scsi: isci: Use correctly sized target buffer for memcpy()

In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memcpy(), avoid intentionally writing across
neighboring array fields.

Switch from rsp_ui to resp_buf, since resp_ui isn't SSP_RESP_IU_MAX_SIZE
bytes in length. This avoids future compile-time warnings.

Link: https://lore.kernel.org/r/20210528181337.792268-4-keescook@chromium.org
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

diff --git a/drivers/scsi/isci/task.c b/drivers/scsi/isci/task.c
index 62062ed..eeaec26 100644 (file)
--- a/drivers/scsi/isci/task.c
+++ b/drivers/scsi/isci/task.c
@@ -709,8 +709,8 @@ isci_task_request_complete(struct isci_host *ihost,
                tmf->status = completion_status;
 
                if (tmf->proto == SAS_PROTOCOL_SSP) {
-                       memcpy(&tmf->resp.resp_iu,
-                              &ireq->ssp.rsp,
+                       memcpy(tmf->resp.rsp_buf,
+                              ireq->ssp.rsp_buf,
                               SSP_RESP_IU_MAX_SIZE);
                } else if (tmf->proto == SAS_PROTOCOL_SATA) {
                        memcpy(&tmf->resp.d2h_fis,