afs: Add __counted_by for struct afs_acl and use struct_size()

GustavoARSilva · kees · commit 446425648c5d · 2023-12-01T09:51:43.000-08:00
Prepare for the coming implementation by GCC and Clang of the __counted_by attribute. Flexible array members annotated with __counted_by can have their accesses bounds-checked at run-time via CONFIG_UBSAN_BOUNDS (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family functions). While there, use struct_size() helper, instead of the open-coded version, to calculate the size for the allocation of the whole flexible structure, including of course, the flexible-array member. This code was found with the help of Coccinelle, and audited and fixed manually. Signed-off-by: "Gustavo A. R. Silva" <gustavoars@kernel.org> Reviewed-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/ZSVKwBmxQ1amv47E@work Signed-off-by: Kees Cook <keescook@chromium.org>
diff --git a/fs/afs/internal.h b/fs/afs/internal.h
@@ -1116,7 +1116,7 @@ extern void afs_fs_inline_bulk_status(struct afs_operation *);
 
 struct afs_acl {
 	u32	size;
-	u8	data[];
+	u8	data[] __counted_by(size);
 };
 
 extern void afs_fs_fetch_acl(struct afs_operation *);
diff --git a/fs/afs/xattr.c b/fs/afs/xattr.c
@@ -75,7 +75,7 @@ static bool afs_make_acl(struct afs_operation *op,
 {
 	struct afs_acl *acl;
 
-	acl = kmalloc(sizeof(*acl) + size, GFP_KERNEL);
+	acl = kmalloc(struct_size(acl, data, size), GFP_KERNEL);
 	if (!acl) {
 		afs_op_nomem(op);
 		return false;

Original file line number	Diff line number	Diff line change
`@@ -75,7 +75,7 @@ static bool afs_make_acl(struct afs_operation *op,`
`75`	`75`	`{`
`76`	`76`	`struct afs_acl *acl;`
`77`	`77`
`78`		`- acl = kmalloc(sizeof(*acl) + size, GFP_KERNEL);`
	`78`	`+ acl = kmalloc(struct_size(acl, data, size), GFP_KERNEL);`
`79`	`79`	`if (!acl) {`
`80`	`80`	`afs_op_nomem(op);`
`81`	`81`	`return false;`