+++ This bug was initially created as a clone of Bug #457025 +++ Description of problem: cdrom_read_capacity() will blindly return the capacity from the device without sanity-checking it. This later causes code in fs/buffer.c to oops. Fix this by checking that the device is telling us sensible things. -- Additional comment from eteo on 2008-07-29 06:07 EST -- Proposed upstream patch: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e8e7b9eb11c34ee18bde8b7011af41938d1ad667 -- Additional comment from eteo on 2008-07-29 06:10 EST -- With reference to http://lkml.org/lkml/2008/6/22/90, problem was triggered by running "genisoimage -C 16,737776 -M /dev/fd/3 -R -J foobar | builtin_dd of=/dev/dvd obs=32k seek=46111" on a ppc64 machine.
Queued for -76.
There's a follow-up patch that fixes a bug in commit e8e7b9eb11c34ee18bde8b7011af41938d1ad667. Please update your backported fix to include commit 938bb03d188a1e688fb0bcae49788f540193e80a. Thanks.
Created attachment 316252 [details] Patch for MRG 2.6.24.7-79 Queued for -79
Verified that the patch suggested and mentioned here is implemented in the mrg-rt.git as commit 983c4d7544545e2e28f783857e23539a964d9651 and 07878972d7cfba17c577f7a41bc357f7120836c2, available in the mrg-rt-2.6.24.7-81. Not been able to reproduce on -74 yet.
Finally got a machine with DVD burner. Tried the reproducer in a number of variants. Since builtin_dd do not exists, I used dd instead - syntax seemed to be the same. No luck triggering the bug at all, neither on 2.6.24.7-74rt nor 2.6.24.7-81rt :(
(In reply to comment #6) > Finally got a machine with DVD burner. Tried the reproducer in a number of > variants. Since builtin_dd do not exists, I used dd instead - syntax seemed to > be the same. > > No luck triggering the bug at all, neither on 2.6.24.7-74rt nor 2.6.24.7-81rt > :( Code review should be sufficient for this.
After comments, moved to verified.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2008-0857.html