[PATCH] Fix root hole in pktcdvd

ioctl_by_bdev may only be used INSIDE the kernel.  If the "arg" argument
refers to memory that is accessed by put_user/get_user in the ioctl
function, the memory needs to be in the kernel address space (that's the
set_fs(KERNEL_DS) doing in the ioctl_by_bdev).  This works on i386 because
even with set_fs(KERNEL_DS) the user space memory is still accessible with
put_user/get_user.  That is not true for s390.  In short the ioctl
implementation of the pktcdvd device driver is horribly broken.

Signed-off-by: Peter Osterlund <petero2@telia.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

1 files changed, 2 insertions, 2 deletions

diff --git a/drivers/block/pktcdvd.c b/drivers/block/pktcdvd.c
index 1a1fa3ccb913..82ccad0a7f1a 100644
--- a/drivers/block/pktcdvd.c
+++ b/drivers/block/pktcdvd.c
@@ -2406,7 +2406,7 @@ static int pkt_ioctl(struct inode *inode, struct file *file, unsigned int cmd, u
         case CDROM_LAST_WRITTEN:
         case CDROM_SEND_PACKET:
         case SCSI_IOCTL_SEND_COMMAND:
-                return ioctl_by_bdev(pd->bdev, cmd, arg);
+                return blkdev_ioctl(pd->bdev->bd_inode, file, cmd, arg);
 
         case CDROMEJECT:
                 /*
@@ -2414,7 +2414,7 @@ static int pkt_ioctl(struct inode *inode, struct file *file, unsigned int cmd, u
                  * have to unlock it or else the eject command fails.
                  */
                 pkt_lock_door(pd, 0);
-                return ioctl_by_bdev(pd->bdev, cmd, arg);
+                return blkdev_ioctl(pd->bdev->bd_inode, file, cmd, arg);
 
         default:
                 printk("pktcdvd: Unknown ioctl for %s (%x)\n", pd->name, cmd);