Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp752389imm;
        Thu, 13 Sep 2018 07:14:55 -0700 (PDT)
X-Google-Smtp-Source: ANB0VdbdJhPIjkHZDBetu+CQI7OwjiNV7OysQhtrThkFYXwMPl+OjXfsWKDm4rS5GaMVzl80SL6u
X-Received: by 2002:a62:1192:: with SMTP id 18-v6mr7781777pfr.54.1536848094836;
        Thu, 13 Sep 2018 07:14:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1536848094; cv=none;
        d=google.com; s=arc-20160816;
        b=pExOFW2EgwJoV5cl8JyRYXA3irvI3o5vI84bKBwrO9ooGW5Jnc8IsLqE/f+jtlBYy/
         jcMUXKhLekBY/xNjBGCe4KUvUkc/mp41vUNwx/1kOVcOr35FG5SEHghLrCnNkyz6XSVZ
         Ch+FFHVssjoKRFT/aOFNok1vLftNel5/ZHzoXClHoKpDVkEZp+55rT8I8zs28Vl76/9W
         X2zzM20YtFXBdlaibHGdwNMPXX2XAedCyD4cP7itS41SyYQSqJtJ/XU8SjLaBTL37pss
         zDc6kmGfRxjcQWGKFHtkLTcFeVJg2W3fjPDwHAjBvzUymQauMkFzp3HLu4VzESJHsPnB
         rkIw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from;
        bh=ea/+JioZf8o7PjGUp4KuZsm8nicTUMM14DP6qr7bTc8=;
        b=fziuWCcj6Qh9bhAyt2tG0fSWcUC62S7ww65o6KCTIbeXcFGeRF+dgaL5DH8jXB/Lul
         pn1/Mp7tNqNjwiJ82Uk2LxVvEpv2AzrPAD9Ub/4lqZmbciRwGgv+TKSYx7o24frDlkFR
         lNvBOCDD/xwS7zcO1B+BT0IL+vTVBcF6sF9MwyOrxHcEN5cRvR4eIdzwzh++xh1OseU5
         DJVDHBILBD1RYMrABHkZc3HLBsiKHGjQciEUq11UqrYQ3d5XsXDkRyVzxGKLaKoDd+XM
         wK2NDK0iC2I7xfMoHwBFphQwrqfrK9VCK8diDMO37f3wazVh9D9VGu4Zi2/fmFSqewBL
         qpdQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id z73-v6si4079796pgd.471.2018.09.13.07.14.30;
        Thu, 13 Sep 2018 07:14:54 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730258AbeIMSzu (ORCPT <rfc822;fezhang.suse@gmail.com>
        + 99 others); Thu, 13 Sep 2018 14:55:50 -0400
Received: from mail.linuxfoundation.org ([140.211.169.12]:60840 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728479AbeIMSzt (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 13 Sep 2018 14:55:49 -0400
Received: from localhost (ip-213-127-77-73.ip.prioritytelecom.net [213.127.77.73])
        by mail.linuxfoundation.org (Postfix) with ESMTPSA id 2AE9BD19;
        Thu, 13 Sep 2018 13:46:15 +0000 (UTC)
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Michal Suchanek <msuchanek@suse.com>,
        Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>,
        Michael Ellerman <mpe@ellerman.id.au>,
        Sasha Levin <alexander.levin@microsoft.com>
Subject: [PATCH 4.14 076/115] powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX.
Date:   Thu, 13 Sep 2018 15:31:36 +0200
Message-Id: <20180913131828.312158158@linuxfoundation.org>
X-Mailer: git-send-email 2.19.0
In-Reply-To: <20180913131823.327472833@linuxfoundation.org>
References: <20180913131823.327472833@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.14-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>

[ Upstream commit 74e96bf44f430cf7a01de19ba6cf49b361cdfd6e ]

The global mce data buffer that used to copy rtas error log is of 2048
(RTAS_ERROR_LOG_MAX) bytes in size. Before the copy we read
extended_log_length from rtas error log header, then use max of
extended_log_length and RTAS_ERROR_LOG_MAX as a size of data to be copied.
Ideally the platform (phyp) will never send extended error log with
size > 2048. But if that happens, then we have a risk of buffer overrun
and corruption. Fix this by using min_t instead.

Fixes: d368514c3097 ("powerpc: Fix corruption when grabbing FWNMI data")
Reported-by: Michal Suchanek <msuchanek@suse.com>
Signed-off-by: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/powerpc/platforms/pseries/ras.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/powerpc/platforms/pseries/ras.c
+++ b/arch/powerpc/platforms/pseries/ras.c
@@ -371,7 +371,7 @@ static struct rtas_error_log *fwnmi_get_
 		int len, error_log_length;
 
 		error_log_length = 8 + rtas_error_extended_log_length(h);
-		len = max_t(int, error_log_length, RTAS_ERROR_LOG_MAX);
+		len = min_t(int, error_log_length, RTAS_ERROR_LOG_MAX);
 		memset(global_mce_data_buf, 0, RTAS_ERROR_LOG_MAX);
 		memcpy(global_mce_data_buf, h, len);
 		errhdr = (struct rtas_error_log *)global_mce_data_buf;