From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Ys8B1uO0; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by passt.top (Postfix) with ESMTPS id 5FA1A5A0271 for ; Sun, 11 Jan 2026 00:33:06 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1768087985; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Jh/jV2uMUYoeuEk0HhTIMwgl4xLdUNuTpPiMtN2T6QE=; b=Ys8B1uO0nK3BPMfXcsXtVgF0yGn8Es3SamU48F3Je37DKTNTlv9uf3i9/riJgNR8z+fB2L r3BLlsXQaa/FxcCoc5GZkQR8SLFnHbXNpWMZXGA2sFuu9k/JrupZR5g9UH0x0c5Y7hJ82k V2MPCCe6HwN6psP/leE04SVe7XcRQMo= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-574-m3QDwKI7M-aGu6c150ZRjQ-1; Sat, 10 Jan 2026 18:33:03 -0500 X-MC-Unique: m3QDwKI7M-aGu6c150ZRjQ-1 X-Mimecast-MFC-AGG-ID: m3QDwKI7M-aGu6c150ZRjQ_1768087983 Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-477563e531cso38153895e9.1 for ; Sat, 10 Jan 2026 15:33:03 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768087982; x=1768692782; h=content-transfer-encoding:mime-version:organization:references :in-reply-to:message-id:subject:cc:to:from:date:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Jh/jV2uMUYoeuEk0HhTIMwgl4xLdUNuTpPiMtN2T6QE=; b=dyfJKyEU8RSXP/VuUPXql7mfm3q8CZ/wEwRwbuMAtEAk+wH7CrF/IufracJhTrgjKa c1TcVfFhMqfoRGd97anf93kNpB0KGWpjXB1qsSiGmIUDqMbAKbS6yY1EdBnulAKjrEV9 X0wvXp0AnxKVXLzwGdR9EdioG/Hsj4RuDyAu6bdA3whVfY61C3jRdNzStvVv0Ke/3jqA +TiJf18Mm4nSh+Wkm6xh268LUNebMzbkYTQYSy9CyYWihFzRD+MPORQ8xp3bwqVxBmbk hcFRVCbIaN8QRfD8CY+I3zJtpp1Y8W7wfStWvfL6S/AdLMM9+Yt+qDEfiIbS66AKrfrE +WQA== X-Gm-Message-State: AOJu0Yzk0bN3Sj8b/yBMcowAf38UC1atWLClX/HFXpHeQw0kOmT24OF3 5D6J1l0ylv7oO4yXym5LSt1Vms+APcxdVZu6RSpTIp/SVix2rfXWh3rpz4OFwKbSyRDkcbXu5ZT dZhHMbFMNfgPE96Z09oUhuEUu6ubm6sjwVXDh2esKxJKp3E2jANXm5g== X-Gm-Gg: AY/fxX7/gYIiwkbIWpKJzMV/TH7ulVRnZxDU64r8JpXFrHnh7xLpkOTzdHyI1Y7jnoI 81deuPKqWMY9qD/oWK3KCWwdQXnle+yLBy8JoxjI2FimLUaLEL5zeyHQIYXz4LE18Rea16sDcbl iDRWh9IZBHWfnNLOjn2PtKTprsnwENcBpEQRe/97koBEvg83CpD9kVcjoJ7BwK3wMuj8KEfRcs2 YIqMFQIjJS6PUFawsrq0dNbomCw/rW8Z551DKVEcaqTOpV1lM2+jB9TVbFSex8Ocd+o1Ovf1tA+ 2kUSt+JdVPjO9+jW73e6UsD6XF3ePNoM4GglKiSC5xU/ZGDR8BKGdHIyTHwaKfUQIBA4TN/j2ot pR1meLrED1dmAD9/3HIntGVL76QTGMUQ5DIkwcA== X-Received: by 2002:a05:600c:1e24:b0:46e:4a13:e6c6 with SMTP id 5b1f17b1804b1-47d84b32efemr146999185e9.19.1768087982575; Sat, 10 Jan 2026 15:33:02 -0800 (PST) X-Google-Smtp-Source: AGHT+IGQrtCeM+4Onax747s6ryU3lsp3bNBbQ/PhFVQCL9C0ykbjtdBWyO4qoe9uG5WRS4nYLqoHvw== X-Received: by 2002:a05:600c:1e24:b0:46e:4a13:e6c6 with SMTP id 5b1f17b1804b1-47d84b32efemr146999055e9.19.1768087982106; Sat, 10 Jan 2026 15:33:02 -0800 (PST) Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [176.103.220.4]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-47d7f653cd6sm291799235e9.9.2026.01.10.15.33.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 10 Jan 2026 15:33:01 -0800 (PST) Date: Sun, 11 Jan 2026 00:33:00 +0100 From: Stefano Brivio To: David Gibson Subject: Re: [PATCH v3 3/5] treewide: Don't rely on terminator records in ip[46].dns arrays Message-ID: <20260111003300.077bfacf@elisabeth> In-Reply-To: <20260107014606.1513722-4-david@gibson.dropbear.id.au> References: <20260107014606.1513722-1-david@gibson.dropbear.id.au> <20260107014606.1513722-4-david@gibson.dropbear.id.au> Organization: Red Hat X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu) MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: 9PabBxa1W49TwSUpv6RuNVhUXYgRKKIPeXRUWkuqJHw_1768087983 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-ID-Hash: GU4FA56DMUPA3RCSDSVWZYTIJUZZ3UBV X-Message-ID-Hash: GU4FA56DMUPA3RCSDSVWZYTIJUZZ3UBV X-MailFrom: sbrivio@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-dev@passt.top, Laurent Vivier X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Wed, 7 Jan 2026 12:46:04 +1100 David Gibson wrote: > In our arrays of DNS resolvers to pass to the guest we use a blank entry > to indicate the end of the list. We rely on this when scanning the array, > not having separate bounds checking. clang-tidy 21.1.7 has fancier > checking for array overruns in loops, but it's not able to reason that > there's always a terminating entry, so complains. > > Indeed, it's correct to do so in this case. Although we allow space in the > arrays for the terminator (size MAXNS + 1), add_dns[46]() check only for > idx >= ARRAY_SIZE() > before adding an entry. This allows it to consume the last slot with a > "real" entry, meaning the places where we scan really could overrun. > > Fix the bug, and make it easier to reason about (for both clang-tidy and > people) I'm not really sure about people. This change turns some for loops from "iterate until we find a terminator" to "iterate n times: while iterating, if we find a terminator, exit the loop". In any case, the annoyance is minor enough, at least to me, so let's make clang-tidy happy by all means. > by using ARRAY_SIZE() base bounds checking. Treat the terminator > explicitly as an early exit case using 'break'. > > Signed-off-by: David Gibson > Reviewed-by: Laurent Vivier > --- > conf.c | 8 ++++++-- > dhcp.c | 4 +++- > dhcpv6.c | 4 +++- > ndp.c | 4 +++- > passt.h | 4 ++-- > 5 files changed, 17 insertions(+), 7 deletions(-) > > diff --git a/conf.c b/conf.c > index 84ae12b2..b1fc4b9f 100644 > --- a/conf.c > +++ b/conf.c > @@ -1159,7 +1159,9 @@ static void conf_print(const struct ctx *c) > buf4, sizeof(buf4))); > } > > - for (i = 0; !IN4_IS_ADDR_UNSPECIFIED(&c->ip4.dns[i]); i++) { > + for (i = 0; i < ARRAY_SIZE(c->ip4.dns); i++) { > + if (IN4_IS_ADDR_UNSPECIFIED(&c->ip4.dns[i])) > + break; > if (!i) > info("DNS:"); > inet_ntop(AF_INET, &c->ip4.dns[i], buf4, sizeof(buf4)); > @@ -1197,7 +1199,9 @@ static void conf_print(const struct ctx *c) > buf6, sizeof(buf6))); > > dns6: > - for (i = 0; !IN6_IS_ADDR_UNSPECIFIED(&c->ip6.dns[i]); i++) { > + for (i = 0; i < ARRAY_SIZE(c->ip6.dns); i++) { > + if (IN6_IS_ADDR_UNSPECIFIED(&c->ip6.dns[i])) > + break; > if (!i) > info("DNS:"); > inet_ntop(AF_INET6, &c->ip6.dns[i], buf6, sizeof(buf6)); > diff --git a/dhcp.c b/dhcp.c > index 6b9c2e3b..1ff8cba9 100644 > --- a/dhcp.c > +++ b/dhcp.c > @@ -430,7 +430,9 @@ int dhcp(const struct ctx *c, struct iov_tail *data) > } > > for (i = 0, opts[6].slen = 0; > - !c->no_dhcp_dns && !IN4_IS_ADDR_UNSPECIFIED(&c->ip4.dns[i]); i++) { > + !c->no_dhcp_dns && i < ARRAY_SIZE(c->ip4.dns); i++) { > + if (IN4_IS_ADDR_UNSPECIFIED(&c->ip4.dns[i])) > + break; > ((struct in_addr *)opts[6].s)[i] = c->ip4.dns[i]; > opts[6].slen += sizeof(uint32_t); > } > diff --git a/dhcpv6.c b/dhcpv6.c > index e4df0db5..d94be23a 100644 > --- a/dhcpv6.c > +++ b/dhcpv6.c > @@ -425,7 +425,9 @@ static size_t dhcpv6_dns_fill(const struct ctx *c, char *buf, int offset) > if (c->no_dhcp_dns) > goto search; > > - for (i = 0; !IN6_IS_ADDR_UNSPECIFIED(&c->ip6.dns[i]); i++) { > + for (i = 0; i < ARRAY_SIZE(c->ip6.dns); i++) { > + if (IN6_IS_ADDR_UNSPECIFIED(&c->ip6.dns[i])) > + break; > if (!i) { > srv = (struct opt_dns_servers *)(buf + offset); > offset += sizeof(struct opt_hdr); > diff --git a/ndp.c b/ndp.c > index eb9e3139..1f2bcb0c 100644 > --- a/ndp.c > +++ b/ndp.c > @@ -285,7 +285,9 @@ static void ndp_ra(const struct ctx *c, const struct in6_addr *dst) > size_t dns_s_len = 0; > int i, n; > > - for (n = 0; !IN6_IS_ADDR_UNSPECIFIED(&c->ip6.dns[n]); n++); > + for (n = 0; n < ARRAY_SIZE(c->ip6.dns); n++) > + if (IN6_IS_ADDR_UNSPECIFIED(&c->ip6.dns[n])) > + break; > if (n) { > struct opt_rdnss *rdnss = (struct opt_rdnss *)ptr; > *rdnss = (struct opt_rdnss) { > diff --git a/passt.h b/passt.h > index 79d01ddb..87da76d3 100644 > --- a/passt.h > +++ b/passt.h > @@ -91,7 +91,7 @@ struct ip4_ctx { > struct in_addr guest_gw; > struct in_addr map_host_loopback; > struct in_addr map_guest_addr; > - struct in_addr dns[MAXNS + 1]; > + struct in_addr dns[MAXNS]; The comment still says: * @dns: DNS addresses for DHCP, zero-terminated > struct in_addr dns_match; > struct in_addr our_tap_addr; > > @@ -132,7 +132,7 @@ struct ip6_ctx { > struct in6_addr guest_gw; > struct in6_addr map_host_loopback; > struct in6_addr map_guest_addr; > - struct in6_addr dns[MAXNS + 1]; > + struct in6_addr dns[MAXNS]; ...same here. But as this is the only remark I have on the whole series, I took the liberty to fix up the comment directly on merge. > struct in6_addr dns_match; > struct in6_addr our_tap_ll; > -- Stefano