[bug report] landlock: Add AUDIT_LANDLOCK_DOMAIN and log domain status

[Dan Carpenter]

Hello Mickaël Salaün,

Commit 96cc6f48a8e4 ("landlock: Add AUDIT_LANDLOCK_DOMAIN and log
domain status") from Mar 8, 2025 (linux-next), leads to the following
Smatch static checker warning:

	security/landlock/domain.c:66 get_current_exe()
	warn: 'size' unsigned <= 0

security/landlock/domain.c
    39 static const void *get_current_exe(const char **const exe_str,
    40                                    size_t *const exe_size)
    41 {
    42         const size_t buffer_size = LANDLOCK_PATH_MAX_SIZE;
    43         struct mm_struct *mm = current->mm;
    44         struct file *file __free(fput) = NULL;
    45         char *buffer __free(kfree) = NULL;
    46         const char *exe;
    47         size_t size;
    48 
    49         if (!mm)
    50                 return NULL;
    51 
    52         file = get_mm_exe_file(mm);
    53         if (!file)
    54                 return NULL;
    55 
    56         buffer = kmalloc(buffer_size, GFP_KERNEL);
    57         if (!buffer)
    58                 return ERR_PTR(-ENOMEM);
    59 
    60         exe = d_path(&file->f_path, buffer, buffer_size);
    61         if (WARN_ON_ONCE(IS_ERR(exe)))
    62                 /* Should never happen according to LANDLOCK_PATH_MAX_SIZE. */
    63                 return ERR_CAST(exe);
    64 
    65         size = buffer + buffer_size - exe;

d_path() takes a buffer and returns exe which is a pointer to the
somewhere in the middle of buffer.

--> 66         if (WARN_ON_ONCE(size <= 0))

So size can't be negative.  And also size is declared as unsigned so it
can't be negative for that reason either.

    67                 return ERR_PTR(-ENAMETOOLONG);
    68 
    69         *exe_size = size;
    70         *exe_str = exe;
    71         return no_free_ptr(buffer);
    72 }

regards,
dan carpenter