Message ID | 1536951169-22810-4-git-send-email-tyhicks@canonical.com |
---|---|
State | New |
Headers | show |
Series | CVE-2016-9576 - Arbitrary kernel memory reads/writes in the SCSI driver | expand |
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index 42e5a140ada5..7b99026238eb 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -1703,9 +1703,12 @@ static int sg_start_req(Sg_request *srp, unsigned char *cmd) !sfp->res_in_use) { sfp->res_in_use = 1; sg_link_reserve(sfp, srp, dxfer_len); - } else if ((hp->flags & SG_FLAG_MMAP_IO) && sfp->res_in_use) { + } else if (hp->flags & SG_FLAG_MMAP_IO) { + res = -EBUSY; /* sfp->res_in_use == 1 */ + if (dxfer_len > rsv_schp->bufflen) + res = -ENOMEM; mutex_unlock(&sfp->f_mutex); - return -EBUSY; + return res; } else { res = sg_build_indirect(req_schp, sfp, dxfer_len); if (res) {