From patchwork Tue Jul 19 22:59:23 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tom Yan <tom.ty89@gmail.com>
X-Patchwork-Id: 9238429
Return-Path: <linux-scsi-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	B49AE6075D for <patchwork-linux-scsi@patchwork.kernel.org>;
	Tue, 19 Jul 2016 22:59:33 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A72301FFC7
	for <patchwork-linux-scsi@patchwork.kernel.org>;
	Tue, 19 Jul 2016 22:59:33 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 9BFBA26E81; Tue, 19 Jul 2016 22:59:33 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI,
	T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 401A41FFC7
	for <patchwork-linux-scsi@patchwork.kernel.org>;
	Tue, 19 Jul 2016 22:59:33 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752392AbcGSW7b (ORCPT
	<rfc822;patchwork-linux-scsi@patchwork.kernel.org>);
	Tue, 19 Jul 2016 18:59:31 -0400
Received: from mail-pa0-f66.google.com ([209.85.220.66]:35732 "EHLO
	mail-pa0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752263AbcGSW7a (ORCPT
	<rfc822; linux-scsi@vger.kernel.org>); Tue, 19 Jul 2016 18:59:30 -0400
Received: by mail-pa0-f66.google.com with SMTP id cf3so2068431pad.2;
	Tue, 19 Jul 2016 15:59:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=message-id:from:to:cc:subject:date:in-reply-to:references;
	bh=ujyin/tVFAX3PCNdwZfUkexVMihEzuyWEOOsfxKHGzI=;
	b=zanEYIdxp+IuY2qhfznF7Yr+Sy4Rn/2I3jkI+0KLf/PRG0xUkMMtzmhdFCoPWN2e46
	/cLW2ozIfOTLYLXSU990EPC1xKBU1AsqGV/rh28uJyArZpeVZ+XBwkwI2S8hrjcirNrN
	fktMx7BYgSANejnXimWeBNO+Esn1yBbN5nKkrDlQ0JT3wCof0+G6J5IIjG4InEvjgLY2
	sQxtrI+e3wrjj353oofcHOhF9XxyjaIEDQr7G9qESn2jLW1OKmDnoNxMlldw/9tYc8Ij
	R95x54L1vbyVickpg+0SIiFiWIMYzzGzlSo+Zu1GYzUFEu0o+Pq6QtsAtGtk1AGY8feQ
	03Lg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:message-id:from:to:cc:subject:date:in-reply-to
	:references;
	bh=ujyin/tVFAX3PCNdwZfUkexVMihEzuyWEOOsfxKHGzI=;
	b=jkg0zo0YfFvphDEMA10X8xH4TASpiH+L74+Gy0MHubb26cIQ3VqCHIHLFM5jOeRE61
	lxtb14bPWAYn15ZkvP4iLvTg8BiSz/pvOyy7NLkX38Fn24hnaAWNH8o4CgH5j9Vk5fs8
	BLOwa525CgiC2n0UY8pjz6uiGxhtKcFqYiKBFht0Ks8Z1zCCiEXj7KuA4R9900mb8E/l
	qJMxI8qfIyAyF4PbVuD8Dqh9dDKzD2XuwyW3EpKe9bcNxHBaDfp4vuS60Cvbx4fh/XCM
	KBu6VmCJrtQaUAluTjNB24p5bDGwEMXfwKea+YUemlKQrmNq1v0Mq4RVkvZqQnypnnlF
	jEmw==
X-Gm-Message-State: 
 ALyK8tK+0GC4JXSmzPEIXR2xYhfPw2EkncmDSRVY2Y52Dg8UsKtRrJH1e+Y5kaZKja+S5g==
X-Received: by 10.66.146.69 with SMTP id ta5mr65892592pab.157.1468969170144;
	Tue, 19 Jul 2016 15:59:30 -0700 (PDT)
Received: from localhost.localdomain
	([2404:c805:e00:4700:ae22:bff:fe29:e60c])
	by smtp.gmail.com with ESMTPSA id
	ff9sm6847100pac.5.2016.07.19.15.59.28
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 19 Jul 2016 15:59:29 -0700 (PDT)
Message-ID: <578eb0d1.e9b9420a.8694b.fc4c@mx.google.com>
X-Google-Original-Message-ID: <20160719225923.2195-1-me>
From: tom.ty89@gmail.com
X-Google-Original-From: me
To: tj@kernel.org, hare@suse.de
Cc: linux-ide@vger.kernel.org, linux-scsi@vger.kernel.org,
	Tom Yan <tom.ty89@gmail.com>
Subject: [PATCH v2] libata-scsi: fix read-only bits checking in
	ata_mselect_*()
Date: Wed, 20 Jul 2016 06:59:23 +0800
X-Mailer: git-send-email 2.9.0
In-Reply-To: <578eaead.0198620a.7cf53.28c1@mx.google.com>
References: <578eaead.0198620a.7cf53.28c1@mx.google.com>
Sender: linux-scsi-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-scsi.vger.kernel.org>
X-Mailing-List: linux-scsi@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Tom Yan <tom.ty89@gmail.com>

Commit 7780081c1f04 ("libata-scsi: Set information sense field for
invalid parameter") changed how ata_mselect_*() make sure read-only
bits are not modified. The new implementation introduced a bug that
the read-only bits in the byte that has a changeable bit will not
be checked.

Added the necessary check, with comments explaining the heuristic.

Signed-off-by: Tom Yan <tom.ty89@gmail.com>

diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c
index 06afe63..b47c3ce 100644
--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
@@ -3617,8 +3617,18 @@ static int ata_mselect_caching(struct ata_queued_cmd *qc,
 	 */
 	ata_msense_caching(dev->id, mpage, false);
 	for (i = 0; i < CACHE_MPAGE_LEN - 2; i++) {
-		if (i == 0)
-			continue;
+		/* Check the first byte */
+		if (i == 0) {
+			/* except the WCE bit */
+			if (mpage[i + 2] & 0xfb != buf[i] & 0xfb) {
+				*fp = i;
+				return -EINVAL;
+			} else {
+				continue;
+			}
+		}
+
+		/* Check the remaining bytes */
 		if (mpage[i + 2] != buf[i]) {
 			*fp = i;
 			return -EINVAL;
@@ -3672,8 +3682,18 @@ static int ata_mselect_control(struct ata_queued_cmd *qc,
 	 */
 	ata_msense_control(dev, mpage, false);
 	for (i = 0; i < CONTROL_MPAGE_LEN - 2; i++) {
-		if (i == 0)
-			continue;
+		/* Check the first byte */
+		if (i == 0) {
+			/* except the D_SENSE bit */
+			if (mpage[i + 2] & 0xfb != buf[i] & 0xfb) {
+				*fp = i;
+				return -EINVAL;
+			} else {
+				continue;
+			}
+		}
+
+		/* Check the remaining bytes */
 		if (mpage[2 + i] != buf[i]) {
 			*fp = i;
 			return -EINVAL;