Re: [syzbot] [usb-storage?] divide error in isd200_ata_command

From: Oliver Neukum
Date: Wed Feb 28 2024 - 11:25:13 EST

Next message: Bjorn Helgaas: "Re: [PATCH v9] PCI/DPC: Ignore Surprise Down error on hot removal"
Previous message: Yury Norov: "Re: [PATCH net-next v5 07/21] linkmode: convert linkmode_{test,set,clear,mod}_bit() to macros"
In reply to: Alan Stern: "Re: [syzbot] [usb-storage?] divide error in isd200_ata_command"
Next in thread: Alan Stern: "Re: [syzbot] [usb-storage?] divide error in isd200_ata_command"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 26.02.24 19:13, Alan Stern wrote:

It oopses here:

} else {
if (!id[ATA_ID_SECTORS] || !id[ATA_ID_HEADS])
goto too_early;

Those two lines are debugging code you added, right?

Yes, sorry about that.

sectnum = (u8)((lba % id[ATA_ID_SECTORS]) + 1);
cylinder = (u16)(lba / (id[ATA_ID_SECTORS] *
id[ATA_ID_HEADS]));

in isd200_scsi_to_ata() because it must not be called before isd200_get_inquiry_data()
has completed.

It can't be; isd200_get_inquiry_data is called by isd200_Initialization
during probe before any SCSI commands are transmitted.

So, you are concluding that the bisection is spurious because
without that patch the SCSI layer would see a capacity of zero
and not even try to read anything?

Regards
Oliver

Next message: Bjorn Helgaas: "Re: [PATCH v9] PCI/DPC: Ignore Surprise Down error on hot removal"
Previous message: Yury Norov: "Re: [PATCH net-next v5 07/21] linkmode: convert linkmode_{test,set,clear,mod}_bit() to macros"
In reply to: Alan Stern: "Re: [syzbot] [usb-storage?] divide error in isd200_ata_command"
Next in thread: Alan Stern: "Re: [syzbot] [usb-storage?] divide error in isd200_ata_command"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]