kunit: test_dev_action: Correctly cast 'priv' pointer to long*

Flowdalic · shuahkh · commit 2551a1eedc09 · 2025-10-20T13:08:05.000-06:00
The previous implementation incorrectly assumed the original type of 'priv' was void**, leading to an unnecessary and misleading cast. Correct the cast of the 'priv' pointer in test_dev_action() to its actual type, long*, removing an unnecessary cast. As an additional benefit, this fixes an out-of-bounds CHERI fault on hardware with architectural capabilities. The original implementation tried to store a capability-sized pointer using the priv pointer. However, the priv pointer's capability only granted access to the memory region of its original long type, leading to a bounds violation since the size of a long is smaller than the size of a capability. This change ensures that the pointer usage respects the capabilities' bounds. Link: https://lore.kernel.org/r/20251017092814.80022-1-florian.schmaus@codasip.com Fixes: d03c720 ("kunit: Add APIs for managing devices") Reviewed-by: David Gow <davidgow@google.com> Signed-off-by: Florian Schmaus <florian.schmaus@codasip.com> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
diff --git a/lib/kunit/kunit-test.c b/lib/kunit/kunit-test.c
@@ -739,7 +739,7 @@ static struct kunit_case kunit_current_test_cases[] = {
 
 static void test_dev_action(void *priv)
 {
-	*(void **)priv = (void *)1;
+	*(long *)priv = 1;
 }
 
 static void kunit_device_test(struct kunit *test)

Original file line number	Diff line number	Diff line change
`@@ -739,7 +739,7 @@ static struct kunit_case kunit_current_test_cases[] = {`
`739`	`739`
`740`	`740`	`static void test_dev_action(void *priv)`
`741`	`741`	`{`
`742`		`- (void )priv = (void )1;`
	`742`	`+ (long )priv = 1;`
`743`	`743`	`}`
`744`	`744`
`745`	`745`	`static void kunit_device_test(struct kunit *test)`