[PATCH 0/1] *** CD-ROM: LBA bound check in mmc_ioctl_cdrom_read_data ***

[Felix Busch]

This introduces an upper-bound check for the Logical Block Address (LBA) in mmc_ioctl_cdrom_read_data 
within the CD-ROM driver. The change is motivated by two main reasons: first, there is currently no 
upper-bound check in place; second, adding this check can help improve execution performance.

There has already been a prior discussion on this topic about this check in mmc_ioctl_cdrom_read_data, 
but this patch follows a slight different approach, due a missunderstading in the SCSI-2 
documentation. (https://www.staff.uni-mainz.de/tacke/scsi/SCSI2-14.html)

Blocks are addressed here using a zero-based integer index. Therefore, it should be possible to check, 
that the LBA falls within the range 0 to N − 1, where N represents the total number of available blocks.

To get the number of blocks in mmc_ioctl_cdrom_read_data, a small inline function
has been added to access the capacity field of the scsi_cd struct, which already contains the
size in blocks available on the CD-ROM. The main reason for this addition is, that
it might be more performant accessing the value there, rather than recalculating the number 
of blocks again in mmc_ioctl_cdrom_read_data. Maybe there's another possibility of doing that, 
which I'm not aware of yet.

While examining the CD-ROM capacity, I noticed, that get_sectorsize changes the capacity value
by multiplying the current set value with four.
```
cd->capacity *= 4;
```
On the tested CD-ROM hardware, keeping this multiplication resulted in an incorrect CD-ROM capacity being reported.
With the line disabled, the capacity appears to be accurate. However, I'm not 100% sure whether this adjustment
may affect other hardware that rely on the original behavior.

One benefit of having an upper bound check for the LBA might be the execution duration of mmc_ioctl_cdrom_read_data.
With this check applied, mmc_ioctl_cdrom_read_data took an average of 0.2217 milliseconds, compared to 6.006 milliseconds
without the check. This performance improvement was observed specifically when the LBA exceeded the number of available
blocks, and the CD-ROM contained actual written data.

Thank you for your time.

Felix Busch (1):
CD-ROM: Additional LBA bound check

drivers/cdrom/cdrom.c |  7 +++++--
drivers/scsi/sr.c     | 12 +++++++++++-
include/linux/cdrom.h |  2 ++
3 files changed, 18 insertions(+), 3 deletions(-)

-- 
2.53.0