git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Michael Ellerman <mpe@ellerman.id.au>
	Mon, 21 Aug 2023 14:28:19 +0000 (00:28 +1000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 28 Nov 2023 16:56:36 +0000 (16:56 +0000)
commit	1dcf90c9fa01e6ad0463e060fe86695cd3e73236
tree	9159ade4a1f044c379bd9dea2444173322c0544d	tree
parent	3d7912710e5e187217313fea5c145881cfeaf952	commit \| diff

powerpc/powernv: Fix fortify source warnings in opal-prd.c

commit feea65a338e52297b68ceb688eaf0ffc50310a83 upstream.

As reported by Mahesh & Aneesh, opal_prd_msg_notifier() triggers a
FORTIFY_SOURCE warning:

  memcpy: detected field-spanning write (size 32) of single field "&item->msg" at arch/powerpc/platforms/powernv/opal-prd.c:355 (size 4)
  WARNING: CPU: 9 PID: 660 at arch/powerpc/platforms/powernv/opal-prd.c:355 opal_prd_msg_notifier+0x174/0x188 [opal_prd]
  NIP opal_prd_msg_notifier+0x174/0x188 [opal_prd]
  LR  opal_prd_msg_notifier+0x170/0x188 [opal_prd]
  Call Trace:
    opal_prd_msg_notifier+0x170/0x188 [opal_prd] (unreliable)
    notifier_call_chain+0xc0/0x1b0
    atomic_notifier_call_chain+0x2c/0x40
    opal_message_notify+0xf4/0x2c0

This happens because the copy is targeting item->msg, which is only 4
bytes in size, even though the enclosing item was allocated with extra
space following the msg.

To fix the warning define struct opal_prd_msg with a union of the header
and a flex array, and have the memcpy target the flex array.

Reported-by: "Aneesh Kumar K.V" <aneesh.kumar@linux.ibm.com>
Reported-by: Mahesh Salgaonkar <mahesh@linux.ibm.com>
Tested-by: Mahesh Salgaonkar <mahesh@linux.ibm.com>
Reviewed-by: Mahesh Salgaonkar <mahesh@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20230821142820.497107-1-mpe@ellerman.id.au
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>