diff options
author | Jens Axboe <jens.axboe@oracle.com> | 2008-07-24 22:05:15 +0000 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2008-08-01 12:43:04 -0700 |
commit | 4dd29fcba54bc036c8b702756713e25c089ba07c (patch) | |
tree | 2e644c6f4638ab362bf981f6d253117b87874022 | |
parent | 3ce75c55b46c23df8faeba4ad2c2e14dc94ffb16 (diff) | |
download | lwn-4dd29fcba54bc036c8b702756713e25c089ba07c.tar.gz lwn-4dd29fcba54bc036c8b702756713e25c089ba07c.zip |
ide-cd: fix oops when using growisofs
commit e8e7b9eb11c34ee18bde8b7011af41938d1ad667 upstream
cdrom_read_capacity() will blindly return the capacity from the device
without sanity-checking it. This later causes code in fs/buffer.c to
oops.
Fix this by checking that the device is telling us sensible things.
From: Jens Axboe <jens.axboe@oracle.com>
Cc: Michael Buesch <mb@bu3sch.de>
Cc: Jan Kara <jack@suse.cz>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Borislav Petkov <petkovbb@googlemail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
[bart: print device name instead of driver name]
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
[harvey: blocklen is a big-endian value]
Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r-- | drivers/ide/ide-cd.c | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/drivers/ide/ide-cd.c b/drivers/ide/ide-cd.c index 68e7f19dc036..0cc854eb9ccd 100644 --- a/drivers/ide/ide-cd.c +++ b/drivers/ide/ide-cd.c @@ -1308,13 +1308,30 @@ static int cdrom_read_capacity(ide_drive_t *drive, unsigned long *capacity, req.cmd_flags |= REQ_QUIET; stat = ide_cd_queue_pc(drive, &req); - if (stat == 0) { - *capacity = 1 + be32_to_cpu(capbuf.lba); - *sectors_per_frame = - be32_to_cpu(capbuf.blocklen) >> SECTOR_BITS; + if (stat) + return stat; + + /* + * Sanity check the given block size + */ + switch (capbuf.blocklen) { + case __constant_cpu_to_be32(512): + case __constant_cpu_to_be32(1024): + case __constant_cpu_to_be32(2048): + case __constant_cpu_to_be32(4096): + break; + default: + printk(KERN_ERR "%s: weird block size %u\n", + drive->name, capbuf.blocklen); + printk(KERN_ERR "%s: default to 2kb block size\n", + drive->name); + capbuf.blocklen = __constant_cpu_to_be32(2048); + break; } - return stat; + *capacity = 1 + be32_to_cpu(capbuf.lba); + *sectors_per_frame = be32_to_cpu(capbuf.blocklen) >> SECTOR_BITS; + return 0; } static int cdrom_read_tocentry(ide_drive_t *drive, int trackno, int msf_flag, |