Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp598319ybz; Wed, 15 Apr 2020 14:51:56 -0700 (PDT) X-Google-Smtp-Source: APiQypJ6e+NiNfttRSsddnWoNECDxpHo1NRXFPOFDIe1tCbxD1XdF8lwrmGfjvKyaY5SLHZrwUXh X-Received: by 2002:aa7:d4c4:: with SMTP id t4mr27224590edr.181.1586987516272; Wed, 15 Apr 2020 14:51:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586987516; cv=none; d=google.com; s=arc-20160816; b=R9cztk+e/TFtMGN08FgIzU11BMTSprkSnlNE6VIzGz0IrE0z0zVl5XMcVyA51DnBdf LsmQ1BSAtk0z7CmPaOL6H7vZAMLHerjxlpKPE7XXSZdpju1qzxha+B33T6bcVnwBw2g2 s1/DKQXRku8iuXuanv4OnXdgjhLE2ILWK4R6zYfAX6XG5OyCenybpViMO2Lw3EiVumd3 FRdqaD+yja5x+709wU/zd2NUySxD6nr2lnPndxWQsW9YZI38MZ/AYtuXJsmMw4MmLNnC nuAKhjiJafYOOtSWRf6nf/RvKLdozVmkjRbQDqLHGC5quyT70bsHo/qcCurZCcNQbNHE zLGA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:to:subject:reply-to; bh=R0Yj1qqjWIlCV/tamsAOQ4jH80M2C+Fp73iaIjA1+3s=; b=fstlMkatqdo0jb1C0d3QPfGmXVNKbGZH9l/LgdP72oFBCPlSQt/U0RpsuCUjMHHCPC 9YIXjRPtGIgdCyX/aeFKK9JDb4JHY+7ThplplQB0D9vpezh3JZK/FVaL+J1upc6700ZM LGvGB9U5ix4LDc2UnGqDfJgvD7aF6yT4awXes7fVg1Drh1xSnbZ6o6F9raeoFnU1dPAr gYMR+ynS099db4JNdDEdA7uz6KOJQTFdgRtBsmmuff4gvq3al3IAYCHBARrqe/LZP63f RLJErg4EcccmOVHBKGYRszADv5StQoSL6Vi7yXNcdEkTwo9dbxWaPZuf119E+qMZtdDd fdiw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b7si8181727edy.494.2020.04.15.14.51.32; Wed, 15 Apr 2020 14:51:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2504302AbgDNSpQ (ORCPT + 99 others); Tue, 14 Apr 2020 14:45:16 -0400 Received: from smtp.infotech.no ([82.134.31.41]:45529 "EHLO smtp.infotech.no" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2504293AbgDNSpN (ORCPT ); Tue, 14 Apr 2020 14:45:13 -0400 Received: from localhost (localhost [127.0.0.1]) by smtp.infotech.no (Postfix) with ESMTP id E9ED72041CF; Tue, 14 Apr 2020 20:45:10 +0200 (CEST) X-Virus-Scanned: by amavisd-new-2.6.6 (20110518) (Debian) at infotech.no Received: from smtp.infotech.no ([127.0.0.1]) by localhost (smtp.infotech.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g5dzQnLMwoIU; Tue, 14 Apr 2020 20:45:05 +0200 (CEST) Received: from [192.168.48.23] (host-23-251-188-50.dyn.295.ca [23.251.188.50]) by smtp.infotech.no (Postfix) with ESMTPA id 08CA2204154; Tue, 14 Apr 2020 20:45:03 +0200 (CEST) Reply-To: dgilbert@interlog.com Subject: Re: [PATCH] scsi:sg: add sg_remove_request in sg_write To: Wu Bo , "James E.J. Bottomley" , "Martin K. Petersen" , linux-scsi@vger.kernel.org, linux-kernel@vger.kernel.org, liuzhiqiang26@huawei.com, linfeilong@huawei.com References: <610618d9-e983-fd56-ed0f-639428343af7@huawei.com> From: Douglas Gilbert Message-ID: <4ece8e46-f9e4-e582-157a-7ab0268c04aa@interlog.com> Date: Tue, 14 Apr 2020 14:44:51 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1 MIME-Version: 1.0 In-Reply-To: <610618d9-e983-fd56-ed0f-639428343af7@huawei.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-CA Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2020-04-13 10:13 p.m., Wu Bo wrote: > From: Wu Bo > > If the __copy_from_user function return failed, > it should call sg_remove_request in sg_write. This is a fix. Acked-by: Douglas Gilbert > Signed-off-by: Wu Bo > --- >  drivers/scsi/sg.c | 4 +++- >  1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c > index 4e6af59..ff3f532 100644 > --- a/drivers/scsi/sg.c > +++ b/drivers/scsi/sg.c > @@ -685,8 +685,10 @@ static int get_sg_io_pack_id(int *pack_id, void __user > *buf, size_t count) >         hp->flags = input_size; /* structure abuse ... */ >         hp->pack_id = old_hdr.pack_id; >         hp->usr_ptr = NULL; > -       if (copy_from_user(cmnd, buf, cmd_size)) > +       if (copy_from_user(cmnd, buf, cmd_size)) { > +               sg_remove_request(sfp, srp); >                 return -EFAULT; > +       } >         /* >          * SG_DXFER_TO_FROM_DEV is functionally equivalent to SG_DXFER_FROM_DEV, >          * but is is possible that the app intended SG_DXFER_TO_DEV, because there > -- > 1.8.3.1 >