[SCSI] sr: partial revert of 24669f7

The patch

[SCSI] SCSI core kmalloc2kzalloc

Has an incorrect piece in sr_ioctl.c; it changes buffer from kmalloc
to kzalloc, but then removes the clearing of the stack variable struct
packet_command.  This, in turn leaves rubbish in the sense pointer
which the sr_do_ioctl() command then happily writes to ... oops.

Thanks to Mike Christie <michaelc@cs.wisc.edu> for spotting this.

Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>

drivers/scsi/sr_ioctl.c

@@ -44,10 +44,11 @@ static int sr_read_tochdr(struct cdrom_device_info *cdi,
 	int result;
 	unsigned char *buffer;
 
-	buffer = kzalloc(32, GFP_KERNEL | SR_GFP_DMA(cd));
+	buffer = kmalloc(32, GFP_KERNEL | SR_GFP_DMA(cd));
 	if (!buffer)
 		return -ENOMEM;
 
+	memset(&cgc, 0, sizeof(struct packet_command));
 	cgc.timeout = IOCTL_TIMEOUT;
 	cgc.cmd[0] = GPCMD_READ_TOC_PMA_ATIP;
 	cgc.cmd[8] = 12;		/* LSB of length */
@@ -73,10 +74,11 @@ static int sr_read_tocentry(struct cdrom_device_info *cdi,
 	int result;
 	unsigned char *buffer;
 
-	buffer = kzalloc(32, GFP_KERNEL | SR_GFP_DMA(cd));
+	buffer = kmalloc(32, GFP_KERNEL | SR_GFP_DMA(cd));
 	if (!buffer)
 		return -ENOMEM;
 
+	memset(&cgc, 0, sizeof(struct packet_command));
 	cgc.timeout = IOCTL_TIMEOUT;
 	cgc.cmd[0] = GPCMD_READ_TOC_PMA_ATIP;
 	cgc.cmd[1] |= (tocentry->cdte_format == CDROM_MSF) ? 0x02 : 0;