From: Bart Van Assche Date: Wed, 31 May 2017 21:43:47 +0000 (-0700) Subject: bsg: Check queue type before attaching to a queue X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=d9f972644606ecc2581390b43cb5a980b54c04bf;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git bsg: Check queue type before attaching to a queue Since BSG only supports request queues for which struct scsi_request is the first member of their private request data, refuse to register block layer queues for which struct scsi_request is not the first member of their private data. References: commit bd1599d931ca ("scsi_transport_sas: fix BSG ioctl memory corruption") References: commit 82ed4db499b8 ("block: split scsi_request out of struct request") Signed-off-by: Bart Van Assche Reviewed-by: Hannes Reinecke Reviewed-by: Christoph Hellwig Cc: Omar Sandoval Signed-off-by: Jens Axboe --- diff --git a/block/bsg.c b/block/bsg.c index 6fd08544d77e..40db8ff4c618 100644 --- a/block/bsg.c +++ b/block/bsg.c @@ -750,6 +750,12 @@ static struct bsg_device *bsg_add_device(struct inode *inode, #ifdef BSG_DEBUG unsigned char buf[32]; #endif + + if (!blk_queue_scsi_passthrough(rq)) { + WARN_ONCE(true, "Attempt to register a non-SCSI queue\n"); + return ERR_PTR(-EINVAL); + } + if (!blk_get_queue(rq)) return ERR_PTR(-ENXIO);