--- /dev/null
+From 7d5750c0edfe886dbdee189f0c86e95c68147781 Mon Sep 17 00:00:00 2001
+From: Jason Gunthorpe <jgg@mellanox.com>
+Date: Sun, 12 May 2019 21:57:57 -0300
+Subject: RDMA: Directly cast the sockaddr union to sockaddr
+
+From: Jason Gunthorpe <jgg@mellanox.com>
+
+commit 641114d2af312d39ca9bbc2369d18a5823da51c6 upstream.
+
+gcc 9 now does allocation size tracking and thinks that passing the member
+of a union and then accessing beyond that member's bounds is an overflow.
+
+Instead of using the union member, use the entire union with a cast to
+get to the sockaddr. gcc will now know that the memory extends the full
+size of the union.
+
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/infiniband/core/addr.c | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+--- a/drivers/infiniband/core/addr.c
++++ b/drivers/infiniband/core/addr.c
+@@ -481,14 +481,13 @@ int rdma_addr_find_dmac_by_grh(const uni
+ struct net_device *dev;
+
+ union {
+- struct sockaddr _sockaddr;
+ struct sockaddr_in _sockaddr_in;
+ struct sockaddr_in6 _sockaddr_in6;
+ } sgid_addr, dgid_addr;
+
+
+- rdma_gid2ip(&sgid_addr._sockaddr, sgid);
+- rdma_gid2ip(&dgid_addr._sockaddr, dgid);
++ rdma_gid2ip((struct sockaddr *)&sgid_addr, sgid);
++ rdma_gid2ip((struct sockaddr *)&dgid_addr, dgid);
+
+ memset(&dev_addr, 0, sizeof(dev_addr));
+ dev_addr.bound_dev_if = if_index;
+@@ -496,8 +495,9 @@ int rdma_addr_find_dmac_by_grh(const uni
+
+ ctx.addr = &dev_addr;
+ init_completion(&ctx.comp);
+- ret = rdma_resolve_ip(&self, &sgid_addr._sockaddr, &dgid_addr._sockaddr,
+- &dev_addr, 1000, resolve_cb, &ctx);
++ ret = rdma_resolve_ip(&self, (struct sockaddr *)&sgid_addr,
++ (struct sockaddr *)&dgid_addr, &dev_addr, 1000,
++ resolve_cb, &ctx);
+ if (ret)
+ return ret;
+
+@@ -519,16 +519,15 @@ int rdma_addr_find_smac_by_sgid(union ib
+ int ret = 0;
+ struct rdma_dev_addr dev_addr;
+ union {
+- struct sockaddr _sockaddr;
+ struct sockaddr_in _sockaddr_in;
+ struct sockaddr_in6 _sockaddr_in6;
+ } gid_addr;
+
+- rdma_gid2ip(&gid_addr._sockaddr, sgid);
++ rdma_gid2ip((struct sockaddr *)&gid_addr, sgid);
+
+ memset(&dev_addr, 0, sizeof(dev_addr));
+ dev_addr.net = &init_net;
+- ret = rdma_translate_ip(&gid_addr._sockaddr, &dev_addr, vlan_id);
++ ret = rdma_translate_ip((struct sockaddr *)&gid_addr, &dev_addr, vlan_id);
+ if (ret)
+ return ret;
+
--- /dev/null
+From 792f95e79a75ea8195236631bb59dd51389d87ce Mon Sep 17 00:00:00 2001
+From: Hannes Reinecke <hare@suse.de>
+Date: Wed, 24 Jul 2019 11:00:55 +0200
+Subject: scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure
+
+From: Hannes Reinecke <hare@suse.de>
+
+commit 023358b136d490ca91735ac6490db3741af5a8bd upstream.
+
+Gcc-9 complains for a memset across pointer boundaries, which happens as
+the code tries to allocate a flexible array on the stack. Turns out we
+cannot do this without relying on gcc-isms, so with this patch we'll embed
+the fc_rport_priv structure into fcoe_rport, can use the normal
+'container_of' outcast, and will only have to do a memset over one
+structure.
+
+Signed-off-by: Hannes Reinecke <hare@suse.de>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/scsi/fcoe/fcoe_ctlr.c | 33 ++++++++++++++-------------------
+ drivers/scsi/libfc/fc_rport.c | 5 ++++-
+ include/scsi/libfcoe.h | 1 +
+ 3 files changed, 19 insertions(+), 20 deletions(-)
+
+--- a/drivers/scsi/fcoe/fcoe_ctlr.c
++++ b/drivers/scsi/fcoe/fcoe_ctlr.c
+@@ -1973,7 +1973,7 @@ EXPORT_SYMBOL_GPL(fcoe_wwn_from_mac);
+ */
+ static inline struct fcoe_rport *fcoe_ctlr_rport(struct fc_rport_priv *rdata)
+ {
+- return (struct fcoe_rport *)(rdata + 1);
++ return container_of(rdata, struct fcoe_rport, rdata);
+ }
+
+ /**
+@@ -2233,7 +2233,7 @@ static void fcoe_ctlr_vn_start(struct fc
+ */
+ static int fcoe_ctlr_vn_parse(struct fcoe_ctlr *fip,
+ struct sk_buff *skb,
+- struct fc_rport_priv *rdata)
++ struct fcoe_rport *frport)
+ {
+ struct fip_header *fiph;
+ struct fip_desc *desc = NULL;
+@@ -2241,16 +2241,12 @@ static int fcoe_ctlr_vn_parse(struct fco
+ struct fip_wwn_desc *wwn = NULL;
+ struct fip_vn_desc *vn = NULL;
+ struct fip_size_desc *size = NULL;
+- struct fcoe_rport *frport;
+ size_t rlen;
+ size_t dlen;
+ u32 desc_mask = 0;
+ u32 dtype;
+ u8 sub;
+
+- memset(rdata, 0, sizeof(*rdata) + sizeof(*frport));
+- frport = fcoe_ctlr_rport(rdata);
+-
+ fiph = (struct fip_header *)skb->data;
+ frport->flags = ntohs(fiph->fip_flags);
+
+@@ -2313,15 +2309,17 @@ static int fcoe_ctlr_vn_parse(struct fco
+ if (dlen != sizeof(struct fip_wwn_desc))
+ goto len_err;
+ wwn = (struct fip_wwn_desc *)desc;
+- rdata->ids.node_name = get_unaligned_be64(&wwn->fd_wwn);
++ frport->rdata.ids.node_name =
++ get_unaligned_be64(&wwn->fd_wwn);
+ break;
+ case FIP_DT_VN_ID:
+ if (dlen != sizeof(struct fip_vn_desc))
+ goto len_err;
+ vn = (struct fip_vn_desc *)desc;
+ memcpy(frport->vn_mac, vn->fd_mac, ETH_ALEN);
+- rdata->ids.port_id = ntoh24(vn->fd_fc_id);
+- rdata->ids.port_name = get_unaligned_be64(&vn->fd_wwpn);
++ frport->rdata.ids.port_id = ntoh24(vn->fd_fc_id);
++ frport->rdata.ids.port_name =
++ get_unaligned_be64(&vn->fd_wwpn);
+ break;
+ case FIP_DT_FC4F:
+ if (dlen != sizeof(struct fip_fc4_feat))
+@@ -2664,16 +2662,13 @@ static int fcoe_ctlr_vn_recv(struct fcoe
+ {
+ struct fip_header *fiph;
+ enum fip_vn2vn_subcode sub;
+- struct {
+- struct fc_rport_priv rdata;
+- struct fcoe_rport frport;
+- } buf;
++ struct fcoe_rport frport = { };
+ int rc;
+
+ fiph = (struct fip_header *)skb->data;
+ sub = fiph->fip_subcode;
+
+- rc = fcoe_ctlr_vn_parse(fip, skb, &buf.rdata);
++ rc = fcoe_ctlr_vn_parse(fip, skb, &frport);
+ if (rc) {
+ LIBFCOE_FIP_DBG(fip, "vn_recv vn_parse error %d\n", rc);
+ goto drop;
+@@ -2682,19 +2677,19 @@ static int fcoe_ctlr_vn_recv(struct fcoe
+ mutex_lock(&fip->ctlr_mutex);
+ switch (sub) {
+ case FIP_SC_VN_PROBE_REQ:
+- fcoe_ctlr_vn_probe_req(fip, &buf.rdata);
++ fcoe_ctlr_vn_probe_req(fip, &frport.rdata);
+ break;
+ case FIP_SC_VN_PROBE_REP:
+- fcoe_ctlr_vn_probe_reply(fip, &buf.rdata);
++ fcoe_ctlr_vn_probe_reply(fip, &frport.rdata);
+ break;
+ case FIP_SC_VN_CLAIM_NOTIFY:
+- fcoe_ctlr_vn_claim_notify(fip, &buf.rdata);
++ fcoe_ctlr_vn_claim_notify(fip, &frport.rdata);
+ break;
+ case FIP_SC_VN_CLAIM_REP:
+- fcoe_ctlr_vn_claim_resp(fip, &buf.rdata);
++ fcoe_ctlr_vn_claim_resp(fip, &frport.rdata);
+ break;
+ case FIP_SC_VN_BEACON:
+- fcoe_ctlr_vn_beacon(fip, &buf.rdata);
++ fcoe_ctlr_vn_beacon(fip, &frport.rdata);
+ break;
+ default:
+ LIBFCOE_FIP_DBG(fip, "vn_recv unknown subcode %d\n", sub);
+--- a/drivers/scsi/libfc/fc_rport.c
++++ b/drivers/scsi/libfc/fc_rport.c
+@@ -121,12 +121,15 @@ static struct fc_rport_priv *fc_rport_cr
+ u32 port_id)
+ {
+ struct fc_rport_priv *rdata;
++ size_t rport_priv_size = sizeof(*rdata);
+
+ rdata = lport->tt.rport_lookup(lport, port_id);
+ if (rdata)
+ return rdata;
+
+- rdata = kzalloc(sizeof(*rdata) + lport->rport_priv_size, GFP_KERNEL);
++ if (lport->rport_priv_size > 0)
++ rport_priv_size = lport->rport_priv_size;
++ rdata = kzalloc(rport_priv_size, GFP_KERNEL);
+ if (!rdata)
+ return NULL;
+
+--- a/include/scsi/libfcoe.h
++++ b/include/scsi/libfcoe.h
+@@ -236,6 +236,7 @@ struct fcoe_fcf {
+ * @vn_mac: VN_Node assigned MAC address for data
+ */
+ struct fcoe_rport {
++ struct fc_rport_priv rdata;
+ unsigned long time;
+ u16 fcoe_len;
+ u16 flags;
projects / thirdparty / kernel / stable-queue.git / commitdiff
