@@ -15,6 +15,7 @@ static int scsi_bsg_sg_io_fn(struct request_queue *q, struct sg_io_v4 *hdr,
struct scsi_cmnd *scmd;
struct request *rq;
struct bio *bio;
+ u8 *cdb;
int ret;
if (hdr->protocol != BSG_PROTOCOL_SCSI ||
@@ -33,17 +34,24 @@ static int scsi_bsg_sg_io_fn(struct request_queue *q, struct sg_io_v4 *hdr,
scmd = blk_mq_rq_to_pdu(rq);
scmd->cmd_len = hdr->request_len;
- if (scmd->cmd_len > sizeof(scmd->cmnd)) {
+ if (unlikely(scmd->cmd_len > SCSI_MAX_RUN_TIME_CDB_LEN)) {
ret = -EINVAL;
goto out_put_request;
}
+ cdb = scsi_cmnd_set_cdb(scmd, NULL, scmd->cmd_len);
+ if (unlikely(!cdb)) {
+ ret = -ENOMEM;
+ goto out_put_request;
+ }
- ret = -EFAULT;
- if (copy_from_user(scmd->cmnd, uptr64(hdr->request), scmd->cmd_len))
+ if (unlikely(copy_from_user(cdb, uptr64(hdr->request), scmd->cmd_len))) {
+ ret = -EFAULT;
goto out_put_request;
- ret = -EPERM;
- if (!scsi_cmd_allowed(scmd->cmnd, mode))
+ }
+ if (unlikely(!scsi_cmd_allowed(cdb, mode))) {
+ ret = -EPERM;
goto out_put_request;
+ }
ret = 0;
if (hdr->dout_xfer_len) {
@@ -54,7 +62,7 @@ static int scsi_bsg_sg_io_fn(struct request_queue *q, struct sg_io_v4 *hdr,
hdr->din_xfer_len, GFP_KERNEL);
}
- if (ret)
+ if (unlikely(ret))
goto out_put_request;
bio = rq->bio;
@@ -92,7 +100,7 @@ static int scsi_bsg_sg_io_fn(struct request_queue *q, struct sg_io_v4 *hdr,
blk_rq_unmap_user(bio);
out_put_request:
- blk_mq_free_request(rq);
+ scsi_free_cmnd(scmd);
return ret;
}
Since the bsg interface accesses the CDB via scsi_cmnd::cmnd directly, change that to use the new access functions. Signed-off-by: Douglas Gilbert <dgilbert@interlog.com> --- drivers/scsi/scsi_bsg.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-)