On Fri, Mar 01, 2024 at 08:58:45AM +0100, Stefano Brivio wrote: > On Fri, 1 Mar 2024 10:10:52 +1100 > David Gibson wrote: > > > On Thu, Feb 29, 2024 at 05:24:06PM +0100, Stefano Brivio wrote: > > > On Sat, 17 Feb 2024 16:07:22 +0100 > > > Laurent Vivier wrote: > > > > > > > We can find the same function to compute the IPv4 header > > > > checksum in tcp.c, udp.c and tap.c > > > > > > > > Use the function defined for tap.c, csum_ip4_header(), but > > > > with the code used in tcp.c and udp.c as it doesn't need a fully > > > > initialiazed IPv4 header, only protocol, tot_len, saddr and daddr. > > > > > > > > Signed-off-by: Laurent Vivier > > > > --- > > > > > > > > Notes: > > > > v3: > > > > - function parameters provide tot_len, saddr, daddr and protocol > > > > rather than an iphdr > > > > > > > > v2: > > > > - use csum_ip4_header() from checksum.c > > > > - use code from tcp.c and udp.c in csum_ip4_header() > > > > - use "const struct iphfr *", check is not updated by the > > > > function but by the caller. > > > > > > > > checksum.c | 17 +++++++++++++---- > > > > checksum.h | 3 ++- > > > > tap.c | 3 ++- > > > > tcp.c | 24 +++--------------------- > > > > udp.c | 20 ++------------------ > > > > 5 files changed, 22 insertions(+), 45 deletions(-) > > > > > > > > diff --git a/checksum.c b/checksum.c > > > > index 74e3742bc6f6..511b296a9a80 100644 > > > > --- a/checksum.c > > > > +++ b/checksum.c > > > > @@ -57,6 +57,7 @@ > > > > #include > > > > > > > > #include "util.h" > > > > +#include "ip.h" > > > > #include "checksum.h" > > > > > > > > /* Checksums are optional for UDP over IPv4, so we usually just set > > > > @@ -116,13 +117,21 @@ uint16_t csum_fold(uint32_t sum) > > > > uint16_t csum(const void *buf, size_t len, uint32_t init); > > > > > > > > /** > > > > - * csum_ip4_header() - Calculate and set IPv4 header checksum > > > > + * csum_ip4_header() - Calculate IPv4 header checksum > > > > * @ip4h: IPv4 header > > > > */ > > > > -void csum_ip4_header(struct iphdr *ip4h) > > > > +uint16_t csum_ip4_header(uint16_t tot_len, uint8_t protocol, > > > > + uint32_t saddr, uint32_t daddr) > > > > { > > > > - ip4h->check = 0; > > > > - ip4h->check = csum(ip4h, (size_t)ip4h->ihl * 4, 0); > > > > + uint32_t sum = L2_BUF_IP4_PSUM(protocol); > > > > > > Now that we use this macro, Coverity Scan realises that it's broken: > > > > > > #define L2_BUF_IP4_PSUM(proto) ((uint32_t)htons_constant(0x4500) + \ > > > (uint32_t)htons_constant(0xff00 | (proto))) > > > > > > ...but proto is eight (lower) bits, so this actually ignores 'proto'. > > > > Uh... how so? > > Oops, sorry, it's not broken, and this is a false positive due to the > fact that __bswap_constant_16() (which htons_constant() resolves to, on > little-endian) is defined, for example in glibc, as: > > #define __bswap_constant_16(x) \ > ((((x) >> 8) & 0xff) | (((x) & 0xff) << 8)) > > and in this case the first term of the | resolves to a constant value, > 0xff, because 0xffxx >> 8 is 0xff for any value of xx. Right. This really seems overzealous of coverity: it seems like any occasion where the compiler would constant fold could result in a similar warning. > I couldn't think of a "solution", yet. Making it an inline function rather than a macro might be enough to convince Coverity. Otherwise we could just mark it as a false positive in the Coverity web interface. -- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson