acl: Annotate struct posix_acl with __counted_by()

Add the __counted_by compiler attribute to the flexible array member
a_entries to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
CONFIG_FORTIFY_SOURCE.

Use struct_size() to calculate the number of bytes to allocate for new
and cloned acls and remove the local size variables.

Change the posix_acl_alloc() function parameter count from int to
unsigned int to match posix_acl's a_count data type. Add identifier
names to the function definition to silence two checkpatch warnings.

Reviewed-by: Jan Kara <[email protected]>
Signed-off-by: Thorsten Blum <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
Cc: Nathan Chancellor <[email protected]>
Signed-off-by: Christian Brauner <[email protected]>

diff --git a/fs/posix_acl.c b/fs/posix_acl.c
index 6c66a37522d00161c1a8a4a476b1b1d9449fdf16..4050942ab52f95741da2df13d191ade5c5ca12a2 100644 (file)
--- a/fs/posix_acl.c
+++ b/fs/posix_acl.c
@@ -200,11 +200,11 @@ EXPORT_SYMBOL(posix_acl_init);
  * Allocate a new ACL with the specified number of entries.
  */
 struct posix_acl *
-posix_acl_alloc(int count, gfp_t flags)
+posix_acl_alloc(unsigned int count, gfp_t flags)
 {
-       const size_t size = sizeof(struct posix_acl) +
-                           count * sizeof(struct posix_acl_entry);
-       struct posix_acl *acl = kmalloc(size, flags);
+       struct posix_acl *acl;
+
+       acl = kmalloc(struct_size(acl, a_entries, count), flags);
        if (acl)
                posix_acl_init(acl, count);
        return acl;
@@ -220,9 +220,8 @@ posix_acl_clone(const struct posix_acl *acl, gfp_t flags)
        struct posix_acl *clone = NULL;
 
        if (acl) {
-               int size = sizeof(struct posix_acl) + acl->a_count *
-                          sizeof(struct posix_acl_entry);
-               clone = kmemdup(acl, size, flags);
+               clone = kmemdup(acl, struct_size(acl, a_entries, acl->a_count),
+                               flags);
                if (clone)
                        refcount_set(&clone->a_refcount, 1);
        }

diff --git a/include/linux/posix_acl.h b/include/linux/posix_acl.h
index 2d6a4badd306fce6778aaac6557cebba8450f383..e2d47eb1a7f3b7d380540baf8bffe0e257463369 100644 (file)
--- a/include/linux/posix_acl.h
+++ b/include/linux/posix_acl.h
@@ -30,7 +30,7 @@ struct posix_acl {
        refcount_t              a_refcount;
        unsigned int            a_count;
        struct rcu_head         a_rcu;
-       struct posix_acl_entry  a_entries[];
+       struct posix_acl_entry  a_entries[] __counted_by(a_count);
 };
 
 #define FOREACH_ACL_ENTRY(pa, acl, pe) \
@@ -62,7 +62,7 @@ posix_acl_release(struct posix_acl *acl)
 /* posix_acl.c */
 
 extern void posix_acl_init(struct posix_acl *, int);
-extern struct posix_acl *posix_acl_alloc(int, gfp_t);
+extern struct posix_acl *posix_acl_alloc(unsigned int count, gfp_t flags);
 extern struct posix_acl *posix_acl_from_mode(umode_t, gfp_t);
 extern int posix_acl_equiv_mode(const struct posix_acl *, umode_t *);
 extern int __posix_acl_create(struct posix_acl **, gfp_t, umode_t *);