[PATCH v2 1/2] [PATCH] cdrom: extra upper bound check for logical block address.

[Felix Busch]

Hi Phillip,

Thank you for your feedback. I’ve updated everything based on your suggestions and hope
I’ve covered them all.

It has been built and run and tested in the following:

1) This has been tested on a real CD-ROM with 700MB capacity, containing 2097151
sectors in my case. Since 2097151 is not divisible by a blocksize of 2048, the if condition is not satisfied.

2) When using a smaller emulated CD-ROM with QEMU with the same blocksize,
the if condition is triggered when having a too big logical block addresses. For example, this occurs when minutes,
seconds, and frames are set to UINT8_MAX via an ioctl call.

According to this SCSI-2 spec, chapter 14 on this web page (date 23.2.2026):
https://www.staff.uni-mainz.de/tacke/scsi/SCSI2-introduction.html

They are stating:
"
Logical addressing of CD-ROM information may use any logical block length. When the specified logical block
length is an exact divisor or integral multiple of the selected number of bytes per CD-ROM sector,
the device shall map (one to one) the bytes transferred from CD-ROM sectors to the bytes of logical blocks.
For instance, if 2 048 bytes are transferred from each CD-ROM sector (specified by the CD-ROM density code value),
and the logical block length is 512 bytes, then each CD-ROM sector shall map to exactly four logical blocks.
This International Standard does not define the mapping of logical block lengths which do not evenly divide
or are not exact multiples of the selected number of bytes per CD-ROM sector.
"

So, I do refer to this SCSI-2 spec.
Using this information it's possible to use logical_blocks = cd_nr_sectors / blocksize to get the number of blocks that are be able to read due to this mapping.
For now, I decided using this special checking only, due to the given statement in the SCSI-2 spec.

If lba > blocksize * (logical_blocks - 1), then it should not be possible to continue reading a full block, because then, as I understand,
it would "overflow" the region it can read from the disk.

Thanks for your time!

Felix


To: Phillip Potter <phil@xxxxxxxxxxxxxxxx>
Cc: linux-kernel@xxxxxxxxxxxxxxx
Signed-off-by: Felix Busch <felixbusch470@xxxxxxxxx>

---
Changes in v2:
- Reviewer feedback.
- Link to v1: https://lore.kernel.org/r/20260222-cdrom-additional-lba-check-v1-1-5f5e9f0c0fa4@xxxxxxxxx

--- b4-submit-tracking ---
# This section is used internally by b4 prep for tracking purposes.
{
  "series": {
    "revision": 2,
    "change-id": "20260222-cdrom-additional-lba-check-2c88d18599d0",
    "prefixes": [],
    "history": {
      "v1": [
        "20260222-cdrom-additional-lba-check-v1-1-5f5e9f0c0fa4@xxxxxxxxx"
      ]
    }
  }
}
-- 
2.53.0