On 3/30/22 08:29, Greg KH wrote:
On Wed, Mar 30, 2022 at 07:59:57AM -0700, Tadeusz Struk wrote:
On 3/30/22 07:46, Greg KH wrote:
On Tue, Mar 29, 2022 at 03:02:56PM -0700, Tadeusz Struk wrote:
Please apply this to stable 5.10.y, and 5.15.y
---8<---
From: Kees Cook<keescook@xxxxxxxxxxxx>
Upstream commit: 1a2fb220edca ("skbuff: Extract list pointers to silence compiler warnings")
Under both -Warray-bounds and the object_size sanitizer, the compiler is
upset about accessing prev/next of sk_buff when the object it thinks it
is coming from is sk_buff_head. The warning is a false positive due to
the compiler taking a conservative approach, opting to warn at casting
time rather than access time.
However, in support of enabling -Warray-bounds globally (which has
found many real bugs), arrange things for sk_buff so that the compiler
can unambiguously see that there is no intention to access anything
except prev/next. Introduce and cast to a separate struct sk_buff_list,
which contains_only_ the first two fields, silencing the warnings:
We don't have -Warray-bounds enabled on any stable kernel tree, so why
is this needed?
Where is this showing up as a problem?
The issue shows up and hinders testing stable kernels in test automations
like syzkaller:
https://syzkaller.appspot.com/text?tag=Error&x=12b3aac3700000
Applying it to stable would enable more test coverage.
Ok, again, that was not obvious, it seemed like you only needed this for
build warnings.
The original commit message was already long so I only added short statement
about UBSAN. I was afraid that if I add more details nobody would ready it ;)
Thanks!
--
Thanks,
Tadeusz
