* [PATCH] sg: fix iovec bugs introduced by the block layer conversion
@ 2009-04-03 0:12 FUJITA Tomonori
2009-04-03 3:11 ` Douglas Gilbert
0 siblings, 1 reply; 2+ messages in thread
From: FUJITA Tomonori @ 2009-04-03 0:12 UTC (permalink / raw)
To: James.Bottomley; +Cc: dgilbert, linux-scsi
This is a fix for another fallout of the block layer conversion (sorry).
This should be go into 2.6.28.y and 2.6.29.y.
=
From: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Subject: [PATCH] sg: fix iovec bugs introduced by the block layer conversion
- needs to use copy_from_user for iovec before passing it to
blk_rq_map_user_iov().
- before the block layer conversion, if ->dxfer_len and sum of iovec
disagrees, the shorter one wins. However, currently sg returns
-EINVAL. This restores the old behavior.
Cc: stable@kernel.org
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
---
drivers/scsi/sg.c | 28 ++++++++++++++++++++++++----
1 files changed, 24 insertions(+), 4 deletions(-)
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
index ffc8785..1e40518 100644
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -1656,10 +1656,30 @@ static int sg_start_req(Sg_request *srp, unsigned char *cmd)
md->null_mapped = hp->dxferp ? 0 : 1;
}
- if (iov_count)
- res = blk_rq_map_user_iov(q, rq, md, hp->dxferp, iov_count,
- hp->dxfer_len, GFP_ATOMIC);
- else
+ if (iov_count) {
+ int len, size = sizeof(struct sg_iovec) * iov_count;
+ struct iovec *iov;
+
+ iov = kmalloc(size, GFP_ATOMIC);
+ if (!iov)
+ return -ENOMEM;
+
+ if (copy_from_user(iov, hp->dxferp, size)) {
+ kfree(iov);
+ return -EFAULT;
+ }
+
+ len = iov_length(iov, iov_count);
+ if (hp->dxfer_len < len) {
+ iov_count = iov_shorten(iov, iov_count, hp->dxfer_len);
+ len = hp->dxfer_len;
+ }
+
+ res = blk_rq_map_user_iov(q, rq, md, (struct sg_iovec *)iov,
+ iov_count,
+ len, GFP_ATOMIC);
+ kfree(iov);
+ } else
res = blk_rq_map_user(q, rq, md, hp->dxferp,
hp->dxfer_len, GFP_ATOMIC);
--
1.6.0.6
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] sg: fix iovec bugs introduced by the block layer conversion
2009-04-03 0:12 [PATCH] sg: fix iovec bugs introduced by the block layer conversion FUJITA Tomonori
@ 2009-04-03 3:11 ` Douglas Gilbert
0 siblings, 0 replies; 2+ messages in thread
From: Douglas Gilbert @ 2009-04-03 3:11 UTC (permalink / raw)
To: FUJITA Tomonori; +Cc: James.Bottomley, linux-scsi
FUJITA Tomonori wrote:
> This is a fix for another fallout of the block layer conversion (sorry).
>
> This should be go into 2.6.28.y and 2.6.29.y.
>
> =
> From: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
> Subject: [PATCH] sg: fix iovec bugs introduced by the block layer conversion
>
> - needs to use copy_from_user for iovec before passing it to
> blk_rq_map_user_iov().
>
> - before the block layer conversion, if ->dxfer_len and sum of iovec
> disagrees, the shorter one wins. However, currently sg returns
> -EINVAL. This restores the old behavior.
>
> Cc: stable@kernel.org
> Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Signed-off-by: Douglas Gilbert <dgilbert@interlog.com>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2009-04-03 3:11 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-04-03 0:12 [PATCH] sg: fix iovec bugs introduced by the block layer conversion FUJITA Tomonori
2009-04-03 3:11 ` Douglas Gilbert
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox