scsi: isci: Use correctly sized target buffer for memcpy()

In preparation for FORTIFY_SOURCE performing compile-time and run-time field bounds checking for memcpy(), avoid intentionally writing across neighboring array fields. Switch from rsp_ui to resp_buf, since resp_ui isn't SSP_RESP_IU_MAX_SIZE bytes in length. This avoids future compile-time warnings. Link: https://lore.kernel.org/r/20210528181337.792268-4-keescook@chromium.org Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2024-11-11 12:28:41 +08:00 · 2021-05-28 11:13:37 -07:00 · 2021-05-28 11:13:37 -07:00 · 5250db63d1
commit 5250db63d1
parent 66fc475bd9
1 changed files with 2 additions and 2 deletions
--- a/drivers/scsi/isci/task.c
+++ b/drivers/scsi/isci/task.c
@ -709,8 +709,8 @@ isci_task_request_complete(struct isci_host *ihost,
 		tmf->status = completion_status;

 		if (tmf->proto == SAS_PROTOCOL_SSP) {
-			memcpy(&tmf->resp.resp_iu,
-			       &ireq->ssp.rsp,
+			memcpy(tmf->resp.rsp_buf,
+			       ireq->ssp.rsp_buf,
 			       SSP_RESP_IU_MAX_SIZE);
 		} else if (tmf->proto == SAS_PROTOCOL_SATA) {
 			memcpy(&tmf->resp.d2h_fis,