From: Vasily Gorbik <gor@linux.ibm.com>

Date: Sun, 17 Jun 2018 00:30:43 +0200

Subject: s390/extmem: fix gcc 8 stringop-overflow warning

Git-commit: 6b2ddf33baec23dace85bd647e3fc4ac070963e8

Patch-mainline: v4.19-rc1

References: git-fixes bsc#1211363

arch/s390/mm/extmem.c: In function '__segment_load':

arch/s390/mm/extmem.c:436:2: warning: 'strncat' specified bound 7 equals

source length [-Wstringop-overflow=]

  strncat(seg->res_name, " (DCSS)", 7);

What gcc complains about here is the misuse of strncat function, which

in this case does not limit a number of bytes taken from "src", so it is

in the end the same as strcat(seg->res_name, " (DCSS)");

Keeping in mind that a res_name is 15 bytes, strncat in this case

would overflow the buffer and write 0 into alignment byte between the

fields in the struct. To avoid that increasing res_name size to 16,

and reusing strlcat.

Reviewed-by: Heiko Carstens <heiko.carstens@de.ibm.com>

Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>

Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>

Acked-by: Miroslav Franc <mfranc@suse.cz>

---

 arch/s390/mm/extmem.c | 4 ++--

 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/s390/mm/extmem.c b/arch/s390/mm/extmem.c

index 6ad15d3fab81..84111a43ea29 100644

--- a/arch/s390/mm/extmem.c

+++ b/arch/s390/mm/extmem.c

@@ -80,7 +80,7 @@ struct qin64 {

 struct dcss_segment {

 	struct list_head list;

 	char dcss_name[8];

-	char res_name[15];

+	char res_name[16];

 	unsigned long start_addr;

 	unsigned long end;

 	atomic_t ref_count;

@@ -433,7 +433,7 @@ __segment_load (char *name, int do_nonshared, unsigned long *addr, unsigned long

 	memcpy(&seg->res_name, seg->dcss_name, 8);

 	EBCASC(seg->res_name, 8);

 	seg->res_name[8] = '\0';

-	strncat(seg->res_name, " (DCSS)", 7);

+	strlcat(seg->res_name, " (DCSS)", sizeof(seg->res_name));

 	seg->res->name = seg->res_name;

 	rc = seg->vm_segtype;

 	if (rc == SEG_TYPE_SC ||