On Thu, Apr 16, 2026 at 12:13:28PM +0200, Thorsten Blum wrote: > On Wed, Apr 15, 2026 at 03:08:33PM +0300, Jarkko Sakkinen wrote: > > On Wed, Apr 15, 2026 at 11:40:26AM +0200, Thorsten Blum wrote: > > > On Wed, Apr 15, 2026 at 02:58:05AM +0300, Jarkko Sakkinen wrote: > > > > On Wed, Apr 08, 2026 at 02:21:19PM +0200, Thorsten Blum wrote: > > > > > On Wed, Apr 08, 2026 at 12:02:25PM +0300, Jarkko Sakkinen wrote: > > > > > > On Mon, Apr 06, 2026 at 07:58:10PM +0200, Thorsten Blum wrote: > > > > > > > Add the __counted_by() compiler attribute to the flexible array > > > > > > > member > > > > > > > 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS > > > > > > > and > > > > > > > CONFIG_FORTIFY_SOURCE. > > > > > > > > > > > > > > Signed-off-by: Thorsten Blum <[email protected]> > > > > > > > --- > > > > > > > include/keys/user-type.h | 3 ++- > > > > > > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > > > > > > > > > > > diff --git a/include/keys/user-type.h b/include/keys/user-type.h > > > > > > > index 386c31432789..2305991f4fcd 100644 > > > > > > > --- a/include/keys/user-type.h > > > > > > > +++ b/include/keys/user-type.h > > > > > > > @@ -27,7 +27,8 @@ > > > > > > > struct user_key_payload { > > > > > > > struct rcu_head rcu; /* RCU destructor */ > > > > > > > unsigned short datalen; /* length of this data */ > > > > > > > - char data[] __aligned(__alignof__(u64)); /* actual > > > > > > > data */ > > > > > > > + char data[] /* actual data */ > > > > > > > + __aligned(__alignof__(u64)) > > > > > > > __counted_by(datalen); > > > > > > > }; > > > > > > > > > > > > > > extern struct key_type key_type_user; > > > > > > > > > > > > You don't provide any evidence of any improvement. > > > > > > > > > > It's a proactive hardening change to help avoid future mistakes. > > > > > > > > > > The __counted_by() annotation makes the bounds visible to the compiler > > > > > and at runtime so that future ->data accesses can be checked against > > > > > ->datalen. > > > > > > > > > > The current code is correct regarding ->data accesses and doesn't > > > > > require any changes. > > > > > > > > OK I'll buy that but send +1 version: > > > > > > > > ~/work/kernel.org/jarkko/linux-tpmdd next > > > > ❯ git am -3 > > > > 20260406_thorsten_blum_keys_dns_drop_unused_upayload_data_nul_terminator.mbx > > > > Applying: keys, dns: drop unused upayload->data NUL terminator > > > > error: sha1 information is lacking or useless > > > > (net/dns_resolver/dns_key.c). > > > > error: could not build fake ancestor > > > > Patch failed at 0001 keys, dns: drop unused upayload->data NUL > > > > terminator > > > > hint: Use 'git am --show-current-patch=diff' to see the failed patch > > > > When you have resolved this problem, run "git am --continue". > > > > If you prefer to skip this patch, run "git am --skip" instead. > > > > To restore the original branch and stop patching, run "git am --abort". > > > > > > AFAICT, linux-tpmdd/next is missing this change: > > > > > > https://lore.kernel.org/all/[email protected]/ > > > > By pratical means, that is lacking any proper commit message. > > My point was that it has been in linux-next since February, but it's > missing in linux-tpmdd/next, which is why patch 1/2 doesn't apply. > > I'll send a new version with 'char data[] __aligned(8) ...' on a single > line in patch 2/2 after the merge window - please let me know if there's > anything else that should be changed.
Whoever mirrors that in there has the ball on that patch. I can revisit this once it is either: 1. In the mainline 2. Dropped and resent for review. > > Thanks, > Thorsten BR, Jarkko
