From e8e7b9eb11c34ee18bde8b7011af41938d1ad667 Mon Sep 17 00:00:00 2001 From: Jens Axboe Date: Thu, 24 Jul 2008 22:53:35 +0200 Subject: [PATCH] ide-cd: fix oops when using growisofs cdrom_read_capacity() will blindly return the capacity from the device without sanity-checking it. This later causes code in fs/buffer.c to oops. Fix this by checking that the device is telling us sensible things. From: Jens Axboe Cc: Michael Buesch Cc: Jan Kara Cc: Arnd Bergmann Cc: Cc: Borislav Petkov Signed-off-by: Andrew Morton [bart: print device name instead of driver name] Signed-off-by: Bartlomiej Zolnierkiewicz [harvey: blocklen is a big-endian value] Signed-off-by: Harvey Harrison Signed-off-by: Bartlomiej Zolnierkiewicz --- drivers/ide/ide-cd.c | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/drivers/ide/ide-cd.c b/drivers/ide/ide-cd.c index 8f253e5f26a..e617cf08aef 100644 --- a/drivers/ide/ide-cd.c +++ b/drivers/ide/ide-cd.c @@ -1311,13 +1311,30 @@ static int cdrom_read_capacity(ide_drive_t *drive, unsigned long *capacity, stat = ide_cd_queue_pc(drive, cmd, 0, &capbuf, &len, sense, 0, REQ_QUIET); - if (stat == 0) { - *capacity = 1 + be32_to_cpu(capbuf.lba); - *sectors_per_frame = - be32_to_cpu(capbuf.blocklen) >> SECTOR_BITS; + if (stat) + return stat; + + /* + * Sanity check the given block size + */ + switch (capbuf.blocklen) { + case __constant_cpu_to_be32(512): + case __constant_cpu_to_be32(1024): + case __constant_cpu_to_be32(2048): + case __constant_cpu_to_be32(4096): + break; + default: + printk(KERN_ERR "%s: weird block size %u\n", + drive->name, capbuf.blocklen); + printk(KERN_ERR "%s: default to 2kb block size\n", + drive->name); + capbuf.blocklen = __constant_cpu_to_be32(2048); + break; } - return stat; + *capacity = 1 + be32_to_cpu(capbuf.lba); + *sectors_per_frame = be32_to_cpu(capbuf.blocklen) >> SECTOR_BITS; + return 0; } static int cdrom_read_tocentry(ide_drive_t *drive, int trackno, int msf_flag, -- 2.41.1