On 3/30/22 08:29, Greg KH wrote:
On Wed, Mar 30, 2022 at 07:59:57AM -0700, Tadeusz Struk wrote:
On 3/30/22 07:46, Greg KH wrote:
On Tue, Mar 29, 2022 at 03:02:56PM -0700, Tadeusz Struk wrote:
Please apply this to stable 5.10.y, and 5.15.y ---8<---
From: Kees Cookkeescook@chromium.org
Upstream commit: 1a2fb220edca ("skbuff: Extract list pointers to silence compiler warnings")
Under both -Warray-bounds and the object_size sanitizer, the compiler is upset about accessing prev/next of sk_buff when the object it thinks it is coming from is sk_buff_head. The warning is a false positive due to the compiler taking a conservative approach, opting to warn at casting time rather than access time.
However, in support of enabling -Warray-bounds globally (which has found many real bugs), arrange things for sk_buff so that the compiler can unambiguously see that there is no intention to access anything except prev/next. Introduce and cast to a separate struct sk_buff_list, which contains_only_ the first two fields, silencing the warnings:
We don't have -Warray-bounds enabled on any stable kernel tree, so why is this needed?
Where is this showing up as a problem?
The issue shows up and hinders testing stable kernels in test automations like syzkaller:
https://syzkaller.appspot.com/text?tag=Error&x=12b3aac3700000
Applying it to stable would enable more test coverage.
Ok, again, that was not obvious, it seemed like you only needed this for build warnings.
The original commit message was already long so I only added short statement about UBSAN. I was afraid that if I add more details nobody would ready it ;)
Thanks!