[PATCH] kunit: test_dev_action: Correctly cast 'priv' pointer to long*
1 view
Skip to first unread message
Florian Schmaus
Oct 15, 2025, 3:23:13 AMOct 15
to Brendan Higgins, David Gow, Rae Moar, linux-k...@vger.kernel.org, kuni...@googlegroups.com, linux-...@vger.kernel.org, Florian Schmaus
The previous implementation incorrectly assumed the original type of
'priv' was void**, leading to an unnecessary and misleading
cast. Correct the cast of the 'priv' pointer in test_dev_action() to
its actual type, long*, removing an unnecessary cast.
As an additional benefit, this fixes an out-of-bounds CHERI fault on
hardware with architectural capabilities. The original implementation
tried to store a capability-sized pointer using the 'priv'
pointer. However, the 'priv' pointer's capability only granted access
to the memory region of its original long type, leading to a bounds
violation since the size of a long is smaller than the size of a
capability. This change ensures that the pointer usage respects the
capabilities' bounds.
Signed-off-by: Florian Schmaus <florian...@codasip.com>
---
lib/kunit/kunit-test.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/kunit/kunit-test.c b/lib/kunit/kunit-test.c
index 8c01eabd4eaf..957b67818489 100644
--- a/lib/kunit/kunit-test.c
+++ b/lib/kunit/kunit-test.c
@@ -739,7 +739,7 @@ static struct kunit_case kunit_current_test_cases[] = {
static void test_dev_action(void *priv)
{
- *(void **)priv = (void *)1;
+ *(long*)priv = 1;
}
static void kunit_device_test(struct kunit *test)
--
2.51.0
'priv' was void**, leading to an unnecessary and misleading
cast. Correct the cast of the 'priv' pointer in test_dev_action() to
its actual type, long*, removing an unnecessary cast.
As an additional benefit, this fixes an out-of-bounds CHERI fault on
hardware with architectural capabilities. The original implementation
tried to store a capability-sized pointer using the 'priv'
pointer. However, the 'priv' pointer's capability only granted access
to the memory region of its original long type, leading to a bounds
violation since the size of a long is smaller than the size of a
capability. This change ensures that the pointer usage respects the
capabilities' bounds.
Signed-off-by: Florian Schmaus <florian...@codasip.com>
---
lib/kunit/kunit-test.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/kunit/kunit-test.c b/lib/kunit/kunit-test.c
index 8c01eabd4eaf..957b67818489 100644
--- a/lib/kunit/kunit-test.c
+++ b/lib/kunit/kunit-test.c
@@ -739,7 +739,7 @@ static struct kunit_case kunit_current_test_cases[] = {
static void test_dev_action(void *priv)
{
- *(void **)priv = (void *)1;
+ *(long*)priv = 1;
}
static void kunit_device_test(struct kunit *test)
--
2.51.0
David Gow
Oct 17, 2025, 1:08:47 AMOct 17
to Florian Schmaus, Brendan Higgins, Rae Moar, linux-k...@vger.kernel.org, kuni...@googlegroups.com, linux-...@vger.kernel.org
On Wed, 15 Oct 2025 at 15:23, Florian Schmaus
<florian...@codasip.com> wrote:
>
> The previous implementation incorrectly assumed the original type of
> 'priv' was void**, leading to an unnecessary and misleading
> cast. Correct the cast of the 'priv' pointer in test_dev_action() to
> its actual type, long*, removing an unnecessary cast.
>
> As an additional benefit, this fixes an out-of-bounds CHERI fault on
> hardware with architectural capabilities. The original implementation
> tried to store a capability-sized pointer using the 'priv'
> pointer. However, the 'priv' pointer's capability only granted access
> to the memory region of its original long type, leading to a bounds
> violation since the size of a long is smaller than the size of a
> capability. This change ensures that the pointer usage respects the
> capabilities' bounds.
>
> Signed-off-by: Florian Schmaus <florian...@codasip.com>
> ---
Thanks for this.
<florian...@codasip.com> wrote:
>
> The previous implementation incorrectly assumed the original type of
> 'priv' was void**, leading to an unnecessary and misleading
> cast. Correct the cast of the 'priv' pointer in test_dev_action() to
> its actual type, long*, removing an unnecessary cast.
>
> As an additional benefit, this fixes an out-of-bounds CHERI fault on
> hardware with architectural capabilities. The original implementation
> tried to store a capability-sized pointer using the 'priv'
> pointer. However, the 'priv' pointer's capability only granted access
> to the memory region of its original long type, leading to a bounds
> violation since the size of a long is smaller than the size of a
> capability. This change ensures that the pointer usage respects the
> capabilities' bounds.
>
> Signed-off-by: Florian Schmaus <florian...@codasip.com>
> ---
One simple formatting issue below, otherwise this is fine.
Also, it'd be good to add a 'Fixes' tag:
Fixes: d03c720e03bd ("kunit: Add APIs for managing devices")
Reviewed-by: David Gow <davi...@google.com>
Cheers,
-- David
> lib/kunit/kunit-test.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/kunit/kunit-test.c b/lib/kunit/kunit-test.c
> index 8c01eabd4eaf..957b67818489 100644
> --- a/lib/kunit/kunit-test.c
> +++ b/lib/kunit/kunit-test.c
> @@ -739,7 +739,7 @@ static struct kunit_case kunit_current_test_cases[] = {
>
> static void test_dev_action(void *priv)
> {
> - *(void **)priv = (void *)1;
> + *(long*)priv = 1;
ERROR: "(foo*)" should be "(foo *)"
#39: FILE: lib/kunit/kunit-test.c:742:
Florian Schmaus
Oct 17, 2025, 5:28:59 AMOct 17
to Brendan Higgins, David Gow, Rae Moar, linux-k...@vger.kernel.org, kuni...@googlegroups.com, linux-...@vger.kernel.org, Florian Schmaus
The previous implementation incorrectly assumed the original type of
'priv' was void**, leading to an unnecessary and misleading
cast. Correct the cast of the 'priv' pointer in test_dev_action() to
its actual type, long*, removing an unnecessary cast.
As an additional benefit, this fixes an out-of-bounds CHERI fault on
hardware with architectural capabilities. The original implementation
tried to store a capability-sized pointer using the priv
pointer. However, the priv pointer's capability only granted access to
the memory region of its original long type, leading to a bounds
violation since the size of a long is smaller than the size of a
capability. This change ensures that the pointer usage respects the
capabilities' bounds.
'priv' was void**, leading to an unnecessary and misleading
cast. Correct the cast of the 'priv' pointer in test_dev_action() to
its actual type, long*, removing an unnecessary cast.
As an additional benefit, this fixes an out-of-bounds CHERI fault on
hardware with architectural capabilities. The original implementation
tried to store a capability-sized pointer using the priv
pointer. However, the priv pointer's capability only granted access to
the memory region of its original long type, leading to a bounds
violation since the size of a long is smaller than the size of a
capability. This change ensures that the pointer usage respects the
capabilities' bounds.
Fixes: d03c720e03bd ("kunit: Add APIs for managing devices")
Reviewed-by: David Gow <davi...@google.com>
Changes since v1:
Reviewed-by: David Gow <davi...@google.com>
- Fix simple formatting issue: long* -> long *
- Add 'Fixes' git trailer
lib/kunit/kunit-test.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/kunit/kunit-test.c b/lib/kunit/kunit-test.c
--- a/lib/kunit/kunit-test.c
+++ b/lib/kunit/kunit-test.c
@@ -739,7 +739,7 @@ static struct kunit_case kunit_current_test_cases[] = {
static void test_dev_action(void *priv)
{
- *(void **)priv = (void *)1;
+ *(long *)priv = 1;
+++ b/lib/kunit/kunit-test.c
@@ -739,7 +739,7 @@ static struct kunit_case kunit_current_test_cases[] = {
static void test_dev_action(void *priv)
{
- *(void **)priv = (void *)1;
Reply all
Reply to author
Forward
0 new messages