Commit 77d172ce authored by FUJITA Tomonori's avatar FUJITA Tomonori Committed by Jens Axboe

[PATCH] fix SG_IO bio leak

This patch fixes bio leaks in SG_IO. rq->bio can be changed after io
completion, so we need to reset rq->bio before calling blk_rq_unmap_user()

http://marc.theaimsgroup.com/?l=linux-kernel&m=116570666807983&w=2Signed-off-by: default avatarFUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Signed-off-by: default avatarJens Axboe <jens.axboe@oracle.com>
parent 2b02a179
...@@ -228,6 +228,7 @@ static int sg_io(struct file *file, request_queue_t *q, ...@@ -228,6 +228,7 @@ static int sg_io(struct file *file, request_queue_t *q,
struct request *rq; struct request *rq;
char sense[SCSI_SENSE_BUFFERSIZE]; char sense[SCSI_SENSE_BUFFERSIZE];
unsigned char cmd[BLK_MAX_CDB]; unsigned char cmd[BLK_MAX_CDB];
struct bio *bio;
if (hdr->interface_id != 'S') if (hdr->interface_id != 'S')
return -EINVAL; return -EINVAL;
...@@ -308,6 +309,7 @@ static int sg_io(struct file *file, request_queue_t *q, ...@@ -308,6 +309,7 @@ static int sg_io(struct file *file, request_queue_t *q,
if (ret) if (ret)
goto out; goto out;
bio = rq->bio;
rq->retries = 0; rq->retries = 0;
start_time = jiffies; start_time = jiffies;
...@@ -338,6 +340,7 @@ static int sg_io(struct file *file, request_queue_t *q, ...@@ -338,6 +340,7 @@ static int sg_io(struct file *file, request_queue_t *q,
hdr->sb_len_wr = len; hdr->sb_len_wr = len;
} }
rq->bio = bio;
if (blk_rq_unmap_user(rq)) if (blk_rq_unmap_user(rq))
ret = -EFAULT; ret = -EFAULT;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment