Upgrade to 4.4.50-rt62

[kvmfornfv.git] / kernel / drivers / scsi / sg.c

diff --git a/kernel/drivers/scsi/sg.c b/kernel/drivers/scsi/sg.c
index 5e82067..a1c29b0 100644 (file)
--- a/kernel/drivers/scsi/sg.c
+++ b/kernel/drivers/scsi/sg.c
@@ -592,6 +592,9 @@ sg_write(struct file *filp, const char __user *buf, size_t count, loff_t * ppos)
        sg_io_hdr_t *hp;
        unsigned char cmnd[SG_MAX_CDB_SIZE];
 
+       if (unlikely(segment_eq(get_fs(), KERNEL_DS)))
+               return -EINVAL;
+
        if ((!(sfp = (Sg_fd *) filp->private_data)) || (!(sdp = sfp->parentdp)))
                return -ENXIO;
        SCSI_LOG_TIMEOUT(3, sg_printk(KERN_INFO, sdp,
@@ -652,7 +655,8 @@ sg_write(struct file *filp, const char __user *buf, size_t count, loff_t * ppos)
        else
                hp->dxfer_direction = (mxsize > 0) ? SG_DXFER_FROM_DEV : SG_DXFER_NONE;
        hp->dxfer_len = mxsize;
-       if (hp->dxfer_direction == SG_DXFER_TO_DEV)
+       if ((hp->dxfer_direction == SG_DXFER_TO_DEV) ||
+           (hp->dxfer_direction == SG_DXFER_TO_FROM_DEV))
                hp->dxferp = (char __user *)buf + cmd_size;
        else
                hp->dxferp = NULL;