From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top, Stefano Brivio <sbrivio@redhat.com>
Cc: David Gibson <david@gibson.dropbear.id.au>
Subject: [PATCH v2 2/2] util: Consolidate and improve workarounds for clang-tidy issue 58992
Date: Thu, 21 Sep 2023 14:49:39 +1000 [thread overview]
Message-ID: <20230921044939.1752225-3-david@gibson.dropbear.id.au> (raw)
In-Reply-To: <20230921044939.1752225-1-david@gibson.dropbear.id.au>
We have several workarounds for a clang-tidy bug where the checker doesn't
recognize that a number of system calls write to - and therefore initialise
- a socket address. We can't neatly use a suppression, because the bogus
warning shows up some time after the actual system call, when we access
a field of the socket address which clang-tidy erroneously thinks is
uninitialised.
Consolidate these workarounds into one place by using macros to implement
wrappers around affected system calls which add a memset() of the sockaddr
to silence clang-tidy. This removes the need for the individual memset()
workarounds at the callers - and the somewhat longwinded explanatory
comments.
We can then use a #define to not include the hack in "real" builds, but
only consider it for clang-tidy.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
Makefile | 2 +-
icmp.c | 5 -----
tcp.c | 8 +-------
util.h | 41 +++++++++++++++++++++++++++++++++++++++++
4 files changed, 43 insertions(+), 13 deletions(-)
diff --git a/Makefile b/Makefile
index 4435bd6..c28556f 100644
--- a/Makefile
+++ b/Makefile
@@ -276,7 +276,7 @@ clang-tidy: $(SRCS) $(HEADERS)
-concurrency-mt-unsafe,\
-readability-identifier-length \
-config='{CheckOptions: [{key: bugprone-suspicious-string-compare.WarnOnImplicitComparison, value: "false"}]}' \
- --warnings-as-errors=* $(SRCS) -- $(filter-out -pie,$(FLAGS) $(CFLAGS) $(CPPFLAGS))
+ --warnings-as-errors=* $(SRCS) -- $(filter-out -pie,$(FLAGS) $(CFLAGS) $(CPPFLAGS)) -DCLANG_TIDY_58992
SYSTEM_INCLUDES := /usr/include $(wildcard /usr/include/$(TARGET))
ifeq ($(shell $(CC) -v 2>&1 | grep -c "gcc version"),1)
diff --git a/icmp.c b/icmp.c
index f2cc4d6..41b9f8b 100644
--- a/icmp.c
+++ b/icmp.c
@@ -76,11 +76,6 @@ void icmp_sock_handler(const struct ctx *c, union epoll_ref ref)
if (c->no_icmp)
return;
- /* FIXME: Workaround clang-tidy not realizing that recvfrom()
- * writes the socket address. See
- * https://github.com/llvm/llvm-project/issues/58992
- */
- memset(&sr, 0, sizeof(sr));
n = recvfrom(ref.fd, buf, sizeof(buf), 0, (struct sockaddr *)&sr, &sl);
if (n < 0)
return;
diff --git a/tcp.c b/tcp.c
index e58625d..b471783 100644
--- a/tcp.c
+++ b/tcp.c
@@ -2752,19 +2752,13 @@ void tcp_listen_handler(struct ctx *c, union epoll_ref ref,
const struct timespec *now)
{
struct sockaddr_storage sa;
+ socklen_t sl = sizeof(sa);
union tcp_conn *conn;
- socklen_t sl;
int s;
if (c->no_tcp || c->tcp.conn_count >= TCP_MAX_CONNS)
return;
- sl = sizeof(sa);
- /* FIXME: Workaround clang-tidy not realizing that accept4()
- * writes the socket address. See
- * https://github.com/llvm/llvm-project/issues/58992
- */
- memset(&sa, 0, sizeof(struct sockaddr_in6));
s = accept4(ref.fd, (struct sockaddr *)&sa, &sl, SOCK_NONBLOCK);
if (s < 0)
return;
diff --git a/util.h b/util.h
index 41cf123..57a05fb 100644
--- a/util.h
+++ b/util.h
@@ -9,6 +9,7 @@
#include <stdlib.h>
#include <stdarg.h>
#include <stdbool.h>
+#include <string.h>
#include "log.h"
@@ -225,4 +226,44 @@ int __daemon(int pidfile_fd, int devnull_fd);
int fls(unsigned long x);
int write_file(const char *path, const char *buf);
+/*
+ * Workarounds for https://github.com/llvm/llvm-project/issues/58992
+ *
+ * For a number (maybe all) system calls that _write_ a socket address,
+ * clang-tidy doesn't register that the memory of the socket address will be
+ * initialised after the call. This can't easily be worked around with
+ * clang-tidy suppressions, because the warning doesn't show on the syscall
+ * itself but later when we access the supposedly uninitialised field.
+ */
+static inline void sa_init(struct sockaddr *sa, socklen_t *sl)
+{
+#ifdef CLANG_TIDY_58992
+ if (sa)
+ memset(sa, 0, *sl);
+#else
+ (void)sa;
+ (void)sl;
+#endif /* CLANG_TIDY_58992 */
+}
+
+static inline ssize_t wrap_recvfrom(int sockfd, void *buf, size_t len,
+ int flags,
+ struct sockaddr *src_addr,
+ socklen_t *addrlen)
+{
+ sa_init(src_addr, addrlen);
+ return recvfrom(sockfd, buf, len, flags, src_addr, addrlen);
+}
+#define recvfrom(s, buf, len, flags, src, addrlen) \
+ wrap_recvfrom((s), (buf), (len), (flags), (src), (addrlen))
+
+static inline int wrap_accept4(int sockfd, struct sockaddr *addr,
+ socklen_t *addrlen, int flags)
+{
+ sa_init(addr, addrlen);
+ return accept4(sockfd, addr, addrlen, flags);
+}
+#define accept4(s, addr, addrlen, flags) \
+ wrap_accept4((s), (addr), (addrlen), (flags))
+
#endif /* UTIL_H */
--
@@ -9,6 +9,7 @@
#include <stdlib.h>
#include <stdarg.h>
#include <stdbool.h>
+#include <string.h>
#include "log.h"
@@ -225,4 +226,44 @@ int __daemon(int pidfile_fd, int devnull_fd);
int fls(unsigned long x);
int write_file(const char *path, const char *buf);
+/*
+ * Workarounds for https://github.com/llvm/llvm-project/issues/58992
+ *
+ * For a number (maybe all) system calls that _write_ a socket address,
+ * clang-tidy doesn't register that the memory of the socket address will be
+ * initialised after the call. This can't easily be worked around with
+ * clang-tidy suppressions, because the warning doesn't show on the syscall
+ * itself but later when we access the supposedly uninitialised field.
+ */
+static inline void sa_init(struct sockaddr *sa, socklen_t *sl)
+{
+#ifdef CLANG_TIDY_58992
+ if (sa)
+ memset(sa, 0, *sl);
+#else
+ (void)sa;
+ (void)sl;
+#endif /* CLANG_TIDY_58992 */
+}
+
+static inline ssize_t wrap_recvfrom(int sockfd, void *buf, size_t len,
+ int flags,
+ struct sockaddr *src_addr,
+ socklen_t *addrlen)
+{
+ sa_init(src_addr, addrlen);
+ return recvfrom(sockfd, buf, len, flags, src_addr, addrlen);
+}
+#define recvfrom(s, buf, len, flags, src, addrlen) \
+ wrap_recvfrom((s), (buf), (len), (flags), (src), (addrlen))
+
+static inline int wrap_accept4(int sockfd, struct sockaddr *addr,
+ socklen_t *addrlen, int flags)
+{
+ sa_init(addr, addrlen);
+ return accept4(sockfd, addr, addrlen, flags);
+}
+#define accept4(s, addr, addrlen, flags) \
+ wrap_accept4((s), (addr), (addrlen), (flags))
+
#endif /* UTIL_H */
--
2.41.0
next prev parent reply other threads:[~2023-09-21 4:49 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-21 4:49 [PATCH v2 0/2] Some static checker fixes David Gibson
2023-09-21 4:49 ` [PATCH v2 1/2] Avoid shadowing index(3) David Gibson
2023-09-21 4:49 ` David Gibson [this message]
2023-09-27 17:04 ` [PATCH v2 0/2] Some static checker fixes Stefano Brivio
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230921044939.1752225-3-david@gibson.dropbear.id.au \
--to=david@gibson.dropbear.id.au \
--cc=passt-dev@passt.top \
--cc=sbrivio@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).