From a2825d8b06c6201beafdab30de5a1c473d406c69 Mon Sep 17 00:00:00 2001 From: Vladislav Bolkhovitin Date: Tue, 11 Sep 2012 18:42:42 +0000 Subject: [PATCH] Fix scst_local crash on 0 response data len w/o data buffer allocated + some related cleanups Reported by Richard Sharpe git-svn-id: http://svn.code.sf.net/p/scst/svn/trunk@4512 d57e44dd-8a1f-0410-8b47-8ef2f437770f --- scst/src/dev_handlers/scst_user.c | 3 ++- scst/src/scst_lib.c | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/scst/src/dev_handlers/scst_user.c b/scst/src/dev_handlers/scst_user.c index 3724b8640..73a43eae1 100644 --- a/scst/src/dev_handlers/scst_user.c +++ b/scst/src/dev_handlers/scst_user.c @@ -1498,7 +1498,8 @@ static int dev_user_process_reply_exec(struct scst_user_cmd *ucmd, * We have an empty SG, so can't call * scst_set_resp_data_len() */ - cmd->resp_data_len = ereply->resp_data_len; + WARN_ON(ereply->resp_data_len != 0); + cmd->resp_data_len = 0; cmd->resid_possible = 1; } else scst_set_resp_data_len(cmd, ereply->resp_data_len); diff --git a/scst/src/scst_lib.c b/scst/src/scst_lib.c index 17979082f..754c7d0bb 100644 --- a/scst/src/scst_lib.c +++ b/scst/src/scst_lib.c @@ -5987,13 +5987,14 @@ void scst_copy_sg(struct scst_cmd *cmd, enum scst_sg_copy_dir copy_dir) } else { src_sg = cmd->sg; dst_sg = cmd->tgt_i_sg; - to_copy = cmd->resp_data_len; + to_copy = cmd->adjusted_resp_data_len; } TRACE_MEM("cmd %p, copy_dir %d, src_sg %p, dst_sg %p, to_copy %lld", cmd, copy_dir, src_sg, dst_sg, (long long)to_copy); - if (unlikely(src_sg == NULL) || unlikely(dst_sg == NULL)) { + if (unlikely(src_sg == NULL) || unlikely(dst_sg == NULL) || + unlikely(to_copy == 0)) { /* * It can happened, e.g., with scst_user for cmd with delay * alloc, which failed with Check Condition.