Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 457028 - ide-cd: fix oops when using growisofs [rhel-4.8]
Summary: ide-cd: fix oops when using growisofs [rhel-4.8]
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel
Version: 4.8
Hardware: All
OS: Linux
low
low
Target Milestone: rc
: ---
Assignee: Mauro Carvalho Chehab
QA Contact: Martin Jenner
URL:
Whiteboard:
Depends On: 457025
Blocks: 461304
TreeView+ depends on / blocked
 
Reported: 2008-07-29 10:13 UTC by Eugene Teo (Security Response)
Modified: 2009-05-18 19:37 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-05-18 19:37:04 UTC
Target Upstream Version:


Attachments (Terms of Use)
Backport of mainstream patches (1.22 KB, patch)
2008-08-18 21:58 UTC, Mauro Carvalho Chehab
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2009:1024 0 normal SHIPPED_LIVE Important: Red Hat Enterprise Linux 4.8 kernel security and bug fix update 2009-05-18 14:57:26 UTC

Description Eugene Teo (Security Response) 2008-07-29 10:13:06 UTC
+++ This bug was initially created as a clone of Bug #457025 +++

Description of problem:
cdrom_read_capacity() will blindly return the capacity from the device without
sanity-checking it.  This later causes code in fs/buffer.c to oops.

Fix this by checking that the device is telling us sensible things.

-- Additional comment from eteo@redhat.com on 2008-07-29 06:07 EST --
Proposed upstream patch:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e8e7b9eb11c34ee18bde8b7011af41938d1ad667

-- Additional comment from eteo@redhat.com on 2008-07-29 06:10 EST --
With reference to http://lkml.org/lkml/2008/6/22/90, problem was triggered by
running "genisoimage -C 16,737776 -M /dev/fd/3 -R -J foobar | builtin_dd
of=/dev/dvd obs=32k seek=46111" on a ppc64 machine.

Comment 1 Eugene Teo (Security Response) 2008-08-18 01:37:34 UTC
There's a follow-up patch that fixes a bug in commit
e8e7b9eb11c34ee18bde8b7011af41938d1ad667. Please include commit
938bb03d188a1e688fb0bcae49788f540193e80a in your backported patch. Thanks.

Comment 2 Mauro Carvalho Chehab 2008-08-18 21:58:02 UTC
Created attachment 314499 [details]
Backport of mainstream patches

The attached patch is the backport of the upstream git patches.

On all tests I did here with RHEL4 with and without the patch, I couldn't reproduce the bug on i386. I suspect that it occurs only on some other architecture (the original report were on ppc64), or when the first DVD record has an unusual block size.

The patch were posted today.

Comment 3 RHEL Program Management 2008-09-03 13:17:05 UTC
Updating PM score.

Comment 4 Vivek Goyal 2009-01-07 14:37:01 UTC
Committed in 78.24.EL . RPMS are available at http://people.redhat.com/vgoyal/rhel4/

Comment 7 errata-xmlrpc 2009-05-18 19:37:04 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2009-1024.html


Note You need to log in before you can comment on or make changes to this bug.