* [PATCH net-next 1/2] keys, dns: drop unused upayload->data NUL terminator @ 2026-04-06 17:58 Thorsten Blum 2026-04-06 17:58 ` [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by Thorsten Blum 2026-04-09 2:39 ` [PATCH net-next 1/2] keys, dns: drop unused upayload->data NUL terminator Jakub Kicinski 0 siblings, 2 replies; 9+ messages in thread From: Thorsten Blum @ 2026-04-06 17:58 UTC (permalink / raw) To: David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni, Simon Horman, Tim Bird, Thorsten Blum Cc: netdev, linux-kernel In dns_resolver_preparse(), do not NUL-terminate ->data and allocate one byte less. The NUL terminator is never used and only ->datalen bytes are accessed. Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> --- net/dns_resolver/dns_key.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/net/dns_resolver/dns_key.c b/net/dns_resolver/dns_key.c index c3c8c3240ef9..451247864a63 100644 --- a/net/dns_resolver/dns_key.c +++ b/net/dns_resolver/dns_key.c @@ -203,7 +203,7 @@ dns_resolver_preparse(struct key_preparsed_payload *prep) kdebug("store result"); prep->quotalen = result_len; - upayload = kmalloc_flex(*upayload, data, result_len + 1); + upayload = kmalloc_flex(*upayload, data, result_len); if (!upayload) { kleave(" = -ENOMEM"); return -ENOMEM; @@ -211,7 +211,6 @@ dns_resolver_preparse(struct key_preparsed_payload *prep) upayload->datalen = result_len; memcpy(upayload->data, data, result_len); - upayload->data[result_len] = '\0'; prep->payload.data[dns_key_data] = upayload; kleave(" = 0"); ^ permalink raw reply related [flat|nested] 9+ messages in thread
* [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by 2026-04-06 17:58 [PATCH net-next 1/2] keys, dns: drop unused upayload->data NUL terminator Thorsten Blum @ 2026-04-06 17:58 ` Thorsten Blum 2026-04-08 9:02 ` Jarkko Sakkinen 2026-04-09 2:39 ` [PATCH net-next 1/2] keys, dns: drop unused upayload->data NUL terminator Jakub Kicinski 1 sibling, 1 reply; 9+ messages in thread From: Thorsten Blum @ 2026-04-06 17:58 UTC (permalink / raw) To: David Howells, Jarkko Sakkinen, Kees Cook, Gustavo A. R. Silva Cc: Thorsten Blum, keyrings, linux-kernel, linux-hardening Add the __counted_by() compiler attribute to the flexible array member 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and CONFIG_FORTIFY_SOURCE. Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> --- include/keys/user-type.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/keys/user-type.h b/include/keys/user-type.h index 386c31432789..2305991f4fcd 100644 --- a/include/keys/user-type.h +++ b/include/keys/user-type.h @@ -27,7 +27,8 @@ struct user_key_payload { struct rcu_head rcu; /* RCU destructor */ unsigned short datalen; /* length of this data */ - char data[] __aligned(__alignof__(u64)); /* actual data */ + char data[] /* actual data */ + __aligned(__alignof__(u64)) __counted_by(datalen); }; extern struct key_type key_type_user; ^ permalink raw reply related [flat|nested] 9+ messages in thread
* Re: [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by 2026-04-06 17:58 ` [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by Thorsten Blum @ 2026-04-08 9:02 ` Jarkko Sakkinen 2026-04-08 12:21 ` Thorsten Blum 0 siblings, 1 reply; 9+ messages in thread From: Jarkko Sakkinen @ 2026-04-08 9:02 UTC (permalink / raw) To: Thorsten Blum Cc: David Howells, Kees Cook, Gustavo A. R. Silva, keyrings, linux-kernel, linux-hardening On Mon, Apr 06, 2026 at 07:58:10PM +0200, Thorsten Blum wrote: > Add the __counted_by() compiler attribute to the flexible array member > 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and > CONFIG_FORTIFY_SOURCE. > > Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> > --- > include/keys/user-type.h | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/include/keys/user-type.h b/include/keys/user-type.h > index 386c31432789..2305991f4fcd 100644 > --- a/include/keys/user-type.h > +++ b/include/keys/user-type.h > @@ -27,7 +27,8 @@ > struct user_key_payload { > struct rcu_head rcu; /* RCU destructor */ > unsigned short datalen; /* length of this data */ > - char data[] __aligned(__alignof__(u64)); /* actual data */ > + char data[] /* actual data */ > + __aligned(__alignof__(u64)) __counted_by(datalen); > }; > > extern struct key_type key_type_user; You don't provide any evidence of any improvement. BR, Jarkko ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by 2026-04-08 9:02 ` Jarkko Sakkinen @ 2026-04-08 12:21 ` Thorsten Blum 2026-04-14 23:58 ` Jarkko Sakkinen 0 siblings, 1 reply; 9+ messages in thread From: Thorsten Blum @ 2026-04-08 12:21 UTC (permalink / raw) To: Jarkko Sakkinen Cc: David Howells, Kees Cook, Gustavo A. R. Silva, keyrings, linux-kernel, linux-hardening On Wed, Apr 08, 2026 at 12:02:25PM +0300, Jarkko Sakkinen wrote: > On Mon, Apr 06, 2026 at 07:58:10PM +0200, Thorsten Blum wrote: > > Add the __counted_by() compiler attribute to the flexible array member > > 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and > > CONFIG_FORTIFY_SOURCE. > > > > Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> > > --- > > include/keys/user-type.h | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/include/keys/user-type.h b/include/keys/user-type.h > > index 386c31432789..2305991f4fcd 100644 > > --- a/include/keys/user-type.h > > +++ b/include/keys/user-type.h > > @@ -27,7 +27,8 @@ > > struct user_key_payload { > > struct rcu_head rcu; /* RCU destructor */ > > unsigned short datalen; /* length of this data */ > > - char data[] __aligned(__alignof__(u64)); /* actual data */ > > + char data[] /* actual data */ > > + __aligned(__alignof__(u64)) __counted_by(datalen); > > }; > > > > extern struct key_type key_type_user; > > You don't provide any evidence of any improvement. It's a proactive hardening change to help avoid future mistakes. The __counted_by() annotation makes the bounds visible to the compiler and at runtime so that future ->data accesses can be checked against ->datalen. The current code is correct regarding ->data accesses and doesn't require any changes. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by 2026-04-08 12:21 ` Thorsten Blum @ 2026-04-14 23:58 ` Jarkko Sakkinen 2026-04-15 9:40 ` Thorsten Blum 0 siblings, 1 reply; 9+ messages in thread From: Jarkko Sakkinen @ 2026-04-14 23:58 UTC (permalink / raw) To: Thorsten Blum Cc: David Howells, Kees Cook, Gustavo A. R. Silva, keyrings, linux-kernel, linux-hardening On Wed, Apr 08, 2026 at 02:21:19PM +0200, Thorsten Blum wrote: > On Wed, Apr 08, 2026 at 12:02:25PM +0300, Jarkko Sakkinen wrote: > > On Mon, Apr 06, 2026 at 07:58:10PM +0200, Thorsten Blum wrote: > > > Add the __counted_by() compiler attribute to the flexible array member > > > 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and > > > CONFIG_FORTIFY_SOURCE. > > > > > > Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> > > > --- > > > include/keys/user-type.h | 3 ++- > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > diff --git a/include/keys/user-type.h b/include/keys/user-type.h > > > index 386c31432789..2305991f4fcd 100644 > > > --- a/include/keys/user-type.h > > > +++ b/include/keys/user-type.h > > > @@ -27,7 +27,8 @@ > > > struct user_key_payload { > > > struct rcu_head rcu; /* RCU destructor */ > > > unsigned short datalen; /* length of this data */ > > > - char data[] __aligned(__alignof__(u64)); /* actual data */ > > > + char data[] /* actual data */ > > > + __aligned(__alignof__(u64)) __counted_by(datalen); > > > }; > > > > > > extern struct key_type key_type_user; > > > > You don't provide any evidence of any improvement. > > It's a proactive hardening change to help avoid future mistakes. > > The __counted_by() annotation makes the bounds visible to the compiler > and at runtime so that future ->data accesses can be checked against > ->datalen. > > The current code is correct regarding ->data accesses and doesn't > require any changes. OK I'll buy that but send +1 version: ~/work/kernel.org/jarkko/linux-tpmdd next ❯ git am -3 20260406_thorsten_blum_keys_dns_drop_unused_upayload_data_nul_terminator.mbx Applying: keys, dns: drop unused upayload->data NUL terminator error: sha1 information is lacking or useless (net/dns_resolver/dns_key.c). error: could not build fake ancestor Patch failed at 0001 keys, dns: drop unused upayload->data NUL terminator hint: Use 'git am --show-current-patch=diff' to see the failed patch When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort". BR, Jarkko ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by 2026-04-14 23:58 ` Jarkko Sakkinen @ 2026-04-15 9:40 ` Thorsten Blum 2026-04-15 12:08 ` Jarkko Sakkinen 0 siblings, 1 reply; 9+ messages in thread From: Thorsten Blum @ 2026-04-15 9:40 UTC (permalink / raw) To: Jarkko Sakkinen Cc: David Howells, Kees Cook, Gustavo A. R. Silva, keyrings, linux-kernel, linux-hardening On Wed, Apr 15, 2026 at 02:58:05AM +0300, Jarkko Sakkinen wrote: > On Wed, Apr 08, 2026 at 02:21:19PM +0200, Thorsten Blum wrote: > > On Wed, Apr 08, 2026 at 12:02:25PM +0300, Jarkko Sakkinen wrote: > > > On Mon, Apr 06, 2026 at 07:58:10PM +0200, Thorsten Blum wrote: > > > > Add the __counted_by() compiler attribute to the flexible array member > > > > 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and > > > > CONFIG_FORTIFY_SOURCE. > > > > > > > > Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> > > > > --- > > > > include/keys/user-type.h | 3 ++- > > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > > > diff --git a/include/keys/user-type.h b/include/keys/user-type.h > > > > index 386c31432789..2305991f4fcd 100644 > > > > --- a/include/keys/user-type.h > > > > +++ b/include/keys/user-type.h > > > > @@ -27,7 +27,8 @@ > > > > struct user_key_payload { > > > > struct rcu_head rcu; /* RCU destructor */ > > > > unsigned short datalen; /* length of this data */ > > > > - char data[] __aligned(__alignof__(u64)); /* actual data */ > > > > + char data[] /* actual data */ > > > > + __aligned(__alignof__(u64)) __counted_by(datalen); > > > > }; > > > > > > > > extern struct key_type key_type_user; > > > > > > You don't provide any evidence of any improvement. > > > > It's a proactive hardening change to help avoid future mistakes. > > > > The __counted_by() annotation makes the bounds visible to the compiler > > and at runtime so that future ->data accesses can be checked against > > ->datalen. > > > > The current code is correct regarding ->data accesses and doesn't > > require any changes. > > OK I'll buy that but send +1 version: > > ~/work/kernel.org/jarkko/linux-tpmdd next > ❯ git am -3 20260406_thorsten_blum_keys_dns_drop_unused_upayload_data_nul_terminator.mbx > Applying: keys, dns: drop unused upayload->data NUL terminator > error: sha1 information is lacking or useless (net/dns_resolver/dns_key.c). > error: could not build fake ancestor > Patch failed at 0001 keys, dns: drop unused upayload->data NUL terminator > hint: Use 'git am --show-current-patch=diff' to see the failed patch > When you have resolved this problem, run "git am --continue". > If you prefer to skip this patch, run "git am --skip" instead. > To restore the original branch and stop patching, run "git am --abort". AFAICT, linux-tpmdd/next is missing this change: https://lore.kernel.org/all/20260226214930.785423-3-thorsten.blum@linux.dev/ ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by 2026-04-15 9:40 ` Thorsten Blum @ 2026-04-15 12:08 ` Jarkko Sakkinen 2026-04-16 10:13 ` Thorsten Blum 0 siblings, 1 reply; 9+ messages in thread From: Jarkko Sakkinen @ 2026-04-15 12:08 UTC (permalink / raw) To: Thorsten Blum Cc: David Howells, Kees Cook, Gustavo A. R. Silva, keyrings, linux-kernel, linux-hardening On Wed, Apr 15, 2026 at 11:40:26AM +0200, Thorsten Blum wrote: > On Wed, Apr 15, 2026 at 02:58:05AM +0300, Jarkko Sakkinen wrote: > > On Wed, Apr 08, 2026 at 02:21:19PM +0200, Thorsten Blum wrote: > > > On Wed, Apr 08, 2026 at 12:02:25PM +0300, Jarkko Sakkinen wrote: > > > > On Mon, Apr 06, 2026 at 07:58:10PM +0200, Thorsten Blum wrote: > > > > > Add the __counted_by() compiler attribute to the flexible array member > > > > > 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and > > > > > CONFIG_FORTIFY_SOURCE. > > > > > > > > > > Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> > > > > > --- > > > > > include/keys/user-type.h | 3 ++- > > > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > > > > > diff --git a/include/keys/user-type.h b/include/keys/user-type.h > > > > > index 386c31432789..2305991f4fcd 100644 > > > > > --- a/include/keys/user-type.h > > > > > +++ b/include/keys/user-type.h > > > > > @@ -27,7 +27,8 @@ > > > > > struct user_key_payload { > > > > > struct rcu_head rcu; /* RCU destructor */ > > > > > unsigned short datalen; /* length of this data */ > > > > > - char data[] __aligned(__alignof__(u64)); /* actual data */ > > > > > + char data[] /* actual data */ > > > > > + __aligned(__alignof__(u64)) __counted_by(datalen); > > > > > }; > > > > > > > > > > extern struct key_type key_type_user; > > > > > > > > You don't provide any evidence of any improvement. > > > > > > It's a proactive hardening change to help avoid future mistakes. > > > > > > The __counted_by() annotation makes the bounds visible to the compiler > > > and at runtime so that future ->data accesses can be checked against > > > ->datalen. > > > > > > The current code is correct regarding ->data accesses and doesn't > > > require any changes. > > > > OK I'll buy that but send +1 version: > > > > ~/work/kernel.org/jarkko/linux-tpmdd next > > ❯ git am -3 20260406_thorsten_blum_keys_dns_drop_unused_upayload_data_nul_terminator.mbx > > Applying: keys, dns: drop unused upayload->data NUL terminator > > error: sha1 information is lacking or useless (net/dns_resolver/dns_key.c). > > error: could not build fake ancestor > > Patch failed at 0001 keys, dns: drop unused upayload->data NUL terminator > > hint: Use 'git am --show-current-patch=diff' to see the failed patch > > When you have resolved this problem, run "git am --continue". > > If you prefer to skip this patch, run "git am --skip" instead. > > To restore the original branch and stop patching, run "git am --abort". > > AFAICT, linux-tpmdd/next is missing this change: > > https://lore.kernel.org/all/20260226214930.785423-3-thorsten.blum@linux.dev/ By pratical means, that is lacking any proper commit message. BR, Jarkko ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by 2026-04-15 12:08 ` Jarkko Sakkinen @ 2026-04-16 10:13 ` Thorsten Blum 0 siblings, 0 replies; 9+ messages in thread From: Thorsten Blum @ 2026-04-16 10:13 UTC (permalink / raw) To: Jarkko Sakkinen Cc: David Howells, Kees Cook, Gustavo A. R. Silva, keyrings, linux-kernel, linux-hardening On Wed, Apr 15, 2026 at 03:08:33PM +0300, Jarkko Sakkinen wrote: > On Wed, Apr 15, 2026 at 11:40:26AM +0200, Thorsten Blum wrote: > > On Wed, Apr 15, 2026 at 02:58:05AM +0300, Jarkko Sakkinen wrote: > > > On Wed, Apr 08, 2026 at 02:21:19PM +0200, Thorsten Blum wrote: > > > > On Wed, Apr 08, 2026 at 12:02:25PM +0300, Jarkko Sakkinen wrote: > > > > > On Mon, Apr 06, 2026 at 07:58:10PM +0200, Thorsten Blum wrote: > > > > > > Add the __counted_by() compiler attribute to the flexible array member > > > > > > 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and > > > > > > CONFIG_FORTIFY_SOURCE. > > > > > > > > > > > > Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev> > > > > > > --- > > > > > > include/keys/user-type.h | 3 ++- > > > > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > > > > > > > diff --git a/include/keys/user-type.h b/include/keys/user-type.h > > > > > > index 386c31432789..2305991f4fcd 100644 > > > > > > --- a/include/keys/user-type.h > > > > > > +++ b/include/keys/user-type.h > > > > > > @@ -27,7 +27,8 @@ > > > > > > struct user_key_payload { > > > > > > struct rcu_head rcu; /* RCU destructor */ > > > > > > unsigned short datalen; /* length of this data */ > > > > > > - char data[] __aligned(__alignof__(u64)); /* actual data */ > > > > > > + char data[] /* actual data */ > > > > > > + __aligned(__alignof__(u64)) __counted_by(datalen); > > > > > > }; > > > > > > > > > > > > extern struct key_type key_type_user; > > > > > > > > > > You don't provide any evidence of any improvement. > > > > > > > > It's a proactive hardening change to help avoid future mistakes. > > > > > > > > The __counted_by() annotation makes the bounds visible to the compiler > > > > and at runtime so that future ->data accesses can be checked against > > > > ->datalen. > > > > > > > > The current code is correct regarding ->data accesses and doesn't > > > > require any changes. > > > > > > OK I'll buy that but send +1 version: > > > > > > ~/work/kernel.org/jarkko/linux-tpmdd next > > > ❯ git am -3 20260406_thorsten_blum_keys_dns_drop_unused_upayload_data_nul_terminator.mbx > > > Applying: keys, dns: drop unused upayload->data NUL terminator > > > error: sha1 information is lacking or useless (net/dns_resolver/dns_key.c). > > > error: could not build fake ancestor > > > Patch failed at 0001 keys, dns: drop unused upayload->data NUL terminator > > > hint: Use 'git am --show-current-patch=diff' to see the failed patch > > > When you have resolved this problem, run "git am --continue". > > > If you prefer to skip this patch, run "git am --skip" instead. > > > To restore the original branch and stop patching, run "git am --abort". > > > > AFAICT, linux-tpmdd/next is missing this change: > > > > https://lore.kernel.org/all/20260226214930.785423-3-thorsten.blum@linux.dev/ > > By pratical means, that is lacking any proper commit message. My point was that it has been in linux-next since February, but it's missing in linux-tpmdd/next, which is why patch 1/2 doesn't apply. I'll send a new version with 'char data[] __aligned(8) ...' on a single line in patch 2/2 after the merge window - please let me know if there's anything else that should be changed. Thanks, Thorsten ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [PATCH net-next 1/2] keys, dns: drop unused upayload->data NUL terminator 2026-04-06 17:58 [PATCH net-next 1/2] keys, dns: drop unused upayload->data NUL terminator Thorsten Blum 2026-04-06 17:58 ` [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by Thorsten Blum @ 2026-04-09 2:39 ` Jakub Kicinski 1 sibling, 0 replies; 9+ messages in thread From: Jakub Kicinski @ 2026-04-09 2:39 UTC (permalink / raw) To: Thorsten Blum Cc: David S. Miller, Eric Dumazet, Paolo Abeni, Simon Horman, Tim Bird, netdev, linux-kernel On Mon, 6 Apr 2026 19:58:09 +0200 Thorsten Blum wrote: > Subject: [PATCH net-next 1/2] keys, dns: drop unused upayload->data NUL terminator This says net-next but patch 2 never reached netdev@ -- pw-bot: cr ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2026-04-16 10:13 UTC | newest] Thread overview: 9+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2026-04-06 17:58 [PATCH net-next 1/2] keys, dns: drop unused upayload->data NUL terminator Thorsten Blum 2026-04-06 17:58 ` [PATCH net-next 2/2] KEYS: annotate struct user_key_payload with __counted_by Thorsten Blum 2026-04-08 9:02 ` Jarkko Sakkinen 2026-04-08 12:21 ` Thorsten Blum 2026-04-14 23:58 ` Jarkko Sakkinen 2026-04-15 9:40 ` Thorsten Blum 2026-04-15 12:08 ` Jarkko Sakkinen 2026-04-16 10:13 ` Thorsten Blum 2026-04-09 2:39 ` [PATCH net-next 1/2] keys, dns: drop unused upayload->data NUL terminator Jakub Kicinski
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox