[PATCH] CDROM_SEND_PACKET bug
I just found Yet Another Bug in scsi_ioctl - CDROM_SEND_PACKET puts a kernel pointer in hdr->cmdp, where sg_io() expects to find user address. This worked up until recently because of the memcpy bug, but now it doesn't because we do the proper copy_from_user(). This fix undoes the user copy code from sg_io, and instead makes the SG_IO ioctl copy it locally. This makes SG_IO and CDROM_SEND_PACKET agree on the calling convention, and everybody is happy. I've tested that both cdrecord -dev=/dev/hdc -inq and cdrecord -dev=ATAPI:/dev/hdc -inq works now. The former will use SG_IO, the latter CDROM_SEND_PACKET (and incidentally would work in both 2.4 and 2.6, if it wasn't for CDROM_SEND_PACKET sucking badly in 2.4).
Showing
Please register or sign in to comment