[Bug 2120561] Re: Fix compilation failure because of incomplete backport

This bug is awaiting verification that the linux-azure- nvidia/6.8.0-1034.37 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-noble-linux-azure-nvidia' to 'verification-done-noble-linux-azure-nvidia'. If the problem still exists, change the tag 'verification-needed-noble-linux-azure-nvidia' to 'verification-failed-noble-linux-azure-nvidia'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-noble-linux-azure-nvidia-v2 verification-needed-noble-linux-azure-nvidia -- You received this bug notification because you are subscribed to linux in Ubuntu. Matching subscriptions: Bgg, Bmail, Nb https://bugs.launchpad.net/bugs/2120561 Title: Fix compilation failure because of incomplete backport Status in linux package in Ubuntu: Invalid Status in linux source package in Noble: Fix Released Bug description: SRU Justification [Impact] In ctnetlink_secctx_size() from net/netfilter/nf_conntrack_netlink.c, `len` is used uninitialized, triggering the following warning when compiling with Clang: net/netfilter/nf_conntrack_netlink.c:674:41: warning: variable 'len' is uninitialized when used here [-Wuninitialized] 674 | + nla_total_size(sizeof(char) * len); /* CTA_SECCTX_NAME */ | ^~~ net/netfilter/nf_conntrack_netlink.c:667:9: note: initialize the variable 'len' to silence this warning 667 | int len, ret; | ^ | = 0 [Fix] Match mainline commit 2d470c778120 ("lsm: replace context+len with lsm_context"). [Test Plan] Compile with Clang, check the warning is gone and no other warning has been triggered. [Where problems could occur] This patch touches bits of the netlink interface for nf_conntrack. However, it addresses a clear mistake in the current implementation, so no issues should be introduced. ---------------------------- Original bug report ---------------------------- Below code is failing while compiling with clang: static inline int ctnetlink_secctx_size(const struct nf_conn *ct) { #ifdef CONFIG_NF_CONNTRACK_SECMARK         int len, ret;             ^^^ <-- len is not initialized before use         ret = security_secid_to_secctx(ct->secmark, NULL);         if (ret < 0)                 return 0;         return nla_total_size(0) /* CTA_SECCTX */                + nla_total_size(sizeof(char) * len); /* CTA_SECCTX_NAME */                                                ^^^ <-- len has not been initialized #else         return 0;