Re: [PATCH] scsi: ensure the header peeked does not change in the actual message

From: Christoph Hellwig <hch@infradead.org>
Date: 2017-09-19 16:01:02

diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
index 7440de4..971044d 100644
--- a/block/scsi_ioctl.c
+++ b/block/scsi_ioctl.c

@@ -466,6 +466,12 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode,
 	if (copy_from_user(req->cmd, sic->data, cmdlen))
 		goto error;
 
+	/*
+	 * override the request header (opcode) to make sure that it matches
+	 * the first fetch from sic->data 
+	 */
+	*((unsigned int *)req->cmd) = opcode;
+
 	if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))

NAK.

Just don't copy the byte twice.  E.g. change things to not copy
the first byte again.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help