On Sun, Feb 19, 2017 at 07:15:27AM +0000, Al Viro wrote: > The root cause is unfixable without access to TARDIS and dose of > antipsychotics sufficient to prevent /dev/sg API creation. > > What happens is that write to /dev/sg is given a request with non-zero > ->iovec_count combined with zero ->dxfer_len. Or with ->dxferp pointing > to an array full of empty iovecs. > > AFAICS, the minimal fix would be something like this: > > YAMissingSanityCheck in /dev/sg > > write permission to /dev/sg shouldn't be equivalent to the ability to trigger > BUG_ON() while holding spinlocks... Looks fine to me: Reviewed-by: Christoph Hellwig <hch@xxxxxx> The other thing we really need to consider is to finally merge the SG_IO implementations for /dev/sg with the common block layer one.
