Commit f15e006b authored Nov 22, 2022 by Dominique Martinet

9p/xen: do not memcpy header into req->rc



while 'h' is packed and can be assumed to match the request payload,
req->rc is a struct p9_fcall which is not packed and that memcpy
could be wrong.

Fix this by copying each fields individually instead.

Reported-by: Christian Schoenebeck <linux_oss@crudebyte.com>
Reviewed-by: Christian Schoenebeck <linux_oss@crudebyte.com>
Suggested-by: Stefano Stabellini <sstabellini@kernel.org>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Link: https://lkml.kernel.org/r/alpine.DEB.2.22.394.2211211454540.1049131@ubuntu-linux-20-04-desktop
Link: https://lkml.kernel.org/r/20221122001025.119121-1-asmadeus@codewreck.org


Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>

parent 26273ade

net/9p/trans_xen.c

+3 −1

Original line number	Diff line number	Diff line
		@@ -216,7 +216,9 @@ static void p9_xen_response(struct work_struct *work)
		goto recv_error;
		}

		memcpy(&req->rc, &h, sizeof(h));
		req->rc.size = h.size;
		req->rc.id = h.id;
		req->rc.tag = h.tag;
		req->rc.offset = 0;

		masked_cons = xen_9pfs_mask(cons, XEN_9PFS_RING_SIZE(ring));