Commits
Linus Torvalds committed f075dce66c6
scsi sg: remove incorrect scsi command checking logic The SCSI_IOCTL_SEND_COMMAND ioctl has interesting scsi command "security" checking. If the file was opened read-only (but only in that case), it will fetch the first byte of the command from user space, and do "sg_allow_access()" on it. That, in turn, will check that "blk_verify_command()" is ok with that command byte. If that passes, it will then do call "sg_scsi_ioctl()" to execute the command. This is entirely nonsensical for several reasons. It's nonsensical simply because it's racy: after it copies the command byte from user mode to check it, user mode could just change the byte before it is actually submitted later by "sg_scsi_ioctl()". But it is nonsensical also because "sg_scsi_ioctl()" itself already does blk_verify_command() on the command properly after it has been copied from user space. So it is an incorrect implementation of a pointless check. Remove it. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>