From: Kees Cook keescook@chromium.org
commit a9a3629592ab7442a2e9d40281420b51c453ea9b upstream.
struct MPI2_RAID_SCSI_IO_REQUEST ends with a single SGL, but expects to copy multiple. Add a flexible array member so the compiler can reason about the size of the memcpy(). This will avoid the run-time false positive warning:
memcpy: detected field-spanning write (size 128) of single field "&r1_cmd->io_request->SGL" at drivers/scsi/megaraid/megaraid_sas_fusion.c:3326 (size 16)
This change results in no binary output differences.
Reported-by: Holger Kiehl Holger.Kiehl@dwd.de Link: https://lore.kernel.org/all/88de8faa-56c4-693d-2d3-67152ee72057@diagnostix.d... Cc: Kashyap Desai kashyap.desai@broadcom.com Cc: Sumit Saxena sumit.saxena@broadcom.com Cc: Shivasharan S shivasharan.srikanteshwara@broadcom.com Cc: "James E.J. Bottomley" jejb@linux.ibm.com Cc: "Martin K. Petersen" martin.petersen@oracle.com Cc: megaraidlinux.pdl@broadcom.com Cc: linux-scsi@vger.kernel.org Link: https://lore.kernel.org/r/20230106053153.never.999-kees@kernel.org Signed-off-by: Kees Cook keescook@chromium.org Tested-by: Holger Kiehl Holger.Kiehl@dwd.de Signed-off-by: Martin K. Petersen martin.petersen@oracle.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- drivers/scsi/megaraid/megaraid_sas_fusion.c | 2 +- drivers/scsi/megaraid/megaraid_sas_fusion.h | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-)
--- a/drivers/scsi/megaraid/megaraid_sas_fusion.c +++ b/drivers/scsi/megaraid/megaraid_sas_fusion.c @@ -3323,7 +3323,7 @@ static void megasas_prepare_secondRaid1_ /* copy the io request frame as well as 8 SGEs data for r1 command*/ memcpy(r1_cmd->io_request, cmd->io_request, (sizeof(struct MPI2_RAID_SCSI_IO_REQUEST))); - memcpy(&r1_cmd->io_request->SGL, &cmd->io_request->SGL, + memcpy(r1_cmd->io_request->SGLs, cmd->io_request->SGLs, (fusion->max_sge_in_main_msg * sizeof(union MPI2_SGE_IO_UNION))); /*sense buffer is different for r1 command*/ r1_cmd->io_request->SenseBufferLowAddress = --- a/drivers/scsi/megaraid/megaraid_sas_fusion.h +++ b/drivers/scsi/megaraid/megaraid_sas_fusion.h @@ -526,7 +526,10 @@ struct MPI2_RAID_SCSI_IO_REQUEST { __le32 Control; /* 0x3C */ union MPI2_SCSI_IO_CDB_UNION CDB; /* 0x40 */ union RAID_CONTEXT_UNION RaidContext; /* 0x60 */ - union MPI2_SGE_IO_UNION SGL; /* 0x80 */ + union { + union MPI2_SGE_IO_UNION SGL; /* 0x80 */ + DECLARE_FLEX_ARRAY(union MPI2_SGE_IO_UNION, SGLs); + }; };
/*