On Fri, 2016-18-03 at 06:36:33 UTC, Andrew Donnellan wrote:

If ppc_rtas() is called with args.nargs == 16 and args.nret == 0, args.rets
is set to point to &args.args[16], which is beyond the end of the args.args
array. This results in a minor read overrun of the array when we check the
first return code (which, per PAPR, is a required output of all RTAS calls)
to see if there's been a hardware error.

Change the nargs/nret check to ensure nargs is <= 15, allowing room for the
status code. Users shouldn't be calling with nret == 0, but there's no real
harm if they do, so we don't stop them.

Signed-off-by: Andrew Donnellan <redacted>

Applied to powerpc next, thanks.

https://git.kernel.org/powerpc/c/a9862c7440f191439a51f77233

cheers