From: Florian Schmaus Date: Fri, 17 Oct 2025 09:28:14 +0000 (+0200) Subject: kunit: test_dev_action: Correctly cast 'priv' pointer to long* X-Git-Tag: v6.12.58~533 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=22aa7d1631e8a7acbd921aee707576ae8c579edd;p=thirdparty%2Fkernel%2Fstable.git kunit: test_dev_action: Correctly cast 'priv' pointer to long* [ Upstream commit 2551a1eedc09f5a86f94b038dc1bb16855c256f1 ] The previous implementation incorrectly assumed the original type of 'priv' was void**, leading to an unnecessary and misleading cast. Correct the cast of the 'priv' pointer in test_dev_action() to its actual type, long*, removing an unnecessary cast. As an additional benefit, this fixes an out-of-bounds CHERI fault on hardware with architectural capabilities. The original implementation tried to store a capability-sized pointer using the priv pointer. However, the priv pointer's capability only granted access to the memory region of its original long type, leading to a bounds violation since the size of a long is smaller than the size of a capability. This change ensures that the pointer usage respects the capabilities' bounds. Link: https://lore.kernel.org/r/20251017092814.80022-1-florian.schmaus@codasip.com Fixes: d03c720e03bd ("kunit: Add APIs for managing devices") Reviewed-by: David Gow Signed-off-by: Florian Schmaus Signed-off-by: Shuah Khan Signed-off-by: Sasha Levin --- diff --git a/lib/kunit/kunit-test.c b/lib/kunit/kunit-test.c index d9c781c859fde..580374e081071 100644 --- a/lib/kunit/kunit-test.c +++ b/lib/kunit/kunit-test.c @@ -735,7 +735,7 @@ static struct kunit_case kunit_current_test_cases[] = { static void test_dev_action(void *priv) { - *(void **)priv = (void *)1; + *(long *)priv = 1; } static void kunit_device_test(struct kunit *test)