|
@@ -334,9 +334,10 @@ static void execute_location(void *dst)
|
|
|
|
|
|
|
|
static void execute_user_location(void *dst)
|
|
static void execute_user_location(void *dst)
|
|
|
{
|
|
{
|
|
|
|
|
+ /* Intentionally crossing kernel/user memory boundary. */
|
|
|
void (*func)(void) = dst;
|
|
void (*func)(void) = dst;
|
|
|
|
|
|
|
|
- if (copy_to_user(dst, do_nothing, EXEC_SIZE))
|
|
|
|
|
|
|
+ if (copy_to_user((void __user *)dst, do_nothing, EXEC_SIZE))
|
|
|
return;
|
|
return;
|
|
|
func();
|
|
func();
|
|
|
}
|
|
}
|
|
@@ -408,6 +409,8 @@ static void lkdtm_do_action(enum ctype which)
|
|
|
case CT_SPINLOCKUP:
|
|
case CT_SPINLOCKUP:
|
|
|
/* Must be called twice to trigger. */
|
|
/* Must be called twice to trigger. */
|
|
|
spin_lock(&lock_me_up);
|
|
spin_lock(&lock_me_up);
|
|
|
|
|
+ /* Let sparse know we intended to exit holding the lock. */
|
|
|
|
|
+ __release(&lock_me_up);
|
|
|
break;
|
|
break;
|
|
|
case CT_HUNG_TASK:
|
|
case CT_HUNG_TASK:
|
|
|
set_current_state(TASK_UNINTERRUPTIBLE);
|
|
set_current_state(TASK_UNINTERRUPTIBLE);
|
Kees Cook