On Wed, Apr 08, 2026 at 12:02:25PM +0300, Jarkko Sakkinen wrote: > On Mon, Apr 06, 2026 at 07:58:10PM +0200, Thorsten Blum wrote: > > Add the __counted_by() compiler attribute to the flexible array member > > 'data' to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and > > CONFIG_FORTIFY_SOURCE. > > > > Signed-off-by: Thorsten Blum <[email protected]> > > --- > > include/keys/user-type.h | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/include/keys/user-type.h b/include/keys/user-type.h > > index 386c31432789..2305991f4fcd 100644 > > --- a/include/keys/user-type.h > > +++ b/include/keys/user-type.h > > @@ -27,7 +27,8 @@ > > struct user_key_payload { > > struct rcu_head rcu; /* RCU destructor */ > > unsigned short datalen; /* length of this data */ > > - char data[] __aligned(__alignof__(u64)); /* actual data */ > > + char data[] /* actual data */ > > + __aligned(__alignof__(u64)) __counted_by(datalen); > > }; > > > > extern struct key_type key_type_user; > > You don't provide any evidence of any improvement.
It's a proactive hardening change to help avoid future mistakes. The __counted_by() annotation makes the bounds visible to the compiler and at runtime so that future ->data accesses can be checked against ->datalen. The current code is correct regarding ->data accesses and doesn't require any changes.
