[openib-general] [PATCH 1/2] IB/iser: don't access sc->request_buffer when sc->request_bufflen is zero
Or Gerlitz
ogerlitz at voltaire.com
Tue Jun 20 02:33:49 PDT 2006
calling scsi_init_one on sc->request_buffer when sc->request_bufflen is zero is unsafe
Signed-off-by: Or Gerlitz <ogerlitz at voltaire.com>
Index: infiniband-git/drivers/infiniband/ulp/iser/iser_initiator.c
===================================================================
--- infiniband-git.orig/drivers/infiniband/ulp/iser/iser_initiator.c 2006-06-20 12:26:17.000000000 +0300
+++ infiniband-git/drivers/infiniband/ulp/iser/iser_initiator.c 2006-06-20 12:27:42.000000000 +0300
@@ -391,7 +391,8 @@
if (sc->use_sg) { /* using a scatter list */
data_buf->buf = sc->request_buffer;
data_buf->size = sc->use_sg;
- } else { /* using a single buffer - convert it into one entry SG */
+ } else if (sc->request_bufflen) {
+ /* using a single buffer - convert it into one entry SG */
sg_init_one(&data_buf->sg_single,
sc->request_buffer, sc->request_bufflen);
data_buf->buf = &data_buf->sg_single;
More information about the general
mailing list