|
|
@@ -296,8 +296,6 @@ static int sg_io(struct request_queue *q, struct gendisk *bd_disk,
|
|
|
|
|
|
if (hdr->interface_id != 'S')
|
|
|
return -EINVAL;
|
|
|
- if (hdr->cmd_len > BLK_MAX_CDB)
|
|
|
- return -EINVAL;
|
|
|
|
|
|
if (hdr->dxfer_len > (queue_max_hw_sectors(q) << 9))
|
|
|
return -EIO;
|
|
|
@@ -316,14 +314,21 @@ static int sg_io(struct request_queue *q, struct gendisk *bd_disk,
|
|
|
if (hdr->flags & SG_FLAG_Q_AT_HEAD)
|
|
|
at_head = 1;
|
|
|
|
|
|
+ ret = -ENOMEM;
|
|
|
rq = blk_get_request(q, writing ? WRITE : READ, GFP_KERNEL);
|
|
|
if (!rq)
|
|
|
- return -ENOMEM;
|
|
|
+ goto out;
|
|
|
blk_rq_set_block_pc(rq);
|
|
|
|
|
|
+ if (hdr->cmd_len > BLK_MAX_CDB) {
|
|
|
+ rq->cmd = kzalloc(hdr->cmd_len, GFP_KERNEL);
|
|
|
+ if (!rq->cmd)
|
|
|
+ goto out_put_request;
|
|
|
+ }
|
|
|
+
|
|
|
ret = -EFAULT;
|
|
|
if (blk_fill_sghdr_rq(q, rq, hdr, mode))
|
|
|
- goto out;
|
|
|
+ goto out_free_cdb;
|
|
|
|
|
|
if (hdr->iovec_count) {
|
|
|
size_t iov_data_len;
|
|
|
@@ -333,7 +338,7 @@ static int sg_io(struct request_queue *q, struct gendisk *bd_disk,
|
|
|
0, NULL, &iov);
|
|
|
if (ret < 0) {
|
|
|
kfree(iov);
|
|
|
- goto out;
|
|
|
+ goto out_free_cdb;
|
|
|
}
|
|
|
|
|
|
iov_data_len = ret;
|
|
|
@@ -356,7 +361,7 @@ static int sg_io(struct request_queue *q, struct gendisk *bd_disk,
|
|
|
GFP_KERNEL);
|
|
|
|
|
|
if (ret)
|
|
|
- goto out;
|
|
|
+ goto out_free_cdb;
|
|
|
|
|
|
bio = rq->bio;
|
|
|
memset(sense, 0, sizeof(sense));
|
|
|
@@ -375,8 +380,13 @@ static int sg_io(struct request_queue *q, struct gendisk *bd_disk,
|
|
|
hdr->duration = jiffies_to_msecs(jiffies - start_time);
|
|
|
|
|
|
ret = blk_complete_sghdr_rq(rq, hdr, bio);
|
|
|
-out:
|
|
|
+
|
|
|
+out_free_cdb:
|
|
|
+ if (rq->cmd != rq->__cmd)
|
|
|
+ kfree(rq->cmd);
|
|
|
+out_put_request:
|
|
|
blk_put_request(rq);
|
|
|
+out:
|
|
|
return ret;
|
|
|
}
|
|
|
|
Christoph Hellwig