4.19-stable patches

author Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Fri, 15 May 2020 09:18:49 +0000 (11:18 +0200)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Fri, 15 May 2020 09:18:49 +0000 (11:18 +0200)
author Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 15 May 2020 09:18:49 +0000 (11:18 +0200)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 15 May 2020 09:18:49 +0000 (11:18 +0200)
diff --git a/queue-4.19/scsi-sg-add-sg_remove_request-in-sg_write.patch b/queue-4.19/scsi-sg-add-sg_remove_request-in-sg_write.patch

new file mode 100644 (file)

index 0000000..feadad2
--- /dev/null
+++ b/queue-4.19/scsi-sg-add-sg_remove_request-in-sg_write.patch
@@ -0,0 +1,39 @@
+From 83c6f2390040f188cc25b270b4befeb5628c1aee Mon Sep 17 00:00:00 2001
+From: Wu Bo <wubo40@huawei.com>
+Date: Tue, 14 Apr 2020 10:13:28 +0800
+Subject: scsi: sg: add sg_remove_request in sg_write
+
+From: Wu Bo <wubo40@huawei.com>
+
+commit 83c6f2390040f188cc25b270b4befeb5628c1aee upstream.
+
+If the __copy_from_user function failed we need to call sg_remove_request
+in sg_write.
+
+Link: https://lore.kernel.org/r/610618d9-e983-fd56-ed0f-639428343af7@huawei.com
+Acked-by: Douglas Gilbert <dgilbert@interlog.com>
+Signed-off-by: Wu Bo <wubo40@huawei.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+[groeck: Backport to v5.4.y and older kernels]
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/sg.c |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/scsi/sg.c
++++ b/drivers/scsi/sg.c
+@@ -694,8 +694,10 @@ sg_write(struct file *filp, const char _
+       hp->flags = input_size; /* structure abuse ... */
+       hp->pack_id = old_hdr.pack_id;
+       hp->usr_ptr = NULL;
+-      if (__copy_from_user(cmnd, buf, cmd_size))
++      if (__copy_from_user(cmnd, buf, cmd_size)) {
++              sg_remove_request(sfp, srp);
+               return -EFAULT;
++      }
+       /*
+        * SG_DXFER_TO_FROM_DEV is functionally equivalent to SG_DXFER_FROM_DEV,
+        * but is is possible that the app intended SG_DXFER_TO_DEV, because there
diff --git a/queue-4.19/series b/queue-4.19/series

index 7c07802ea3f62a0220202bc6546e209053a83e98..0217b12efd29b074f514546806779e08a354c3e7 100644 (file)
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -4,3 +4,4 @@ net-sonic-fix-a-resource-leak-in-an-error-handling-p.patch
  net-moxa-fix-a-potential-double-free_irq.patch
  drop_monitor-work-around-gcc-10-stringop-overflow-wa.patch
  virtio-blk-handle-block_device_operations-callbacks-.patch
+scsi-sg-add-sg_remove_request-in-sg_write.patch
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 15 May 2020 09:18:49 +0000 (11:18 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 15 May 2020 09:18:49 +0000 (11:18 +0200)
queue-4.19/scsi-sg-add-sg_remove_request-in-sg_write.patch	[new file with mode: 0644]	patch \| blob
queue-4.19/series		patch \| blob \| blame \| history