Re: [PATCH 09/44] ipv6: __ip6_append_data() don't abuse max_t() casts
From: Chris Mason
Date: Thu Nov 20 2025 - 08:52:30 EST
On 11/20/25 6:16 AM, David Laight wrote:
> On Thu, 20 Nov 2025 00:32:34 +0000 (UTC)
> bot+bpf-ci@xxxxxxxxxx wrote:
>
>>> diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
>>> index f904739e9..6fecf2f2c 100644
>>> --- a/net/ipv6/ip6_output.c
>>> +++ b/net/ipv6/ip6_output.c
>>> @@ -1440,7 +1440,7 @@ static int __ip6_append_data(struct sock *sk,
>>> struct sk_buff *skb, *skb_prev = NULL;
>>> struct inet_cork *cork = &cork_full->base;
>>> struct flowi6 *fl6 = &cork_full->fl.u.ip6;
>>> - unsigned int maxfraglen, fragheaderlen, mtu, orig_mtu, pmtu;
>>> + unsigned int maxfraglen, fragheaderlen, mtu, orig_mtu;
>>
>> [ ... ]
>>
>>> @@ -1504,9 +1504,10 @@ static int __ip6_append_data(struct sock *sk,
>>> maxnonfragsize = mtu;
>>>
>>> if (cork->length + length > maxnonfragsize - headersize) {
>>> + int pmtu;
>>> emsgsize:
>>> - pmtu = max_t(int, mtu - headersize + sizeof(struct ipv6hdr), 0);
>>> - ipv6_local_error(sk, EMSGSIZE, fl6, pmtu);
>>> + pmtu = mtu - headersize + (int)sizeof(struct ipv6hdr);
>>> + ipv6_local_error(sk, EMSGSIZE, fl6, max(pmtu, 0));
>>> return -EMSGSIZE;
>>> }
>>
>> Can the variable pmtu be used uninitialized here?
>
> If your AI bot doesn't understand code don't run it.
I ran this locally three more times and this false positive didn't
reproduce, but I'll see if the CI has enough logs to figure out where it
got confused.
Regardless, I'm doing periodic checks for patterns of false positives
and fine tuning the prompts.
-chris