ecryptfs: Annotate struct ecryptfs_message with __counted_by

Add the __counted_by() compiler attribute to the flexible array member
'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
CONFIG_FORTIFY_SOURCE.

Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
Acked-by: Tyler Hicks <code@tyhicks.com>
Link: https://patch.msgid.link/20260112115314.739612-2-thorsten.blum@linux.dev
Signed-off-by: Kees Cook <kees@kernel.org>

diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h
index 62a2ea7f59eda366dd4f39096be01c213404822b..f58b12be82674674b663138dbae1b56ffa30e0ae 100644 (file)
--- a/fs/ecryptfs/ecryptfs_kernel.h
+++ b/fs/ecryptfs/ecryptfs_kernel.h
@@ -359,7 +359,7 @@ struct ecryptfs_message {
        /* Inherits from msg_ctx->index */
        u32 index;
        u32 data_len;
-       u8 data[];
+       u8 data[] __counted_by(data_len);
 };
 
 struct ecryptfs_msg_ctx {