[kernel] r12292 - in dists/sid/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Thu Oct 9 07:23:54 UTC 2008 

Author: dannf
Date: Thu Oct  9 07:23:53 2008
New Revision: 12292

Log:
[ata] Fix off-by-one-error that causes errors when reading a
block on the LBA28-LBA48 boundary

Added:
   dists/sid/linux-2.6/debian/patches/bugfix/all/libata-LBA28-LBA48-off-by-one.patch
Modified:
   dists/sid/linux-2.6/debian/changelog
   dists/sid/linux-2.6/debian/patches/series/8

Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog	(original)
+++ dists/sid/linux-2.6/debian/changelog	Thu Oct  9 07:23:53 2008
@@ -8,7 +8,11 @@
   * Fix access to uninitialized user keyring. (closes: #500279)
   * [x86] Fix detection of non-PNP RTC devices. (closes: #499230)
 
- -- dann frazier <dannf at debian.org>  Fri, 03 Oct 2008 17:38:31 -0600
+  [ dann frazier ]
+  * [ata] Fix off-by-one-error that causes errors when reading a
+    block on the LBA28-LBA48 boundary
+
+ -- dann frazier <dannf at debian.org>  Thu, 09 Oct 2008 00:32:29 -0600
 
 linux-2.6 (2.6.26-7) unstable; urgency=low
 

Added: dists/sid/linux-2.6/debian/patches/bugfix/all/libata-LBA28-LBA48-off-by-one.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches/bugfix/all/libata-LBA28-LBA48-off-by-one.patch	Thu Oct  9 07:23:53 2008
@@ -0,0 +1,84 @@
+commit 97b697a11b07e2ebfa69c488132596cc5eb24119
+Author: Taisuke Yamada <tai at rakugaki.org>
+Date:   Sat Sep 13 16:46:15 2008 -0400
+
+    [libata] LBA28/LBA48 off-by-one bug in ata.h
+    
+    I recently bought 3 HGST P7K500-series 500GB SATA drives and
+    had trouble accessing the block right on the LBA28-LBA48 border.
+    Here's how it fails (same for all 3 drives):
+    
+      # dd if=/dev/sdc bs=512 count=1 skip=268435455 > /dev/null
+      dd: reading `/dev/sdc': Input/output error
+      0+0 records in
+      0+0 records out
+      0 bytes (0 B) copied, 0.288033 seconds, 0.0 kB/s
+      # dmesg
+      ata1.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
+      ata1.00: BMDMA stat 0x25
+      ata1.00: cmd c8/00:08:f8:ff:ff/00:00:00:00:00/ef tag 0 dma 4096 in
+      res 51/04:08:f8:ff:ff/00:00:00:00:00/ef Emask 0x1 (device error)
+      ata1.00: status: { DRDY ERR }
+      ata1.00: error: { ABRT }
+      ata1.00: configured for UDMA/33
+      ata1: EH complete
+      ...
+    
+    After some investigations, it turned out this seems to be caused
+    by misinterpretation of the ATA specification on LBA28 access.
+    Following part is the code in question:
+    
+      === include/linux/ata.h ===
+      static inline int lba_28_ok(u64 block, u32 n_block)
+      {
+        /* check the ending block number */
+        return ((block + n_block - 1) < ((u64)1 << 28)) && (n_block <= 256);
+      }
+    
+    HGST drive (sometimes) fails with LBA28 access of {block = 0xfffffff,
+    n_block = 1}, and this behavior seems to be comformant. Other drives,
+    including other HGST drives are not that strict, through.
+    
+    >From the ATA specification:
+    (http://www.t13.org/Documents/UploadedDocuments/project/d1410r3b-ATA-ATAPI-6.pdf)
+    
+      8.15.29  Word (61:60): Total number of user addressable sectors
+      This field contains a value that is one greater than the total number
+      of user addressable sectors (see 6.2). The maximum value that shall
+      be placed in this field is 0FFFFFFFh.
+    
+    So the driver shouldn't use the value of 0xfffffff for LBA28 request
+    as this exceeds maximum user addressable sector. The logical maximum
+    value for LBA28 is 0xffffffe.
+    
+    The obvious fix is to cut "- 1" part, and the patch attached just do
+    that. I've been using the patched kernel for about a month now, and
+    the same fix is also floating on the net for some time. So I believe
+    this fix works reliably.
+    
+    Just FYI, many Windows/Intel platform users also seems to be struck
+    by this, and HGST has issued a note pointing to Intel ICH8/9 driver.
+    
+      "28-bit LBA command is being used to access LBAs 29-bits in length"
+    http://www.hitachigst.com/hddt/knowtree.nsf/cffe836ed7c12018862565b000530c74/b531b8bce8745fb78825740f00580e23
+    
+    Also, *BSDs seems to have similar fix included sometime around ~2004,
+    through I have not checked out exact portion of the code.
+    
+    Signed-off-by: Taisuke Yamada <tai at rakugaki.org>
+    Signed-off-by: Jeff Garzik <jgarzik at redhat.com>
+
+Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/include/linux/ata.h linux-source-2.6.26/include/linux/ata.h
+--- linux-source-2.6.26.orig/include/linux/ata.h	2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/include/linux/ata.h	2008-10-09 00:28:12.000000000 -0600
+@@ -682,7 +682,7 @@ static inline int ata_ok(u8 status)
+ static inline int lba_28_ok(u64 block, u32 n_block)
+ {
+ 	/* check the ending block number */
+-	return ((block + n_block - 1) < ((u64)1 << 28)) && (n_block <= 256);
++	return ((block + n_block) < ((u64)1 << 28)) && (n_block <= 256);
+ }
+ 
+ static inline int lba_48_ok(u64 block, u32 n_block)

Modified: dists/sid/linux-2.6/debian/patches/series/8
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/8	(original)
+++ dists/sid/linux-2.6/debian/patches/series/8	Thu Oct  9 07:23:53 2008
@@ -2,3 +2,4 @@
 + bugfix/x86/restrict-long-nops.patch
 + bugfix/all/security-keys-init-user-keyring.patch
 + bugfix/x86/nonpnp-rtc-device.patch
++ bugfix/all/libata-LBA28-LBA48-off-by-one.patch

More information about the Kernel-svn-changes mailing list