From: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri, 16 Dec 2016 18:42:06 +0000 (-0500)
Subject: sg_write()/bsg_write() is not fit to be called under KERNEL_DS
X-Git-Tag: v3.2.85~3
X-Git-Url: https://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e30250c95b840896da4cb71e84bead5803ee1ff6;p=pandora-kernel.git

sg_write()/bsg_write() is not fit to be called under KERNEL_DS

commit a0ac402cfcdc904f9772e1762b3fda112dcc56a0 upstream.

Both damn things interpret userland pointers embedded into the payload;
worse, they are actually traversing those.  Leaving aside the bad
API design, this is very much _not_ safe to call with KERNEL_DS.
Bail out early if that happens.

Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---

Reading git-diff-tree failed