From: Hannes Reinecke <hare@suse.de>
Date: Wed, 30 Jan 2019 10:50:10 +0100
Subject: [PATCH] bsg: Do not copy sense if no response buffer is allocated
Patch-Mainline: submitted linux-scsi 2019/02/28
References: bsc#1106811,bsc#1126555

The sense buffer is only allocated for SCSI requests, not for pass-through
bsg requests. So we should only copy out the sense if we have both, sense
and response buffer.

Signed-off-by: Hannes Reinecke <hare@suse.com>
---
 block/bsg.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/block/bsg.c b/block/bsg.c
index 37663b664666..5671c1188245 100644
--- a/block/bsg.c
+++ b/block/bsg.c
@@ -401,13 +401,12 @@ static int blk_complete_sgv4_hdr_rq(struct request *rq, struct sg_io_v4 *hdr,
 	if (hdr->device_status || hdr->transport_status || hdr->driver_status)
 		hdr->info |= SG_INFO_CHECK;
 	hdr->response_len = 0;
-
-	if (req->sense_len && hdr->response) {
+	if (req->sense && hdr->response) {
 		int len = min_t(unsigned int, hdr->max_response_len,
 					req->sense_len);
-
-		ret = copy_to_user((void __user *)(unsigned long)hdr->response,
-				   req->sense, len);
+		if (len > 0)
+			ret = copy_to_user((void __user *)(unsigned long)hdr->response,
+					   req->sense, len);
 		if (!ret)
 			hdr->response_len = len;
 		else
-- 
2.16.4