hp->usr_ptr = NULL;
if (__copy_from_user(cmnd, buf, cmd_size))
return -EFAULT;
+ /*
+ * SG_DXFER_TO_FROM_DEV is functionally equivalent to SG_DXFER_FROM_DEV,
+ * but is is possible that the app intended SG_DXFER_TO_DEV, because there
+ * is a non-zero input_size, so emit a warning.
+ */
+ if (hp->dxfer_direction == SG_DXFER_TO_FROM_DEV)
+ if (printk_ratelimit())
+ printk(KERN_WARNING
+ "sg_write: data in/out %d/%d bytes for SCSI command 0x%x--"
+ "guessing data in;\n" KERN_WARNING " "
+ "program %s not setting count and/or reply_len properly\n",
+ old_hdr.reply_len - (int)SZ_SG_HEADER,
+ input_size, (unsigned int) cmnd[0],
+ current->comm);
k = sg_common_write(sfp, srp, cmnd, sfp->timeout, blocking);
return (k < 0) ? k : count;
}
sg_io_hdr_t *hp;
unsigned char cmnd[sizeof (dummy_cmdp->sr_cmnd)];
int timeout;
+ unsigned long ul_timeout;
if (count < SZ_SG_IO_HDR)
return -EINVAL;
return -EBUSY; /* reserve buffer already being used */
}
}
- timeout = msecs_to_jiffies(srp->header.timeout);
+ ul_timeout = msecs_to_jiffies(srp->header.timeout);
+ timeout = (ul_timeout < INT_MAX) ? ul_timeout : INT_MAX;
if ((!hp->cmdp) || (hp->cmd_len < 6) || (hp->cmd_len > sizeof (cmnd))) {
sg_remove_request(sfp, srp);
return -EMSGSIZE;
return NULL;
memset(sfp, 0, sizeof (Sg_fd));
init_waitqueue_head(&sfp->read_wait);
- sfp->rq_list_lock = RW_LOCK_UNLOCKED;
+ rwlock_init(&sfp->rq_list_lock);
sfp->timeout = SG_DEFAULT_TIMEOUT;
sfp->timeout_user = SG_DEFAULT_TIMEOUT_USER;