tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

xfs: annotate struct xfs_attr_list_context with __counted_by_ptr

Add the `__counted_by_ptr` attribute to the `buffer` field of `struct
xfs_attr_list_context`. This field is used to point to a buffer of
size `bufsize`.

The `buffer` field is assigned in:
1. `xfs_ioc_attr_list` in `fs/xfs/xfs_handle.c`
2. `xfs_xattr_list` in `fs/xfs/xfs_xattr.c`
3. `xfs_getparents` in `fs/xfs/xfs_handle.c` (implicitly initialized to NULL)

In `xfs_ioc_attr_list`, `buffer` was assigned before `bufsize`. Reorder
them to ensure `bufsize` is set before `buffer` is assigned, although
no access happens between them.

In `xfs_xattr_list`, `buffer` was assigned before `bufsize`. Reorder
them to ensure `bufsize` is set before `buffer` is assigned.

In `xfs_getparents`, `buffer` is NULL (from zero initialization) and
remains NULL. `bufsize` is set to a non-zero value, but since `buffer`
is NULL, no access occurs.

In all cases, the pointer `buffer` is not accessed before `bufsize` is set.

This patch was generated by CodeMender and reviewed by Bill Wendling.
Tested by running xfstests.

Signed-off-by: Bill Wendling <morbo@google.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Carlos Maiolino <cem@kernel.org>

authored by

Bill Wendling and committed by
Carlos Maiolino e5966096 0c98524a

+4 -3
+2 -1
fs/xfs/libxfs/xfs_attr.h
··· 55 55 struct xfs_trans *tp; 56 56 struct xfs_inode *dp; /* inode */ 57 57 struct xfs_attrlist_cursor_kern cursor; /* position in list */ 58 - void *buffer; /* output buffer */ 58 + /* output buffer */ 59 + void *buffer __counted_by_ptr(bufsize); 59 60 60 61 /* 61 62 * Abort attribute list iteration if non-zero. Can be used to pass
+1 -1
fs/xfs/xfs_handle.c
··· 443 443 context.dp = dp; 444 444 context.resynch = 1; 445 445 context.attr_filter = xfs_attr_filter(flags); 446 - context.buffer = buffer; 447 446 context.bufsize = round_down(bufsize, sizeof(uint32_t)); 447 + context.buffer = buffer; 448 448 context.firstu = context.bufsize; 449 449 context.put_listent = xfs_ioc_attr_put_listent; 450 450
+1 -1
fs/xfs/xfs_xattr.c
··· 332 332 memset(&context, 0, sizeof(context)); 333 333 context.dp = XFS_I(inode); 334 334 context.resynch = 1; 335 - context.buffer = size ? data : NULL; 336 335 context.bufsize = size; 336 + context.buffer = size ? data : NULL; 337 337 context.firstu = context.bufsize; 338 338 context.put_listent = xfs_xattr_put_listent; 339 339