On Fri, Mar 29, 2019 at 05:30:46PM +0100, Jann Horn wrote: > In save_xstate_epilog(), use __user when type-casting userspace pointers. > > In setup_sigcontext() and x32_setup_rt_frame(), perform explicit __force > casts for converting userspace pointers to unsigned long; put_user_ex() > already performs a cast, but without __force, which is required by sparse > for conversions from userspace pointers to numbers.
... > diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c > index 08dfd4c1a4f9..e13cd972f9af 100644 > --- a/arch/x86/kernel/signal.c > +++ b/arch/x86/kernel/signal.c > @@ -206,7 +206,7 @@ int setup_sigcontext(struct sigcontext __user *sc, void > __user *fpstate, > put_user_ex(regs->ss, &sc->ss); > #endif /* CONFIG_X86_32 */ > > - put_user_ex(fpstate, &sc->fpstate); > + put_user_ex((unsigned long __force)fpstate, &sc->fpstate); The __force here is not needed and in fact meaningless as the address space annotations and checks only concern pointers. By casting a pointer to an unsigned long, all type info is lost anyway and thus no address-space checks are performed. It's a bit like such casts always have an implicit __force already included. > @@ -569,7 +569,7 @@ static int x32_setup_rt_frame(struct ksignal *ksig, > restorer = NULL; > err |= -EFAULT; > } > - put_user_ex(restorer, &frame->pretcode); > + put_user_ex((unsigned long __force)restorer, &frame->pretcode); Same here. Best regards, -- Luc Van Oostenryck
