cxl/fwctl: Fix __fortify_panic

Fix a runtime assertion in cxlctl_get_supported_features(). Fortify
complains that it is potentially overflowing the entries array per
__counted_by_le(num_entries). Quiet the false positive by initializing
@num_entries earlier.

 memcpy: detected buffer overflow: 48 byte write of buffer size 0
 WARNING: lib/string_helpers.c:1036 at __fortify_report+0x4d/0xa0, CPU#7: fwctl/1398
 RIP: 0010:__fortify_report+0x50/0xa0
 Call Trace:
  __fortify_panic+0xd/0xf
  cxlctl_get_supported_features.cold+0x23/0x35 [cxl_core]

Fixes: 4d1c09cef2c2 ("cxl: Add support for fwctl RPC command to enable CXL feature commands")
Signed-off-by: Dan Williams <djbw@kernel.org>
Reviewed-by: Alison Schofield <alison.schofield@intel.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Link: https://patch.msgid.link/20260519221204.1517773-2-djbw@kernel.org
Signed-off-by: Dave Jiang <dave.jiang@intel.com>

diff --git a/drivers/cxl/core/features.c b/drivers/cxl/core/features.c
index 3435db9ea6b11680b0901a57779b9b2f878ad747..85185af46b72d88f96fde09a654927ecc9c8ab7e 100644 (file)
--- a/drivers/cxl/core/features.c
+++ b/drivers/cxl/core/features.c
@@ -423,6 +423,7 @@ static void *cxlctl_get_supported_features(struct cxl_features_state *cxlfs,
 
        rpc_out->size = struct_size(feat_out, ents, requested);
        feat_out = &rpc_out->get_sup_feats_out;
+       feat_out->num_entries = cpu_to_le16(requested);
 
        for (i = start, pos = &feat_out->ents[0];
             i < cxlfs->entries->num_features; i++, pos++) {
@@ -444,7 +445,6 @@ static void *cxlctl_get_supported_features(struct cxl_features_state *cxlfs,
                }
        }
 
-       feat_out->num_entries = cpu_to_le16(requested);
        feat_out->supported_feats = cpu_to_le16(cxlfs->entries->num_features);
        rpc_out->retval = CXL_MBOX_CMD_RC_SUCCESS;
        *out_len = out_size;