From a9b995bc3f2d3a19b654d3aecd8b990ae66e5c37 Mon Sep 17 00:00:00 2001
From: mpoojary <mpoojary@nvidia.com>
Date: Thu, 20 Apr 2023 08:48:45 +0000
Subject: [PATCH] gpu: nvgpu: Copy correct struct from RPC payload for pmu acr

Size of nv_pmu_rpc_struct_acr_bootstrap_gr_falcons is copied from the
RPC payload for pmu acr instead of nv_pmu_rpc_header in pmu rpc handler.
This causes KSAN slab out-of-bounds error.

Bug 3727012

Change-Id: I633dac9167f9ed896dba956dc56e4081aaab6465
Signed-off-by: mpoojary <mpoojary@nvidia.com>
Reviewed-on: https://git-master.nvidia.com/r/c/linux-nvgpu/+/2891392
Reviewed-by: svc-mobile-coverity <svc-mobile-coverity@nvidia.com>
Reviewed-by: svc-mobile-misra <svc-mobile-misra@nvidia.com>
Reviewed-by: svc-mobile-cert <svc-mobile-cert@nvidia.com>
Reviewed-by: Mahantesh Kumbar <mkumbar@nvidia.com>
GVS: Gerrit_Virtual_Submit <buildbot_gerritrpt@nvidia.com>
---
 drivers/gpu/nvgpu/common/pmu/lsfm/lsfm.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/gpu/nvgpu/common/pmu/lsfm/lsfm.c b/drivers/gpu/nvgpu/common/pmu/lsfm/lsfm.c
index 125b76f36..2d25bc2e4 100644
--- a/drivers/gpu/nvgpu/common/pmu/lsfm/lsfm.c
+++ b/drivers/gpu/nvgpu/common/pmu/lsfm/lsfm.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019-2022, NVIDIA CORPORATION.  All rights reserved.
+ * Copyright (c) 2019-2023, NVIDIA CORPORATION.  All rights reserved.
  *
  * Permission is hereby granted, free of charge, to any person obtaining a
  * copy of this software and associated documentation files (the "Software"),
@@ -151,7 +151,7 @@ void nvgpu_pmu_lsfm_rpc_handler(struct gk20a *g,
 
 	(void) memset(&acr_rpc, 0, sizeof(struct nv_pmu_rpc_header));
 	nvgpu_memcpy((u8 *)&acr_rpc, (u8 *)rpc_payload->rpc_buff,
-		sizeof(struct nv_pmu_rpc_struct_acr_bootstrap_gr_falcons));
+		sizeof(struct nv_pmu_rpc_header));
 
 	switch (acr_rpc.hdr.function) {
 	case NV_PMU_RPC_ID_ACR_INIT_WPR_REGION: