3.16.85-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Johannes Thumshirn <jthumsh...@suse.de>
commit 68c59fcea1f2c6a54c62aa896cc623c1b5bc9b47 upstream.
SG_DXFER_FROM_DEV transfers do not necessarily have a dxferp as we set
it to NULL for the old sg_io read/write interface, but must have a
length bigger than 0. This fixes a regression introduced by commit
28676d869bbb ("scsi: sg: check for valid direction before starting the
request")
Signed-off-by: Johannes Thumshirn <jthumsh...@suse.de>
Fixes: 28676d869bbb ("scsi: sg: check for valid direction before starting the
request")
Reported-by: Chris Clayton <chris2...@googlemail.com>
Tested-by: Chris Clayton <chris2...@googlemail.com>
Cc: Douglas Gilbert <dgilb...@interlog.com>
Reviewed-by: Hannes Reinecke <h...@suse.com>
Tested-by: Chris Clayton <chris2...@googlemail.com>
Acked-by: Douglas Gilbert <dgilb...@interlog.com>
Signed-off-by: Martin K. Petersen <martin.peter...@oracle.com>
Cc: Cristian Crinteanu <crinteanu.crist...@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
---
drivers/scsi/sg.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -795,8 +795,11 @@ static bool sg_is_valid_dxfer(sg_io_hdr_
if (hp->dxferp || hp->dxfer_len > 0)
return false;
return true;
- case SG_DXFER_TO_DEV:
case SG_DXFER_FROM_DEV:
+ if (hp->dxfer_len < 0)
+ return false;
+ return true;
+ case SG_DXFER_TO_DEV:
case SG_DXFER_TO_FROM_DEV:
if (!hp->dxferp || hp->dxfer_len == 0)
return false;
