Date: Tue, 7 Nov 2000 18:30:08 +0000 (GMT) From: George Reid <greid@ukug.uk.freebsd.org> To: FreeBSD-gnats-submit@freebsd.org Subject: kern/22664: [PATCH] mounting an audio CD causes kernel panic Message-ID: <Pine.BSF.4.21.0011071822110.356-100000@sobek.nevernet.net>
next in thread | raw e-mail | index | archive | help
>Number: 22664
>Category: kern
>Synopsis: [PATCH] mounting an audio CD causes kernel panic
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Nov 07 10:30:01 PST 2000
>Closed-Date:
>Last-Modified:
>Originator: George Reid
>Release: FreeBSD 5.0-CURRENT i386
>Organization:
FreeBSD UK User Group
>Environment:
FreeBSD-5.0-CURRENT i386
>Description:
Wrongly trying to mount an audio CD causes a kernel panic. I discovered
this by when I tried to mount the wrong drive and lost a document I was
working on. Whoops.
The included patch adds a new ioctl, CDIOCGETMEDIUM to
/sys/dev/ata/atapi-cd.c (and /sys/sys/cdio.h) to retrieve the medium
information from the kernel. The patch to mount_cd9660.c adds support for
utilising this ioctl to check for people-who-do-bad-things-as-root.
>How-To-Repeat:
Try to mount an audio CD as if it were a data CD.
>Fix:
[PATCH 1: /sys/dev/ata/atapi-cd.c]
--- atapi-cd.c.orig Tue Nov 7 00:42:38 2000
+++ atapi-cd.c Tue Nov 7 18:12:10 2000
@@ -995,6 +995,14 @@
error = acd_setchan(cdp, CHANNEL_1, CHANNEL_1, 0, 0);
break;
+ case CDIOCGETMEDIUM:
+ {
+ struct ioc_medium *m = (struct ioc_medium *)addr;
+ m->data_length = cdp->cap.data_length;
+ m->medium_type = cdp->cap.medium_type;
+ }
+ break;
+
case CDRIOCBLANK:
error = acd_blank(cdp);
break;
[PATCH 2: /sys/sys/cdio.h]
--- cdio.h.orig Tue Nov 7 00:48:31 2000
+++ cdio.h Tue Nov 7 18:21:00 2000
@@ -283,4 +283,29 @@
#define CDIOCREADAUDIO _IOWR('c',31,struct ioc_read_audio)
+struct ioc_medium
+{
+ u_int16_t data_length;
+ u_int8_t medium_type;
+#define MST_TYPE_MASK_LOW 0x0f
+#define MST_FMT_NONE 0x00
+#define MST_DATA_120 0x01
+#define MST_AUDIO_120 0x02
+#define MST_COMB_120 0x03
+#define MST_PHOTO_120 0x04
+#define MST_DATA_80 0x05
+#define MST_AUDIO_80 0x06
+#define MST_COMB_80 0x07
+#define MST_PHOTO_80 0x08
+#define MST_TYPE_MASK_HIGH 0x70
+#define MST_CDROM 0x00
+#define MST_CDR 0x10
+#define MST_CDRW 0x20
+#define MST_NO_DISC 0x70
+#define MST_DOOR_OPEN 0x71
+#define MST_FMT_ERROR 0x72
+};
+
+#define CDIOCGETMEDIUM _IOWR('c',32,struct ioc_medium)
+
#endif /* !_SYS_CDIO_H_ */
[PATCH 3: /usr/src/sys/sbin/mount_cd9660/mount_cd9660.c]
--- mount_cd9660.c.orig Tue Nov 7 01:01:42 2000
+++ mount_cd9660.c Tue Nov 7 18:17:13 2000
@@ -145,6 +145,11 @@
args.export.ex_root = DEFAULT_ROOTUID;
args.flags = opts;
+ switch(is_medium_data(dev)) {
+ case -1: errx(EX_OSERR, "error reading medium type!");
+ case 0: errx(EX_DATAERR, "medium type is not data!");
+ }
+
if (args.ssector == -1) {
/*
* The start of the session has not been specified on
@@ -228,4 +233,28 @@
return -1;
return ntohl(toc_buffer[i].addr.lba);
+}
+
+int
+is_medium_data(const char *dev)
+{
+ struct ioc_medium m;
+ int fd;
+
+ if ((fd = open(dev, O_RDONLY)) == -1)
+ return -1;
+ if (ioctl(fd, CDIOCGETMEDIUM, &m) == -1) {
+ perror("ioctl");
+ close(fd);
+ return -1;
+ }
+ close(fd);
+ switch (m.medium_type & MST_TYPE_MASK_LOW)
+ {
+ case MST_DATA_120: return(1);
+ case MST_COMB_120: return(1);
+ case MST_DATA_80: return(1);
+ case MST_COMB_80: return(1);
+ }
+ return(0);
}
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0011071822110.356-100000>