sg_write()/bsg_write() is not fit to be called under KERNEL_DS
authorAl Viro <viro@zeniv.linux.org.uk>
Fri, 16 Dec 2016 18:42:06 +0000 (13:42 -0500)
committerAl Viro <viro@zeniv.linux.org.uk>
Fri, 23 Dec 2016 04:03:42 +0000 (23:03 -0500)
commit128394eff343fc6d2f32172f03e24829539c5835
tree025d426075681b9904895045929e322429b8a251
parentf698cccbc89e33cda4795a375e47daaa3689485e
sg_write()/bsg_write() is not fit to be called under KERNEL_DS

Both damn things interpret userland pointers embedded into the payload;
worse, they are actually traversing those.  Leaving aside the bad
API design, this is very much _not_ safe to call with KERNEL_DS.
Bail out early if that happens.

Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
block/bsg.c
drivers/scsi/sg.c