xfs: annotate struct xfs_attr_list_context with __counted_by_ptr

Add the `__counted_by_ptr` attribute to the `buffer` field of `struct
xfs_attr_list_context`. This field is used to point to a buffer of
size `bufsize`.

The `buffer` field is assigned in:
1. `xfs_ioc_attr_list` in `fs/xfs/xfs_handle.c`
2. `xfs_xattr_list` in `fs/xfs/xfs_xattr.c`
3. `xfs_getparents` in `fs/xfs/xfs_handle.c` (implicitly initialized to NULL)

In `xfs_ioc_attr_list`, `buffer` was assigned before `bufsize`. Reorder
them to ensure `bufsize` is set before `buffer` is assigned, although
no access happens between them.

In `xfs_xattr_list`, `buffer` was assigned before `bufsize`. Reorder
them to ensure `bufsize` is set before `buffer` is assigned.

In `xfs_getparents`, `buffer` is NULL (from zero initialization) and
remains NULL. `bufsize` is set to a non-zero value, but since `buffer`
is NULL, no access occurs.

In all cases, the pointer `buffer` is not accessed before `bufsize` is set.

This patch was generated by CodeMender and reviewed by Bill Wendling.
Tested by running xfstests.

Signed-off-by: Bill Wendling <morbo@google.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Carlos Maiolino <cem@kernel.org>

diff --git a/fs/xfs/libxfs/xfs_attr.h b/fs/xfs/libxfs/xfs_attr.h
index 8244305949deb9f19004554c8619ece0c03ffe44..67fd9c75ac3fb3f6ffd14c9fa69cf7f91fc2c8f2 100644 (file)
--- a/fs/xfs/libxfs/xfs_attr.h
+++ b/fs/xfs/libxfs/xfs_attr.h
@@ -55,7 +55,8 @@ struct xfs_attr_list_context {
        struct xfs_trans        *tp;
        struct xfs_inode        *dp;            /* inode */
        struct xfs_attrlist_cursor_kern cursor; /* position in list */
-       void                    *buffer;        /* output buffer */
+       /* output buffer */
+       void                    *buffer __counted_by_ptr(bufsize);
 
        /*
         * Abort attribute list iteration if non-zero.  Can be used to pass

diff --git a/fs/xfs/xfs_handle.c b/fs/xfs/xfs_handle.c
index d1291ca15239410659459e8780a2c44e90572ce0..2b8617ae7ec24ddedb2ead25c2d5c1bdbe9f0640 100644 (file)
--- a/fs/xfs/xfs_handle.c
+++ b/fs/xfs/xfs_handle.c
@@ -443,8 +443,8 @@ xfs_ioc_attr_list(
        context.dp = dp;
        context.resynch = 1;
        context.attr_filter = xfs_attr_filter(flags);
-       context.buffer = buffer;
        context.bufsize = round_down(bufsize, sizeof(uint32_t));
+       context.buffer = buffer;
        context.firstu = context.bufsize;
        context.put_listent = xfs_ioc_attr_put_listent;
 

diff --git a/fs/xfs/xfs_xattr.c b/fs/xfs/xfs_xattr.c
index a735f16d9cd8c6513754dec60aeeb107135eb1ff..544213067d59992f21e730b3b53e2d1ce1ab0295 100644 (file)
--- a/fs/xfs/xfs_xattr.c
+++ b/fs/xfs/xfs_xattr.c
@@ -332,8 +332,8 @@ xfs_vn_listxattr(
        memset(&context, 0, sizeof(context));
        context.dp = XFS_I(inode);
        context.resynch = 1;
-       context.buffer = size ? data : NULL;
        context.bufsize = size;
+       context.buffer = size ? data : NULL;
        context.firstu = context.bufsize;
        context.put_listent = xfs_xattr_put_listent;