summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--block/scsi_ioctl.c24
1 files changed, 17 insertions, 7 deletions
diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
index ba8706f6cded..1d78e6cf9d61 100644
--- a/block/scsi_ioctl.c
+++ b/block/scsi_ioctl.c
@@ -296,8 +296,6 @@ static int sg_io(struct request_queue *q, struct gendisk *bd_disk,
if (hdr->interface_id != 'S')
return -EINVAL;
- if (hdr->cmd_len > BLK_MAX_CDB)
- return -EINVAL;
if (hdr->dxfer_len > (queue_max_hw_sectors(q) << 9))
return -EIO;
@@ -316,14 +314,21 @@ static int sg_io(struct request_queue *q, struct gendisk *bd_disk,
if (hdr->flags & SG_FLAG_Q_AT_HEAD)
at_head = 1;
+ ret = -ENOMEM;
rq = blk_get_request(q, writing ? WRITE : READ, GFP_KERNEL);
if (!rq)
- return -ENOMEM;
+ goto out;
blk_rq_set_block_pc(rq);
+ if (hdr->cmd_len > BLK_MAX_CDB) {
+ rq->cmd = kzalloc(hdr->cmd_len, GFP_KERNEL);
+ if (!rq->cmd)
+ goto out_put_request;
+ }
+
ret = -EFAULT;
if (blk_fill_sghdr_rq(q, rq, hdr, mode))
- goto out;
+ goto out_free_cdb;
if (hdr->iovec_count) {
size_t iov_data_len;
@@ -333,7 +338,7 @@ static int sg_io(struct request_queue *q, struct gendisk *bd_disk,
0, NULL, &iov);
if (ret < 0) {
kfree(iov);
- goto out;
+ goto out_free_cdb;
}
iov_data_len = ret;
@@ -356,7 +361,7 @@ static int sg_io(struct request_queue *q, struct gendisk *bd_disk,
GFP_KERNEL);
if (ret)
- goto out;
+ goto out_free_cdb;
bio = rq->bio;
memset(sense, 0, sizeof(sense));
@@ -375,8 +380,13 @@ static int sg_io(struct request_queue *q, struct gendisk *bd_disk,
hdr->duration = jiffies_to_msecs(jiffies - start_time);
ret = blk_complete_sghdr_rq(rq, hdr, bio);
-out:
+
+out_free_cdb:
+ if (rq->cmd != rq->__cmd)
+ kfree(rq->cmd);
+out_put_request:
blk_put_request(rq);
+out:
return ret;
}