s390/zcrypt: fix warning about field-spanning write

This patch fixes the warning

memcpy: detected field-spanning write (size 60) of single field "to" at drivers/s390/crypto/zcrypt_api.h:173 (size 2)
WARNING: CPU: 1 PID: 2114 at drivers/s390/crypto/zcrypt_api.h:173 prep_ep11_ap_msg+0x2c6/0x2e0 [zcrypt]

The code has been rewritten to use a union in combination
with a flex array to clearly state which part of the buffer
the payload is to be copied in via z_copy_from_user
function (which may call memcpy() in case of in-kernel calls).

Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Suggested-by: Jürgen Christ <jchrist@linux.ibm.com>
Reviewed-by: Jürgen Christ <jchrist@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>

diff --git a/drivers/s390/crypto/zcrypt_msgtype6.c b/drivers/s390/crypto/zcrypt_msgtype6.c
index 8fb34b8eeb189a3bb227f8378c113c5c5a82838e..5ad25147759311029e555168fdcc2acc7fb2977e 100644 (file)
--- a/drivers/s390/crypto/zcrypt_msgtype6.c
+++ b/drivers/s390/crypto/zcrypt_msgtype6.c
@@ -342,7 +342,10 @@ static int xcrb_msg_to_type6cprb_msgx(bool userspace, struct ap_message *ap_msg,
        };
        struct {
                struct type6_hdr hdr;
-               struct CPRBX cprbx;
+               union {
+                       struct CPRBX cprbx;
+                       DECLARE_FLEX_ARRAY(u8, userdata);
+               };
        } __packed * msg = ap_msg->msg;
 
        int rcblen = CEIL4(xcrb->request_control_blk_length);
@@ -403,7 +406,8 @@ static int xcrb_msg_to_type6cprb_msgx(bool userspace, struct ap_message *ap_msg,
        msg->hdr.fromcardlen2 = xcrb->reply_data_length;
 
        /* prepare CPRB */
-       if (z_copy_from_user(userspace, &msg->cprbx, xcrb->request_control_blk_addr,
+       if (z_copy_from_user(userspace, msg->userdata,
+                            xcrb->request_control_blk_addr,
                             xcrb->request_control_blk_length))
                return -EFAULT;
        if (msg->cprbx.cprb_len + sizeof(msg->hdr.function_code) >
@@ -469,9 +473,14 @@ static int xcrb_msg_to_type6_ep11cprb_msgx(bool userspace, struct ap_message *ap
 
        struct {
                struct type6_hdr hdr;
-               struct ep11_cprb cprbx;
-               unsigned char   pld_tag;        /* fixed value 0x30 */
-               unsigned char   pld_lenfmt;     /* payload length format */
+               union {
+                       struct {
+                               struct ep11_cprb cprbx;
+                               unsigned char pld_tag;    /* fixed value 0x30 */
+                               unsigned char pld_lenfmt; /* length format */
+                       } __packed;
+                       DECLARE_FLEX_ARRAY(u8, userdata);
+               };
        } __packed * msg = ap_msg->msg;
 
        struct pld_hdr {
@@ -500,7 +509,7 @@ static int xcrb_msg_to_type6_ep11cprb_msgx(bool userspace, struct ap_message *ap
        msg->hdr.fromcardlen1 = xcrb->resp_len;
 
        /* Import CPRB data from the ioctl input parameter */
-       if (z_copy_from_user(userspace, &msg->cprbx.cprb_len,
+       if (z_copy_from_user(userspace, msg->userdata,
                             (char __force __user *)xcrb->req, xcrb->req_len)) {
                return -EFAULT;
        }