diff options
author | Omar Sandoval <osandov@fb.com> | 2017-02-21 19:03:50 +0100 |
---|---|---|
committer | Jens Axboe <axboe@fb.com> | 2017-02-21 22:18:54 +0100 |
commit | bd1599d931ca735c1081f11aa4d49006350709f1 (patch) | |
tree | ff7260c269e929a3a8c4e66c3f28be0c99c2ccdc /block/sed-opal.c | |
parent | block: Revalidate i_bdev reference in bd_aquire() (diff) | |
download | linux-bd1599d931ca735c1081f11aa4d49006350709f1.tar.xz linux-bd1599d931ca735c1081f11aa4d49006350709f1.zip |
scsi_transport_sas: fix BSG ioctl memory corruption
The end_device and sas_host devices support BSG ioctls, but the
request_queue allocated for them isn't set up to allocate the struct
scsi_request payload. This leads to memory corruption in the call to
scsi_req_init() in bsg_map_hdr(), since it will memset past the end of
the allocated request. Fix it by setting ->cmd_size on the allocated
request_queue.
Fixes: 82ed4db499b8 ("block: split scsi_request out of struct request")
Signed-off-by: Omar Sandoval <osandov@fb.com>
Acked-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Jens Axboe <axboe@fb.com>
Diffstat (limited to 'block/sed-opal.c')
0 files changed, 0 insertions, 0 deletions