[PATCH net-next 1/2] keys, dns: drop unused upayload->data NUL terminator

[PATCH net-next 1/2] keys, dns: drop unused upayload->data NUL terminator

[Thorsten Blum]

In dns_resolver_preparse(), do not NUL-terminate ->data and allocate one
byte less. The NUL terminator is never used and only ->datalen bytes are
accessed.

Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
 net/dns_resolver/dns_key.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/net/dns_resolver/dns_key.c b/net/dns_resolver/dns_key.c
index c3c8c3240ef9..451247864a63 100644
--- a/net/dns_resolver/dns_key.c
+++ b/net/dns_resolver/dns_key.c
@@ -203,7 +203,7 @@ dns_resolver_preparse(struct key_preparsed_payload *prep)
 	kdebug("store result");
 	prep->quotalen = result_len;
 
-	upayload = kmalloc_flex(*upayload, data, result_len + 1);
+	upayload = kmalloc_flex(*upayload, data, result_len);
 	if (!upayload) {
 		kleave(" = -ENOMEM");
 		return -ENOMEM;
@@ -211,7 +211,6 @@ dns_resolver_preparse(struct key_preparsed_payload *prep)
 
 	upayload->datalen = result_len;
 	memcpy(upayload->data, data, result_len);
-	upayload->data[result_len] = '\0';
 
 	prep->payload.data[dns_key_data] = upayload;
 	kleave(" = 0");

[PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by

[Thorsten Blum]

Add the __counted_by() compiler attribute to the flexible array member
'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
CONFIG_FORTIFY_SOURCE.

Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
 include/keys/user-type.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/keys/user-type.h b/include/keys/user-type.h
index 386c31432789..2305991f4fcd 100644
--- a/include/keys/user-type.h
+++ b/include/keys/user-type.h
@@ -27,7 +27,8 @@
 struct user_key_payload {
 	struct rcu_head	rcu;		/* RCU destructor */
 	unsigned short	datalen;	/* length of this data */
-	char		data[] __aligned(__alignof__(u64)); /* actual data */
+	char		data[]		/* actual data */
+			__aligned(__alignof__(u64)) __counted_by(datalen);
 };
 
 extern struct key_type key_type_user;

Re: [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by

[Jarkko Sakkinen]

On Mon, Apr 06, 2026 at 07:58:10PM +0200, Thorsten Blum wrote:
> Add the __counted_by() compiler attribute to the flexible array member
> 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
> CONFIG_FORTIFY_SOURCE.
> 
> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> ---
>  include/keys/user-type.h | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/include/keys/user-type.h b/include/keys/user-type.h
> index 386c31432789..2305991f4fcd 100644
> --- a/include/keys/user-type.h
> +++ b/include/keys/user-type.h
> @@ -27,7 +27,8 @@
>  struct user_key_payload {
>  	struct rcu_head	rcu;		/* RCU destructor */
>  	unsigned short	datalen;	/* length of this data */
> -	char		data[] __aligned(__alignof__(u64)); /* actual data */
> +	char		data[]		/* actual data */
> +			__aligned(__alignof__(u64)) __counted_by(datalen);
>  };
>  
>  extern struct key_type key_type_user;

You don't provide any evidence of any improvement.

BR, Jarkko

Re: [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by

[Thorsten Blum]

On Wed, Apr 08, 2026 at 12:02:25PM +0300, Jarkko Sakkinen wrote:
> On Mon, Apr 06, 2026 at 07:58:10PM +0200, Thorsten Blum wrote:
> > Add the __counted_by() compiler attribute to the flexible array member
> > 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
> > CONFIG_FORTIFY_SOURCE.
> > 
> > Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> > ---
> >  include/keys/user-type.h | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> > 
> > diff --git a/include/keys/user-type.h b/include/keys/user-type.h
> > index 386c31432789..2305991f4fcd 100644
> > --- a/include/keys/user-type.h
> > +++ b/include/keys/user-type.h
> > @@ -27,7 +27,8 @@
> >  struct user_key_payload {
> >  	struct rcu_head	rcu;		/* RCU destructor */
> >  	unsigned short	datalen;	/* length of this data */
> > -	char		data[] __aligned(__alignof__(u64)); /* actual data */
> > +	char		data[]		/* actual data */
> > +			__aligned(__alignof__(u64)) __counted_by(datalen);
> >  };
> >  
> >  extern struct key_type key_type_user;
> 
> You don't provide any evidence of any improvement.

It's a proactive hardening change to help avoid future mistakes.

The __counted_by() annotation makes the bounds visible to the compiler
and at runtime so that future ->data accesses can be checked against
->datalen.

The current code is correct regarding ->data accesses and doesn't
require any changes.

Re: [PATCH net-next 1/2] keys, dns: drop unused upayload->data NUL terminator

[Jakub Kicinski]

On Mon,  6 Apr 2026 19:58:09 +0200 Thorsten Blum wrote:
> Subject: [PATCH net-next 1/2] keys, dns: drop unused upayload->data NUL terminator

This says net-next but patch 2 never reached netdev@
-- 
pw-bot: cr

Re: [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by

[Jarkko Sakkinen]

On Wed, Apr 08, 2026 at 02:21:19PM +0200, Thorsten Blum wrote:
> On Wed, Apr 08, 2026 at 12:02:25PM +0300, Jarkko Sakkinen wrote:
> > On Mon, Apr 06, 2026 at 07:58:10PM +0200, Thorsten Blum wrote:
> > > Add the __counted_by() compiler attribute to the flexible array member
> > > 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
> > > CONFIG_FORTIFY_SOURCE.
> > > 
> > > Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> > > ---
> > >  include/keys/user-type.h | 3 ++-
> > >  1 file changed, 2 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/include/keys/user-type.h b/include/keys/user-type.h
> > > index 386c31432789..2305991f4fcd 100644
> > > --- a/include/keys/user-type.h
> > > +++ b/include/keys/user-type.h
> > > @@ -27,7 +27,8 @@
> > >  struct user_key_payload {
> > >  	struct rcu_head	rcu;		/* RCU destructor */
> > >  	unsigned short	datalen;	/* length of this data */
> > > -	char		data[] __aligned(__alignof__(u64)); /* actual data */
> > > +	char		data[]		/* actual data */
> > > +			__aligned(__alignof__(u64)) __counted_by(datalen);
> > >  };
> > >  
> > >  extern struct key_type key_type_user;
> > 
> > You don't provide any evidence of any improvement.
> 
> It's a proactive hardening change to help avoid future mistakes.
> 
> The __counted_by() annotation makes the bounds visible to the compiler
> and at runtime so that future ->data accesses can be checked against
> ->datalen.
> 
> The current code is correct regarding ->data accesses and doesn't
> require any changes.

OK I'll buy that but send +1 version:

~/work/kernel.org/jarkko/linux-tpmdd next
❯ git am -3 20260406_thorsten_blum_keys_dns_drop_unused_upayload_data_nul_terminator.mbx
Applying: keys, dns: drop unused upayload->data NUL terminator
error: sha1 information is lacking or useless (net/dns_resolver/dns_key.c).
error: could not build fake ancestor
Patch failed at 0001 keys, dns: drop unused upayload->data NUL terminator
hint: Use 'git am --show-current-patch=diff' to see the failed patch
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

BR, Jarkko

Re: [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by

[Thorsten Blum]

On Wed, Apr 15, 2026 at 02:58:05AM +0300, Jarkko Sakkinen wrote:
> On Wed, Apr 08, 2026 at 02:21:19PM +0200, Thorsten Blum wrote:
> > On Wed, Apr 08, 2026 at 12:02:25PM +0300, Jarkko Sakkinen wrote:
> > > On Mon, Apr 06, 2026 at 07:58:10PM +0200, Thorsten Blum wrote:
> > > > Add the __counted_by() compiler attribute to the flexible array member
> > > > 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
> > > > CONFIG_FORTIFY_SOURCE.
> > > > 
> > > > Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> > > > ---
> > > >  include/keys/user-type.h | 3 ++-
> > > >  1 file changed, 2 insertions(+), 1 deletion(-)
> > > > 
> > > > diff --git a/include/keys/user-type.h b/include/keys/user-type.h
> > > > index 386c31432789..2305991f4fcd 100644
> > > > --- a/include/keys/user-type.h
> > > > +++ b/include/keys/user-type.h
> > > > @@ -27,7 +27,8 @@
> > > >  struct user_key_payload {
> > > >  	struct rcu_head	rcu;		/* RCU destructor */
> > > >  	unsigned short	datalen;	/* length of this data */
> > > > -	char		data[] __aligned(__alignof__(u64)); /* actual data */
> > > > +	char		data[]		/* actual data */
> > > > +			__aligned(__alignof__(u64)) __counted_by(datalen);
> > > >  };
> > > >  
> > > >  extern struct key_type key_type_user;
> > > 
> > > You don't provide any evidence of any improvement.
> > 
> > It's a proactive hardening change to help avoid future mistakes.
> > 
> > The __counted_by() annotation makes the bounds visible to the compiler
> > and at runtime so that future ->data accesses can be checked against
> > ->datalen.
> > 
> > The current code is correct regarding ->data accesses and doesn't
> > require any changes.
> 
> OK I'll buy that but send +1 version:
> 
> ~/work/kernel.org/jarkko/linux-tpmdd next
> ❯ git am -3 20260406_thorsten_blum_keys_dns_drop_unused_upayload_data_nul_terminator.mbx
> Applying: keys, dns: drop unused upayload->data NUL terminator
> error: sha1 information is lacking or useless (net/dns_resolver/dns_key.c).
> error: could not build fake ancestor
> Patch failed at 0001 keys, dns: drop unused upayload->data NUL terminator
> hint: Use 'git am --show-current-patch=diff' to see the failed patch
> When you have resolved this problem, run "git am --continue".
> If you prefer to skip this patch, run "git am --skip" instead.
> To restore the original branch and stop patching, run "git am --abort".

AFAICT, linux-tpmdd/next is missing this change:

https://lore.kernel.org/all/20260226214930.785423-3-thorsten.blum@linux.dev/

Re: [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by

[Jarkko Sakkinen]

On Wed, Apr 15, 2026 at 11:40:26AM +0200, Thorsten Blum wrote:
> On Wed, Apr 15, 2026 at 02:58:05AM +0300, Jarkko Sakkinen wrote:
> > On Wed, Apr 08, 2026 at 02:21:19PM +0200, Thorsten Blum wrote:
> > > On Wed, Apr 08, 2026 at 12:02:25PM +0300, Jarkko Sakkinen wrote:
> > > > On Mon, Apr 06, 2026 at 07:58:10PM +0200, Thorsten Blum wrote:
> > > > > Add the __counted_by() compiler attribute to the flexible array member
> > > > > 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
> > > > > CONFIG_FORTIFY_SOURCE.
> > > > > 
> > > > > Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> > > > > ---
> > > > >  include/keys/user-type.h | 3 ++-
> > > > >  1 file changed, 2 insertions(+), 1 deletion(-)
> > > > > 
> > > > > diff --git a/include/keys/user-type.h b/include/keys/user-type.h
> > > > > index 386c31432789..2305991f4fcd 100644
> > > > > --- a/include/keys/user-type.h
> > > > > +++ b/include/keys/user-type.h
> > > > > @@ -27,7 +27,8 @@
> > > > >  struct user_key_payload {
> > > > >  	struct rcu_head	rcu;		/* RCU destructor */
> > > > >  	unsigned short	datalen;	/* length of this data */
> > > > > -	char		data[] __aligned(__alignof__(u64)); /* actual data */
> > > > > +	char		data[]		/* actual data */
> > > > > +			__aligned(__alignof__(u64)) __counted_by(datalen);
> > > > >  };
> > > > >  
> > > > >  extern struct key_type key_type_user;
> > > > 
> > > > You don't provide any evidence of any improvement.
> > > 
> > > It's a proactive hardening change to help avoid future mistakes.
> > > 
> > > The __counted_by() annotation makes the bounds visible to the compiler
> > > and at runtime so that future ->data accesses can be checked against
> > > ->datalen.
> > > 
> > > The current code is correct regarding ->data accesses and doesn't
> > > require any changes.
> > 
> > OK I'll buy that but send +1 version:
> > 
> > ~/work/kernel.org/jarkko/linux-tpmdd next
> > ❯ git am -3 20260406_thorsten_blum_keys_dns_drop_unused_upayload_data_nul_terminator.mbx
> > Applying: keys, dns: drop unused upayload->data NUL terminator
> > error: sha1 information is lacking or useless (net/dns_resolver/dns_key.c).
> > error: could not build fake ancestor
> > Patch failed at 0001 keys, dns: drop unused upayload->data NUL terminator
> > hint: Use 'git am --show-current-patch=diff' to see the failed patch
> > When you have resolved this problem, run "git am --continue".
> > If you prefer to skip this patch, run "git am --skip" instead.
> > To restore the original branch and stop patching, run "git am --abort".
> 
> AFAICT, linux-tpmdd/next is missing this change:
> 
> https://lore.kernel.org/all/20260226214930.785423-3-thorsten.blum@linux.dev/

By pratical means, that is lacking any proper commit message.

BR, Jarkko

Re: [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by

[Thorsten Blum]

On Wed, Apr 15, 2026 at 03:08:33PM +0300, Jarkko Sakkinen wrote:
> On Wed, Apr 15, 2026 at 11:40:26AM +0200, Thorsten Blum wrote:
> > On Wed, Apr 15, 2026 at 02:58:05AM +0300, Jarkko Sakkinen wrote:
> > > On Wed, Apr 08, 2026 at 02:21:19PM +0200, Thorsten Blum wrote:
> > > > On Wed, Apr 08, 2026 at 12:02:25PM +0300, Jarkko Sakkinen wrote:
> > > > > On Mon, Apr 06, 2026 at 07:58:10PM +0200, Thorsten Blum wrote:
> > > > > > Add the __counted_by() compiler attribute to the flexible array member
> > > > > > 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
> > > > > > CONFIG_FORTIFY_SOURCE.
> > > > > > 
> > > > > > Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> > > > > > ---
> > > > > >  include/keys/user-type.h | 3 ++-
> > > > > >  1 file changed, 2 insertions(+), 1 deletion(-)
> > > > > > 
> > > > > > diff --git a/include/keys/user-type.h b/include/keys/user-type.h
> > > > > > index 386c31432789..2305991f4fcd 100644
> > > > > > --- a/include/keys/user-type.h
> > > > > > +++ b/include/keys/user-type.h
> > > > > > @@ -27,7 +27,8 @@
> > > > > >  struct user_key_payload {
> > > > > >  	struct rcu_head	rcu;		/* RCU destructor */
> > > > > >  	unsigned short	datalen;	/* length of this data */
> > > > > > -	char		data[] __aligned(__alignof__(u64)); /* actual data */
> > > > > > +	char		data[]		/* actual data */
> > > > > > +			__aligned(__alignof__(u64)) __counted_by(datalen);
> > > > > >  };
> > > > > >  
> > > > > >  extern struct key_type key_type_user;
> > > > > 
> > > > > You don't provide any evidence of any improvement.
> > > > 
> > > > It's a proactive hardening change to help avoid future mistakes.
> > > > 
> > > > The __counted_by() annotation makes the bounds visible to the compiler
> > > > and at runtime so that future ->data accesses can be checked against
> > > > ->datalen.
> > > > 
> > > > The current code is correct regarding ->data accesses and doesn't
> > > > require any changes.
> > > 
> > > OK I'll buy that but send +1 version:
> > > 
> > > ~/work/kernel.org/jarkko/linux-tpmdd next
> > > ❯ git am -3 20260406_thorsten_blum_keys_dns_drop_unused_upayload_data_nul_terminator.mbx
> > > Applying: keys, dns: drop unused upayload->data NUL terminator
> > > error: sha1 information is lacking or useless (net/dns_resolver/dns_key.c).
> > > error: could not build fake ancestor
> > > Patch failed at 0001 keys, dns: drop unused upayload->data NUL terminator
> > > hint: Use 'git am --show-current-patch=diff' to see the failed patch
> > > When you have resolved this problem, run "git am --continue".
> > > If you prefer to skip this patch, run "git am --skip" instead.
> > > To restore the original branch and stop patching, run "git am --abort".
> > 
> > AFAICT, linux-tpmdd/next is missing this change:
> > 
> > https://lore.kernel.org/all/20260226214930.785423-3-thorsten.blum@linux.dev/
> 
> By pratical means, that is lacking any proper commit message.

My point was that it has been in linux-next since February, but it's
missing in linux-tpmdd/next, which is why patch 1/2 doesn't apply.

I'll send a new version with 'char data[] __aligned(8) ...' on a single
line in patch 2/2 after the merge window - please let me know if there's
anything else that should be changed.

Thanks,
Thorsten

Re: [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by

[Jarkko Sakkinen]

On Thu, Apr 16, 2026 at 12:13:28PM +0200, Thorsten Blum wrote:
> On Wed, Apr 15, 2026 at 03:08:33PM +0300, Jarkko Sakkinen wrote:
> > On Wed, Apr 15, 2026 at 11:40:26AM +0200, Thorsten Blum wrote:
> > > On Wed, Apr 15, 2026 at 02:58:05AM +0300, Jarkko Sakkinen wrote:
> > > > On Wed, Apr 08, 2026 at 02:21:19PM +0200, Thorsten Blum wrote:
> > > > > On Wed, Apr 08, 2026 at 12:02:25PM +0300, Jarkko Sakkinen wrote:
> > > > > > On Mon, Apr 06, 2026 at 07:58:10PM +0200, Thorsten Blum wrote:
> > > > > > > Add the __counted_by() compiler attribute to the flexible array member
> > > > > > > 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
> > > > > > > CONFIG_FORTIFY_SOURCE.
> > > > > > > 
> > > > > > > Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> > > > > > > ---
> > > > > > >  include/keys/user-type.h | 3 ++-
> > > > > > >  1 file changed, 2 insertions(+), 1 deletion(-)
> > > > > > > 
> > > > > > > diff --git a/include/keys/user-type.h b/include/keys/user-type.h
> > > > > > > index 386c31432789..2305991f4fcd 100644
> > > > > > > --- a/include/keys/user-type.h
> > > > > > > +++ b/include/keys/user-type.h
> > > > > > > @@ -27,7 +27,8 @@
> > > > > > >  struct user_key_payload {
> > > > > > >  	struct rcu_head	rcu;		/* RCU destructor */
> > > > > > >  	unsigned short	datalen;	/* length of this data */
> > > > > > > -	char		data[] __aligned(__alignof__(u64)); /* actual data */
> > > > > > > +	char		data[]		/* actual data */
> > > > > > > +			__aligned(__alignof__(u64)) __counted_by(datalen);
> > > > > > >  };
> > > > > > >  
> > > > > > >  extern struct key_type key_type_user;
> > > > > > 
> > > > > > You don't provide any evidence of any improvement.
> > > > > 
> > > > > It's a proactive hardening change to help avoid future mistakes.
> > > > > 
> > > > > The __counted_by() annotation makes the bounds visible to the compiler
> > > > > and at runtime so that future ->data accesses can be checked against
> > > > > ->datalen.
> > > > > 
> > > > > The current code is correct regarding ->data accesses and doesn't
> > > > > require any changes.
> > > > 
> > > > OK I'll buy that but send +1 version:
> > > > 
> > > > ~/work/kernel.org/jarkko/linux-tpmdd next
> > > > ❯ git am -3 20260406_thorsten_blum_keys_dns_drop_unused_upayload_data_nul_terminator.mbx
> > > > Applying: keys, dns: drop unused upayload->data NUL terminator
> > > > error: sha1 information is lacking or useless (net/dns_resolver/dns_key.c).
> > > > error: could not build fake ancestor
> > > > Patch failed at 0001 keys, dns: drop unused upayload->data NUL terminator
> > > > hint: Use 'git am --show-current-patch=diff' to see the failed patch
> > > > When you have resolved this problem, run "git am --continue".
> > > > If you prefer to skip this patch, run "git am --skip" instead.
> > > > To restore the original branch and stop patching, run "git am --abort".
> > > 
> > > AFAICT, linux-tpmdd/next is missing this change:
> > > 
> > > https://lore.kernel.org/all/20260226214930.785423-3-thorsten.blum@linux.dev/
> > 
> > By pratical means, that is lacking any proper commit message.
> 
> My point was that it has been in linux-next since February, but it's
> missing in linux-tpmdd/next, which is why patch 1/2 doesn't apply.
> 
> I'll send a new version with 'char data[] __aligned(8) ...' on a single
> line in patch 2/2 after the merge window - please let me know if there's
> anything else that should be changed.

Whoever mirrors that in there has the ball on that patch. I can revisit
this once it is either:

1. In the mainline
2. Dropped and resent for review.


> 
> Thanks,
> Thorsten

BR, Jarkko

Re: [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by

[Jarkko Sakkinen]

On Sun, Apr 19, 2026 at 03:06:59PM +0300, Jarkko Sakkinen wrote:
> On Thu, Apr 16, 2026 at 12:13:28PM +0200, Thorsten Blum wrote:
> > On Wed, Apr 15, 2026 at 03:08:33PM +0300, Jarkko Sakkinen wrote:
> > > On Wed, Apr 15, 2026 at 11:40:26AM +0200, Thorsten Blum wrote:
> > > > On Wed, Apr 15, 2026 at 02:58:05AM +0300, Jarkko Sakkinen wrote:
> > > > > On Wed, Apr 08, 2026 at 02:21:19PM +0200, Thorsten Blum wrote:
> > > > > > On Wed, Apr 08, 2026 at 12:02:25PM +0300, Jarkko Sakkinen wrote:
> > > > > > > On Mon, Apr 06, 2026 at 07:58:10PM +0200, Thorsten Blum wrote:
> > > > > > > > Add the __counted_by() compiler attribute to the flexible array member
> > > > > > > > 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
> > > > > > > > CONFIG_FORTIFY_SOURCE.
> > > > > > > > 
> > > > > > > > Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> > > > > > > > ---
> > > > > > > >  include/keys/user-type.h | 3 ++-
> > > > > > > >  1 file changed, 2 insertions(+), 1 deletion(-)
> > > > > > > > 
> > > > > > > > diff --git a/include/keys/user-type.h b/include/keys/user-type.h
> > > > > > > > index 386c31432789..2305991f4fcd 100644
> > > > > > > > --- a/include/keys/user-type.h
> > > > > > > > +++ b/include/keys/user-type.h
> > > > > > > > @@ -27,7 +27,8 @@
> > > > > > > >  struct user_key_payload {
> > > > > > > >  	struct rcu_head	rcu;		/* RCU destructor */
> > > > > > > >  	unsigned short	datalen;	/* length of this data */
> > > > > > > > -	char		data[] __aligned(__alignof__(u64)); /* actual data */
> > > > > > > > +	char		data[]		/* actual data */
> > > > > > > > +			__aligned(__alignof__(u64)) __counted_by(datalen);
> > > > > > > >  };
> > > > > > > >  
> > > > > > > >  extern struct key_type key_type_user;
> > > > > > > 
> > > > > > > You don't provide any evidence of any improvement.
> > > > > > 
> > > > > > It's a proactive hardening change to help avoid future mistakes.
> > > > > > 
> > > > > > The __counted_by() annotation makes the bounds visible to the compiler
> > > > > > and at runtime so that future ->data accesses can be checked against
> > > > > > ->datalen.
> > > > > > 
> > > > > > The current code is correct regarding ->data accesses and doesn't
> > > > > > require any changes.
> > > > > 
> > > > > OK I'll buy that but send +1 version:
> > > > > 
> > > > > ~/work/kernel.org/jarkko/linux-tpmdd next
> > > > > ❯ git am -3 20260406_thorsten_blum_keys_dns_drop_unused_upayload_data_nul_terminator.mbx
> > > > > Applying: keys, dns: drop unused upayload->data NUL terminator
> > > > > error: sha1 information is lacking or useless (net/dns_resolver/dns_key.c).
> > > > > error: could not build fake ancestor
> > > > > Patch failed at 0001 keys, dns: drop unused upayload->data NUL terminator
> > > > > hint: Use 'git am --show-current-patch=diff' to see the failed patch
> > > > > When you have resolved this problem, run "git am --continue".
> > > > > If you prefer to skip this patch, run "git am --skip" instead.
> > > > > To restore the original branch and stop patching, run "git am --abort".
> > > > 
> > > > AFAICT, linux-tpmdd/next is missing this change:
> > > > 
> > > > https://lore.kernel.org/all/20260226214930.785423-3-thorsten.blum@linux.dev/
> > > 
> > > By pratical means, that is lacking any proper commit message.
> > 
> > My point was that it has been in linux-next since February, but it's
> > missing in linux-tpmdd/next, which is why patch 1/2 doesn't apply.
> > 
> > I'll send a new version with 'char data[] __aligned(8) ...' on a single
> > line in patch 2/2 after the merge window - please let me know if there's
> > anything else that should be changed.
> 
> Whoever mirrors that in there has the ball on that patch. I can revisit
> this once it is either:
> 
> 1. In the mainline
> 2. Dropped and resent for review.

Or actually it should not be applied to mainline with my ack but anyway.
Sounds weird.


BR, Jarkko