From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1760490AbYGaAOb (ORCPT ); Wed, 30 Jul 2008 20:14:31 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1761293AbYGaANZ (ORCPT ); Wed, 30 Jul 2008 20:13:25 -0400 Received: from ns2.suse.de ([195.135.220.15]:36671 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1762815AbYGaANY (ORCPT ); Wed, 30 Jul 2008 20:13:24 -0400 Date: Wed, 30 Jul 2008 16:58:45 -0700 From: Greg KH To: linux-kernel@vger.kernel.org, stable@kernel.org, jejb@kernel.org Cc: Justin Forbes , Zwane Mwaikambo , "Theodore Ts'o" , Randy Dunlap , Dave Jones , Chuck Wolber , Chris Wedgwood , Michael Krufky , Chuck Ebbert , Domenico Andreoli , Willy Tarreau , Rodrigo Rubira Branco , Jake Edge , Eugene Teo , torvalds@linux-foundation.org, akpm@linux-foundation.org, alan@lxorguk.ukuu.org.uk, Michael Buesch , Jan Kara , Arnd Bergmann , Borislav Petkov , Bartlomiej Zolnierkiewicz , Harvey Harrison Subject: [patch 26/62] ide-cd: fix oops when using growisofs Message-ID: <20080730235845.GZ12896@suse.de> References: <20080730233050.332789722@mini.kroah.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline; filename="ide-cd-fix-oops-when-using-growisofs.patch" In-Reply-To: <20080730234915.GA12426@suse.de> User-Agent: Mutt/1.5.16 (2007-06-09) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 2.6.26 -stable review patch. If anyone has any objections, please let us know. ------------------ From: Jens Axboe commit e8e7b9eb11c34ee18bde8b7011af41938d1ad667 upstream cdrom_read_capacity() will blindly return the capacity from the device without sanity-checking it. This later causes code in fs/buffer.c to oops. Fix this by checking that the device is telling us sensible things. From: Jens Axboe Cc: Michael Buesch Cc: Jan Kara Cc: Arnd Bergmann Cc: Borislav Petkov Signed-off-by: Andrew Morton [bart: print device name instead of driver name] Signed-off-by: Bartlomiej Zolnierkiewicz [harvey: blocklen is a big-endian value] Signed-off-by: Harvey Harrison Signed-off-by: Bartlomiej Zolnierkiewicz Signed-off-by: Greg Kroah-Hartman --- drivers/ide/ide-cd.c | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) --- a/drivers/ide/ide-cd.c +++ b/drivers/ide/ide-cd.c @@ -1308,13 +1308,30 @@ static int cdrom_read_capacity(ide_drive req.cmd_flags |= REQ_QUIET; stat = ide_cd_queue_pc(drive, &req); - if (stat == 0) { - *capacity = 1 + be32_to_cpu(capbuf.lba); - *sectors_per_frame = - be32_to_cpu(capbuf.blocklen) >> SECTOR_BITS; + if (stat) + return stat; + + /* + * Sanity check the given block size + */ + switch (capbuf.blocklen) { + case __constant_cpu_to_be32(512): + case __constant_cpu_to_be32(1024): + case __constant_cpu_to_be32(2048): + case __constant_cpu_to_be32(4096): + break; + default: + printk(KERN_ERR "%s: weird block size %u\n", + drive->name, capbuf.blocklen); + printk(KERN_ERR "%s: default to 2kb block size\n", + drive->name); + capbuf.blocklen = __constant_cpu_to_be32(2048); + break; } - return stat; + *capacity = 1 + be32_to_cpu(capbuf.lba); + *sectors_per_frame = be32_to_cpu(capbuf.blocklen) >> SECTOR_BITS; + return 0; } static int cdrom_read_tocentry(ide_drive_t *drive, int trackno, int msf_flag, --