fix regression in SCSI_IOCTL_SEND_COMMAND

blk_rq_set_block_pc() memsets rq->cmd to 0, so it should come
immediately after blk_get_request() to avoid overwriting the
user-supplied CDB.  Also check for failure to allocate rq.

Fixes: f27b087b81b7 ("block: add blk_rq_set_block_pc()")
Cc: <stable@vger.kernel.org> # 3.16.x
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: Jens Axboe <axboe@fb.com>

1 files changed, 7 insertions, 2 deletions

diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
index 1d78e6cf9d61..5dd477bfb4bc 100644
--- a/block/scsi_ioctl.c
+++ b/block/scsi_ioctl.c
@@ -456,6 +456,11 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode,
         }
 
         rq = blk_get_request(q, in_len ? WRITE : READ, __GFP_WAIT);
+        if (!rq) {
+                err = -ENOMEM;
+                goto error;
+        }
+        blk_rq_set_block_pc(rq);
 
         cmdlen = COMMAND_SIZE(opcode);
 
@@ -509,7 +514,6 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode,
         memset(sense, 0, sizeof(sense));
         rq->sense = sense;
         rq->sense_len = 0;
-        blk_rq_set_block_pc(rq);
 
         blk_execute_rq(q, disk, rq, 0);
 
@@ -529,7 +533,8 @@ out:
         
 error:
         kfree(buffer);
-        blk_put_request(rq);
+        if (rq)
+                blk_put_request(rq);
         return err;
 }
 EXPORT_SYMBOL_GPL(sg_scsi_ioctl);