From greid@ukug.uk.freebsd.org  Tue Nov  7 10:27:25 2000
Return-Path: <greid@ukug.uk.freebsd.org>
Received: from mta03-svc.ntlworld.com (mta03-svc.ntlworld.com [62.253.162.43])
	by hub.freebsd.org (Postfix) with ESMTP id D1E0537B479
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  7 Nov 2000 10:27:24 -0800 (PST)
Received: from m710-mp1-cvx1b.gui.ntl.com ([62.252.10.198])
          by mta03-svc.ntlworld.com
          (InterMail vM.4.01.02.27 201-229-119-110) with ESMTP
          id <20001107182721.LBPU283.mta03-svc.ntlworld.com@m710-mp1-cvx1b.gui.ntl.com>
          for <FreeBSD-gnats-submit@freebsd.org>;
          Tue, 7 Nov 2000 18:27:21 +0000
Message-Id: <Pine.BSF.4.21.0011071822110.356-100000@sobek.nevernet.net>
Date: Tue, 7 Nov 2000 18:30:08 +0000 (GMT)
From: George Reid <greid@ukug.uk.freebsd.org>
To: FreeBSD-gnats-submit@freebsd.org
Subject: [PATCH] mounting an audio CD causes kernel panic

>Number:         22664
>Category:       kern
>Synopsis:       [PATCH] mounting an audio CD causes kernel panic
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 07 10:30:01 PST 2000
>Closed-Date:    Mon May 28 17:04:30 PDT 2001
>Last-Modified:  Mon May 28 17:06:48 PDT 2001
>Originator:     George Reid
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
FreeBSD UK User Group
>Environment:

FreeBSD-5.0-CURRENT i386

>Description:

Wrongly trying to mount an audio CD causes a kernel panic. I discovered
this by when I tried to mount the wrong drive and lost a document I was
working on. Whoops.

The included patch adds a new ioctl, CDIOCGETMEDIUM to
/sys/dev/ata/atapi-cd.c (and /sys/sys/cdio.h) to retrieve the medium
information from the kernel. The patch to mount_cd9660.c adds support for
utilising this ioctl to check for people-who-do-bad-things-as-root.

>How-To-Repeat:

Try to mount an audio CD as if it were a data CD.

>Fix:

[PATCH 1: /sys/dev/ata/atapi-cd.c]
--- atapi-cd.c.orig	Tue Nov  7 00:42:38 2000
+++ atapi-cd.c		Tue Nov  7 18:12:10 2000
@@ -995,6 +995,14 @@
 	error = acd_setchan(cdp, CHANNEL_1, CHANNEL_1, 0, 0);
 	break;
 
+    case CDIOCGETMEDIUM:
+	{
+		struct ioc_medium *m = (struct ioc_medium *)addr;
+		m->data_length = cdp->cap.data_length;
+		m->medium_type = cdp->cap.medium_type;
+	}
+	break;
+
     case CDRIOCBLANK:
 	error = acd_blank(cdp);
 	break;

[PATCH 2: /sys/sys/cdio.h]
--- cdio.h.orig	Tue Nov  7 00:48:31 2000
+++ cdio.h	Tue Nov  7 18:21:00 2000
@@ -283,4 +283,29 @@
 
 #define CDIOCREADAUDIO _IOWR('c',31,struct ioc_read_audio)
 
+struct ioc_medium
+{
+	u_int16_t   data_length;
+	u_int8_t    medium_type;
+#define MST_TYPE_MASK_LOW	0x0f
+#define MST_FMT_NONE		0x00
+#define MST_DATA_120		0x01
+#define MST_AUDIO_120		0x02
+#define MST_COMB_120		0x03
+#define MST_PHOTO_120		0x04
+#define MST_DATA_80		0x05
+#define MST_AUDIO_80		0x06
+#define MST_COMB_80		0x07
+#define MST_PHOTO_80		0x08
+#define MST_TYPE_MASK_HIGH	0x70
+#define MST_CDROM		0x00
+#define MST_CDR			0x10
+#define MST_CDRW		0x20
+#define MST_NO_DISC		0x70
+#define MST_DOOR_OPEN		0x71
+#define MST_FMT_ERROR		0x72
+};
+
+#define CDIOCGETMEDIUM _IOWR('c',32,struct ioc_medium)
+
 #endif /* !_SYS_CDIO_H_ */

[PATCH 3: /usr/src/sys/sbin/mount_cd9660/mount_cd9660.c]
--- mount_cd9660.c.orig	Tue Nov  7 01:01:42 2000
+++ mount_cd9660.c	Tue Nov  7 18:17:13 2000
@@ -145,6 +145,11 @@
 	args.export.ex_root = DEFAULT_ROOTUID;
 	args.flags = opts;
 
+	switch(is_medium_data(dev)) {
+		case -1:	errx(EX_OSERR, "error reading medium type!");
+		case 0:		errx(EX_DATAERR, "medium type is not data!");
+	}
+				
 	if (args.ssector == -1) {
 		/*
 		 * The start of the session has not been specified on
@@ -228,4 +233,28 @@
 		return -1;
 
 	return ntohl(toc_buffer[i].addr.lba);
+}
+
+int
+is_medium_data(const char *dev)
+{
+	struct ioc_medium m;
+	int fd;
+
+	if ((fd = open(dev, O_RDONLY)) == -1)
+		return -1;
+	if (ioctl(fd, CDIOCGETMEDIUM, &m) == -1) {
+		perror("ioctl");
+		close(fd);
+		return -1;
+	}
+	close(fd);
+	switch (m.medium_type & MST_TYPE_MASK_LOW)
+	{
+		case MST_DATA_120:	return(1);
+		case MST_COMB_120:	return(1);
+		case MST_DATA_80:	return(1);
+		case MST_COMB_80:	return(1);
+	}
+	return(0);
 }


>Release-Note:
>Audit-Trail:

From: Szilveszter Adam <sziszi@petra.hos.u-szeged.hu>
To: FreeBSD-gnats-submit@freebsd.org
Cc:  
Subject: Re: kern/22664: [PATCH] mounting an audio CD causes kernel panic
Date: Tue, 7 Nov 2000 19:52:25 +0100

 On Tue, Nov 07, 2000 at 06:30:08PM +0000, George Reid wrote:
 > 
 > >Number:         22664
 > >Category:       kern
 > >Synopsis:       [PATCH] mounting an audio CD causes kernel panic
 > >Confidential:   no
 > >Severity:       serious
 > >Priority:       low
 > >Responsible:    freebsd-bugs
 > >State:          open
 > >Quarter:        
 > >Keywords:       
 > >Date-Required:
 > >Class:          sw-bug
 > >Submitter-Id:   current-users
 > >Arrival-Date:   Tue Nov 07 10:30:01 PST 2000
 > >Closed-Date:
 > >Last-Modified:
 > >Originator:     George Reid
 > >Release:        FreeBSD 5.0-CURRENT i386
 > >Organization:
 > FreeBSD UK User Group
 > >Environment:
 > 
 > FreeBSD-5.0-CURRENT i386
 > 
 > >Description:
 > 
 > Wrongly trying to mount an audio CD causes a kernel panic. I discovered
 > this by when I tried to mount the wrong drive and lost a document I was
 > working on. Whoops.
 
 While we are here, would it be possible to fix a related problem with mixed
 mode CDs? (ie CDs that have both audio and data, like many audio CDs that
 include a multimedia part in the end) When I try to mount one, I either get:
 
 cd9660: Invalid argument or (just tried it:-( a cool trap12 panic.
 
 I am sure this worked in 3.x but not since I upgraded to 4.x and then
 -CURRENT. 
 
 Unfortunately, no patches for this one:-( 
 
 -- 
 Regards:
 
 Szilveszter ADAM
 Szeged University
 Szeged Hungary
 
State-Changed-From-To: open->closed 
State-Changed-By: greid 
State-Changed-When: Mon May 28 17:04:30 PDT 2001 
State-Changed-Why:  
This is no longer an issue for me (I am the submitter) 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=22664 
>Unformatted:
