[PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted

public inbox for keyrings@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by
       [not found] <20260406175810.1018681-3-thorsten.blum@linux.dev>
@ 2026-04-06 17:58 ` Thorsten Blum
  2026-04-08  9:02   ` Jarkko Sakkinen
  0 siblings, 1 reply; 3+ messages in thread
From: Thorsten Blum @ 2026-04-06 17:58 UTC (permalink / raw)
  To: David Howells, Jarkko Sakkinen, Kees Cook, Gustavo A. R. Silva
  Cc: Thorsten Blum, keyrings, linux-kernel, linux-hardening

Add the __counted_by() compiler attribute to the flexible array member
'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
CONFIG_FORTIFY_SOURCE.

Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
 include/keys/user-type.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/include/keys/user-type.h b/include/keys/user-type.h
index 386c31432789..2305991f4fcd 100644
--- a/include/keys/user-type.h
+++ b/include/keys/user-type.h
@@ -27,7 +27,8 @@
 struct user_key_payload {
 	struct rcu_head	rcu;		/* RCU destructor */
 	unsigned short	datalen;	/* length of this data */
-	char		data[] __aligned(__alignof__(u64)); /* actual data */
+	char		data[]		/* actual data */
+			__aligned(__alignof__(u64)) __counted_by(datalen);
 };
 
 extern struct key_type key_type_user;

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by
  2026-04-06 17:58 ` [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by Thorsten Blum
@ 2026-04-08  9:02   ` Jarkko Sakkinen
  2026-04-08 12:21     ` Thorsten Blum
  0 siblings, 1 reply; 3+ messages in thread
From: Jarkko Sakkinen @ 2026-04-08  9:02 UTC (permalink / raw)
  To: Thorsten Blum
  Cc: David Howells, Kees Cook, Gustavo A. R. Silva, keyrings,
	linux-kernel, linux-hardening

On Mon, Apr 06, 2026 at 07:58:10PM +0200, Thorsten Blum wrote:
> Add the __counted_by() compiler attribute to the flexible array member
> 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
> CONFIG_FORTIFY_SOURCE.
> 
> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> ---
>  include/keys/user-type.h | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/include/keys/user-type.h b/include/keys/user-type.h
> index 386c31432789..2305991f4fcd 100644
> --- a/include/keys/user-type.h
> +++ b/include/keys/user-type.h
> @@ -27,7 +27,8 @@
>  struct user_key_payload {
>  	struct rcu_head	rcu;		/* RCU destructor */
>  	unsigned short	datalen;	/* length of this data */
> -	char		data[] __aligned(__alignof__(u64)); /* actual data */
> +	char		data[]		/* actual data */
> +			__aligned(__alignof__(u64)) __counted_by(datalen);
>  };
>  
>  extern struct key_type key_type_user;

You don't provide any evidence of any improvement.

BR, Jarkko

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by
  2026-04-08  9:02   ` Jarkko Sakkinen
@ 2026-04-08 12:21     ` Thorsten Blum
  0 siblings, 0 replies; 3+ messages in thread
From: Thorsten Blum @ 2026-04-08 12:21 UTC (permalink / raw)
  To: Jarkko Sakkinen
  Cc: David Howells, Kees Cook, Gustavo A. R. Silva, keyrings,
	linux-kernel, linux-hardening

On Wed, Apr 08, 2026 at 12:02:25PM +0300, Jarkko Sakkinen wrote:
> On Mon, Apr 06, 2026 at 07:58:10PM +0200, Thorsten Blum wrote:
> > Add the __counted_by() compiler attribute to the flexible array member
> > 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
> > CONFIG_FORTIFY_SOURCE.
> > 
> > Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> > ---
> >  include/keys/user-type.h | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> > 
> > diff --git a/include/keys/user-type.h b/include/keys/user-type.h
> > index 386c31432789..2305991f4fcd 100644
> > --- a/include/keys/user-type.h
> > +++ b/include/keys/user-type.h
> > @@ -27,7 +27,8 @@
> >  struct user_key_payload {
> >  	struct rcu_head	rcu;		/* RCU destructor */
> >  	unsigned short	datalen;	/* length of this data */
> > -	char		data[] __aligned(__alignof__(u64)); /* actual data */
> > +	char		data[]		/* actual data */
> > +			__aligned(__alignof__(u64)) __counted_by(datalen);
> >  };
> >  
> >  extern struct key_type key_type_user;
> 
> You don't provide any evidence of any improvement.

It's a proactive hardening change to help avoid future mistakes.

The __counted_by() annotation makes the bounds visible to the compiler
and at runtime so that future ->data accesses can be checked against
->datalen.

The current code is correct regarding ->data accesses and doesn't
require any changes.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2026-04-08 12:21 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <20260406175810.1018681-3-thorsten.blum@linux.dev>
2026-04-06 17:58 ` [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by Thorsten Blum
2026-04-08  9:02   ` Jarkko Sakkinen
2026-04-08 12:21     ` Thorsten Blum

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox