Re: [PATCH v2 1/2] [PATCH] cdrom: extra upper bound check for logical block address.

[Phillip Potter]

On Tue, Feb 24, 2026 at 05:16:12PM +0100, Felix Busch wrote:
> Hi Phillip,
> 
> Thank you for your feedback. I’ve updated everything based on your suggestions and hope
> I’ve covered them all.
> 
> It has been built and run and tested in the following:
> 
> 1) This has been tested on a real CD-ROM with 700MB capacity, containing 2097151
> sectors in my case. Since 2097151 is not divisible by a blocksize of 2048, the if condition is not satisfied.
> 
> 2) When using a smaller emulated CD-ROM with QEMU with the same blocksize,
> the if condition is triggered when having a too big logical block addresses. For example, this occurs when minutes,
> seconds, and frames are set to UINT8_MAX via an ioctl call.
> 
> According to this SCSI-2 spec, chapter 14 on this web page (date 23.2.2026):
> https://www.staff.uni-mainz.de/tacke/scsi/SCSI2-introduction.html
> 
> They are stating:
> "
> Logical addressing of CD-ROM information may use any logical block length. When the specified logical block
> length is an exact divisor or integral multiple of the selected number of bytes per CD-ROM sector,
> the device shall map (one to one) the bytes transferred from CD-ROM sectors to the bytes of logical blocks.
> For instance, if 2 048 bytes are transferred from each CD-ROM sector (specified by the CD-ROM density code value),
> and the logical block length is 512 bytes, then each CD-ROM sector shall map to exactly four logical blocks.
> This International Standard does not define the mapping of logical block lengths which do not evenly divide
> or are not exact multiples of the selected number of bytes per CD-ROM sector.
> "
> 
> So, I do refer to this SCSI-2 spec.
> Using this information it's possible to use logical_blocks = cd_nr_sectors / blocksize to get the number of blocks that are be able to read due to this mapping.
> For now, I decided using this special checking only, due to the given statement in the SCSI-2 spec.
> 
> If lba > blocksize * (logical_blocks - 1), then it should not be possible to continue reading a full block, because then, as I understand,
> it would "overflow" the region it can read from the disk.
>

I've seen your V3 - please make sure the relevant mailing list is copied
in when posting patches, as development is ideally done in the open. As
for that and for this version, I'm sorry but I'm still not convinced of
the approach unless I'm missing something.

You are taking units of two different things and dividing one by the
other. Dividing the number of sectors (2,097,151) by the detected
blocksize (2048 bytes) is not meaningful. The statement in the SCSI-2
spec simply refers to the difference between CD-ROM sector size in bytes
and the logical block size in bytes.

Here, you are dividing one thing (number of sectors) by another (block
size). Do you see what I mean?

Finally, please make sure cover letters of a patch series are labels
PATCH 0.

Regards,
Phil