scsi: isci: Use correctly sized target buffer for memcpy()

In preparation for FORTIFY_SOURCE performing compile-time and run-time field bounds checking for memcpy(), avoid intentionally writing across neighboring array fields. Switch from rsp_ui to resp_buf, since resp_ui isn't SSP_RESP_IU_MAX_SIZE bytes in length. This avoids future compile-time warnings. Link: https://lore.kernel.org/r/20210528181337.792268-4-keescook@chromium.orgReviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

scsi: isci: Use correctly sized target buffer for memcpy()
In preparation for FORTIFY_SOURCE performing compile-time and run-time field bounds checking for memcpy(), avoid intentionally writing across neighboring array fields. Switch from rsp_ui to resp_buf, since resp_ui isn't SSP_RESP_IU_MAX_SIZE bytes in length. This avoids future compile-time warnings. Link: https://lore.kernel.org/r/20210528181337.792268-4-keescook@chromium.orgReviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
5250db63 · Kees Cook · Martin K. Petersen · 66fc475b · 5250db63
Commit 5250db63 authored May 28, 2021 by Kees Cook Committed by Martin K. Petersen Jun 02, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

drivers/scsi/isci/task.c drivers/scsi/isci/task.c +2 -2

No files found.
--- a/drivers/scsi/isci/task.c
+++ b/drivers/scsi/isci/task.c
@@ -709,8 +709,8 @@ isci_task_request_complete(struct isci_host *ihost,
 		tmf->status = completion_status;

 		if (tmf->proto == SAS_PROTOCOL_SSP) {
-			memcpy(&tmf->resp.resp_iu,
-			       &ireq->ssp.rsp,
+			memcpy(tmf->resp.rsp_buf,
+			       ireq->ssp.rsp_buf,
 			       SSP_RESP_IU_MAX_SIZE);
 		} else if (tmf->proto == SAS_PROTOCOL_SATA) {
 			memcpy(&tmf->resp.d2h_fis,