[PATCH] no bio unmap on cdb copy failure

The previous scsi_ioctl.c patch didn't cleanup the buffer/bio in the
error case. 

Fix it by copying the command data earlier.

drivers/block/scsi_ioctl.c

@@ -150,6 +150,7 @@ static int sg_io(request_queue_t *q, struct block_device *bdev,
 	struct request *rq;
 	struct bio *bio;
 	char sense[SCSI_SENSE_BUFFERSIZE];
+	unsigned char cdb[BLK_MAX_CDB];
 	void *buffer;
 
 	if (hdr->interface_id != 'S')
@@ -166,6 +167,9 @@ static int sg_io(request_queue_t *q, struct block_device *bdev,
 	if (hdr->dxfer_len > (q->max_sectors << 9))
 		return -EIO;
 
+	if (copy_from_user(cdb, hdr->cmdp, hdr->cmd_len))
+		return -EFAULT;
+
 	reading = writing = 0;
 	buffer = NULL;
 	bio = NULL;
@@ -216,12 +220,7 @@ static int sg_io(request_queue_t *q, struct block_device *bdev,
 	 * fill in request structure
 	 */
 	rq->cmd_len = hdr->cmd_len;
-
-	if (copy_from_user(rq->cmd, hdr->cmdp, hdr->cmd_len)) {
-		blk_put_request(rq);
-		return -EFAULT;
-	}
-
+	memcpy(rq->cmd, cdb, hdr->cmd_len);
 	if (sizeof(rq->cmd) != hdr->cmd_len)
 		memset(rq->cmd + hdr->cmd_len, 0, sizeof(rq->cmd) - hdr->cmd_len);
 

include/linux/blkdev.h

@@ -82,6 +82,8 @@ struct request_list {
 	wait_queue_head_t wait[2];
 };
 
+#define BLK_MAX_CDB	16
+
 /*
  * try to put the fields that are referenced together in the same cacheline
  */
@@ -147,7 +149,7 @@ struct request {
 	 * when request is used as a packet command carrier
 	 */
 	unsigned int cmd_len;
-	unsigned char cmd[16];
+	unsigned char cmd[BLK_MAX_CDB];
 
 	unsigned int data_len;
 	void *data;