• Boaz Harrosh's avatar
    bsg: Fix sense buffer bug in SG_IO · c1c20120
    Boaz Harrosh authored
    When submitting requests via SG_IO, which does a sync io, a
    bsg_command is not allocated. So an in-Kernel sense_buffer was not
    set. However when calling blk_execute_rq() with no sense buffer
    one is provided from the stack. Now bsg at blk_complete_sgv4_hdr_rq()
    would check if rq->sense_len and a sense was requested by sg_io_v4
    the rq->sense was copy_user() back, but by now it is already mangled
    stack memory.
    
    I have fixed that by forcing a sense_buffer when calling bsg_map_hdr().
    The bsg_command->sense is provided in the write/read path like before,
    and on-the-stack buffer is provided when doing SG_IO.
    
    I have also fixed a dprintk message to print rq->errors in hex because
    of the scsi bit-field use of this member. For other block devices it
    does not matter anyway.
    Signed-off-by: default avatarBoaz Harrosh <bharrosh@panasas.com>
    Acked-by: default avatarFUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
    Signed-off-by: default avatarJens Axboe <jens.axboe@oracle.com>
    c1c20120
bsg.c 23.2 KB