On Thu, May 14, 2020 at 08:05:51AM -0700, Guenter Roeck wrote:
From: Wu Bo wubo40@huawei.com
[ Upstream commit 83c6f2390040f188cc25b270b4befeb5628c1aee ]
If the __copy_from_user function failed we need to call sg_remove_request in sg_write.
Link: https://lore.kernel.org/r/610618d9-e983-fd56-ed0f-639428343af7@huawei.com Acked-by: Douglas Gilbert dgilbert@interlog.com Signed-off-by: Wu Bo wubo40@huawei.com Signed-off-by: Martin K. Petersen martin.petersen@oracle.com Signed-off-by: Sasha Levin sashal@kernel.org [groeck: Backport to v5.4.y and older kernels] Signed-off-by: Guenter Roeck linux@roeck-us.net
This patch fixes CVE-2020-12770, and the problem it fixes looks like a valid bug. Please apply to v5.4.y and older kernel branches.
Now queud up, thanks.
greg k-h