[kernel] r12292 - in dists/sid/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Thu Oct 9 07:23:54 UTC 2008
Author: dannf
Date: Thu Oct 9 07:23:53 2008
New Revision: 12292
Log:
[ata] Fix off-by-one-error that causes errors when reading a
block on the LBA28-LBA48 boundary
Added:
dists/sid/linux-2.6/debian/patches/bugfix/all/libata-LBA28-LBA48-off-by-one.patch
Modified:
dists/sid/linux-2.6/debian/changelog
dists/sid/linux-2.6/debian/patches/series/8
Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog (original)
+++ dists/sid/linux-2.6/debian/changelog Thu Oct 9 07:23:53 2008
@@ -8,7 +8,11 @@
* Fix access to uninitialized user keyring. (closes: #500279)
* [x86] Fix detection of non-PNP RTC devices. (closes: #499230)
- -- dann frazier <dannf at debian.org> Fri, 03 Oct 2008 17:38:31 -0600
+ [ dann frazier ]
+ * [ata] Fix off-by-one-error that causes errors when reading a
+ block on the LBA28-LBA48 boundary
+
+ -- dann frazier <dannf at debian.org> Thu, 09 Oct 2008 00:32:29 -0600
linux-2.6 (2.6.26-7) unstable; urgency=low
Added: dists/sid/linux-2.6/debian/patches/bugfix/all/libata-LBA28-LBA48-off-by-one.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches/bugfix/all/libata-LBA28-LBA48-off-by-one.patch Thu Oct 9 07:23:53 2008
@@ -0,0 +1,84 @@
+commit 97b697a11b07e2ebfa69c488132596cc5eb24119
+Author: Taisuke Yamada <tai at rakugaki.org>
+Date: Sat Sep 13 16:46:15 2008 -0400
+
+ [libata] LBA28/LBA48 off-by-one bug in ata.h
+
+ I recently bought 3 HGST P7K500-series 500GB SATA drives and
+ had trouble accessing the block right on the LBA28-LBA48 border.
+ Here's how it fails (same for all 3 drives):
+
+ # dd if=/dev/sdc bs=512 count=1 skip=268435455 > /dev/null
+ dd: reading `/dev/sdc': Input/output error
+ 0+0 records in
+ 0+0 records out
+ 0 bytes (0 B) copied, 0.288033 seconds, 0.0 kB/s
+ # dmesg
+ ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
+ ata1.00: BMDMA stat 0x25
+ ata1.00: cmd c8/00:08:f8:ff:ff/00:00:00:00:00/ef tag 0 dma 4096 in
+ res 51/04:08:f8:ff:ff/00:00:00:00:00/ef Emask 0x1 (device error)
+ ata1.00: status: { DRDY ERR }
+ ata1.00: error: { ABRT }
+ ata1.00: configured for UDMA/33
+ ata1: EH complete
+ ...
+
+ After some investigations, it turned out this seems to be caused
+ by misinterpretation of the ATA specification on LBA28 access.
+ Following part is the code in question:
+
+ === include/linux/ata.h ===
+ static inline int lba_28_ok(u64 block, u32 n_block)
+ {
+ /* check the ending block number */
+ return ((block + n_block - 1) < ((u64)1 << 28)) && (n_block <= 256);
+ }
+
+ HGST drive (sometimes) fails with LBA28 access of {block = 0xfffffff,
+ n_block = 1}, and this behavior seems to be comformant. Other drives,
+ including other HGST drives are not that strict, through.
+
+ >From the ATA specification:
+ (http://www.t13.org/Documents/UploadedDocuments/project/d1410r3b-ATA-ATAPI-6.pdf)
+
+ 8.15.29 Word (61:60): Total number of user addressable sectors
+ This field contains a value that is one greater than the total number
+ of user addressable sectors (see 6.2). The maximum value that shall
+ be placed in this field is 0FFFFFFFh.
+
+ So the driver shouldn't use the value of 0xfffffff for LBA28 request
+ as this exceeds maximum user addressable sector. The logical maximum
+ value for LBA28 is 0xffffffe.
+
+ The obvious fix is to cut "- 1" part, and the patch attached just do
+ that. I've been using the patched kernel for about a month now, and
+ the same fix is also floating on the net for some time. So I believe
+ this fix works reliably.
+
+ Just FYI, many Windows/Intel platform users also seems to be struck
+ by this, and HGST has issued a note pointing to Intel ICH8/9 driver.
+
+ "28-bit LBA command is being used to access LBAs 29-bits in length"
+ http://www.hitachigst.com/hddt/knowtree.nsf/cffe836ed7c12018862565b000530c74/b531b8bce8745fb78825740f00580e23
+
+ Also, *BSDs seems to have similar fix included sometime around ~2004,
+ through I have not checked out exact portion of the code.
+
+ Signed-off-by: Taisuke Yamada <tai at rakugaki.org>
+ Signed-off-by: Jeff Garzik <jgarzik at redhat.com>
+
+Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/include/linux/ata.h linux-source-2.6.26/include/linux/ata.h
+--- linux-source-2.6.26.orig/include/linux/ata.h 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/include/linux/ata.h 2008-10-09 00:28:12.000000000 -0600
+@@ -682,7 +682,7 @@ static inline int ata_ok(u8 status)
+ static inline int lba_28_ok(u64 block, u32 n_block)
+ {
+ /* check the ending block number */
+- return ((block + n_block - 1) < ((u64)1 << 28)) && (n_block <= 256);
++ return ((block + n_block) < ((u64)1 << 28)) && (n_block <= 256);
+ }
+
+ static inline int lba_48_ok(u64 block, u32 n_block)
Modified: dists/sid/linux-2.6/debian/patches/series/8
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/8 (original)
+++ dists/sid/linux-2.6/debian/patches/series/8 Thu Oct 9 07:23:53 2008
@@ -2,3 +2,4 @@
+ bugfix/x86/restrict-long-nops.patch
+ bugfix/all/security-keys-init-user-keyring.patch
+ bugfix/x86/nonpnp-rtc-device.patch
++ bugfix/all/libata-LBA28-LBA48-off-by-one.patch
More information about the Kernel-svn-changes
mailing list