diff options
author | brking@us.ibm.com <brking@us.ibm.com> | 2006-01-23 15:03:22 -0600 |
---|---|---|
committer | James Bottomley <jejb@mulgrave.(none)> | 2006-01-26 15:13:50 -0500 |
commit | bb1d1073a10fdc8547e3eb821ee2488260094b39 (patch) | |
tree | 139a30834cea40e0d967506cfdaea603cf56a192 /drivers/scsi/scsi_lib.c | |
parent | 15084a4a63bc300c18b28a8a9afac870c552abce (diff) | |
download | op-kernel-dev-bb1d1073a10fdc8547e3eb821ee2488260094b39.zip op-kernel-dev-bb1d1073a10fdc8547e3eb821ee2488260094b39.tar.gz |
[SCSI] Prevent scsi_execute_async from guessing cdb length
When the scsi_execute_async interface was added it ended up reducing
the flexibility of userspace to send arbitrary scsi commands through
sg using SG_IO. The SG_IO interface allows userspace to specify the
CDB length. This is now ignored in scsi_execute_async and it is
guessed using the COMMAND_SIZE macro, which is not always correct,
particularly for vendor specific commands. This patch adds a cmd_len
parameter to the scsi_execute_async interface to allow the caller
to specify the length of the CDB.
Signed-off-by: Brian King <brking@us.ibm.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
Diffstat (limited to 'drivers/scsi/scsi_lib.c')
-rw-r--r-- | drivers/scsi/scsi_lib.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index 3574ba9..4a60285 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -436,6 +436,7 @@ free_bios: * scsi_execute_async - insert request * @sdev: scsi device * @cmd: scsi command + * @cmd_len: length of scsi cdb * @data_direction: data direction * @buffer: data buffer (this can be a kernel buffer or scatterlist) * @bufflen: len of buffer @@ -445,7 +446,7 @@ free_bios: * @flags: or into request flags **/ int scsi_execute_async(struct scsi_device *sdev, const unsigned char *cmd, - int data_direction, void *buffer, unsigned bufflen, + int cmd_len, int data_direction, void *buffer, unsigned bufflen, int use_sg, int timeout, int retries, void *privdata, void (*done)(void *, char *, int, int), gfp_t gfp) { @@ -472,7 +473,7 @@ int scsi_execute_async(struct scsi_device *sdev, const unsigned char *cmd, if (err) goto free_req; - req->cmd_len = COMMAND_SIZE(cmd[0]); + req->cmd_len = cmd_len; memcpy(req->cmd, cmd, req->cmd_len); req->sense = sioc->sense; req->sense_len = 0; |