mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-26 04:16:39 +00:00
[PATCH] Fix root hole in pktcdvd
ioctl_by_bdev may only be used INSIDE the kernel. If the "arg" argument refers to memory that is accessed by put_user/get_user in the ioctl function, the memory needs to be in the kernel address space (that's the set_fs(KERNEL_DS) doing in the ioctl_by_bdev). This works on i386 because even with set_fs(KERNEL_DS) the user space memory is still accessible with put_user/get_user. That is not true for s390. In short the ioctl implementation of the pktcdvd device driver is horribly broken. Signed-off-by: Peter Osterlund <petero2@telia.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This commit is contained in:
parent
739b21c70f
commit
6d608f690e
1 changed files with 2 additions and 2 deletions
|
@ -2400,7 +2400,7 @@ static int pkt_ioctl(struct inode *inode, struct file *file, unsigned int cmd, u
|
|||
case CDROM_LAST_WRITTEN:
|
||||
case CDROM_SEND_PACKET:
|
||||
case SCSI_IOCTL_SEND_COMMAND:
|
||||
return ioctl_by_bdev(pd->bdev, cmd, arg);
|
||||
return blkdev_ioctl(pd->bdev->bd_inode, file, cmd, arg);
|
||||
|
||||
case CDROMEJECT:
|
||||
/*
|
||||
|
@ -2408,7 +2408,7 @@ static int pkt_ioctl(struct inode *inode, struct file *file, unsigned int cmd, u
|
|||
* have to unlock it or else the eject command fails.
|
||||
*/
|
||||
pkt_lock_door(pd, 0);
|
||||
return ioctl_by_bdev(pd->bdev, cmd, arg);
|
||||
return blkdev_ioctl(pd->bdev->bd_inode, file, cmd, arg);
|
||||
|
||||
default:
|
||||
printk("pktcdvd: Unknown ioctl for %s (%x)\n", pd->name, cmd);
|
||||
|
|
Loading…
Reference in a new issue