crypto: af_alg - Annotate struct af_alg_iv with __counted_by

Add the __counted_by() compiler attribute to the flexible array member
'iv' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
CONFIG_FORTIFY_SOURCE.

Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
Link: https://patch.msgid.link/20260105122402.2685-2-thorsten.blum@linux.dev
Signed-off-by: Kees Cook <kees@kernel.org>

diff --git a/include/uapi/linux/if_alg.h b/include/uapi/linux/if_alg.h
index b35871cbeed7de1dbbaecf54045fb6285df37a7c..4f51e198ac2ed016019c0b666858415661f0ca4b 100644 (file)
--- a/include/uapi/linux/if_alg.h
+++ b/include/uapi/linux/if_alg.h
@@ -42,7 +42,7 @@ struct sockaddr_alg_new {
 
 struct af_alg_iv {
        __u32   ivlen;
-       __u8    iv[];
+       __u8    iv[] __counted_by(ivlen);
 };
 
 /* Socket options */