From cffab6bc5511cd6f67a60bf16b62de4267b68c4c Mon Sep 17 00:00:00 2001 From: Peter Oberparleiter Date: Mon, 19 Jul 2010 09:22:35 +0200 Subject: [PATCH 1/3] [S390] dasd: use correct label location for diag fba disks Partition boundary calculation fails for DASD FBA disks under the following conditions: - disk is formatted with CMS FORMAT with a blocksize of more than 512 bytes - all of the disk is reserved to a single CMS file using CMS RESERVE - the disk is accessed using the DIAG mode of the DASD driver Under these circumstances, the partition detection code tries to read the CMS label block containing partition-relevant information from logical block offset 1, while it is in fact located at physical block offset 1. Fix this problem by using the correct CMS label block location depending on the device type as determined by the DASD SENSE ID information. Signed-off-by: Peter Oberparleiter Signed-off-by: Martin Schwidefsky --- fs/partitions/ibm.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/fs/partitions/ibm.c b/fs/partitions/ibm.c index 3e73de5967ff9..fc8497643fd08 100644 --- a/fs/partitions/ibm.c +++ b/fs/partitions/ibm.c @@ -74,6 +74,7 @@ int ibm_partition(struct parsed_partitions *state) } *label; unsigned char *data; Sector sect; + sector_t labelsect; res = 0; blocksize = bdev_logical_block_size(bdev); @@ -97,11 +98,20 @@ int ibm_partition(struct parsed_partitions *state) ioctl_by_bdev(bdev, HDIO_GETGEO, (unsigned long)geo) != 0) goto out_freeall; + /* + * Special case for FBA disks: label sector does not depend on + * blocksize. + */ + if ((info->cu_type == 0x6310 && info->dev_type == 0x9336) || + (info->cu_type == 0x3880 && info->dev_type == 0x3370)) + labelsect = info->label_block; + else + labelsect = info->label_block * (blocksize >> 9); + /* * Get volume label, extract name and type. */ - data = read_part_sector(state, info->label_block*(blocksize/512), - §); + data = read_part_sector(state, labelsect, §); if (data == NULL) goto out_readerr; From 0abccf77402af44855da739b439d01cfb65b4bfd Mon Sep 17 00:00:00 2001 From: Stefan Haberland Date: Mon, 19 Jul 2010 09:22:36 +0200 Subject: [PATCH 2/3] [S390] add missing device put The dasd_alias_show function does not return a device reference in case the device is an alias. Signed-off-by: Stefan Haberland Signed-off-by: Martin Schwidefsky --- drivers/s390/block/dasd_devmap.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/s390/block/dasd_devmap.c b/drivers/s390/block/dasd_devmap.c index 34d51dd4c5390..bed7b4634ccd4 100644 --- a/drivers/s390/block/dasd_devmap.c +++ b/drivers/s390/block/dasd_devmap.c @@ -948,8 +948,10 @@ static ssize_t dasd_alias_show(struct device *dev, if (device->discipline && device->discipline->get_uid && !device->discipline->get_uid(device, &uid)) { if (uid.type == UA_BASE_PAV_ALIAS || - uid.type == UA_HYPER_PAV_ALIAS) + uid.type == UA_HYPER_PAV_ALIAS) { + dasd_put_device(device); return sprintf(buf, "1\n"); + } } dasd_put_device(device); From 878c495644be28cc881e7ee792f00fd879a1ebf9 Mon Sep 17 00:00:00 2001 From: Sebastian Ott Date: Mon, 19 Jul 2010 09:22:37 +0200 Subject: [PATCH 3/3] [S390] cio: fix potential overflow in chpid descriptor The length filed in the chsc response block (if valid) has a value of n*(sizeof(chp_desc))+8 (for the response block header). When we memcopied from the response block to the actual descriptor we copied 8 bytes too much. The bug was not revealed since the descriptor is embedded in struct channel_path. Since we only write one descriptor at a time ignore the length value and use sizeof(*desc). Signed-off-by: Sebastian Ott Signed-off-by: Martin Schwidefsky --- drivers/s390/cio/chsc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/s390/cio/chsc.c b/drivers/s390/cio/chsc.c index ce7cb87479fe3..407d0e9adfaf9 100644 --- a/drivers/s390/cio/chsc.c +++ b/drivers/s390/cio/chsc.c @@ -713,7 +713,7 @@ int chsc_determine_base_channel_path_desc(struct chp_id chpid, ret = chsc_determine_channel_path_desc(chpid, 0, 0, 0, 0, chsc_resp); if (ret) goto out_free; - memcpy(desc, &chsc_resp->data, chsc_resp->length); + memcpy(desc, &chsc_resp->data, sizeof(*desc)); out_free: kfree(chsc_resp); return ret;