Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp734476imm;
        Thu, 13 Sep 2018 07:01:26 -0700 (PDT)
X-Google-Smtp-Source: ANB0VdY2tz/QrxQR1oS599mLRPDt+VdnKhsDceuTC3Yn+Ka8kKeqf6kGPhnnBX7zIi9h8p5lRDvf
X-Received: by 2002:a62:cdcf:: with SMTP id o198-v6mr7721823pfg.12.1536847286871;
        Thu, 13 Sep 2018 07:01:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1536847286; cv=none;
        d=google.com; s=arc-20160816;
        b=DwfXGQ+d5tI7hZ/nJLxs9DuQkF9/njqo4G4qH+soCKrqqqrcn9GNpij9tRuIce3Ceo
         NknEmC7Jxfmb9JB+mmQxORF26dsgxHVK09n8iwGRINn/3TzKPCfzjf5wBIese8m3bg6v
         PR81zRN9fdWY3U5rqge5Jd9tYsOztLBrLY7sew8FNcEqCKrnBsLd7nCnEJQcB6bm1EM7
         gKV6r36JqA0JLP5zgWRTndO7QKePlJE6yrFBsG7kP0mkgoWVx7eakwfcfdToaQvMcCNd
         H6HxPWsU1brCQf4NCnOLF+jNEszFGO5HLi7rE6DOhBFr3jcuzWced+EXUnVV3QXFJsdA
         a61Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from;
        bh=1GmTk2VDfSA/GqF/19VDc/L/iaj1l/g02uI0i5xbkts=;
        b=rWB42r1ZpmwTW0JhixPfhDNMk9r6kyQ1SRWjGpvxCmBSuOQXksvSKOTW5J2/y5OZhk
         YKhGwrsKo0uyDsuznN794z5rtYhBcD7hNifO6aob6EZRU+7WZZNHuNzvj3bNGhnLWWat
         BHiYjlsuIfEkZYh6aQGW2sghsiKVmfjOkZZ0R0DP1k8PZWfRzmcED+pMzmpaCb2jFJJQ
         MR22MQ+LilGWjM/vJTHHiaOunPU+audttJtoQga8/mYnrpDwbA/oPGDebKAgmQAbLYd9
         49hV5KNVLyufjMZSHQ3Qvtk0NmwkBY6ahdMlJZplYPJCjVB8tj5xyPCyxv5StJ+hZ4z9
         w0TQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y123-v6si4317848pfc.302.2018.09.13.07.01.10;
        Thu, 13 Sep 2018 07:01:26 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731739AbeIMTJ1 (ORCPT <rfc822;fezhang.suse@gmail.com>
        + 99 others); Thu, 13 Sep 2018 15:09:27 -0400
Received: from mail.linuxfoundation.org ([140.211.169.12]:34876 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1729039AbeIMTJ0 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 13 Sep 2018 15:09:26 -0400
Received: from localhost (ip-213-127-77-73.ip.prioritytelecom.net [213.127.77.73])
        by mail.linuxfoundation.org (Postfix) with ESMTPSA id 5776ED19;
        Thu, 13 Sep 2018 13:59:48 +0000 (UTC)
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Michal Suchanek <msuchanek@suse.com>,
        Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>,
        Michael Ellerman <mpe@ellerman.id.au>,
        Sasha Levin <alexander.levin@microsoft.com>
Subject: [PATCH 4.18 127/197] powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX.
Date:   Thu, 13 Sep 2018 15:31:16 +0200
Message-Id: <20180913131846.624968166@linuxfoundation.org>
X-Mailer: git-send-email 2.19.0
In-Reply-To: <20180913131841.568116777@linuxfoundation.org>
References: <20180913131841.568116777@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>

[ Upstream commit 74e96bf44f430cf7a01de19ba6cf49b361cdfd6e ]

The global mce data buffer that used to copy rtas error log is of 2048
(RTAS_ERROR_LOG_MAX) bytes in size. Before the copy we read
extended_log_length from rtas error log header, then use max of
extended_log_length and RTAS_ERROR_LOG_MAX as a size of data to be copied.
Ideally the platform (phyp) will never send extended error log with
size > 2048. But if that happens, then we have a risk of buffer overrun
and corruption. Fix this by using min_t instead.

Fixes: d368514c3097 ("powerpc: Fix corruption when grabbing FWNMI data")
Reported-by: Michal Suchanek <msuchanek@suse.com>
Signed-off-by: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/powerpc/platforms/pseries/ras.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/powerpc/platforms/pseries/ras.c
+++ b/arch/powerpc/platforms/pseries/ras.c
@@ -371,7 +371,7 @@ static struct rtas_error_log *fwnmi_get_
 		int len, error_log_length;
 
 		error_log_length = 8 + rtas_error_extended_log_length(h);
-		len = max_t(int, error_log_length, RTAS_ERROR_LOG_MAX);
+		len = min_t(int, error_log_length, RTAS_ERROR_LOG_MAX);
 		memset(global_mce_data_buf, 0, RTAS_ERROR_LOG_MAX);
 		memcpy(global_mce_data_buf, h, len);
 		errhdr = (struct rtas_error_log *)global_mce_data_buf;