| Message ID | 578eb0d1.e9b9420a.8694b.fc4c@mx.google.com |
|---|---|
| State | Not Applicable |
| Delegated to: | David Miller |
| Headers | show |
On Wed, Jul 20, 2016 at 06:59:23AM +0800, tom.ty89@gmail.com wrote: > From: Tom Yan <tom.ty89@gmail.com> > > Commit 7780081c1f04 ("libata-scsi: Set information sense field for > invalid parameter") changed how ata_mselect_*() make sure read-only > bits are not modified. The new implementation introduced a bug that > the read-only bits in the byte that has a changeable bit will not > be checked. > > Added the necessary check, with comments explaining the heuristic. > > Signed-off-by: Tom Yan <tom.ty89@gmail.com> Applied to libata/for-4.8. This thread was confusing to look at. Please use the "n/N" sequence tagging for the patches (the -n option of git-format-patch). Thanks.
So, just reverted this patch. On Wed, Jul 20, 2016 at 06:59:23AM +0800, tom.ty89@gmail.com wrote: > From: Tom Yan <tom.ty89@gmail.com> > > Commit 7780081c1f04 ("libata-scsi: Set information sense field for > invalid parameter") changed how ata_mselect_*() make sure read-only > bits are not modified. The new implementation introduced a bug that > the read-only bits in the byte that has a changeable bit will not > be checked. > > Added the necessary check, with comments explaining the heuristic. > > Signed-off-by: Tom Yan <tom.ty89@gmail.com> > > diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c > index 06afe63..b47c3ce 100644 > --- a/drivers/ata/libata-scsi.c > +++ b/drivers/ata/libata-scsi.c > @@ -3617,8 +3617,18 @@ static int ata_mselect_caching(struct ata_queued_cmd *qc, > */ > ata_msense_caching(dev->id, mpage, false); > for (i = 0; i < CACHE_MPAGE_LEN - 2; i++) { > - if (i == 0) > - continue; > + /* Check the first byte */ > + if (i == 0) { > + /* except the WCE bit */ > + if (mpage[i + 2] & 0xfb != buf[i] & 0xfb) { This not only triggered compiler warning but is actually wrong. The above is mpage[i + 1] & (0xfb != buf[i]) & 0xfb which is non-sensical. So, this patch wasn't tested at all. Not even compile test. Please don't do this. Thanks.
diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c index 06afe63..b47c3ce 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c @@ -3617,8 +3617,18 @@ static int ata_mselect_caching(struct ata_queued_cmd *qc, */ ata_msense_caching(dev->id, mpage, false); for (i = 0; i < CACHE_MPAGE_LEN - 2; i++) { - if (i == 0) - continue; + /* Check the first byte */ + if (i == 0) { + /* except the WCE bit */ + if (mpage[i + 2] & 0xfb != buf[i] & 0xfb) { + *fp = i; + return -EINVAL; + } else { + continue; + } + } + + /* Check the remaining bytes */ if (mpage[i + 2] != buf[i]) { *fp = i; return -EINVAL; @@ -3672,8 +3682,18 @@ static int ata_mselect_control(struct ata_queued_cmd *qc, */ ata_msense_control(dev, mpage, false); for (i = 0; i < CONTROL_MPAGE_LEN - 2; i++) { - if (i == 0) - continue; + /* Check the first byte */ + if (i == 0) { + /* except the D_SENSE bit */ + if (mpage[i + 2] & 0xfb != buf[i] & 0xfb) { + *fp = i; + return -EINVAL; + } else { + continue; + } + } + + /* Check the remaining bytes */ if (mpage[2 + i] != buf[i]) { *fp = i; return -EINVAL;