ide-cd: fix oops when using growisofs
authorJens Axboe <jens.axboe@oracle.com>
Thu, 24 Jul 2008 20:53:35 +0000 (22:53 +0200)
committerBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Thu, 24 Jul 2008 20:53:35 +0000 (22:53 +0200)
cdrom_read_capacity() will blindly return the capacity from the device
without sanity-checking it.  This later causes code in fs/buffer.c to
oops.

Fix this by checking that the device is telling us sensible things.

From: Jens Axboe <jens.axboe@oracle.com>
Cc: Michael Buesch <mb@bu3sch.de>
Cc: Jan Kara <jack@suse.cz>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: <stable@kernel.org>
Cc: Borislav Petkov <petkovbb@googlemail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
[bart: print device name instead of driver name]
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
[harvey: blocklen is a big-endian value]
Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
drivers/ide/ide-cd.c

index 8f253e5f26a8815d02498bb18552edbfb1cb6769..e617cf08aef67b882370f3f596694df2f465e3f4 100644 (file)
@@ -1311,13 +1311,30 @@ static int cdrom_read_capacity(ide_drive_t *drive, unsigned long *capacity,
 
        stat = ide_cd_queue_pc(drive, cmd, 0, &capbuf, &len, sense, 0,
                               REQ_QUIET);
-       if (stat == 0) {
-               *capacity = 1 + be32_to_cpu(capbuf.lba);
-               *sectors_per_frame =
-                       be32_to_cpu(capbuf.blocklen) >> SECTOR_BITS;
+       if (stat)
+               return stat;
+
+       /*
+        * Sanity check the given block size
+        */
+       switch (capbuf.blocklen) {
+       case __constant_cpu_to_be32(512):
+       case __constant_cpu_to_be32(1024):
+       case __constant_cpu_to_be32(2048):
+       case __constant_cpu_to_be32(4096):
+               break;
+       default:
+               printk(KERN_ERR "%s: weird block size %u\n",
+                       drive->name, capbuf.blocklen);
+               printk(KERN_ERR "%s: default to 2kb block size\n",
+                       drive->name);
+               capbuf.blocklen = __constant_cpu_to_be32(2048);
+               break;
        }
 
-       return stat;
+       *capacity = 1 + be32_to_cpu(capbuf.lba);
+       *sectors_per_frame = be32_to_cpu(capbuf.blocklen) >> SECTOR_BITS;
+       return 0;
 }
 
 static int cdrom_read_tocentry(ide_drive_t *drive, int trackno, int msf_flag,