On Tue, Mar 29, 2022 at 03:02:56PM -0700, Tadeusz Struk wrote:
Please apply this to stable 5.10.y, and 5.15.y ---8<---
From: Kees Cook keescook@chromium.org
Upstream commit: 1a2fb220edca ("skbuff: Extract list pointers to silence compiler warnings")
Under both -Warray-bounds and the object_size sanitizer, the compiler is upset about accessing prev/next of sk_buff when the object it thinks it is coming from is sk_buff_head. The warning is a false positive due to the compiler taking a conservative approach, opting to warn at casting time rather than access time.
However, in support of enabling -Warray-bounds globally (which has found many real bugs), arrange things for sk_buff so that the compiler can unambiguously see that there is no intention to access anything except prev/next. Introduce and cast to a separate struct sk_buff_list, which contains _only_ the first two fields, silencing the warnings:
We don't have -Warray-bounds enabled on any stable kernel tree, so why is this needed?
Where is this showing up as a problem?
thanks,
greg k-h