From: Jan Kara Date: Thu, 23 Oct 2014 02:13:39 +0000 (-0600) Subject: scsi: Fix error handling in SCSI_IOCTL_SEND_COMMAND X-Git-Tag: v3.10.60~26 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=7d3a9bd9615685af8858e208aecccbf285022b99;p=platform%2Fkernel%2Flinux-3.10.git scsi: Fix error handling in SCSI_IOCTL_SEND_COMMAND commit 84ce0f0e94ac97217398b3b69c21c7a62ebeed05 upstream. When sg_scsi_ioctl() fails to prepare request to submit in blk_rq_map_kern() we jump to a label where we just end up copying (luckily zeroed-out) kernel buffer to userspace instead of reporting error. Fix the problem by jumping to the right label. CC: Jens Axboe CC: linux-scsi@vger.kernel.org Coverity-id: 1226871 Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman Fixed up the, now unused, out label. Signed-off-by: Jens Axboe --- diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c index a5ffcc9..1b4988b 100644 --- a/block/scsi_ioctl.c +++ b/block/scsi_ioctl.c @@ -506,7 +506,7 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode, if (bytes && blk_rq_map_kern(q, rq, buffer, bytes, __GFP_WAIT)) { err = DRIVER_ERROR << 24; - goto out; + goto error; } memset(sense, 0, sizeof(sense)); @@ -516,7 +516,6 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode, blk_execute_rq(q, disk, rq, 0); -out: err = rq->errors & 0xff; /* only 8 bit SCSI status */ if (err) { if (rq->sense_len && rq->sense) {