Bug 457029

Summary: ide-cd: fix oops when using growisofs [rhel-3.9]
Product: Red Hat Enterprise Linux 3 Reporter: Eugene Teo (Security Response) <eteo>
Component: kernelAssignee: Don Howard <dhoward>
Status: CLOSED NOTABUG QA Contact: Martin Jenner <mjenner>
Severity: low Docs Contact:
Priority: low    
Version: 3.9CC: dhoward, eteo, lwang
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-10-29 07:11:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 457025    
Bug Blocks:    

Description Eugene Teo (Security Response) 2008-07-29 10:13:58 UTC 
+++ This bug was initially created as a clone of Bug #457025 +++

Description of problem:
cdrom_read_capacity() will blindly return the capacity from the device without
sanity-checking it.  This later causes code in fs/buffer.c to oops.

Fix this by checking that the device is telling us sensible things.

-- Additional comment from eteo on 2008-07-29 06:07 EST --
Proposed upstream patch:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e8e7b9eb11c34ee18bde8b7011af41938d1ad667

-- Additional comment from eteo on 2008-07-29 06:10 EST --
With reference to http://lkml.org/lkml/2008/6/22/90, problem was triggered by
running "genisoimage -C 16,737776 -M /dev/fd/3 -R -J foobar | builtin_dd
of=/dev/dvd obs=32k seek=46111" on a ppc64 machine.
Comment 1 Eugene Teo (Security Response) 2008-08-18 01:37:51 UTC 
There's a follow-up patch that fixes a bug in commit
e8e7b9eb11c34ee18bde8b7011af41938d1ad667. Please include commit
938bb03d188a1e688fb0bcae49788f540193e80a in your backported patch. Thanks.