From: Dan Williams <djbw@kernel.org>
Date: Tue, 19 May 2026 22:12:03 +0000 (-0700)
Subject: cxl/fwctl: Fix __fortify_panic
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=6c9d2e87df40d606f1c85143e9acb1ecff463d5e;p=thirdparty%2Flinux.git

cxl/fwctl: Fix __fortify_panic

Fix a runtime assertion in cxlctl_get_supported_features(). Fortify
complains that it is potentially overflowing the entries array per
__counted_by_le(num_entries). Quiet the false positive by initializing
@num_entries earlier.

 memcpy: detected buffer overflow: 48 byte write of buffer size 0
 WARNING: lib/string_helpers.c:1036 at __fortify_report+0x4d/0xa0, CPU#7: fwctl/1398
 RIP: 0010:__fortify_report+0x50/0xa0
 Call Trace:
  __fortify_panic+0xd/0xf
  cxlctl_get_supported_features.cold+0x23/0x35 [cxl_core]

Fixes: 4d1c09cef2c2 ("cxl: Add support for fwctl RPC command to enable CXL feature commands")
Signed-off-by: Dan Williams <djbw@kernel.org>
Reviewed-by: Alison Schofield <alison.schofield@intel.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Link: https://patch.msgid.link/20260519221204.1517773-2-djbw@kernel.org
Signed-off-by: Dave Jiang <dave.jiang@intel.com>
---

diff --git a/drivers/cxl/core/features.c b/drivers/cxl/core/features.c
index 3435db9ea6b11..85185af46b72d 100644
--- a/drivers/cxl/core/features.c
+++ b/drivers/cxl/core/features.c
@@ -423,6 +423,7 @@ static void *cxlctl_get_supported_features(struct cxl_features_state *cxlfs,
 
 	rpc_out->size = struct_size(feat_out, ents, requested);
 	feat_out = &rpc_out->get_sup_feats_out;
+	feat_out->num_entries = cpu_to_le16(requested);
 
 	for (i = start, pos = &feat_out->ents[0];
 	     i < cxlfs->entries->num_features; i++, pos++) {
@@ -444,7 +445,6 @@ static void *cxlctl_get_supported_features(struct cxl_features_state *cxlfs,
 		}
 	}
 
-	feat_out->num_entries = cpu_to_le16(requested);
 	feat_out->supported_feats = cpu_to_le16(cxlfs->entries->num_features);
 	rpc_out->retval = CXL_MBOX_CMD_RC_SUCCESS;
 	*out_len = out_size;