From: Mateusz Guzik mjguzik@gmail.com
[ Upstream commit 67e370aa7f968f6a4f3573ed61a77b36d1b26475 ]
This follows the established practice and fixes a build failure for me: security/apparmor/file.c: In function ‘__file_sock_perm’: security/apparmor/file.c:544:24: error: unused variable ‘sock’ [-Werror=unused-variable] 544 | struct socket *sock = (struct socket *) file->private_data; | ^~~~
Signed-off-by: Mateusz Guzik mjguzik@gmail.com Signed-off-by: John Johansen john.johansen@canonical.com Signed-off-by: Sasha Levin sashal@kernel.org ---
LLM Generated explanations, may be completely bogus:
**Backport Status: YES**
This commit should be backported to stable kernel trees for the following reasons:
1. **It fixes a real build failure**: The commit message clearly states it fixes a build failure with `-Werror=unused-variable`. When `CONFIG_SECURITY_APPARMOR_DEBUG_ASSERTS` is disabled, the `AA_BUG_FMT` macro becomes just `no_printk(fmt, ##args)`, which doesn't evaluate the condition `X`. This causes the `sock` variable in `__file_sock_perm()` to be unused, triggering a compiler warning that becomes an error with `-Werror`.
2. **The fix is minimal and contained**: The change only modifies the `AA_BUG_FMT` macro definition when debug is disabled, adding `BUILD_BUG_ON_INVALID(X)` which forces the compiler to evaluate the condition without generating any runtime code. This is a well- established pattern in the kernel (as seen in `VM_BUG_ON` and similar macros in `include/linux/mmdebug.h`).
3. **No functional changes or side effects**: The fix doesn't change any runtime behavior. `BUILD_BUG_ON_INVALID(e)` is defined as `((void)(sizeof((__force long)(e))))` which only evaluates the expression at compile time to ensure it's valid, without generating any code.
4. **Follows established kernel patterns**: The commit message states "This follows the established practice," and indeed, examining other kernel debug macros like `VM_BUG_ON` shows they use the exact same pattern - using `BUILD_BUG_ON_INVALID` when debug is disabled to ensure the condition is still evaluated by the compiler.
5. **Low risk**: This is a compile-time only change that prevents build failures. It cannot introduce runtime regressions since it generates no runtime code.
6. **Affects a security subsystem**: AppArmor is a security module, and build failures in security code can prevent users from building kernels with their desired security configuration.
The commit is a classic example of a safe, minimal fix that resolves a real problem without introducing new risks, making it an ideal candidate for stable backporting.
security/apparmor/include/lib.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/security/apparmor/include/lib.h b/security/apparmor/include/lib.h index f11a0db7f51d..e83f45e936a7 100644 --- a/security/apparmor/include/lib.h +++ b/security/apparmor/include/lib.h @@ -48,7 +48,11 @@ extern struct aa_dfa *stacksplitdfa; #define AA_BUG_FMT(X, fmt, args...) \ WARN((X), "AppArmor WARN %s: (" #X "): " fmt, __func__, ##args) #else -#define AA_BUG_FMT(X, fmt, args...) no_printk(fmt, ##args) +#define AA_BUG_FMT(X, fmt, args...) \ + do { \ + BUILD_BUG_ON_INVALID(X); \ + no_printk(fmt, ##args); \ + } while (0) #endif
#define AA_ERROR(fmt, args...) \