From: FUJITA Tomonori Date: Mon, 11 Dec 2006 09:01:34 +0000 (+0100) Subject: [PATCH] fix SG_IO bio leak X-Git-Tag: v2.6.20-rc1~146^2~10 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=77d172ce2719b5ad2dc0637452c8871d9cba344c;p=linux-2.6 [PATCH] fix SG_IO bio leak This patch fixes bio leaks in SG_IO. rq->bio can be changed after io completion, so we need to reset rq->bio before calling blk_rq_unmap_user() http://marc.theaimsgroup.com/?l=linux-kernel&m=116570666807983&w=2 Signed-off-by: FUJITA Tomonori Signed-off-by: Jens Axboe --- diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c index b3e210723a..045cabd3d4 100644 --- a/block/scsi_ioctl.c +++ b/block/scsi_ioctl.c @@ -228,6 +228,7 @@ static int sg_io(struct file *file, request_queue_t *q, struct request *rq; char sense[SCSI_SENSE_BUFFERSIZE]; unsigned char cmd[BLK_MAX_CDB]; + struct bio *bio; if (hdr->interface_id != 'S') return -EINVAL; @@ -308,6 +309,7 @@ static int sg_io(struct file *file, request_queue_t *q, if (ret) goto out; + bio = rq->bio; rq->retries = 0; start_time = jiffies; @@ -338,6 +340,7 @@ static int sg_io(struct file *file, request_queue_t *q, hdr->sb_len_wr = len; } + rq->bio = bio; if (blk_rq_unmap_user(rq)) ret = -EFAULT;