Filing here so it's not get lost: As far as I understand pskb_may_pull() plays important role in packet parsing for all protocols. And we did custom fragmentation of packets emitted via tun (IFF_NAPI_FRAGS). However, it seems that it does not give any results (bugs found), and I think the reason for this is that linear data is rounded up and is usually quite large. So if a parsing function does pskb_may_pull(1), or does not do it at all, it can usually access more and it will go unnoticed. KASAN has an ability to do custom poisoning: it can poison/unpoison any memory range, and then detect any reads/writes to that range. What do you think about adding custom KASAN poisoning to pskb_may_pull() and switching it to non-eager mode (pull only what was requested) under KASAN? Do you think it has potential for finding important bugs? What amount of work is this?
Kernel bugzilla is only for upstream kernel code. It is not used for design discussions (use mailing list) or custom code (not our problem).
This is all about upstream code. Bugzilla is better than mailing lists, because things get lost on kernel mailing lists too easily. This is not in networking component. Please don't manage this bug.