struct request *rq;
struct bio *bio;
char sense[SCSI_SENSE_BUFFERSIZE];
+ unsigned char cmd[BLK_MAX_CDB];
if (hdr->interface_id != 'S')
return -EINVAL;
- if (hdr->cmd_len > sizeof(rq->cmd))
+ if (hdr->cmd_len > BLK_MAX_CDB)
return -EINVAL;
+ if (copy_from_user(cmd, hdr->cmdp, hdr->cmd_len))
+ return -EFAULT;
/*
* we'll do that later
* fill in request structure
*/
rq->cmd_len = hdr->cmd_len;
- memcpy(rq->cmd, hdr->cmdp, hdr->cmd_len);
+ memcpy(rq->cmd, cmd, hdr->cmd_len);
if (sizeof(rq->cmd) != hdr->cmd_len)
memset(rq->cmd + hdr->cmd_len, 0, sizeof(rq->cmd) - hdr->cmd_len);
break;
case SG_IO: {
struct sg_io_hdr hdr;
- unsigned char cdb[BLK_MAX_CDB], *old_cdb;
err = -EFAULT;
- if (copy_from_user(&hdr, (struct sg_io_hdr *) arg, sizeof(hdr)))
- break;
- err = -EINVAL;
- if (hdr.cmd_len > sizeof(rq->cmd))
- break;
- err = -EFAULT;
- if (copy_from_user(cdb, hdr.cmdp, hdr.cmd_len))
+ if (copy_from_user(&hdr, (struct sg_io_hdr __user *) arg, sizeof(hdr)))
break;
-
- old_cdb = hdr.cmdp;
- hdr.cmdp = cdb;
err = sg_io(q, bd_disk, &hdr);
if (err == -EFAULT)
break;
- hdr.cmdp = old_cdb;
- if (copy_to_user((struct sg_io_hdr *) arg, &hdr, sizeof(hdr)))
+ if (copy_to_user((struct sg_io_hdr __user *) arg, &hdr, sizeof(hdr)))
err = -EFAULT;
break;
}
struct sg_io_hdr hdr;
err = -EFAULT;
- if (copy_from_user(&cgc, (struct cdrom_generic_command *) arg, sizeof(cgc)))
+ if (copy_from_user(&cgc, (struct cdrom_generic_command __user *) arg, sizeof(cgc)))
break;
cgc.timeout = clock_t_to_jiffies(cgc.timeout);
memset(&hdr, 0, sizeof(hdr));
if (hdr.sbp)
hdr.mx_sb_len = sizeof(struct request_sense);
hdr.timeout = cgc.timeout;
- hdr.cmdp = cgc.cmd;
+ hdr.cmdp = &((struct cdrom_generic_command __user*) arg)->cmd;
hdr.cmd_len = sizeof(cgc.cmd);
err = sg_io(q, bd_disk, &hdr);
cgc.stat = err;
cgc.buflen = hdr.resid;
- if (copy_to_user((struct cdrom_generic_command *) arg, &cgc, sizeof(cgc)))
+ if (copy_to_user((struct cdrom_generic_command __user *) arg, &cgc, sizeof(cgc)))
err = -EFAULT;
break;
unsigned int dxfer_len; /* [i] byte count of data transfer */
void * dxferp; /* [i], [*io] points to data transfer memory
or scatter gather list */
- unsigned char * cmdp; /* [i], [*i] points to command to perform */
+ unsigned char __user *cmdp; /* [i], [*i] points to command to perform */
unsigned char * sbp; /* [i], [*o] points to sense_buffer memory */
unsigned int timeout; /* [i] MAX_UINT->no timeout (unit: millisec) */
unsigned int flags; /* [i] 0 -> default, see SG_FLAG... */
projects / history.git / commitdiff