I just found Yet Another Bug in scsi_ioctl - CDROM_SEND_PACKET puts a
kernel pointer in hdr->cmdp, where sg_io() expects to find user address.
This worked up until recently because of the memcpy bug, but now it
doesn't because we do the proper copy_from_user(). 

This fix undoes the user copy code from sg_io, and instead makes the
SG_IO ioctl copy it locally.  This makes SG_IO and CDROM_SEND_PACKET
agree on the calling convention, and everybody is happy. 

I've tested that both

   cdrecord -dev=/dev/hdc -inq

and

   cdrecord -dev=ATAPI:/dev/hdc -inq

works now.  The former will use SG_IO, the latter CDROM_SEND_PACKET (and
incidentally would work in both 2.4 and 2.6, if it wasn't for
CDROM_SEND_PACKET sucking badly in 2.4).