n_block <= 256); + return ((block + n_block) < ((u64)1 << 28)) && (n_block <= 256); }
(needs a signed off from the original author) but Acked-by: Alan Cox <redacted> I'm happy with this Jeff and I think it should go in promptly (didn't realise it hadn't done so before). Whether the -1 is right could be argued in debate about fine points of the spec but it has no real impact to do this and if drives actually care about this in some cases we clearly should.