* [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by [not found] <20260406175810.1018681-3-thorsten.blum@linux.dev> @ 2026-04-06 17:58 ` Thorsten Blum 2026-04-08 9:02 ` Jarkko Sakkinen 0 siblings, 1 reply; 9+ messages in thread From: Thorsten Blum @ 2026-04-06 17:58 UTC (permalink / raw) To: David Howells, Jarkko Sakkinen, Kees Cook, Gustavo A. R. Silva Cc: Thorsten Blum, keyrings, linux-kernel, linux-hardening Add the __counted_by() compiler attribute to the flexible array member 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and CONFIG_FORTIFY_SOURCE. Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> --- include/keys/user-type.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/keys/user-type.h b/include/keys/user-type.h index 386c31432789..2305991f4fcd 100644 --- a/include/keys/user-type.h +++ b/include/keys/user-type.h @@ -27,7 +27,8 @@ struct user_key_payload { struct rcu_head rcu; /* RCU destructor */ unsigned short datalen; /* length of this data */ - char data[] __aligned(__alignof__(u64)); /* actual data */ + char data[] /* actual data */ + __aligned(__alignof__(u64)) __counted_by(datalen); }; extern struct key_type key_type_user; ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by 2026-04-06 17:58 ` [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by Thorsten Blum @ 2026-04-08 9:02 ` Jarkko Sakkinen 2026-04-08 12:21 ` Thorsten Blum 0 siblings, 1 reply; 9+ messages in thread From: Jarkko Sakkinen @ 2026-04-08 9:02 UTC (permalink / raw) To: Thorsten Blum Cc: David Howells, Kees Cook, Gustavo A. R. Silva, keyrings, linux-kernel, linux-hardening On Mon, Apr 06, 2026 at 07:58:10PM +0200, Thorsten Blum wrote: > Add the __counted_by() compiler attribute to the flexible array member > 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and > CONFIG_FORTIFY_SOURCE. > > Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> > --- > include/keys/user-type.h | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/include/keys/user-type.h b/include/keys/user-type.h > index 386c31432789..2305991f4fcd 100644 > --- a/include/keys/user-type.h > +++ b/include/keys/user-type.h > @@ -27,7 +27,8 @@ > struct user_key_payload { > struct rcu_head rcu; /* RCU destructor */ > unsigned short datalen; /* length of this data */ > - char data[] __aligned(__alignof__(u64)); /* actual data */ > + char data[] /* actual data */ > + __aligned(__alignof__(u64)) __counted_by(datalen); > }; > > extern struct key_type key_type_user; You don't provide any evidence of any improvement. BR, Jarkko ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by 2026-04-08 9:02 ` Jarkko Sakkinen @ 2026-04-08 12:21 ` Thorsten Blum 2026-04-14 23:58 ` Jarkko Sakkinen 0 siblings, 1 reply; 9+ messages in thread From: Thorsten Blum @ 2026-04-08 12:21 UTC (permalink / raw) To: Jarkko Sakkinen Cc: David Howells, Kees Cook, Gustavo A. R. Silva, keyrings, linux-kernel, linux-hardening On Wed, Apr 08, 2026 at 12:02:25PM +0300, Jarkko Sakkinen wrote: > On Mon, Apr 06, 2026 at 07:58:10PM +0200, Thorsten Blum wrote: > > Add the __counted_by() compiler attribute to the flexible array member > > 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and > > CONFIG_FORTIFY_SOURCE. > > > > Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> > > --- > > include/keys/user-type.h | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/include/keys/user-type.h b/include/keys/user-type.h > > index 386c31432789..2305991f4fcd 100644 > > --- a/include/keys/user-type.h > > +++ b/include/keys/user-type.h > > @@ -27,7 +27,8 @@ > > struct user_key_payload { > > struct rcu_head rcu; /* RCU destructor */ > > unsigned short datalen; /* length of this data */ > > - char data[] __aligned(__alignof__(u64)); /* actual data */ > > + char data[] /* actual data */ > > + __aligned(__alignof__(u64)) __counted_by(datalen); > > }; > > > > extern struct key_type key_type_user; > > You don't provide any evidence of any improvement. It's a proactive hardening change to help avoid future mistakes. The __counted_by() annotation makes the bounds visible to the compiler and at runtime so that future ->data accesses can be checked against ->datalen. The current code is correct regarding ->data accesses and doesn't require any changes. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by 2026-04-08 12:21 ` Thorsten Blum @ 2026-04-14 23:58 ` Jarkko Sakkinen 2026-04-15 9:40 ` Thorsten Blum 0 siblings, 1 reply; 9+ messages in thread From: Jarkko Sakkinen @ 2026-04-14 23:58 UTC (permalink / raw) To: Thorsten Blum Cc: David Howells, Kees Cook, Gustavo A. R. Silva, keyrings, linux-kernel, linux-hardening On Wed, Apr 08, 2026 at 02:21:19PM +0200, Thorsten Blum wrote: > On Wed, Apr 08, 2026 at 12:02:25PM +0300, Jarkko Sakkinen wrote: > > On Mon, Apr 06, 2026 at 07:58:10PM +0200, Thorsten Blum wrote: > > > Add the __counted_by() compiler attribute to the flexible array member > > > 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and > > > CONFIG_FORTIFY_SOURCE. > > > > > > Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> > > > --- > > > include/keys/user-type.h | 3 ++- > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > diff --git a/include/keys/user-type.h b/include/keys/user-type.h > > > index 386c31432789..2305991f4fcd 100644 > > > --- a/include/keys/user-type.h > > > +++ b/include/keys/user-type.h > > > @@ -27,7 +27,8 @@ > > > struct user_key_payload { > > > struct rcu_head rcu; /* RCU destructor */ > > > unsigned short datalen; /* length of this data */ > > > - char data[] __aligned(__alignof__(u64)); /* actual data */ > > > + char data[] /* actual data */ > > > + __aligned(__alignof__(u64)) __counted_by(datalen); > > > }; > > > > > > extern struct key_type key_type_user; > > > > You don't provide any evidence of any improvement. > > It's a proactive hardening change to help avoid future mistakes. > > The __counted_by() annotation makes the bounds visible to the compiler > and at runtime so that future ->data accesses can be checked against > ->datalen. > > The current code is correct regarding ->data accesses and doesn't > require any changes. OK I'll buy that but send +1 version: ~/work/kernel.org/jarkko/linux-tpmdd next ❯ git am -3 20260406_thorsten_blum_keys_dns_drop_unused_upayload_data_nul_terminator.mbx Applying: keys, dns: drop unused upayload->data NUL terminator error: sha1 information is lacking or useless (net/dns_resolver/dns_key.c). error: could not build fake ancestor Patch failed at 0001 keys, dns: drop unused upayload->data NUL terminator hint: Use 'git am --show-current-patch=diff' to see the failed patch When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort". BR, Jarkko ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by 2026-04-14 23:58 ` Jarkko Sakkinen @ 2026-04-15 9:40 ` Thorsten Blum 2026-04-15 12:08 ` Jarkko Sakkinen 0 siblings, 1 reply; 9+ messages in thread From: Thorsten Blum @ 2026-04-15 9:40 UTC (permalink / raw) To: Jarkko Sakkinen Cc: David Howells, Kees Cook, Gustavo A. R. Silva, keyrings, linux-kernel, linux-hardening On Wed, Apr 15, 2026 at 02:58:05AM +0300, Jarkko Sakkinen wrote: > On Wed, Apr 08, 2026 at 02:21:19PM +0200, Thorsten Blum wrote: > > On Wed, Apr 08, 2026 at 12:02:25PM +0300, Jarkko Sakkinen wrote: > > > On Mon, Apr 06, 2026 at 07:58:10PM +0200, Thorsten Blum wrote: > > > > Add the __counted_by() compiler attribute to the flexible array member > > > > 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and > > > > CONFIG_FORTIFY_SOURCE. > > > > > > > > Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> > > > > --- > > > > include/keys/user-type.h | 3 ++- > > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > > > diff --git a/include/keys/user-type.h b/include/keys/user-type.h > > > > index 386c31432789..2305991f4fcd 100644 > > > > --- a/include/keys/user-type.h > > > > +++ b/include/keys/user-type.h > > > > @@ -27,7 +27,8 @@ > > > > struct user_key_payload { > > > > struct rcu_head rcu; /* RCU destructor */ > > > > unsigned short datalen; /* length of this data */ > > > > - char data[] __aligned(__alignof__(u64)); /* actual data */ > > > > + char data[] /* actual data */ > > > > + __aligned(__alignof__(u64)) __counted_by(datalen); > > > > }; > > > > > > > > extern struct key_type key_type_user; > > > > > > You don't provide any evidence of any improvement. > > > > It's a proactive hardening change to help avoid future mistakes. > > > > The __counted_by() annotation makes the bounds visible to the compiler > > and at runtime so that future ->data accesses can be checked against > > ->datalen. > > > > The current code is correct regarding ->data accesses and doesn't > > require any changes. > > OK I'll buy that but send +1 version: > > ~/work/kernel.org/jarkko/linux-tpmdd next > ❯ git am -3 20260406_thorsten_blum_keys_dns_drop_unused_upayload_data_nul_terminator.mbx > Applying: keys, dns: drop unused upayload->data NUL terminator > error: sha1 information is lacking or useless (net/dns_resolver/dns_key.c). > error: could not build fake ancestor > Patch failed at 0001 keys, dns: drop unused upayload->data NUL terminator > hint: Use 'git am --show-current-patch=diff' to see the failed patch > When you have resolved this problem, run "git am --continue". > If you prefer to skip this patch, run "git am --skip" instead. > To restore the original branch and stop patching, run "git am --abort". AFAICT, linux-tpmdd/next is missing this change: https://lore.kernel.org/all/20260226214930.785423-3-thorsten.blum@linux.dev/ ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by 2026-04-15 9:40 ` Thorsten Blum @ 2026-04-15 12:08 ` Jarkko Sakkinen 2026-04-16 10:13 ` Thorsten Blum 0 siblings, 1 reply; 9+ messages in thread From: Jarkko Sakkinen @ 2026-04-15 12:08 UTC (permalink / raw) To: Thorsten Blum Cc: David Howells, Kees Cook, Gustavo A. R. Silva, keyrings, linux-kernel, linux-hardening On Wed, Apr 15, 2026 at 11:40:26AM +0200, Thorsten Blum wrote: > On Wed, Apr 15, 2026 at 02:58:05AM +0300, Jarkko Sakkinen wrote: > > On Wed, Apr 08, 2026 at 02:21:19PM +0200, Thorsten Blum wrote: > > > On Wed, Apr 08, 2026 at 12:02:25PM +0300, Jarkko Sakkinen wrote: > > > > On Mon, Apr 06, 2026 at 07:58:10PM +0200, Thorsten Blum wrote: > > > > > Add the __counted_by() compiler attribute to the flexible array member > > > > > 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and > > > > > CONFIG_FORTIFY_SOURCE. > > > > > > > > > > Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> > > > > > --- > > > > > include/keys/user-type.h | 3 ++- > > > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > > > > > diff --git a/include/keys/user-type.h b/include/keys/user-type.h > > > > > index 386c31432789..2305991f4fcd 100644 > > > > > --- a/include/keys/user-type.h > > > > > +++ b/include/keys/user-type.h > > > > > @@ -27,7 +27,8 @@ > > > > > struct user_key_payload { > > > > > struct rcu_head rcu; /* RCU destructor */ > > > > > unsigned short datalen; /* length of this data */ > > > > > - char data[] __aligned(__alignof__(u64)); /* actual data */ > > > > > + char data[] /* actual data */ > > > > > + __aligned(__alignof__(u64)) __counted_by(datalen); > > > > > }; > > > > > > > > > > extern struct key_type key_type_user; > > > > > > > > You don't provide any evidence of any improvement. > > > > > > It's a proactive hardening change to help avoid future mistakes. > > > > > > The __counted_by() annotation makes the bounds visible to the compiler > > > and at runtime so that future ->data accesses can be checked against > > > ->datalen. > > > > > > The current code is correct regarding ->data accesses and doesn't > > > require any changes. > > > > OK I'll buy that but send +1 version: > > > > ~/work/kernel.org/jarkko/linux-tpmdd next > > ❯ git am -3 20260406_thorsten_blum_keys_dns_drop_unused_upayload_data_nul_terminator.mbx > > Applying: keys, dns: drop unused upayload->data NUL terminator > > error: sha1 information is lacking or useless (net/dns_resolver/dns_key.c). > > error: could not build fake ancestor > > Patch failed at 0001 keys, dns: drop unused upayload->data NUL terminator > > hint: Use 'git am --show-current-patch=diff' to see the failed patch > > When you have resolved this problem, run "git am --continue". > > If you prefer to skip this patch, run "git am --skip" instead. > > To restore the original branch and stop patching, run "git am --abort". > > AFAICT, linux-tpmdd/next is missing this change: > > https://lore.kernel.org/all/20260226214930.785423-3-thorsten.blum@linux.dev/ By pratical means, that is lacking any proper commit message. BR, Jarkko ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by 2026-04-15 12:08 ` Jarkko Sakkinen @ 2026-04-16 10:13 ` Thorsten Blum 2026-04-19 12:06 ` Jarkko Sakkinen 0 siblings, 1 reply; 9+ messages in thread From: Thorsten Blum @ 2026-04-16 10:13 UTC (permalink / raw) To: Jarkko Sakkinen Cc: David Howells, Kees Cook, Gustavo A. R. Silva, keyrings, linux-kernel, linux-hardening On Wed, Apr 15, 2026 at 03:08:33PM +0300, Jarkko Sakkinen wrote: > On Wed, Apr 15, 2026 at 11:40:26AM +0200, Thorsten Blum wrote: > > On Wed, Apr 15, 2026 at 02:58:05AM +0300, Jarkko Sakkinen wrote: > > > On Wed, Apr 08, 2026 at 02:21:19PM +0200, Thorsten Blum wrote: > > > > On Wed, Apr 08, 2026 at 12:02:25PM +0300, Jarkko Sakkinen wrote: > > > > > On Mon, Apr 06, 2026 at 07:58:10PM +0200, Thorsten Blum wrote: > > > > > > Add the __counted_by() compiler attribute to the flexible array member > > > > > > 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and > > > > > > CONFIG_FORTIFY_SOURCE. > > > > > > > > > > > > Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> > > > > > > --- > > > > > > include/keys/user-type.h | 3 ++- > > > > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > > > > > > > diff --git a/include/keys/user-type.h b/include/keys/user-type.h > > > > > > index 386c31432789..2305991f4fcd 100644 > > > > > > --- a/include/keys/user-type.h > > > > > > +++ b/include/keys/user-type.h > > > > > > @@ -27,7 +27,8 @@ > > > > > > struct user_key_payload { > > > > > > struct rcu_head rcu; /* RCU destructor */ > > > > > > unsigned short datalen; /* length of this data */ > > > > > > - char data[] __aligned(__alignof__(u64)); /* actual data */ > > > > > > + char data[] /* actual data */ > > > > > > + __aligned(__alignof__(u64)) __counted_by(datalen); > > > > > > }; > > > > > > > > > > > > extern struct key_type key_type_user; > > > > > > > > > > You don't provide any evidence of any improvement. > > > > > > > > It's a proactive hardening change to help avoid future mistakes. > > > > > > > > The __counted_by() annotation makes the bounds visible to the compiler > > > > and at runtime so that future ->data accesses can be checked against > > > > ->datalen. > > > > > > > > The current code is correct regarding ->data accesses and doesn't > > > > require any changes. > > > > > > OK I'll buy that but send +1 version: > > > > > > ~/work/kernel.org/jarkko/linux-tpmdd next > > > ❯ git am -3 20260406_thorsten_blum_keys_dns_drop_unused_upayload_data_nul_terminator.mbx > > > Applying: keys, dns: drop unused upayload->data NUL terminator > > > error: sha1 information is lacking or useless (net/dns_resolver/dns_key.c). > > > error: could not build fake ancestor > > > Patch failed at 0001 keys, dns: drop unused upayload->data NUL terminator > > > hint: Use 'git am --show-current-patch=diff' to see the failed patch > > > When you have resolved this problem, run "git am --continue". > > > If you prefer to skip this patch, run "git am --skip" instead. > > > To restore the original branch and stop patching, run "git am --abort". > > > > AFAICT, linux-tpmdd/next is missing this change: > > > > https://lore.kernel.org/all/20260226214930.785423-3-thorsten.blum@linux.dev/ > > By pratical means, that is lacking any proper commit message. My point was that it has been in linux-next since February, but it's missing in linux-tpmdd/next, which is why patch 1/2 doesn't apply. I'll send a new version with 'char data[] __aligned(8) ...' on a single line in patch 2/2 after the merge window - please let me know if there's anything else that should be changed. Thanks, Thorsten ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by 2026-04-16 10:13 ` Thorsten Blum @ 2026-04-19 12:06 ` Jarkko Sakkinen 2026-04-19 12:09 ` Jarkko Sakkinen 0 siblings, 1 reply; 9+ messages in thread From: Jarkko Sakkinen @ 2026-04-19 12:06 UTC (permalink / raw) To: Thorsten Blum Cc: David Howells, Kees Cook, Gustavo A. R. Silva, keyrings, linux-kernel, linux-hardening On Thu, Apr 16, 2026 at 12:13:28PM +0200, Thorsten Blum wrote: > On Wed, Apr 15, 2026 at 03:08:33PM +0300, Jarkko Sakkinen wrote: > > On Wed, Apr 15, 2026 at 11:40:26AM +0200, Thorsten Blum wrote: > > > On Wed, Apr 15, 2026 at 02:58:05AM +0300, Jarkko Sakkinen wrote: > > > > On Wed, Apr 08, 2026 at 02:21:19PM +0200, Thorsten Blum wrote: > > > > > On Wed, Apr 08, 2026 at 12:02:25PM +0300, Jarkko Sakkinen wrote: > > > > > > On Mon, Apr 06, 2026 at 07:58:10PM +0200, Thorsten Blum wrote: > > > > > > > Add the __counted_by() compiler attribute to the flexible array member > > > > > > > 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and > > > > > > > CONFIG_FORTIFY_SOURCE. > > > > > > > > > > > > > > Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> > > > > > > > --- > > > > > > > include/keys/user-type.h | 3 ++- > > > > > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > > > > > > > > > diff --git a/include/keys/user-type.h b/include/keys/user-type.h > > > > > > > index 386c31432789..2305991f4fcd 100644 > > > > > > > --- a/include/keys/user-type.h > > > > > > > +++ b/include/keys/user-type.h > > > > > > > @@ -27,7 +27,8 @@ > > > > > > > struct user_key_payload { > > > > > > > struct rcu_head rcu; /* RCU destructor */ > > > > > > > unsigned short datalen; /* length of this data */ > > > > > > > - char data[] __aligned(__alignof__(u64)); /* actual data */ > > > > > > > + char data[] /* actual data */ > > > > > > > + __aligned(__alignof__(u64)) __counted_by(datalen); > > > > > > > }; > > > > > > > > > > > > > > extern struct key_type key_type_user; > > > > > > > > > > > > You don't provide any evidence of any improvement. > > > > > > > > > > It's a proactive hardening change to help avoid future mistakes. > > > > > > > > > > The __counted_by() annotation makes the bounds visible to the compiler > > > > > and at runtime so that future ->data accesses can be checked against > > > > > ->datalen. > > > > > > > > > > The current code is correct regarding ->data accesses and doesn't > > > > > require any changes. > > > > > > > > OK I'll buy that but send +1 version: > > > > > > > > ~/work/kernel.org/jarkko/linux-tpmdd next > > > > ❯ git am -3 20260406_thorsten_blum_keys_dns_drop_unused_upayload_data_nul_terminator.mbx > > > > Applying: keys, dns: drop unused upayload->data NUL terminator > > > > error: sha1 information is lacking or useless (net/dns_resolver/dns_key.c). > > > > error: could not build fake ancestor > > > > Patch failed at 0001 keys, dns: drop unused upayload->data NUL terminator > > > > hint: Use 'git am --show-current-patch=diff' to see the failed patch > > > > When you have resolved this problem, run "git am --continue". > > > > If you prefer to skip this patch, run "git am --skip" instead. > > > > To restore the original branch and stop patching, run "git am --abort". > > > > > > AFAICT, linux-tpmdd/next is missing this change: > > > > > > https://lore.kernel.org/all/20260226214930.785423-3-thorsten.blum@linux.dev/ > > > > By pratical means, that is lacking any proper commit message. > > My point was that it has been in linux-next since February, but it's > missing in linux-tpmdd/next, which is why patch 1/2 doesn't apply. > > I'll send a new version with 'char data[] __aligned(8) ...' on a single > line in patch 2/2 after the merge window - please let me know if there's > anything else that should be changed. Whoever mirrors that in there has the ball on that patch. I can revisit this once it is either: 1. In the mainline 2. Dropped and resent for review. > > Thanks, > Thorsten BR, Jarkko ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by 2026-04-19 12:06 ` Jarkko Sakkinen @ 2026-04-19 12:09 ` Jarkko Sakkinen 0 siblings, 0 replies; 9+ messages in thread From: Jarkko Sakkinen @ 2026-04-19 12:09 UTC (permalink / raw) To: Thorsten Blum Cc: David Howells, Kees Cook, Gustavo A. R. Silva, keyrings, linux-kernel, linux-hardening On Sun, Apr 19, 2026 at 03:06:59PM +0300, Jarkko Sakkinen wrote: > On Thu, Apr 16, 2026 at 12:13:28PM +0200, Thorsten Blum wrote: > > On Wed, Apr 15, 2026 at 03:08:33PM +0300, Jarkko Sakkinen wrote: > > > On Wed, Apr 15, 2026 at 11:40:26AM +0200, Thorsten Blum wrote: > > > > On Wed, Apr 15, 2026 at 02:58:05AM +0300, Jarkko Sakkinen wrote: > > > > > On Wed, Apr 08, 2026 at 02:21:19PM +0200, Thorsten Blum wrote: > > > > > > On Wed, Apr 08, 2026 at 12:02:25PM +0300, Jarkko Sakkinen wrote: > > > > > > > On Mon, Apr 06, 2026 at 07:58:10PM +0200, Thorsten Blum wrote: > > > > > > > > Add the __counted_by() compiler attribute to the flexible array member > > > > > > > > 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and > > > > > > > > CONFIG_FORTIFY_SOURCE. > > > > > > > > > > > > > > > > Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> > > > > > > > > --- > > > > > > > > include/keys/user-type.h | 3 ++- > > > > > > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > > > > > > > > > > > diff --git a/include/keys/user-type.h b/include/keys/user-type.h > > > > > > > > index 386c31432789..2305991f4fcd 100644 > > > > > > > > --- a/include/keys/user-type.h > > > > > > > > +++ b/include/keys/user-type.h > > > > > > > > @@ -27,7 +27,8 @@ > > > > > > > > struct user_key_payload { > > > > > > > > struct rcu_head rcu; /* RCU destructor */ > > > > > > > > unsigned short datalen; /* length of this data */ > > > > > > > > - char data[] __aligned(__alignof__(u64)); /* actual data */ > > > > > > > > + char data[] /* actual data */ > > > > > > > > + __aligned(__alignof__(u64)) __counted_by(datalen); > > > > > > > > }; > > > > > > > > > > > > > > > > extern struct key_type key_type_user; > > > > > > > > > > > > > > You don't provide any evidence of any improvement. > > > > > > > > > > > > It's a proactive hardening change to help avoid future mistakes. > > > > > > > > > > > > The __counted_by() annotation makes the bounds visible to the compiler > > > > > > and at runtime so that future ->data accesses can be checked against > > > > > > ->datalen. > > > > > > > > > > > > The current code is correct regarding ->data accesses and doesn't > > > > > > require any changes. > > > > > > > > > > OK I'll buy that but send +1 version: > > > > > > > > > > ~/work/kernel.org/jarkko/linux-tpmdd next > > > > > ❯ git am -3 20260406_thorsten_blum_keys_dns_drop_unused_upayload_data_nul_terminator.mbx > > > > > Applying: keys, dns: drop unused upayload->data NUL terminator > > > > > error: sha1 information is lacking or useless (net/dns_resolver/dns_key.c). > > > > > error: could not build fake ancestor > > > > > Patch failed at 0001 keys, dns: drop unused upayload->data NUL terminator > > > > > hint: Use 'git am --show-current-patch=diff' to see the failed patch > > > > > When you have resolved this problem, run "git am --continue". > > > > > If you prefer to skip this patch, run "git am --skip" instead. > > > > > To restore the original branch and stop patching, run "git am --abort". > > > > > > > > AFAICT, linux-tpmdd/next is missing this change: > > > > > > > > https://lore.kernel.org/all/20260226214930.785423-3-thorsten.blum@linux.dev/ > > > > > > By pratical means, that is lacking any proper commit message. > > > > My point was that it has been in linux-next since February, but it's > > missing in linux-tpmdd/next, which is why patch 1/2 doesn't apply. > > > > I'll send a new version with 'char data[] __aligned(8) ...' on a single > > line in patch 2/2 after the merge window - please let me know if there's > > anything else that should be changed. > > Whoever mirrors that in there has the ball on that patch. I can revisit > this once it is either: > > 1. In the mainline > 2. Dropped and resent for review. Or actually it should not be applied to mainline with my ack but anyway. Sounds weird. BR, Jarkko ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2026-04-19 12:09 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20260406175810.1018681-3-thorsten.blum@linux.dev>
2026-04-06 17:58 ` [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by Thorsten Blum
2026-04-08 9:02 ` Jarkko Sakkinen
2026-04-08 12:21 ` Thorsten Blum
2026-04-14 23:58 ` Jarkko Sakkinen
2026-04-15 9:40 ` Thorsten Blum
2026-04-15 12:08 ` Jarkko Sakkinen
2026-04-16 10:13 ` Thorsten Blum
2026-04-19 12:06 ` Jarkko Sakkinen
2026-04-19 12:09 ` Jarkko Sakkinen
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox