[PATCH] xfs: annotate struct xfs_attr_list_context with __counted_by_ptr

public inbox for linux-xfs@vger.kernel.org
 help / color / mirror / Atom feed

From: Bill Wendling <morbo@google.com>
To: linux-kernel@vger.kernel.org
Cc: Bill Wendling <morbo@google.com>,
	Carlos Maiolino <cem@kernel.org>,
	 "Darrick J. Wong" <djwong@kernel.org>,
	Gogul Balakrishnan <bgogul@google.com>,
	 Arman Hasanzadeh <armanihm@google.com>,
	Kees Cook <kees@kernel.org>,
	linux-xfs@vger.kernel.org,  codemender-patching+linux@google.com
Subject: [PATCH] xfs: annotate struct xfs_attr_list_context with __counted_by_ptr
Date: Tue,  3 Mar 2026 01:56:35 +0000	[thread overview]
Message-ID: <20260303015646.2796170-1-morbo@google.com> (raw)

Add the `__counted_by_ptr` attribute to the `buffer` field of `struct
xfs_attr_list_context`. This field is used to point to a buffer of
size `bufsize`.

The `buffer` field is assigned in:
1. `xfs_ioc_attr_list` in `fs/xfs/xfs_handle.c`
2. `xfs_xattr_list` in `fs/xfs/xfs_xattr.c`
3. `xfs_getparents` in `fs/xfs/xfs_handle.c` (implicitly initialized to NULL)

In `xfs_ioc_attr_list`, `buffer` was assigned before `bufsize`. Reorder
them to ensure `bufsize` is set before `buffer` is assigned, although
no access happens between them.

In `xfs_xattr_list`, `buffer` was assigned before `bufsize`. Reorder
them to ensure `bufsize` is set before `buffer` is assigned.

In `xfs_getparents`, `buffer` is NULL (from zero initialization) and
remains NULL. `bufsize` is set to a non-zero value, but since `buffer`
is NULL, no access occurs.

In all cases, the pointer `buffer` is not accessed before `bufsize` is
set.

This patch was generated by CodeMender and reviewed by Bill Wendling.
Tested by running xfstests.

Signed-off-by: Bill Wendling <morbo@google.com>
---
Cc: Carlos Maiolino <cem@kernel.org>
Cc: "Darrick J. Wong" <djwong@kernel.org>
Cc: Gogul Balakrishnan <bgogul@google.com>
Cc: Arman Hasanzadeh <armanihm@google.com>
Cc: Kees Cook <kees@kernel.org>
Cc: linux-xfs@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: codemender-patching+linux@google.com
---
 fs/xfs/libxfs/xfs_attr.h | 2 +-
 fs/xfs/xfs_handle.c      | 2 +-
 fs/xfs/xfs_xattr.c       | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/fs/xfs/libxfs/xfs_attr.h b/fs/xfs/libxfs/xfs_attr.h
index 8244305949de..4cd161905288 100644
--- a/fs/xfs/libxfs/xfs_attr.h
+++ b/fs/xfs/libxfs/xfs_attr.h
@@ -55,7 +55,7 @@ struct xfs_attr_list_context {
 	struct xfs_trans	*tp;
 	struct xfs_inode	*dp;		/* inode */
 	struct xfs_attrlist_cursor_kern cursor;	/* position in list */
-	void			*buffer;	/* output buffer */
+	void			*buffer __counted_by_ptr(bufsize);	/* output buffer */
 
 	/*
 	 * Abort attribute list iteration if non-zero.  Can be used to pass
diff --git a/fs/xfs/xfs_handle.c b/fs/xfs/xfs_handle.c
index d1291ca15239..2b8617ae7ec2 100644
--- a/fs/xfs/xfs_handle.c
+++ b/fs/xfs/xfs_handle.c
@@ -443,8 +443,8 @@ xfs_ioc_attr_list(
 	context.dp = dp;
 	context.resynch = 1;
 	context.attr_filter = xfs_attr_filter(flags);
-	context.buffer = buffer;
 	context.bufsize = round_down(bufsize, sizeof(uint32_t));
+	context.buffer = buffer;
 	context.firstu = context.bufsize;
 	context.put_listent = xfs_ioc_attr_put_listent;
 
diff --git a/fs/xfs/xfs_xattr.c b/fs/xfs/xfs_xattr.c
index a735f16d9cd8..544213067d59 100644
--- a/fs/xfs/xfs_xattr.c
+++ b/fs/xfs/xfs_xattr.c
@@ -332,8 +332,8 @@ xfs_vn_listxattr(
 	memset(&context, 0, sizeof(context));
 	context.dp = XFS_I(inode);
 	context.resynch = 1;
-	context.buffer = size ? data : NULL;
 	context.bufsize = size;
+	context.buffer = size ? data : NULL;
 	context.firstu = context.bufsize;
 	context.put_listent = xfs_xattr_put_listent;
 
-- 
2.53.0.473.g4a7958ca14-goog

next             reply	other threads:[~2026-03-03  1:56 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-03  1:56 Bill Wendling [this message]
2026-03-03  5:14 ` [PATCH] xfs: annotate struct xfs_attr_list_context with __counted_by_ptr Darrick J. Wong
2026-03-03  7:35   ` Bill Wendling
2026-03-03 14:40 ` Christoph Hellwig
2026-03-16 18:42   ` Bill Wendling
2026-03-16 18:41 ` [PATCH v2] " Bill Wendling
2026-03-16 22:53   ` Darrick J. Wong
2026-03-17  9:13   ` Christoph Hellwig
2026-03-18 10:12   ` Carlos Maiolino

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:8244305949d dfblob:4cd16190528 dfblob:d1291ca1523
dfblob:2b8617ae7ec dfblob:a735f16d9cd dfblob:544213067d5 )
 OR (
bs:"[PATCH] xfs: annotate struct xfs_attr_list_context with __counted_by_ptr" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260303015646.2796170-1-morbo@google.com \
    --to=morbo@google.com \
    --cc=armanihm@google.com \
    --cc=bgogul@google.com \
    --cc=cem@kernel.org \
    --cc=codemender-patching+linux@google.com \
    --cc=djwong@kernel.org \
    --cc=kees@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-xfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox