Commit a6cbfbe6 authored by Jann Horn's avatar Jann Horn Committed by Borislav Petkov
Browse files

x86/uaccess: Fix implicit cast of __user pointer 



The first two arguments of __user_atomic_cmpxchg_inatomic() are:

 - @uval is a kernel pointer into which the old value should be stored
 - @ptr is the user pointer on which the cmpxchg should operate

This means that casting @uval to __typeof__(ptr) is wrong. Since @uval
is only used once inside the macro, just get rid of __uval and use
(uval) directly.

Signed-off-by: default avatarJann Horn <jannh@google.com>
Signed-off-by: default avatarBorislav Petkov <bp@suse.de>
Reviewed-by: default avatarMukesh Ojha <mojha@codeaurora.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Mike Rapoport <rppt@linux.ibm.com>
Cc: Qiaowei Ren <qiaowei.ren@intel.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Cc: x86-ml <x86@kernel.org>
Link: https://lkml.kernel.org/r/20190329214652.258477-4-jannh@google.com
parent ae37a8cd

arch/x86/include/asm/uaccess.h

+1 −2
Original line number Diff line number Diff line
@@ -585,7 +585,6 @@ extern void __cmpxchg_wrong_size(void) 
#define __user_atomic_cmpxchg_inatomic(uval, ptr, old, new, size)	\

({									\

	int __ret = 0;							\

	__typeof__(ptr) __uval = (uval);				\

	__typeof__(*(ptr)) __old = (old);				\

	__typeof__(*(ptr)) __new = (new);				\

	__uaccess_begin_nospec();					\
@@ -661,7 +660,7 @@ extern void __cmpxchg_wrong_size(void) 
		__cmpxchg_wrong_size();					\

	}								\

	__uaccess_end();						\

	*__uval = __old;						\

	*(uval) = __old;						\

	__ret;								\

})

CRA Git | Maintained and supported by SUSTech CRA and CCSE