Since lkdtm intentionally does "bad" things, we need to convince sparse that we're doing these things on purpose. This adds an explicit cast to the call to copy_to_user() and marks the spin lock as expecting to dead-lock.
Reported-by: Fengguang Wu <[email protected]> Signed-off-by: Kees Cook <[email protected]> --- drivers/misc/lkdtm.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/misc/lkdtm.c b/drivers/misc/lkdtm.c index a2edb2ee0921..a9a203d5f8d9 100644 --- a/drivers/misc/lkdtm.c +++ b/drivers/misc/lkdtm.c @@ -334,9 +334,10 @@ static void execute_location(void *dst) static void execute_user_location(void *dst) { + /* Intentionally crossing kernel/user memory boundary. */ void (*func)(void) = dst; - if (copy_to_user(dst, do_nothing, EXEC_SIZE)) + if (copy_to_user((void __user *)dst, do_nothing, EXEC_SIZE)) return; func(); } @@ -408,6 +409,8 @@ static void lkdtm_do_action(enum ctype which) case CT_SPINLOCKUP: /* Must be called twice to trigger. */ spin_lock(&lock_me_up); + /* Let sparse know we intended to exit holding the lock. */ + __release(&lock_me_up); break; case CT_HUNG_TASK: set_current_state(TASK_UNINTERRUPTIBLE); -- 1.7.9.5 -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
