summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJens Axboe <jens.axboe@oracle.com>2008-07-24 22:05:15 +0000
committerGreg Kroah-Hartman <gregkh@suse.de>2008-08-01 11:50:46 -0700
commitdf8b6217e65519f9cdc8aea5bd5003fc54e58ce6 (patch)
tree414fc60cc5f236ee2a20d6c575a7679597fa65d4
parent9b7bca7cc5bc852fb7c1a4137912c5f549b8bf7b (diff)
ide-cd: fix oops when using growisofs
commit e8e7b9eb11c34ee18bde8b7011af41938d1ad667 upstream cdrom_read_capacity() will blindly return the capacity from the device without sanity-checking it. This later causes code in fs/buffer.c to oops. Fix this by checking that the device is telling us sensible things. From: Jens Axboe <jens.axboe@oracle.com> Cc: Michael Buesch <mb@bu3sch.de> Cc: Jan Kara <jack@suse.cz> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Borislav Petkov <petkovbb@googlemail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> [bart: print device name instead of driver name] Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com> [harvey: blocklen is a big-endian value] Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r--drivers/ide/ide-cd.c27
1 files changed, 22 insertions, 5 deletions
diff --git a/drivers/ide/ide-cd.c b/drivers/ide/ide-cd.c
index c8d0e8715997..e54da025a31c 100644
--- a/drivers/ide/ide-cd.c
+++ b/drivers/ide/ide-cd.c
@@ -1421,13 +1421,30 @@ static int cdrom_read_capacity(ide_drive_t *drive, unsigned long *capacity,
req.cmd_flags |= REQ_QUIET;
stat = ide_cd_queue_pc(drive, &req);
- if (stat == 0) {
- *capacity = 1 + be32_to_cpu(capbuf.lba);
- *sectors_per_frame =
- be32_to_cpu(capbuf.blocklen) >> SECTOR_BITS;
+ if (stat)
+ return stat;
+
+ /*
+ * Sanity check the given block size
+ */
+ switch (capbuf.blocklen) {
+ case __constant_cpu_to_be32(512):
+ case __constant_cpu_to_be32(1024):
+ case __constant_cpu_to_be32(2048):
+ case __constant_cpu_to_be32(4096):
+ break;
+ default:
+ printk(KERN_ERR "%s: weird block size %u\n",
+ drive->name, capbuf.blocklen);
+ printk(KERN_ERR "%s: default to 2kb block size\n",
+ drive->name);
+ capbuf.blocklen = __constant_cpu_to_be32(2048);
+ break;
}
- return stat;
+ *capacity = 1 + be32_to_cpu(capbuf.lba);
+ *sectors_per_frame = be32_to_cpu(capbuf.blocklen) >> SECTOR_BITS;
+ return 0;
}
static int cdrom_read_tocentry(ide_drive_t *drive, int trackno, int msf_flag,