[PATCH] Fix root hole in pktcdvd

From: Greg KH
Date: Mon May 16 2005 - 23:47:09 EST

Next message: Greg KH: "[GIT PATCH] USB bugfixes for 2.6.12-rc4"
Previous message: Greg KH: "[GIT PATCH] Stable bugfixes for 2.6.12-rc4"
In reply to: Greg KH: "[PATCH] Fix root hole in raw device"
Next in thread: Al Viro: "Re: [PATCH] Fix root hole in pktcdvd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[PATCH] Fix root hole in pktcdvd

ioctl_by_bdev may only be used INSIDE the kernel. If the "arg" argument
refers to memory that is accessed by put_user/get_user in the ioctl
function, the memory needs to be in the kernel address space (that's the
set_fs(KERNEL_DS) doing in the ioctl_by_bdev). This works on i386 because
even with set_fs(KERNEL_DS) the user space memory is still accessible with
put_user/get_user. That is not true for s390. In short the ioctl
implementation of the pktcdvd device driver is horribly broken.

Signed-off-by: Peter Osterlund <petero2@xxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>

---
commit 118326e940bdecef6c459d42ccf05256ba86daa7
tree 13b1e48f4f3700603ed258c41e9e39978babf5ee
parent 68f66feb300423bb9ee5daecb1951af394425a38
author Peter Osterlund <petero2@xxxxxxxxx> Sat, 14 May 2005 00:58:30 -0700
committer Greg KH <gregkh@xxxxxxx> Mon, 16 May 2005 21:07:31 -0700

drivers/block/pktcdvd.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)

Index: drivers/block/pktcdvd.c
===================================================================
--- ae5ce87f061f76da06cb78ce5c9cf3c8284fc0fc/drivers/block/pktcdvd.c (mode:100644)
+++ 13b1e48f4f3700603ed258c41e9e39978babf5ee/drivers/block/pktcdvd.c (mode:100644)
@@ -2406,7 +2406,7 @@
case CDROM_LAST_WRITTEN:
case CDROM_SEND_PACKET:
case SCSI_IOCTL_SEND_COMMAND:
- return ioctl_by_bdev(pd->bdev, cmd, arg);
+ return blkdev_ioctl(pd->bdev->bd_inode, file, cmd, arg);

case CDROMEJECT:
/*
@@ -2414,7 +2414,7 @@
* have to unlock it or else the eject command fails.
*/
pkt_lock_door(pd, 0);
- return ioctl_by_bdev(pd->bdev, cmd, arg);
+ return blkdev_ioctl(pd->bdev->bd_inode, file, cmd, arg);

default:
printk("pktcdvd: Unknown ioctl for %s (%x)\n", pd->name, cmd);

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "[GIT PATCH] USB bugfixes for 2.6.12-rc4"
Previous message: Greg KH: "[GIT PATCH] Stable bugfixes for 2.6.12-rc4"
In reply to: Greg KH: "[PATCH] Fix root hole in raw device"
Next in thread: Al Viro: "Re: [PATCH] Fix root hole in pktcdvd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]