[lvc-project] [PATCH v2] ocfs2: fix __counted_by_le() usage in ocfs2_expand_inline_dx_root()
Heming Zhao
heming.zhao at suse.com
Tue Oct 14 14:15:56 MSK 2025
Hi,
On 10/14/25 15:03, Dmitry Antipov wrote:
> After annotating 'l_recs[]' VLA member of 'struct ocfs2_extent_list'
> with '__counted_by_le(l_count)', 'l_count' should be initialized
> before touching 'l_recs[]' with 'memset()' to avoid false positives
> from buffer overflow guards when CONFIG_UBSAN_BOUNDS is enabled.
>
> Fixes: aa545adbe491 ("ocfs2: annotate flexible array members with __counted_by_le()")
> Signed-off-by: Dmitry Antipov <dmantipov at yandex.ru>
LGTM.
Reviewed-by: Heming Zhao <heming.zhao at suse.com>> ---
> v2: adjust 'memset()' call to clear 'l_recs[]' of 'dr_list' only
> and initialize the rest of the members explicitly (Heming Zhao)
>
> note: since the commit in subject is not merged to upstream yet, Fixes: reference is taken from
> https://web.git.kernel.org/pub/scm/linux/kernel/git/akpm/mm.git/commit/?h=mm-nonmm-unstable&id=aa545adbe491
> ---
> fs/ocfs2/dir.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/fs/ocfs2/dir.c b/fs/ocfs2/dir.c
> index 8c9c4825f984..48b092bc83d4 100644
> --- a/fs/ocfs2/dir.c
> +++ b/fs/ocfs2/dir.c
> @@ -4104,10 +4104,15 @@ static int ocfs2_expand_inline_dx_root(struct inode *dir,
> }
>
> dx_root->dr_flags &= ~OCFS2_DX_FLAG_INLINE;
> - memset(&dx_root->dr_list, 0, osb->sb->s_blocksize -
> - offsetof(struct ocfs2_dx_root_block, dr_list));
> +
> + dx_root->dr_list.l_tree_depth = 0;
> dx_root->dr_list.l_count =
> cpu_to_le16(ocfs2_extent_recs_per_dx_root(osb->sb));
> + dx_root->dr_list.l_next_free_rec = 0;
> + memset(&dx_root->dr_list.l_recs, 0,
> + osb->sb->s_blocksize -
> + (offsetof(struct ocfs2_dx_root_block, dr_list) +
> + offsetof(struct ocfs2_extent_list, l_recs)));
>
> /* This should never fail considering we start with an empty
> * dx_root. */
More information about the lvc-project
mailing list