[PATCH AUTOSEL 6.16-6.1] apparmor: use the condition in AA_BUG_FMT even with debug disabled

[Sasha Levin <sashal@kernel.org>]

From: Mateusz Guzik <mjguzik@gmail.com>

[ Upstream commit 67e370aa7f968f6a4f3573ed61a77b36d1b26475 ]

This follows the established practice and fixes a build failure for me:
security/apparmor/file.c: In function ‘__file_sock_perm’:
security/apparmor/file.c:544:24: error: unused variable ‘sock’ [-Werror=unused-variable]
  544 |         struct socket *sock = (struct socket *) file->private_data;
      |                        ^~~~

Signed-off-by: Mateusz Guzik <mjguzik@gmail.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

LLM Generated explanations, may be completely bogus:

**Backport Status: YES**

This commit should be backported to stable kernel trees for the
following reasons:

1. **It fixes a real build failure**: The commit message clearly states
   it fixes a build failure with `-Werror=unused-variable`. When
   `CONFIG_SECURITY_APPARMOR_DEBUG_ASSERTS` is disabled, the
   `AA_BUG_FMT` macro becomes just `no_printk(fmt, ##args)`, which
   doesn't evaluate the condition `X`. This causes the `sock` variable
   in `__file_sock_perm()` to be unused, triggering a compiler warning
   that becomes an error with `-Werror`.

2. **The fix is minimal and contained**: The change only modifies the
   `AA_BUG_FMT` macro definition when debug is disabled, adding
   `BUILD_BUG_ON_INVALID(X)` which forces the compiler to evaluate the
   condition without generating any runtime code. This is a well-
   established pattern in the kernel (as seen in `VM_BUG_ON` and similar
   macros in `include/linux/mmdebug.h`).

3. **No functional changes or side effects**: The fix doesn't change any
   runtime behavior. `BUILD_BUG_ON_INVALID(e)` is defined as
   `((void)(sizeof((__force long)(e))))` which only evaluates the
   expression at compile time to ensure it's valid, without generating
   any code.

4. **Follows established kernel patterns**: The commit message states
   "This follows the established practice," and indeed, examining other
   kernel debug macros like `VM_BUG_ON` shows they use the exact same
   pattern - using `BUILD_BUG_ON_INVALID` when debug is disabled to
   ensure the condition is still evaluated by the compiler.

5. **Low risk**: This is a compile-time only change that prevents build
   failures. It cannot introduce runtime regressions since it generates
   no runtime code.

6. **Affects a security subsystem**: AppArmor is a security module, and
   build failures in security code can prevent users from building
   kernels with their desired security configuration.

The commit is a classic example of a safe, minimal fix that resolves a
real problem without introducing new risks, making it an ideal candidate
for stable backporting.

 security/apparmor/include/lib.h | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/security/apparmor/include/lib.h b/security/apparmor/include/lib.h
index f11a0db7f51d..e83f45e936a7 100644
--- a/security/apparmor/include/lib.h
+++ b/security/apparmor/include/lib.h
@@ -48,7 +48,11 @@ extern struct aa_dfa *stacksplitdfa;
 #define AA_BUG_FMT(X, fmt, args...)					\
 	WARN((X), "AppArmor WARN %s: (" #X "): " fmt, __func__, ##args)
 #else
-#define AA_BUG_FMT(X, fmt, args...) no_printk(fmt, ##args)
+#define AA_BUG_FMT(X, fmt, args...)					\
+	do {								\
+		BUILD_BUG_ON_INVALID(X);				\
+		no_printk(fmt, ##args);					\
+	} while (0)
 #endif
 
 #define AA_ERROR(fmt, args...)						\
-- 
2.39.5