Commit 4dd29fcb authored by Jens Axboe's avatar Jens Axboe Committed by Greg Kroah-Hartman

ide-cd: fix oops when using growisofs

commit e8e7b9eb upstream

cdrom_read_capacity() will blindly return the capacity from the device
without sanity-checking it.  This later causes code in fs/buffer.c to
oops.

Fix this by checking that the device is telling us sensible things.

From: Jens Axboe <jens.axboe@oracle.com>
Cc: Michael Buesch <mb@bu3sch.de>
Cc: Jan Kara <jack@suse.cz>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Borislav Petkov <petkovbb@googlemail.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
[bart: print device name instead of driver name]
Signed-off-by: default avatarBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
[harvey: blocklen is a big-endian value]
Signed-off-by: default avatarHarvey Harrison <harvey.harrison@gmail.com>
Signed-off-by: default avatarBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent 3ce75c55
...@@ -1308,13 +1308,30 @@ static int cdrom_read_capacity(ide_drive_t *drive, unsigned long *capacity, ...@@ -1308,13 +1308,30 @@ static int cdrom_read_capacity(ide_drive_t *drive, unsigned long *capacity,
req.cmd_flags |= REQ_QUIET; req.cmd_flags |= REQ_QUIET;
stat = ide_cd_queue_pc(drive, &req); stat = ide_cd_queue_pc(drive, &req);
if (stat == 0) { if (stat)
*capacity = 1 + be32_to_cpu(capbuf.lba); return stat;
*sectors_per_frame =
be32_to_cpu(capbuf.blocklen) >> SECTOR_BITS; /*
* Sanity check the given block size
*/
switch (capbuf.blocklen) {
case __constant_cpu_to_be32(512):
case __constant_cpu_to_be32(1024):
case __constant_cpu_to_be32(2048):
case __constant_cpu_to_be32(4096):
break;
default:
printk(KERN_ERR "%s: weird block size %u\n",
drive->name, capbuf.blocklen);
printk(KERN_ERR "%s: default to 2kb block size\n",
drive->name);
capbuf.blocklen = __constant_cpu_to_be32(2048);
break;
} }
return stat; *capacity = 1 + be32_to_cpu(capbuf.lba);
*sectors_per_frame = be32_to_cpu(capbuf.blocklen) >> SECTOR_BITS;
return 0;
} }
static int cdrom_read_tocentry(ide_drive_t *drive, int trackno, int msf_flag, static int cdrom_read_tocentry(ide_drive_t *drive, int trackno, int msf_flag,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment