cd68c48ea1
When reading unformatted tracks on ESE devices, the corresponding memory
areas are simply set to zero for each segment. This is done incorrectly
for blocksizes < 4096.
There are two problems. First, the increment of dst is done using the
counter of the loop (off), which is increased by blksize every
iteration. This leads to a much bigger increment for dst as actually
intended. Second, the increment of dst is done before the memory area
is set to 0, skipping a significant amount of bytes of memory.
This leads to illegal overwriting of memory and ultimately to a kernel
panic.
This is not a problem with 4k blocksize because
blk_queue_max_segment_size is set to PAGE_SIZE, always resulting in a
single iteration for the inner segment loop (bv.bv_len == blksize). The
incorrectly used 'off' value to increment dst is 0 and the correct
memory area is used.
In order to fix this for blksize < 4k, increment dst correctly using the
blksize and only do it at the end of the loop.
Fixes:
|
||
|---|---|---|
| .. | ||
| dasd_3990_erp.c | ||
| dasd_alias.c | ||
| dasd_devmap.c | ||
| dasd_diag.c | ||
| dasd_diag.h | ||
| dasd_eckd.c | ||
| dasd_eckd.h | ||
| dasd_eer.c | ||
| dasd_erp.c | ||
| dasd_fba.c | ||
| dasd_fba.h | ||
| dasd_genhd.c | ||
| dasd_int.h | ||
| dasd_ioctl.c | ||
| dasd_proc.c | ||
| dasd.c | ||
| dcssblk.c | ||
| Kconfig | ||
| Makefile | ||
| scm_blk.c | ||
| scm_blk.h | ||
| scm_drv.c | ||