kern/22664: [PATCH] mounting an audio CD causes kernel panic

[ Available lists | Index of freebsd-bugs | Month of Nov 2000 | Week of 7 Nov 2000 | Raw email | View thread | Wrap long lines | Reply | Tag ]
From
George Reid <greid@ukug.uk.freebsd.org>
Date
7 Nov 2000 10:31:11
Subject
kern/22664: [PATCH] mounting an audio CD causes kernel panic
Message-ID
Pine.BSF.4.21.0011071822110.356-100000@sobek.nevernet.net


[ Hide this part ] 
 
>Number:         22664
>Category:       kern
>Synopsis:       [PATCH] mounting an audio CD causes kernel panic
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 07 10:30:01 PST 2000
>Closed-Date:
>Last-Modified:
>Originator:     George Reid
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
FreeBSD UK User Group
>Environment:
 
FreeBSD-5.0-CURRENT i386
 
>Description:
 
Wrongly trying to mount an audio CD causes a kernel panic. I discovered
this by when I tried to mount the wrong drive and lost a document I was
working on. Whoops.
 
The included patch adds a new ioctl, CDIOCGETMEDIUM to
/sys/dev/ata/atapi-cd.c (and /sys/sys/cdio.h) to retrieve the medium
information from the kernel. The patch to mount_cd9660.c adds support for
utilising this ioctl to check for people-who-do-bad-things-as-root.
 
>How-To-Repeat:
 
Try to mount an audio CD as if it were a data CD.
 
>Fix:
 
[PATCH 1: /sys/dev/ata/atapi-cd.c]
--- atapi-cd.c.orig	Tue Nov  7 00:42:38 2000
+++ atapi-cd.c		Tue Nov  7 18:12:10 2000
@@ -995,6 +995,14 @@
 	error = acd_setchan(cdp, CHANNEL_1, CHANNEL_1, 0, 0);
 	break;
 
+    case CDIOCGETMEDIUM:
+	{
+		struct ioc_medium *m = (struct ioc_medium *)addr;
+		m->data_length = cdp->cap.data_length;
+		m->medium_type = cdp->cap.medium_type;
+	}
+	break;
+
     case CDRIOCBLANK:
 	error = acd_blank(cdp);
 	break;
 
[PATCH 2: /sys/sys/cdio.h]
--- cdio.h.orig	Tue Nov  7 00:48:31 2000
+++ cdio.h	Tue Nov  7 18:21:00 2000
@@ -283,4 +283,29 @@
 
 #define CDIOCREADAUDIO _IOWR('c',31,struct ioc_read_audio)
 
+struct ioc_medium
+{
+	u_int16_t   data_length;
+	u_int8_t    medium_type;
+#define MST_TYPE_MASK_LOW	0x0f
+#define MST_FMT_NONE		0x00
+#define MST_DATA_120		0x01
+#define MST_AUDIO_120		0x02
+#define MST_COMB_120		0x03
+#define MST_PHOTO_120		0x04
+#define MST_DATA_80		0x05
+#define MST_AUDIO_80		0x06
+#define MST_COMB_80		0x07
+#define MST_PHOTO_80		0x08
+#define MST_TYPE_MASK_HIGH	0x70
+#define MST_CDROM		0x00
+#define MST_CDR			0x10
+#define MST_CDRW		0x20
+#define MST_NO_DISC		0x70
+#define MST_DOOR_OPEN		0x71
+#define MST_FMT_ERROR		0x72
+};
+
+#define CDIOCGETMEDIUM _IOWR('c',32,struct ioc_medium)
+
 #endif /* !_SYS_CDIO_H_ */
 
[PATCH 3: /usr/src/sys/sbin/mount_cd9660/mount_cd9660.c]
--- mount_cd9660.c.orig	Tue Nov  7 01:01:42 2000
+++ mount_cd9660.c	Tue Nov  7 18:17:13 2000
@@ -145,6 +145,11 @@
 	args.export.ex_root = DEFAULT_ROOTUID;
 	args.flags = opts;
 
+	switch(is_medium_data(dev)) {
+		case -1:	errx(EX_OSERR, "error reading medium type!");
+		case 0:		errx(EX_DATAERR, "medium type is not data!");
+	}
+
 	if (args.ssector == -1) {
 		/*
 		 * The start of the session has not been specified on
@@ -228,4 +233,28 @@
 		return -1;
 
 	return ntohl(toc_buffer[i].addr.lba);
+}
+
+int
+is_medium_data(const char *dev)
+{
+	struct ioc_medium m;
+	int fd;
+
+	if ((fd = open(dev, O_RDONLY)) == -1)
+		return -1;
+	if (ioctl(fd, CDIOCGETMEDIUM, &m) == -1) {
+		perror("ioctl");
+		close(fd);
+		return -1;
+	}
+	close(fd);
+	switch (m.medium_type & MST_TYPE_MASK_LOW)
+	{
+		case MST_DATA_120:	return(1);
+		case MST_COMB_120:	return(1);
+		case MST_DATA_80:	return(1);
+		case MST_COMB_80:	return(1);
+	}
+	return(0);
 }
 
 
>Release-Note:
>Audit-Trail:
>Unformatted:
 
 
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Elapsed time: 0.080 seconds