From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from gandalf.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id 141845A0271 for ; Thu, 21 Sep 2023 06:49:49 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=201602; t=1695271783; bh=AxbVilztVRgmXS0Sb1CCaiBOqVtlmw0b5flI22mnhp4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=YhF7YWSGhPDppBLsnlSlH1xmnkmfsBKgO7pDmClMiEboOuUPtH0V1gPni+HFKjcXU K1SrQElupfj/PkNwfyUaNSQdNLR9grj5CFqLRKBQB+zNpbqfrQ5mrlf7SFCQrh7Wwv +eJ9qTBurLiA8J9j5r+qXfaAid/yFwmNHmeHfAhI= Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4RrjcR1nHqz4x5J; Thu, 21 Sep 2023 14:49:43 +1000 (AEST) From: David Gibson To: passt-dev@passt.top, Stefano Brivio Subject: [PATCH v2 2/2] util: Consolidate and improve workarounds for clang-tidy issue 58992 Date: Thu, 21 Sep 2023 14:49:39 +1000 Message-ID: <20230921044939.1752225-3-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230921044939.1752225-1-david@gibson.dropbear.id.au> References: <20230921044939.1752225-1-david@gibson.dropbear.id.au> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: 2LQM6RKX6IWHA4SSODKCNJ5B4Q33IAW5 X-Message-ID-Hash: 2LQM6RKX6IWHA4SSODKCNJ5B4Q33IAW5 X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: We have several workarounds for a clang-tidy bug where the checker doesn't recognize that a number of system calls write to - and therefore initialise - a socket address. We can't neatly use a suppression, because the bogus warning shows up some time after the actual system call, when we access a field of the socket address which clang-tidy erroneously thinks is uninitialised. Consolidate these workarounds into one place by using macros to implement wrappers around affected system calls which add a memset() of the sockaddr to silence clang-tidy. This removes the need for the individual memset() workarounds at the callers - and the somewhat longwinded explanatory comments. We can then use a #define to not include the hack in "real" builds, but only consider it for clang-tidy. Signed-off-by: David Gibson --- Makefile | 2 +- icmp.c | 5 ----- tcp.c | 8 +------- util.h | 41 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 43 insertions(+), 13 deletions(-) diff --git a/Makefile b/Makefile index 4435bd6..c28556f 100644 --- a/Makefile +++ b/Makefile @@ -276,7 +276,7 @@ clang-tidy: $(SRCS) $(HEADERS) -concurrency-mt-unsafe,\ -readability-identifier-length \ -config='{CheckOptions: [{key: bugprone-suspicious-string-compare.WarnOnImplicitComparison, value: "false"}]}' \ - --warnings-as-errors=* $(SRCS) -- $(filter-out -pie,$(FLAGS) $(CFLAGS) $(CPPFLAGS)) + --warnings-as-errors=* $(SRCS) -- $(filter-out -pie,$(FLAGS) $(CFLAGS) $(CPPFLAGS)) -DCLANG_TIDY_58992 SYSTEM_INCLUDES := /usr/include $(wildcard /usr/include/$(TARGET)) ifeq ($(shell $(CC) -v 2>&1 | grep -c "gcc version"),1) diff --git a/icmp.c b/icmp.c index f2cc4d6..41b9f8b 100644 --- a/icmp.c +++ b/icmp.c @@ -76,11 +76,6 @@ void icmp_sock_handler(const struct ctx *c, union epoll_ref ref) if (c->no_icmp) return; - /* FIXME: Workaround clang-tidy not realizing that recvfrom() - * writes the socket address. See - * https://github.com/llvm/llvm-project/issues/58992 - */ - memset(&sr, 0, sizeof(sr)); n = recvfrom(ref.fd, buf, sizeof(buf), 0, (struct sockaddr *)&sr, &sl); if (n < 0) return; diff --git a/tcp.c b/tcp.c index e58625d..b471783 100644 --- a/tcp.c +++ b/tcp.c @@ -2752,19 +2752,13 @@ void tcp_listen_handler(struct ctx *c, union epoll_ref ref, const struct timespec *now) { struct sockaddr_storage sa; + socklen_t sl = sizeof(sa); union tcp_conn *conn; - socklen_t sl; int s; if (c->no_tcp || c->tcp.conn_count >= TCP_MAX_CONNS) return; - sl = sizeof(sa); - /* FIXME: Workaround clang-tidy not realizing that accept4() - * writes the socket address. See - * https://github.com/llvm/llvm-project/issues/58992 - */ - memset(&sa, 0, sizeof(struct sockaddr_in6)); s = accept4(ref.fd, (struct sockaddr *)&sa, &sl, SOCK_NONBLOCK); if (s < 0) return; diff --git a/util.h b/util.h index 41cf123..57a05fb 100644 --- a/util.h +++ b/util.h @@ -9,6 +9,7 @@ #include #include #include +#include #include "log.h" @@ -225,4 +226,44 @@ int __daemon(int pidfile_fd, int devnull_fd); int fls(unsigned long x); int write_file(const char *path, const char *buf); +/* + * Workarounds for https://github.com/llvm/llvm-project/issues/58992 + * + * For a number (maybe all) system calls that _write_ a socket address, + * clang-tidy doesn't register that the memory of the socket address will be + * initialised after the call. This can't easily be worked around with + * clang-tidy suppressions, because the warning doesn't show on the syscall + * itself but later when we access the supposedly uninitialised field. + */ +static inline void sa_init(struct sockaddr *sa, socklen_t *sl) +{ +#ifdef CLANG_TIDY_58992 + if (sa) + memset(sa, 0, *sl); +#else + (void)sa; + (void)sl; +#endif /* CLANG_TIDY_58992 */ +} + +static inline ssize_t wrap_recvfrom(int sockfd, void *buf, size_t len, + int flags, + struct sockaddr *src_addr, + socklen_t *addrlen) +{ + sa_init(src_addr, addrlen); + return recvfrom(sockfd, buf, len, flags, src_addr, addrlen); +} +#define recvfrom(s, buf, len, flags, src, addrlen) \ + wrap_recvfrom((s), (buf), (len), (flags), (src), (addrlen)) + +static inline int wrap_accept4(int sockfd, struct sockaddr *addr, + socklen_t *addrlen, int flags) +{ + sa_init(addr, addrlen); + return accept4(sockfd, addr, addrlen, flags); +} +#define accept4(s, addr, addrlen, flags) \ + wrap_accept4((s), (addr), (addrlen), (flags)) + #endif /* UTIL_H */ -- 2.41.0