From: Christophe Leroy <christophe.leroy@xxxxxxxxxx> [ Upstream commit b3a9e523237013477bea914b7fbfbe420428b988 ] get_user_instr() lacks sparse detection for the __user tag. This is because __gui_ptr is assigned with a cast. Fix that by adding a __chk_user_ptr() Signed-off-by: Christophe Leroy <christophe.leroy@xxxxxxxxxx> Signed-off-by: Michael Ellerman <mpe@xxxxxxxxxxxxxx> Link: https://lore.kernel.org/r/0320e5b41a794fd456ab8c5993bbfadcf9e1d8b4.1621516826.git.christophe.leroy@xxxxxxxxxx Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> --- arch/powerpc/include/asm/inst.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/powerpc/include/asm/inst.h b/arch/powerpc/include/asm/inst.h index 268d3bd073c8..887ef150fdda 100644 --- a/arch/powerpc/include/asm/inst.h +++ b/arch/powerpc/include/asm/inst.h @@ -12,6 +12,8 @@ unsigned long __gui_ptr = (unsigned long)ptr; \ struct ppc_inst __gui_inst; \ unsigned int __prefix, __suffix; \ + \ + __chk_user_ptr(ptr); \ __gui_ret = gu_op(__prefix, (unsigned int __user *)__gui_ptr); \ if (__gui_ret == 0) { \ if ((__prefix >> 26) == OP_PREFIX) { \ @@ -29,7 +31,10 @@ }) #else /* !CONFIG_PPC64 */ #define ___get_user_instr(gu_op, dest, ptr) \ - gu_op((dest).val, (u32 __user *)(ptr)) +({ \ + __chk_user_ptr(ptr); \ + gu_op((dest).val, (u32 __user *)(ptr)); \ +}) #endif /* CONFIG_PPC64 */ #define get_user_instr(x, ptr) \ -- 2.30.2
