On Fri, Jun 26, 2026 at 08:47:50PM +0200, Thorsten Blum wrote:
> Now that struct rtas_error_log uses a flexible array member for the
> extended log buffer, use struct_size() to calculate the total RTAS error
> log size and avoid using the hard-coded header size of 8 bytes.
> 
> Use memcpy_and_pad() instead of memset() and memcpy() while at it.
> 
> Signed-off-by: Thorsten Blum <[email protected]>
> ---
>  arch/powerpc/platforms/pseries/ras.c | 17 +++++++----------
>  1 file changed, 7 insertions(+), 10 deletions(-)
> 
> diff --git a/arch/powerpc/platforms/pseries/ras.c 
> b/arch/powerpc/platforms/pseries/ras.c
> index adafd593d9d3..d54030fd2324 100644
> --- a/arch/powerpc/platforms/pseries/ras.c
> +++ b/arch/powerpc/platforms/pseries/ras.c
> @@ -7,6 +7,7 @@
>  #include <linux/interrupt.h>
>  #include <linux/irq.h>
>  #include <linux/of.h>
> +#include <linux/overflow.h>
>  #include <linux/fs.h>
>  #include <linux/reboot.h>
>  #include <linux/irq_work.h>
> @@ -440,6 +441,8 @@ static __be64 *fwnmi_get_savep(struct pt_regs *regs)
>  static struct rtas_error_log *fwnmi_get_errinfo(struct pt_regs *regs)
>  {
>       struct rtas_error_log *h;
> +     u32 extended_log_length;
> +     size_t len;
>       __be64 *savep;
>  
>       savep = fwnmi_get_savep(regs);
> @@ -449,17 +452,11 @@ static struct rtas_error_log *fwnmi_get_errinfo(struct 
> pt_regs *regs)
>       regs->gpr[3] = be64_to_cpu(savep[0]); /* restore original r3 */
>  
>       h = (struct rtas_error_log *)&savep[1];
> +     extended_log_length = rtas_error_extended(h) ? 
> rtas_error_extended_log_length(h) : 0;
> +     len = struct_size(h, buffer, extended_log_length);
> +     len = min(len, RTAS_ERROR_LOG_MAX);
>       /* Use the per cpu buffer from paca to store rtas error log */
> -     memset(local_paca->mce_data_buf, 0, RTAS_ERROR_LOG_MAX);
> -     if (!rtas_error_extended(h)) {
> -             memcpy(local_paca->mce_data_buf, h, sizeof(__u64));
> -     } else {
> -             int len, error_log_length;
> -
> -             error_log_length = 8 + rtas_error_extended_log_length(h);
> -             len = min_t(int, error_log_length, RTAS_ERROR_LOG_MAX);
> -             memcpy(local_paca->mce_data_buf, h, len);
> -     }
> +     memcpy_and_pad(local_paca->mce_data_buf, RTAS_ERROR_LOG_MAX, h, len, 0);

Sashiko found that memcpy_and_pad() isn't safe here because
fwnmi_get_errinfo() is part of a real-mode path:

https://sashiko.dev/#/patchset/20260626184750.166642-3-thorsten.blum%40linux.dev

I'll send a v2 and keep memset() and memcpy() separate.

Reply via email to