aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/cdrom/cdrom.c
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/cdrom/cdrom.c')
-rw-r--r--drivers/cdrom/cdrom.c274
1 files changed, 181 insertions, 93 deletions
diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
index 663a7f7dc580..ac3829030ac5 100644
--- a/drivers/cdrom/cdrom.c
+++ b/drivers/cdrom/cdrom.c
@@ -461,27 +461,37 @@ int cdrom_get_media_event(struct cdrom_device_info *cdi,
461 struct media_event_desc *med) 461 struct media_event_desc *med)
462{ 462{
463 struct packet_command cgc; 463 struct packet_command cgc;
464 unsigned char buffer[8]; 464 unsigned char *buffer;
465 struct event_header *eh = (struct event_header *) buffer; 465 struct event_header *eh;
466 int ret = 1;
467
468 buffer = kmalloc(8, GFP_KERNEL);
469 if (!buffer)
470 return -ENOMEM;
466 471
467 init_cdrom_command(&cgc, buffer, sizeof(buffer), CGC_DATA_READ); 472 eh = (struct event_header *)buffer;
473
474 init_cdrom_command(&cgc, buffer, 8, CGC_DATA_READ);
468 cgc.cmd[0] = GPCMD_GET_EVENT_STATUS_NOTIFICATION; 475 cgc.cmd[0] = GPCMD_GET_EVENT_STATUS_NOTIFICATION;
469 cgc.cmd[1] = 1; /* IMMED */ 476 cgc.cmd[1] = 1; /* IMMED */
470 cgc.cmd[4] = 1 << 4; /* media event */ 477 cgc.cmd[4] = 1 << 4; /* media event */
471 cgc.cmd[8] = sizeof(buffer); 478 cgc.cmd[8] = 8;
472 cgc.quiet = 1; 479 cgc.quiet = 1;
473 480
474 if (cdi->ops->generic_packet(cdi, &cgc)) 481 if (cdi->ops->generic_packet(cdi, &cgc))
475 return 1; 482 goto err;
476 483
477 if (be16_to_cpu(eh->data_len) < sizeof(*med)) 484 if (be16_to_cpu(eh->data_len) < sizeof(*med))
478 return 1; 485 goto err;
479 486
480 if (eh->nea || eh->notification_class != 0x4) 487 if (eh->nea || eh->notification_class != 0x4)
481 return 1; 488 goto err;
482 489
483 memcpy(med, &buffer[sizeof(*eh)], sizeof(*med)); 490 memcpy(med, buffer + sizeof(*eh), sizeof(*med));
484 return 0; 491 ret = 0;
492err:
493 kfree(buffer);
494 return ret;
485} 495}
486 496
487/* 497/*
@@ -491,68 +501,82 @@ int cdrom_get_media_event(struct cdrom_device_info *cdi,
491static int cdrom_mrw_probe_pc(struct cdrom_device_info *cdi) 501static int cdrom_mrw_probe_pc(struct cdrom_device_info *cdi)
492{ 502{
493 struct packet_command cgc; 503 struct packet_command cgc;
494 char buffer[16]; 504 char *buffer;
505 int ret = 1;
506
507 buffer = kmalloc(16, GFP_KERNEL);
508 if (!buffer)
509 return -ENOMEM;
495 510
496 init_cdrom_command(&cgc, buffer, sizeof(buffer), CGC_DATA_READ); 511 init_cdrom_command(&cgc, buffer, 16, CGC_DATA_READ);
497 512
498 cgc.timeout = HZ; 513 cgc.timeout = HZ;
499 cgc.quiet = 1; 514 cgc.quiet = 1;
500 515
501 if (!cdrom_mode_sense(cdi, &cgc, MRW_MODE_PC, 0)) { 516 if (!cdrom_mode_sense(cdi, &cgc, MRW_MODE_PC, 0)) {
502 cdi->mrw_mode_page = MRW_MODE_PC; 517 cdi->mrw_mode_page = MRW_MODE_PC;
503 return 0; 518 ret = 0;
504 } else if (!cdrom_mode_sense(cdi, &cgc, MRW_MODE_PC_PRE1, 0)) { 519 } else if (!cdrom_mode_sense(cdi, &cgc, MRW_MODE_PC_PRE1, 0)) {
505 cdi->mrw_mode_page = MRW_MODE_PC_PRE1; 520 cdi->mrw_mode_page = MRW_MODE_PC_PRE1;
506 return 0; 521 ret = 0;
507 } 522 }
508 523 kfree(buffer);
509 return 1; 524 return ret;
510} 525}
511 526
512static int cdrom_is_mrw(struct cdrom_device_info *cdi, int *write) 527static int cdrom_is_mrw(struct cdrom_device_info *cdi, int *write)
513{ 528{
514 struct packet_command cgc; 529 struct packet_command cgc;
515 struct mrw_feature_desc *mfd; 530 struct mrw_feature_desc *mfd;
516 unsigned char buffer[16]; 531 unsigned char *buffer;
517 int ret; 532 int ret;
518 533
519 *write = 0; 534 *write = 0;
535 buffer = kmalloc(16, GFP_KERNEL);
536 if (!buffer)
537 return -ENOMEM;
520 538
521 init_cdrom_command(&cgc, buffer, sizeof(buffer), CGC_DATA_READ); 539 init_cdrom_command(&cgc, buffer, 16, CGC_DATA_READ);
522 540
523 cgc.cmd[0] = GPCMD_GET_CONFIGURATION; 541 cgc.cmd[0] = GPCMD_GET_CONFIGURATION;
524 cgc.cmd[3] = CDF_MRW; 542 cgc.cmd[3] = CDF_MRW;
525 cgc.cmd[8] = sizeof(buffer); 543 cgc.cmd[8] = 16;
526 cgc.quiet = 1; 544 cgc.quiet = 1;
527 545
528 if ((ret = cdi->ops->generic_packet(cdi, &cgc))) 546 if ((ret = cdi->ops->generic_packet(cdi, &cgc)))
529 return ret; 547 goto err;
530 548
531 mfd = (struct mrw_feature_desc *)&buffer[sizeof(struct feature_header)]; 549 mfd = (struct mrw_feature_desc *)&buffer[sizeof(struct feature_header)];
532 if (be16_to_cpu(mfd->feature_code) != CDF_MRW) 550 if (be16_to_cpu(mfd->feature_code) != CDF_MRW) {
533 return 1; 551 ret = 1;
552 goto err;
553 }
534 *write = mfd->write; 554 *write = mfd->write;
535 555
536 if ((ret = cdrom_mrw_probe_pc(cdi))) { 556 if ((ret = cdrom_mrw_probe_pc(cdi))) {
537 *write = 0; 557 *write = 0;
538 return ret;
539 } 558 }
540 559err:
541 return 0; 560 kfree(buffer);
561 return ret;
542} 562}
543 563
544static int cdrom_mrw_bgformat(struct cdrom_device_info *cdi, int cont) 564static int cdrom_mrw_bgformat(struct cdrom_device_info *cdi, int cont)
545{ 565{
546 struct packet_command cgc; 566 struct packet_command cgc;
547 unsigned char buffer[12]; 567 unsigned char *buffer;
548 int ret; 568 int ret;
549 569
550 printk(KERN_INFO "cdrom: %sstarting format\n", cont ? "Re" : ""); 570 printk(KERN_INFO "cdrom: %sstarting format\n", cont ? "Re" : "");
551 571
572 buffer = kmalloc(12, GFP_KERNEL);
573 if (!buffer)
574 return -ENOMEM;
575
552 /* 576 /*
553 * FmtData bit set (bit 4), format type is 1 577 * FmtData bit set (bit 4), format type is 1
554 */ 578 */
555 init_cdrom_command(&cgc, buffer, sizeof(buffer), CGC_DATA_WRITE); 579 init_cdrom_command(&cgc, buffer, 12, CGC_DATA_WRITE);
556 cgc.cmd[0] = GPCMD_FORMAT_UNIT; 580 cgc.cmd[0] = GPCMD_FORMAT_UNIT;
557 cgc.cmd[1] = (1 << 4) | 1; 581 cgc.cmd[1] = (1 << 4) | 1;
558 582
@@ -579,6 +603,7 @@ static int cdrom_mrw_bgformat(struct cdrom_device_info *cdi, int cont)
579 if (ret) 603 if (ret)
580 printk(KERN_INFO "cdrom: bgformat failed\n"); 604 printk(KERN_INFO "cdrom: bgformat failed\n");
581 605
606 kfree(buffer);
582 return ret; 607 return ret;
583} 608}
584 609
@@ -638,16 +663,17 @@ static int cdrom_mrw_set_lba_space(struct cdrom_device_info *cdi, int space)
638{ 663{
639 struct packet_command cgc; 664 struct packet_command cgc;
640 struct mode_page_header *mph; 665 struct mode_page_header *mph;
641 char buffer[16]; 666 char *buffer;
642 int ret, offset, size; 667 int ret, offset, size;
643 668
644 init_cdrom_command(&cgc, buffer, sizeof(buffer), CGC_DATA_READ); 669 buffer = kmalloc(16, GFP_KERNEL);
670 if (!buffer)
671 return -ENOMEM;
645 672
646 cgc.buffer = buffer; 673 init_cdrom_command(&cgc, buffer, 16, CGC_DATA_READ);
647 cgc.buflen = sizeof(buffer);
648 674
649 if ((ret = cdrom_mode_sense(cdi, &cgc, cdi->mrw_mode_page, 0))) 675 if ((ret = cdrom_mode_sense(cdi, &cgc, cdi->mrw_mode_page, 0)))
650 return ret; 676 goto err;
651 677
652 mph = (struct mode_page_header *) buffer; 678 mph = (struct mode_page_header *) buffer;
653 offset = be16_to_cpu(mph->desc_length); 679 offset = be16_to_cpu(mph->desc_length);
@@ -657,55 +683,70 @@ static int cdrom_mrw_set_lba_space(struct cdrom_device_info *cdi, int space)
657 cgc.buflen = size; 683 cgc.buflen = size;
658 684
659 if ((ret = cdrom_mode_select(cdi, &cgc))) 685 if ((ret = cdrom_mode_select(cdi, &cgc)))
660 return ret; 686 goto err;
661 687
662 printk(KERN_INFO "cdrom: %s: mrw address space %s selected\n", cdi->name, mrw_address_space[space]); 688 printk(KERN_INFO "cdrom: %s: mrw address space %s selected\n", cdi->name, mrw_address_space[space]);
663 return 0; 689 ret = 0;
690err:
691 kfree(buffer);
692 return ret;
664} 693}
665 694
666static int cdrom_get_random_writable(struct cdrom_device_info *cdi, 695static int cdrom_get_random_writable(struct cdrom_device_info *cdi,
667 struct rwrt_feature_desc *rfd) 696 struct rwrt_feature_desc *rfd)
668{ 697{
669 struct packet_command cgc; 698 struct packet_command cgc;
670 char buffer[24]; 699 char *buffer;
671 int ret; 700 int ret;
672 701
673 init_cdrom_command(&cgc, buffer, sizeof(buffer), CGC_DATA_READ); 702 buffer = kmalloc(24, GFP_KERNEL);
703 if (!buffer)
704 return -ENOMEM;
705
706 init_cdrom_command(&cgc, buffer, 24, CGC_DATA_READ);
674 707
675 cgc.cmd[0] = GPCMD_GET_CONFIGURATION; /* often 0x46 */ 708 cgc.cmd[0] = GPCMD_GET_CONFIGURATION; /* often 0x46 */
676 cgc.cmd[3] = CDF_RWRT; /* often 0x0020 */ 709 cgc.cmd[3] = CDF_RWRT; /* often 0x0020 */
677 cgc.cmd[8] = sizeof(buffer); /* often 0x18 */ 710 cgc.cmd[8] = 24; /* often 0x18 */
678 cgc.quiet = 1; 711 cgc.quiet = 1;
679 712
680 if ((ret = cdi->ops->generic_packet(cdi, &cgc))) 713 if ((ret = cdi->ops->generic_packet(cdi, &cgc)))
681 return ret; 714 goto err;
682 715
683 memcpy(rfd, &buffer[sizeof(struct feature_header)], sizeof (*rfd)); 716 memcpy(rfd, &buffer[sizeof(struct feature_header)], sizeof (*rfd));
684 return 0; 717 ret = 0;
718err:
719 kfree(buffer);
720 return ret;
685} 721}
686 722
687static int cdrom_has_defect_mgt(struct cdrom_device_info *cdi) 723static int cdrom_has_defect_mgt(struct cdrom_device_info *cdi)
688{ 724{
689 struct packet_command cgc; 725 struct packet_command cgc;
690 char buffer[16]; 726 char *buffer;
691 __be16 *feature_code; 727 __be16 *feature_code;
692 int ret; 728 int ret;
693 729
694 init_cdrom_command(&cgc, buffer, sizeof(buffer), CGC_DATA_READ); 730 buffer = kmalloc(16, GFP_KERNEL);
731 if (!buffer)
732 return -ENOMEM;
733
734 init_cdrom_command(&cgc, buffer, 16, CGC_DATA_READ);
695 735
696 cgc.cmd[0] = GPCMD_GET_CONFIGURATION; 736 cgc.cmd[0] = GPCMD_GET_CONFIGURATION;
697 cgc.cmd[3] = CDF_HWDM; 737 cgc.cmd[3] = CDF_HWDM;
698 cgc.cmd[8] = sizeof(buffer); 738 cgc.cmd[8] = 16;
699 cgc.quiet = 1; 739 cgc.quiet = 1;
700 740
701 if ((ret = cdi->ops->generic_packet(cdi, &cgc))) 741 if ((ret = cdi->ops->generic_packet(cdi, &cgc)))
702 return ret; 742 goto err;
703 743
704 feature_code = (__be16 *) &buffer[sizeof(struct feature_header)]; 744 feature_code = (__be16 *) &buffer[sizeof(struct feature_header)];
705 if (be16_to_cpu(*feature_code) == CDF_HWDM) 745 if (be16_to_cpu(*feature_code) == CDF_HWDM)
706 return 0; 746 ret = 0;
707 747err:
708 return 1; 748 kfree(buffer);
749 return ret;
709} 750}
710 751
711 752
@@ -796,10 +837,14 @@ static int cdrom_mrw_open_write(struct cdrom_device_info *cdi)
796static int mo_open_write(struct cdrom_device_info *cdi) 837static int mo_open_write(struct cdrom_device_info *cdi)
797{ 838{
798 struct packet_command cgc; 839 struct packet_command cgc;
799 char buffer[255]; 840 char *buffer;
800 int ret; 841 int ret;
801 842
802 init_cdrom_command(&cgc, &buffer, 4, CGC_DATA_READ); 843 buffer = kmalloc(255, GFP_KERNEL);
844 if (!buffer)
845 return -ENOMEM;
846
847 init_cdrom_command(&cgc, buffer, 4, CGC_DATA_READ);
803 cgc.quiet = 1; 848 cgc.quiet = 1;
804 849
805 /* 850 /*
@@ -816,10 +861,15 @@ static int mo_open_write(struct cdrom_device_info *cdi)
816 } 861 }
817 862
818 /* drive gave us no info, let the user go ahead */ 863 /* drive gave us no info, let the user go ahead */
819 if (ret) 864 if (ret) {
820 return 0; 865 ret = 0;
866 goto err;
867 }
821 868
822 return buffer[3] & 0x80; 869 ret = buffer[3] & 0x80;
870err:
871 kfree(buffer);
872 return ret;
823} 873}
824 874
825static int cdrom_ram_open_write(struct cdrom_device_info *cdi) 875static int cdrom_ram_open_write(struct cdrom_device_info *cdi)
@@ -842,15 +892,19 @@ static int cdrom_ram_open_write(struct cdrom_device_info *cdi)
842static void cdrom_mmc3_profile(struct cdrom_device_info *cdi) 892static void cdrom_mmc3_profile(struct cdrom_device_info *cdi)
843{ 893{
844 struct packet_command cgc; 894 struct packet_command cgc;
845 char buffer[32]; 895 char *buffer;
846 int ret, mmc3_profile; 896 int ret, mmc3_profile;
847 897
848 init_cdrom_command(&cgc, buffer, sizeof(buffer), CGC_DATA_READ); 898 buffer = kmalloc(32, GFP_KERNEL);
899 if (!buffer)
900 return;
901
902 init_cdrom_command(&cgc, buffer, 32, CGC_DATA_READ);
849 903
850 cgc.cmd[0] = GPCMD_GET_CONFIGURATION; 904 cgc.cmd[0] = GPCMD_GET_CONFIGURATION;
851 cgc.cmd[1] = 0; 905 cgc.cmd[1] = 0;
852 cgc.cmd[2] = cgc.cmd[3] = 0; /* Starting Feature Number */ 906 cgc.cmd[2] = cgc.cmd[3] = 0; /* Starting Feature Number */
853 cgc.cmd[8] = sizeof(buffer); /* Allocation Length */ 907 cgc.cmd[8] = 32; /* Allocation Length */
854 cgc.quiet = 1; 908 cgc.quiet = 1;
855 909
856 if ((ret = cdi->ops->generic_packet(cdi, &cgc))) 910 if ((ret = cdi->ops->generic_packet(cdi, &cgc)))
@@ -859,6 +913,7 @@ static void cdrom_mmc3_profile(struct cdrom_device_info *cdi)
859 mmc3_profile = (buffer[6] << 8) | buffer[7]; 913 mmc3_profile = (buffer[6] << 8) | buffer[7];
860 914
861 cdi->mmc3_profile = mmc3_profile; 915 cdi->mmc3_profile = mmc3_profile;
916 kfree(buffer);
862} 917}
863 918
864static int cdrom_is_dvd_rw(struct cdrom_device_info *cdi) 919static int cdrom_is_dvd_rw(struct cdrom_device_info *cdi)
@@ -1573,12 +1628,15 @@ static void setup_send_key(struct packet_command *cgc, unsigned agid, unsigned t
1573static int dvd_do_auth(struct cdrom_device_info *cdi, dvd_authinfo *ai) 1628static int dvd_do_auth(struct cdrom_device_info *cdi, dvd_authinfo *ai)
1574{ 1629{
1575 int ret; 1630 int ret;
1576 u_char buf[20]; 1631 u_char *buf;
1577 struct packet_command cgc; 1632 struct packet_command cgc;
1578 struct cdrom_device_ops *cdo = cdi->ops; 1633 struct cdrom_device_ops *cdo = cdi->ops;
1579 rpc_state_t rpc_state; 1634 rpc_state_t *rpc_state;
1635
1636 buf = kzalloc(20, GFP_KERNEL);
1637 if (!buf)
1638 return -ENOMEM;
1580 1639
1581 memset(buf, 0, sizeof(buf));
1582 init_cdrom_command(&cgc, buf, 0, CGC_DATA_READ); 1640 init_cdrom_command(&cgc, buf, 0, CGC_DATA_READ);
1583 1641
1584 switch (ai->type) { 1642 switch (ai->type) {
@@ -1589,7 +1647,7 @@ static int dvd_do_auth(struct cdrom_device_info *cdi, dvd_authinfo *ai)
1589 setup_report_key(&cgc, ai->lsa.agid, 0); 1647 setup_report_key(&cgc, ai->lsa.agid, 0);
1590 1648
1591 if ((ret = cdo->generic_packet(cdi, &cgc))) 1649 if ((ret = cdo->generic_packet(cdi, &cgc)))
1592 return ret; 1650 goto err;
1593 1651
1594 ai->lsa.agid = buf[7] >> 6; 1652 ai->lsa.agid = buf[7] >> 6;
1595 /* Returning data, let host change state */ 1653 /* Returning data, let host change state */
@@ -1600,7 +1658,7 @@ static int dvd_do_auth(struct cdrom_device_info *cdi, dvd_authinfo *ai)
1600 setup_report_key(&cgc, ai->lsk.agid, 2); 1658 setup_report_key(&cgc, ai->lsk.agid, 2);
1601 1659
1602 if ((ret = cdo->generic_packet(cdi, &cgc))) 1660 if ((ret = cdo->generic_packet(cdi, &cgc)))
1603 return ret; 1661 goto err;
1604 1662
1605 copy_key(ai->lsk.key, &buf[4]); 1663 copy_key(ai->lsk.key, &buf[4]);
1606 /* Returning data, let host change state */ 1664 /* Returning data, let host change state */
@@ -1611,7 +1669,7 @@ static int dvd_do_auth(struct cdrom_device_info *cdi, dvd_authinfo *ai)
1611 setup_report_key(&cgc, ai->lsc.agid, 1); 1669 setup_report_key(&cgc, ai->lsc.agid, 1);
1612 1670
1613 if ((ret = cdo->generic_packet(cdi, &cgc))) 1671 if ((ret = cdo->generic_packet(cdi, &cgc)))
1614 return ret; 1672 goto err;
1615 1673
1616 copy_chal(ai->lsc.chal, &buf[4]); 1674 copy_chal(ai->lsc.chal, &buf[4]);
1617 /* Returning data, let host change state */ 1675 /* Returning data, let host change state */
@@ -1628,7 +1686,7 @@ static int dvd_do_auth(struct cdrom_device_info *cdi, dvd_authinfo *ai)
1628 cgc.cmd[2] = ai->lstk.lba >> 24; 1686 cgc.cmd[2] = ai->lstk.lba >> 24;
1629 1687
1630 if ((ret = cdo->generic_packet(cdi, &cgc))) 1688 if ((ret = cdo->generic_packet(cdi, &cgc)))
1631 return ret; 1689 goto err;
1632 1690
1633 ai->lstk.cpm = (buf[4] >> 7) & 1; 1691 ai->lstk.cpm = (buf[4] >> 7) & 1;
1634 ai->lstk.cp_sec = (buf[4] >> 6) & 1; 1692 ai->lstk.cp_sec = (buf[4] >> 6) & 1;
@@ -1642,7 +1700,7 @@ static int dvd_do_auth(struct cdrom_device_info *cdi, dvd_authinfo *ai)
1642 setup_report_key(&cgc, ai->lsasf.agid, 5); 1700 setup_report_key(&cgc, ai->lsasf.agid, 5);
1643 1701
1644 if ((ret = cdo->generic_packet(cdi, &cgc))) 1702 if ((ret = cdo->generic_packet(cdi, &cgc)))
1645 return ret; 1703 goto err;
1646 1704
1647 ai->lsasf.asf = buf[7] & 1; 1705 ai->lsasf.asf = buf[7] & 1;
1648 break; 1706 break;
@@ -1655,7 +1713,7 @@ static int dvd_do_auth(struct cdrom_device_info *cdi, dvd_authinfo *ai)
1655 copy_chal(&buf[4], ai->hsc.chal); 1713 copy_chal(&buf[4], ai->hsc.chal);
1656 1714
1657 if ((ret = cdo->generic_packet(cdi, &cgc))) 1715 if ((ret = cdo->generic_packet(cdi, &cgc)))
1658 return ret; 1716 goto err;
1659 1717
1660 ai->type = DVD_LU_SEND_KEY1; 1718 ai->type = DVD_LU_SEND_KEY1;
1661 break; 1719 break;
@@ -1668,7 +1726,7 @@ static int dvd_do_auth(struct cdrom_device_info *cdi, dvd_authinfo *ai)
1668 1726
1669 if ((ret = cdo->generic_packet(cdi, &cgc))) { 1727 if ((ret = cdo->generic_packet(cdi, &cgc))) {
1670 ai->type = DVD_AUTH_FAILURE; 1728 ai->type = DVD_AUTH_FAILURE;
1671 return ret; 1729 goto err;
1672 } 1730 }
1673 ai->type = DVD_AUTH_ESTABLISHED; 1731 ai->type = DVD_AUTH_ESTABLISHED;
1674 break; 1732 break;
@@ -1679,24 +1737,23 @@ static int dvd_do_auth(struct cdrom_device_info *cdi, dvd_authinfo *ai)
1679 cdinfo(CD_DVD, "entering DVD_INVALIDATE_AGID\n"); 1737 cdinfo(CD_DVD, "entering DVD_INVALIDATE_AGID\n");
1680 setup_report_key(&cgc, ai->lsa.agid, 0x3f); 1738 setup_report_key(&cgc, ai->lsa.agid, 0x3f);
1681 if ((ret = cdo->generic_packet(cdi, &cgc))) 1739 if ((ret = cdo->generic_packet(cdi, &cgc)))
1682 return ret; 1740 goto err;
1683 break; 1741 break;
1684 1742
1685 /* Get region settings */ 1743 /* Get region settings */
1686 case DVD_LU_SEND_RPC_STATE: 1744 case DVD_LU_SEND_RPC_STATE:
1687 cdinfo(CD_DVD, "entering DVD_LU_SEND_RPC_STATE\n"); 1745 cdinfo(CD_DVD, "entering DVD_LU_SEND_RPC_STATE\n");
1688 setup_report_key(&cgc, 0, 8); 1746 setup_report_key(&cgc, 0, 8);
1689 memset(&rpc_state, 0, sizeof(rpc_state_t));
1690 cgc.buffer = (char *) &rpc_state;
1691 1747
1692 if ((ret = cdo->generic_packet(cdi, &cgc))) 1748 if ((ret = cdo->generic_packet(cdi, &cgc)))
1693 return ret; 1749 goto err;
1694 1750
1695 ai->lrpcs.type = rpc_state.type_code; 1751 rpc_state = (rpc_state_t *)buf;
1696 ai->lrpcs.vra = rpc_state.vra; 1752 ai->lrpcs.type = rpc_state->type_code;
1697 ai->lrpcs.ucca = rpc_state.ucca; 1753 ai->lrpcs.vra = rpc_state->vra;
1698 ai->lrpcs.region_mask = rpc_state.region_mask; 1754 ai->lrpcs.ucca = rpc_state->ucca;
1699 ai->lrpcs.rpc_scheme = rpc_state.rpc_scheme; 1755 ai->lrpcs.region_mask = rpc_state->region_mask;
1756 ai->lrpcs.rpc_scheme = rpc_state->rpc_scheme;
1700 break; 1757 break;
1701 1758
1702 /* Set region settings */ 1759 /* Set region settings */
@@ -1707,20 +1764,23 @@ static int dvd_do_auth(struct cdrom_device_info *cdi, dvd_authinfo *ai)
1707 buf[4] = ai->hrpcs.pdrc; 1764 buf[4] = ai->hrpcs.pdrc;
1708 1765
1709 if ((ret = cdo->generic_packet(cdi, &cgc))) 1766 if ((ret = cdo->generic_packet(cdi, &cgc)))
1710 return ret; 1767 goto err;
1711 break; 1768 break;
1712 1769
1713 default: 1770 default:
1714 cdinfo(CD_WARNING, "Invalid DVD key ioctl (%d)\n", ai->type); 1771 cdinfo(CD_WARNING, "Invalid DVD key ioctl (%d)\n", ai->type);
1715 return -ENOTTY; 1772 ret = -ENOTTY;
1773 goto err;
1716 } 1774 }
1717 1775 ret = 0;
1718 return 0; 1776err:
1777 kfree(buf);
1778 return ret;
1719} 1779}
1720 1780
1721static int dvd_read_physical(struct cdrom_device_info *cdi, dvd_struct *s) 1781static int dvd_read_physical(struct cdrom_device_info *cdi, dvd_struct *s)
1722{ 1782{
1723 unsigned char buf[21], *base; 1783 unsigned char *buf, *base;
1724 struct dvd_layer *layer; 1784 struct dvd_layer *layer;
1725 struct packet_command cgc; 1785 struct packet_command cgc;
1726 struct cdrom_device_ops *cdo = cdi->ops; 1786 struct cdrom_device_ops *cdo = cdi->ops;
@@ -1729,7 +1789,11 @@ static int dvd_read_physical(struct cdrom_device_info *cdi, dvd_struct *s)
1729 if (layer_num >= DVD_LAYERS) 1789 if (layer_num >= DVD_LAYERS)
1730 return -EINVAL; 1790 return -EINVAL;
1731 1791
1732 init_cdrom_command(&cgc, buf, sizeof(buf), CGC_DATA_READ); 1792 buf = kmalloc(21, GFP_KERNEL);
1793 if (!buf)
1794 return -ENOMEM;
1795
1796 init_cdrom_command(&cgc, buf, 21, CGC_DATA_READ);
1733 cgc.cmd[0] = GPCMD_READ_DVD_STRUCTURE; 1797 cgc.cmd[0] = GPCMD_READ_DVD_STRUCTURE;
1734 cgc.cmd[6] = layer_num; 1798 cgc.cmd[6] = layer_num;
1735 cgc.cmd[7] = s->type; 1799 cgc.cmd[7] = s->type;
@@ -1741,7 +1805,7 @@ static int dvd_read_physical(struct cdrom_device_info *cdi, dvd_struct *s)
1741 cgc.quiet = 1; 1805 cgc.quiet = 1;
1742 1806
1743 if ((ret = cdo->generic_packet(cdi, &cgc))) 1807 if ((ret = cdo->generic_packet(cdi, &cgc)))
1744 return ret; 1808 goto err;
1745 1809
1746 base = &buf[4]; 1810 base = &buf[4];
1747 layer = &s->physical.layer[layer_num]; 1811 layer = &s->physical.layer[layer_num];
@@ -1765,17 +1829,24 @@ static int dvd_read_physical(struct cdrom_device_info *cdi, dvd_struct *s)
1765 layer->end_sector_l0 = base[13] << 16 | base[14] << 8 | base[15]; 1829 layer->end_sector_l0 = base[13] << 16 | base[14] << 8 | base[15];
1766 layer->bca = base[16] >> 7; 1830 layer->bca = base[16] >> 7;
1767 1831
1768 return 0; 1832 ret = 0;
1833err:
1834 kfree(buf);
1835 return ret;
1769} 1836}
1770 1837
1771static int dvd_read_copyright(struct cdrom_device_info *cdi, dvd_struct *s) 1838static int dvd_read_copyright(struct cdrom_device_info *cdi, dvd_struct *s)
1772{ 1839{
1773 int ret; 1840 int ret;
1774 u_char buf[8]; 1841 u_char *buf;
1775 struct packet_command cgc; 1842 struct packet_command cgc;
1776 struct cdrom_device_ops *cdo = cdi->ops; 1843 struct cdrom_device_ops *cdo = cdi->ops;
1777 1844
1778 init_cdrom_command(&cgc, buf, sizeof(buf), CGC_DATA_READ); 1845 buf = kmalloc(8, GFP_KERNEL);
1846 if (!buf)
1847 return -ENOMEM;
1848
1849 init_cdrom_command(&cgc, buf, 8, CGC_DATA_READ);
1779 cgc.cmd[0] = GPCMD_READ_DVD_STRUCTURE; 1850 cgc.cmd[0] = GPCMD_READ_DVD_STRUCTURE;
1780 cgc.cmd[6] = s->copyright.layer_num; 1851 cgc.cmd[6] = s->copyright.layer_num;
1781 cgc.cmd[7] = s->type; 1852 cgc.cmd[7] = s->type;
@@ -1783,12 +1854,15 @@ static int dvd_read_copyright(struct cdrom_device_info *cdi, dvd_struct *s)
1783 cgc.cmd[9] = cgc.buflen & 0xff; 1854 cgc.cmd[9] = cgc.buflen & 0xff;
1784 1855
1785 if ((ret = cdo->generic_packet(cdi, &cgc))) 1856 if ((ret = cdo->generic_packet(cdi, &cgc)))
1786 return ret; 1857 goto err;
1787 1858
1788 s->copyright.cpst = buf[4]; 1859 s->copyright.cpst = buf[4];
1789 s->copyright.rmi = buf[5]; 1860 s->copyright.rmi = buf[5];
1790 1861
1791 return 0; 1862 ret = 0;
1863err:
1864 kfree(buf);
1865 return ret;
1792} 1866}
1793 1867
1794static int dvd_read_disckey(struct cdrom_device_info *cdi, dvd_struct *s) 1868static int dvd_read_disckey(struct cdrom_device_info *cdi, dvd_struct *s)
@@ -1820,26 +1894,33 @@ static int dvd_read_disckey(struct cdrom_device_info *cdi, dvd_struct *s)
1820static int dvd_read_bca(struct cdrom_device_info *cdi, dvd_struct *s) 1894static int dvd_read_bca(struct cdrom_device_info *cdi, dvd_struct *s)
1821{ 1895{
1822 int ret; 1896 int ret;
1823 u_char buf[4 + 188]; 1897 u_char *buf;
1824 struct packet_command cgc; 1898 struct packet_command cgc;
1825 struct cdrom_device_ops *cdo = cdi->ops; 1899 struct cdrom_device_ops *cdo = cdi->ops;
1826 1900
1827 init_cdrom_command(&cgc, buf, sizeof(buf), CGC_DATA_READ); 1901 buf = kmalloc(4 + 188, GFP_KERNEL);
1902 if (!buf)
1903 return -ENOMEM;
1904
1905 init_cdrom_command(&cgc, buf, 4 + 188, CGC_DATA_READ);
1828 cgc.cmd[0] = GPCMD_READ_DVD_STRUCTURE; 1906 cgc.cmd[0] = GPCMD_READ_DVD_STRUCTURE;
1829 cgc.cmd[7] = s->type; 1907 cgc.cmd[7] = s->type;
1830 cgc.cmd[9] = cgc.buflen & 0xff; 1908 cgc.cmd[9] = cgc.buflen & 0xff;
1831 1909
1832 if ((ret = cdo->generic_packet(cdi, &cgc))) 1910 if ((ret = cdo->generic_packet(cdi, &cgc)))
1833 return ret; 1911 goto err;
1834 1912
1835 s->bca.len = buf[0] << 8 | buf[1]; 1913 s->bca.len = buf[0] << 8 | buf[1];
1836 if (s->bca.len < 12 || s->bca.len > 188) { 1914 if (s->bca.len < 12 || s->bca.len > 188) {
1837 cdinfo(CD_WARNING, "Received invalid BCA length (%d)\n", s->bca.len); 1915 cdinfo(CD_WARNING, "Received invalid BCA length (%d)\n", s->bca.len);
1838 return -EIO; 1916 ret = -EIO;
1917 goto err;
1839 } 1918 }
1840 memcpy(s->bca.value, &buf[4], s->bca.len); 1919 memcpy(s->bca.value, &buf[4], s->bca.len);
1841 1920 ret = 0;
1842 return 0; 1921err:
1922 kfree(buf);
1923 return ret;
1843} 1924}
1844 1925
1845static int dvd_read_manufact(struct cdrom_device_info *cdi, dvd_struct *s) 1926static int dvd_read_manufact(struct cdrom_device_info *cdi, dvd_struct *s)
@@ -1939,9 +2020,13 @@ static int cdrom_read_subchannel(struct cdrom_device_info *cdi,
1939{ 2020{
1940 struct cdrom_device_ops *cdo = cdi->ops; 2021 struct cdrom_device_ops *cdo = cdi->ops;
1941 struct packet_command cgc; 2022 struct packet_command cgc;
1942 char buffer[32]; 2023 char *buffer;
1943 int ret; 2024 int ret;
1944 2025
2026 buffer = kmalloc(32, GFP_KERNEL);
2027 if (!buffer)
2028 return -ENOMEM;
2029
1945 init_cdrom_command(&cgc, buffer, 16, CGC_DATA_READ); 2030 init_cdrom_command(&cgc, buffer, 16, CGC_DATA_READ);
1946 cgc.cmd[0] = GPCMD_READ_SUBCHANNEL; 2031 cgc.cmd[0] = GPCMD_READ_SUBCHANNEL;
1947 cgc.cmd[1] = 2; /* MSF addressing */ 2032 cgc.cmd[1] = 2; /* MSF addressing */
@@ -1950,7 +2035,7 @@ static int cdrom_read_subchannel(struct cdrom_device_info *cdi,
1950 cgc.cmd[8] = 16; 2035 cgc.cmd[8] = 16;
1951 2036
1952 if ((ret = cdo->generic_packet(cdi, &cgc))) 2037 if ((ret = cdo->generic_packet(cdi, &cgc)))
1953 return ret; 2038 goto err;
1954 2039
1955 subchnl->cdsc_audiostatus = cgc.buffer[1]; 2040 subchnl->cdsc_audiostatus = cgc.buffer[1];
1956 subchnl->cdsc_format = CDROM_MSF; 2041 subchnl->cdsc_format = CDROM_MSF;
@@ -1965,7 +2050,10 @@ static int cdrom_read_subchannel(struct cdrom_device_info *cdi,
1965 subchnl->cdsc_absaddr.msf.second = cgc.buffer[10]; 2050 subchnl->cdsc_absaddr.msf.second = cgc.buffer[10];
1966 subchnl->cdsc_absaddr.msf.frame = cgc.buffer[11]; 2051 subchnl->cdsc_absaddr.msf.frame = cgc.buffer[11];
1967 2052
1968 return 0; 2053 ret = 0;
2054err:
2055 kfree(buffer);
2056 return ret;
1969} 2057}
1970 2058
1971/* 2059/*