Patch "kcm: return immediately after copy_from_user() failure" has been added to the 4.9-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Sat, 29 Apr 2017 08:24:01 +0200

This is a note to let you know that I've just added the patch titled

    kcm: return immediately after copy_from_user() failure

to the 4.9-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     kcm-return-immediately-after-copy_from_user-failure.patch
and it can be found in the queue-4.9 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From foo@baz Sat Apr 29 08:22:13 CEST 2017
From: WANG Cong <xiyou.wangcong@xxxxxxxxx>
Date: Thu, 23 Mar 2017 11:03:31 -0700
Subject: kcm: return immediately after copy_from_user() failure

From: WANG Cong <xiyou.wangcong@xxxxxxxxx>


[ Upstream commit a80db69e47d764bbcaf2fec54b1f308925e7c490 ]

There is no reason to continue after a copy_from_user()
failure.

Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
Cc: Tom Herbert <tom@xxxxxxxxxxxxxxx>
Signed-off-by: Cong Wang <xiyou.wangcong@xxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 net/kcm/kcmsock.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/net/kcm/kcmsock.c
+++ b/net/kcm/kcmsock.c
@@ -1685,7 +1685,7 @@ static int kcm_ioctl(struct socket *sock
 		struct kcm_attach info;
 
 		if (copy_from_user(&info, (void __user *)arg, sizeof(info)))
-			err = -EFAULT;
+			return -EFAULT;
 
 		err = kcm_attach_ioctl(sock, &info);
 
@@ -1695,7 +1695,7 @@ static int kcm_ioctl(struct socket *sock
 		struct kcm_unattach info;
 
 		if (copy_from_user(&info, (void __user *)arg, sizeof(info)))
-			err = -EFAULT;
+			return -EFAULT;
 
 		err = kcm_unattach_ioctl(sock, &info);
 
@@ -1706,7 +1706,7 @@ static int kcm_ioctl(struct socket *sock
 		struct socket *newsock = NULL;
 
 		if (copy_from_user(&info, (void __user *)arg, sizeof(info)))
-			err = -EFAULT;
+			return -EFAULT;
 
 		err = kcm_clone(sock, &info, &newsock);
 


Patches currently in stable-queue which might be from xiyou.wangcong@xxxxxxxxx are

queue-4.9/ipv6-check-skb-protocol-before-lookup-for-nexthop.patch
queue-4.9/kcm-return-immediately-after-copy_from_user-failure.patch






