From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com
Authentication-Results: passt.top;
	dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=GzwqD4w1;
	dkim-atps=neutral
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	by passt.top (Postfix) with ESMTPS id 272FC5A0262
	for <passt-dev@passt.top>; Thu, 14 May 2026 01:08:32 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1778713711;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=p0XiUUH4y4ydQzATPhlkLzMPjUKP7IDzp4QtltloysY=;
	b=GzwqD4w1LdDlsfdBL42k2H6JS9yTDEMCmRZf3SMCDR9e0pA7QOxry35xvHm7FtlLPpoi7+
	Up8uY7Cf9w7T1WMcpa9xNQ6T/eZHz7HPJbHRfhUHKgbmwMzvffYA9eoJlwUDTi+D7q4EjJ
	1O0G+JuOycs7k9VwjfQbPX4jvmM7YsA=
Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com
 [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-198-j5kccDygNT-LKIduyT7xDw-1; Wed, 13 May 2026 19:08:29 -0400
X-MC-Unique: j5kccDygNT-LKIduyT7xDw-1
X-Mimecast-MFC-AGG-ID: j5kccDygNT-LKIduyT7xDw_1778713709
Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-48906aa28cbso60907735e9.0
        for <passt-dev@passt.top>; Wed, 13 May 2026 16:08:29 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1778713708; x=1779318508;
        h=date:content-transfer-encoding:mime-version:organization:references
         :in-reply-to:message-id:subject:cc:to:from:x-gm-gg
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=p0XiUUH4y4ydQzATPhlkLzMPjUKP7IDzp4QtltloysY=;
        b=XDiOFuOzTmbuE6XxKHFRCojNcA8pa6NbgCPheRCFbmaLykO1igtdLkGBg+i6L7Gwxm
         MD3jI/cnaX/a08rMoirUFLJpD3OtqSM3Ge69K1tnapvTrHNy4rPEUTdfq1tPZLck6z4a
         bxjrTm6BXDYt/v47LfkAlf+Rd+9dUOQGbT6TFibSGCYiYJO/C14fSV7uaVOZAhsvt4HK
         zx/vmoXFE4ztEqwSGWWta0ll55S4hj9yzqwnxbIaXhY/X6zJgqO2ezmEywR2Eb4alPwI
         TALXn6Fd8IIcnN1ltsGoB5s1Fh5pKe/1TD4dFu4JTVH9NylYcrr1UdoINJ9f+bBKykcq
         N+hA==
X-Gm-Message-State: AOJu0Yz9yjb3vyPZV25isVaFkRMrqKO+feam9VZ5GxdScEGO7wtGupBs
	A3IgnJQ+KKDLXPKRyonGO0DlIo5Rygg3exc5InPUI/HybyWighK2AiGRJY0pQaCqRcuG264Wlrj
	yYWZDbZodCMDrGrM1BgV4sDDuV/pshKaOXlBvrO3uWByKnC8eocZ4t40PSZlAGlvdz5xnZR1sHU
	NjUSbZDMAUL7ymoqmvt2tXCBFnNsElxfCOoodt
X-Gm-Gg: Acq92OFkeTBt6CJKx74vR9xJTU2W+f9eg092UndvF8HnSdTwxfslQo/KAJjkXUCUVll
	Iyj30IIpP6Zq5tvxo3nD/4nvJnT0WBu03iRpVztaMBlOw3M/Ed3reFG0WVi3cMhZwOCKikI5BoM
	VkK1kBl6cF1BE04zZch7UkHPGDJZOJISgZkXX4AxJlT6F9HotglHcDJFlOW169qYq+0zJ7SDu3v
	TBpClmQATiTB5eB686H8vkbSdMWrJz4JAXTd6ShRHt6YI9DtVpQ+lBt3Ree2IWWz8v2uUr5gSFx
	wezvdh8F+5VlY/5K9SgDA3l1yRQNR+kozlggT/9RZLH/JcFYQF9PXCPbVOjjJq+MxIZk4ziMDlO
	i4WWFktNwp7ptJx6ZpK4lwgy/0kULkfIyTQ8DUcgzo700iNiZfg==
X-Received: by 2002:a05:600c:c0ca:b0:485:3c2e:60d5 with SMTP id 5b1f17b1804b1-48fd6332fccmr13463195e9.2.1778713707900;
        Wed, 13 May 2026 16:08:27 -0700 (PDT)
X-Received: by 2002:a05:600c:c0ca:b0:485:3c2e:60d5 with SMTP id 5b1f17b1804b1-48fd6332fccmr13463045e9.2.1778713707396;
        Wed, 13 May 2026 16:08:27 -0700 (PDT)
Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [176.103.220.4])
        by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-48fdb4c224fsm5165665e9.15.2026.05.13.16.08.26
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 13 May 2026 16:08:26 -0700 (PDT)
From: Stefano Brivio <sbrivio@redhat.com>
To: Laurent Vivier <lvivier@redhat.com>
Subject: Re: [PATCH] ndp: Suppress Coverity false positive for random()
Message-ID: <20260514010825.21c12443@elisabeth>
In-Reply-To: <20260513102617.1325915-1-lvivier@redhat.com>
References: <20260513102617.1325915-1-lvivier@redhat.com>
Organization: Red Hat
X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Date: Thu, 14 May 2026 01:08:26 +0200 (CEST)
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: McLGUZuhHtAqF6kyTm0UDrMa94CXPR25mmEavtC4G9o_1778713709
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-ID-Hash: EJPX3MKDLOIPIETTRKYSRWYBHG75OPWT
X-Message-ID-Hash: EJPX3MKDLOIPIETTRKYSRWYBHG75OPWT
X-MailFrom: sbrivio@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/20260514010825.21c12443@elisabeth/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/EJPX3MKDLOIPIETTRKYSRWYBHG75OPWT/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

On Wed, 13 May 2026 12:26:17 +0200
Laurent Vivier <lvivier@redhat.com> wrote:

> Coverity flags the random() call in ndp_timer() with the dont_call
> checker, warning that it should not be used for security-related
> applications.
> 
> This is a false positive: random() is used here to jitter the interval
> between unsolicited Router Advertisements as required by RFC 4861, to
> prevent synchronisation between routers on a link.  No cryptographic
> strength is needed.
> 
> Suppress the warning with an inline Coverity annotation.
> 
> Signed-off-by: Laurent Vivier <lvivier@redhat.com>
> ---
>  ndp.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/ndp.c b/ndp.c
> index 1f2bcb0cc7ea..614932ac5829 100644
> --- a/ndp.c
> +++ b/ndp.c
> @@ -441,6 +441,7 @@ void ndp_timer(const struct ctx *c, const struct timespec *now)
>  	 * again, it's close enough for our purposes.
>  	 */
>  	interval = min_rtr_adv_interval +
> +		/* coverity[dont_call:FALSE] */

Sorry, I should have mentioned this to you explicitly, but we discussed
this in the past and we decided against having explicit suppressions
for warnings from Coverity Scan (at least, that would be my strong
preference).

The reason is that I would like to avoid referring to trademarks as
much as possible, as they might raise "interesting" legal questions,
and at the same time we have very little control or visibility into how
these suppressions evolve in future versions of the checker.

In this case, by the way, despite the fact that we use this to add some
randomness to the timing of router advertisements as required by RFC
4861, I started wondering recently if an attacker (I'm mostly thinking
about denials of service) could actually gain anything from making
these intervals predictable.

If that's the case, perhaps we could just switch to getrandom() and
be done with it.

-- 
Stefano