[PATCH 3.16 44/61] scsi: sg: add sg_remove_request in sg_common_write

[Ben Hutchings]

3.16.85-rc1 review patch.  If anyone has any objections, please let me know.

------------------

From: Li Bin <huawei.li...@huawei.com>

commit 849f8583e955dbe3a1806e03ecacd5e71cce0a08 upstream.

If the dxfer_len is greater than 256M then the request is invalid and we
need to call sg_remove_request in sg_common_write.

Link: 
https://lore.kernel.org/r/1586777361-17339-1-git-send-email-huawei.li...@huawei.com
Fixes: f930c7043663 ("scsi: sg: only check for dxfer_len greater than 256M")
Acked-by: Douglas Gilbert <dgilb...@interlog.com>
Signed-off-by: Li Bin <huawei.li...@huawei.com>
Signed-off-by: Martin K. Petersen <martin.peter...@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Signed-off-by: Ben Hutchings <b...@decadent.org.uk>
---
 drivers/scsi/sg.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -808,8 +808,10 @@ sg_common_write(Sg_fd * sfp, Sg_request
        SCSI_LOG_TIMEOUT(4, printk("sg_common_write:  scsi opcode=0x%02x, 
cmd_size=%d\n",
                          (int) cmnd[0], (int) hp->cmd_len));
 
-       if (hp->dxfer_len >= SZ_256M)
+       if (hp->dxfer_len >= SZ_256M) {
+               sg_remove_request(sfp, srp);
                return -EINVAL;
+       }
 
        k = sg_start_req(srp, cmnd);
        if (k) {