tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

xsysace: Fix dereferencing of cf_id after hd_driveid removal

Commit 4aaf2fec718f6fbf38668edf733a0ab09a49cab1 (xsysace: make it
'struct hd_driveid'-free) converted the cf_id member of 'struct
ace_device' from a 'struct hd_driveid' to a u16 array. However,
references to the base of the structure were still using the '&'
operator. When the address was used with the ata_id_u32() macro, the
compiler used the size of the entire array instead of sizeof(u16) to
calculate the offset from the base address.

This patch removes the use of the '&' operator from all references of
cf_id to fix the bug and remove future confusion.

Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>

authored by

Grant Likely and committed by
Bartlomiej Zolnierkiewicz f0edef8c fb4252e5

+6 -6
+6 -6
drivers/block/xsysace.c
··· 563 563 case ACE_FSM_STATE_IDENTIFY_PREPARE: 564 564 /* Send identify command */ 565 565 ace->fsm_task = ACE_TASK_IDENTIFY; 566 - ace->data_ptr = &ace->cf_id; 566 + ace->data_ptr = ace->cf_id; 567 567 ace->data_count = ACE_BUF_PER_SECTOR; 568 568 ace_out(ace, ACE_SECCNTCMD, ACE_SECCNTCMD_IDENTIFY); 569 569 ··· 608 608 break; 609 609 610 610 case ACE_FSM_STATE_IDENTIFY_COMPLETE: 611 - ace_fix_driveid(&ace->cf_id[0]); 612 - ace_dump_mem(&ace->cf_id, 512); /* Debug: Dump out disk ID */ 611 + ace_fix_driveid(ace->cf_id); 612 + ace_dump_mem(ace->cf_id, 512); /* Debug: Dump out disk ID */ 613 613 614 614 if (ace->data_result) { 615 615 /* Error occured, disable the disk */ ··· 622 622 623 623 /* Record disk parameters */ 624 624 set_capacity(ace->gd, 625 - ata_id_u32(&ace->cf_id, ATA_ID_LBA_CAPACITY)); 625 + ata_id_u32(ace->cf_id, ATA_ID_LBA_CAPACITY)); 626 626 dev_info(ace->dev, "capacity: %i sectors\n", 627 - ata_id_u32(&ace->cf_id, ATA_ID_LBA_CAPACITY)); 627 + ata_id_u32(ace->cf_id, ATA_ID_LBA_CAPACITY)); 628 628 } 629 629 630 630 /* We're done, drop to IDLE state and notify waiters */ ··· 923 923 static int ace_getgeo(struct block_device *bdev, struct hd_geometry *geo) 924 924 { 925 925 struct ace_device *ace = bdev->bd_disk->private_data; 926 - u16 *cf_id = &ace->cf_id[0]; 926 + u16 *cf_id = ace->cf_id; 927 927 928 928 dev_dbg(ace->dev, "ace_getgeo()\n"); 929 929