9p/xen: do not memcpy header into req->rc

while 'h' is packed and can be assumed to match the request payload,
req->rc is a struct p9_fcall which is not packed and that memcpy
could be wrong.

Fix this by copying each fields individually instead.

Reported-by: Christian Schoenebeck <linux_oss@crudebyte.com>
Reviewed-by: Christian Schoenebeck <linux_oss@crudebyte.com>
Suggested-by: Stefano Stabellini <sstabellini@kernel.org>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Link: https://lkml.kernel.org/r/alpine.DEB.2.22.394.2211211454540.1049131@ubuntu-linux-20-04-desktop
Link: https://lkml.kernel.org/r/20221122001025.119121-1-asmadeus@codewreck.org
Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>

diff --git a/net/9p/trans_xen.c b/net/9p/trans_xen.c
index aaa5fd364691b0bd32957f56a36a80d4989ed7d1..de2d2ca8819a1952a5ab635ebe4b57047ce11d71 100644 (file)
--- a/net/9p/trans_xen.c
+++ b/net/9p/trans_xen.c
@@ -216,7 +216,9 @@ static void p9_xen_response(struct work_struct *work)
                        goto recv_error;
                }
 
-               memcpy(&req->rc, &h, sizeof(h));
+               req->rc.size = h.size;
+               req->rc.id = h.id;
+               req->rc.tag = h.tag;
                req->rc.offset = 0;
 
                masked_cons = xen_9pfs_mask(cons, XEN_9PFS_RING_SIZE(ring));