From mboxrd@z Thu Jan  1 00:00:00 1970
Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au
Authentication-Results: passt.top;
	dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202606 header.b=mhYarXii;
	dkim-atps=neutral
Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3])
	by passt.top (Postfix) with ESMTPS id 99EC25A0262
	for <passt-dev@passt.top>; Mon, 15 Jun 2026 04:13:21 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=202606; t=1781489597;
	bh=YEUWsY4RucP8U9dgOJRZ1VHnpayc1xCly0/pqeMRxNc=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=mhYarXiiqx1geqDkR2BXQvE2b6ErkzZBoO0l9sUccg7jysv7Cr65PMl3AxeiA+aw+
	 FutNPc1Z5471A214F0Lc3EbY10uVoEUVyRn6+Pa27Rg8rPcihdClKSViG+43nRRNNP
	 V1qKAotR5P65Qqw6ffZBhzbuzatsFGIr/Hgsss+i+5HK/IF+G9UcNJn9AVLkvNaiWs
	 E72CBHg4FQUd4QsmQUxfLK7Vj+VOHKoFYF1ClvgHjcK3OhzsKQTTQL3SGVW9iBJgXp
	 5P5aWA4vrwSit8TDKPYiVjfqOdL1S4dDayMDZzt8JwpyPP5sTxxVeS2IreEJX6kwEI
	 IaFrFJhZRBbTw==
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4gdtvK6pdnz4wSc; Mon, 15 Jun 2026 12:13:17 +1000 (AEST)
Date: Mon, 15 Jun 2026 12:06:09 +1000
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH v2] udp: Provide dummy iov in udp_peek_addr() to avoid
 Coverity warning
Message-ID: <ai9eERdYct7sUagF@zatzit>
References: <20260608005026.515574-1-jmaloy@redhat.com>
 <20260612010524.3254219b@elisabeth>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="XbW1H3RdJPpryZVT"
Content-Disposition: inline
In-Reply-To: <20260612010524.3254219b@elisabeth>
Message-ID-Hash: T6E35FA45Q4QT4OYJNLMNZUCC2YKIDBV
X-Message-ID-Hash: T6E35FA45Q4QT4OYJNLMNZUCC2YKIDBV
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Jon Maloy <jmaloy@redhat.com>, passt-dev@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/ai9eERdYct7sUagF@zatzit/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/T6E35FA45Q4QT4OYJNLMNZUCC2YKIDBV/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--XbW1H3RdJPpryZVT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jun 12, 2026 at 01:05:25AM +0200, Stefano Brivio wrote:
> On Sun,  7 Jun 2026 20:50:26 -0400
> Jon Maloy <jmaloy@redhat.com> wrote:
>=20
> > udp_peek_addr() initialises struct msghdr without setting msg_iov,
> > leaving it implicitly NULL.  Coverity flags this as FORWARD_NULL,
> > believing recvmsg() will dereference the NULL pointer.
> >=20
> > In practice, msg_iovlen being zero means the kernel never touches
> > msg_iov, so the warning is a false positive.  We now provide a
> > one-byte dummy iov to make msg_iov non-NULL, hence suppressing this
> > warning without changing the function's behaviour.
> >=20
> > Signed-off-by: Jon Maloy <jmaloy@redhat.com>
> >=20
> > ----
> > v2: - Make the dummy iov conditional on an ANALYZER macro, so it has
> >       zero runtime cost in production builds.
>=20
> As I mentioned offline, I'd rather go with v1, because a macro that's
> not enabled / seen by any static checker isn't really convenient. And
> I'll take care of reporting this to Coverity.
>=20
> Just one detail, regardless of that:
>=20
> >     - Add a new 'analyzer' Makefile target (similar to 'valgrind')
> >       that defines ANALYZER via CPPFLAGS for use with static analysis
> >       builds.
> > ---
> >  Makefile |  3 +++
> >  udp.c    | 11 +++++++++++
> >  2 files changed, 14 insertions(+)
> >=20
> > diff --git a/Makefile b/Makefile
> > index 0a0a60b0..4dcf4cd1 100644
> > --- a/Makefile
> > +++ b/Makefile
> > @@ -122,6 +122,9 @@ passt-repair: $(PASST_REPAIR_SRCS) $(PASST_REPAIR_H=
EADERS) seccomp_repair.h
> >  pesto: BASE_CPPFLAGS +=3D -DPESTO
> >  pesto: $(PESTO_SRCS) $(PESTO_HEADERS) seccomp_pesto.h
> > =20
> > +analyzer: BASE_CPPFLAGS +=3D -DANALYZER
> > +analyzer: all
> > +
> >  valgrind: EXTRA_SYSCALLS +=3D rt_sigprocmask rt_sigtimedwait rt_sigact=
ion	\
> >  			    rt_sigreturn getpid gettid kill clock_gettime \
> >  			    mmap|mmap2 munmap open unlink gettimeofday futex \
> > diff --git a/udp.c b/udp.c
> > index c28d6ee2..36c8c070 100644
> > --- a/udp.c
> > +++ b/udp.c
> > @@ -734,9 +734,20 @@ static int udp_peek_addr(int s, union sockaddr_ina=
ny *src,
> >  {
> >  	char sastr[SOCKADDR_STRLEN], dstr[INANY_ADDRSTRLEN];
> >  	char cmsg[PKTINFO_SPACE];
> > +#ifdef ANALYZER
> > +	char dummy;
> > +	struct iovec iov =3D {
> > +		.iov_base =3D &dummy,
> > +		.iov_len =3D sizeof(dummy),
> > +	};
> > +#endif /* ANALYZER */
> >  	struct msghdr msg =3D {
> >  		.msg_name =3D src,
> >  		.msg_namelen =3D sizeof(*src),
> > +#ifdef ANALYZER
> > +		.msg_iov =3D &iov,
> > +		.msg_iovlen =3D 1,
>=20
> ...can't we pass 0 instead? What happens? That looks like less
> potential for overhead in the sense of a possible copy_to_user() that
> we don't want to trigger.

Yeah, that would be interesting to know.  Furthermore, if we pass zero
along with a valid-but-arbitary pointer, that might be enough to
convince the analyzer.  &msg could be a suitable pointer (with an
explanatory comment) - weird but harmless.

>=20
> > +#endif /* ANALYZER */
> >  		.msg_control =3D cmsg,
> >  		.msg_controllen =3D sizeof(cmsg),
> >  	};
>=20
> --=20
> Stefano
>=20

--=20
David Gibson (he or they)	| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you, not the other way
				| around.
http://www.ozlabs.org/~dgibson

--XbW1H3RdJPpryZVT
Content-Type: application/pgp-signature; name=signature.asc

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmovXhAACgkQzQJF27ox
2GcFHQ/+JDqk/ikNQEAx+YzOdVEolgCgNsE0VZSe5wZLxnIh37IEvb05bTLoUqLR
emXfh5f8HYhjyxqeMDVaLsNgvqpSTjucMRx9niTsJp1Jk0n72W3SnyqDtZoz65hH
5cl/z2fBilzLtc4gfAdU0WHk1Et7kazMMC9/BaoSk+ZeYkm0LzWlscEeNeDJTAAA
mXxHgJkquO45ahSKudKBvAgSfLF2BGayqBuWjSHBLzEt0UrlcLsZ2DSB0CnL9n2r
vFhhjA9xiujnHqMCH13kqDdd2RCRyewAc0B+A7nwwmOaTz63kXu9CroX4PsN9Fa/
LNJBJHZk+mSbojOtGh9yzbSRBLJEB9vR+wef4VV9oDFw3z/0t1+altiqEZfmwwlh
Nfc0/5oUEatAAOcSJ8wpgpcHSf4XwfBIuOphMA7rMAVnyHE3kzf5SddDCXg088JW
PGVokHgJj7eS/hFLfqkzFCeI7rEzS6kgynpemgDXGGV5gdB26XqwsPcOLoLsgnwA
PvXxqMupeCzXb+/UlG4e36FNE5EQ/yoYSZ+S/w5sIbcfutgn9f1cpPDOZ+rNMhAN
4zAZChVpvz1Adm4ddJdrPT5dtnhEKaHuUyXnH+I8dQt3ijRdys/i//9iULKUTPHE
OmZwFWzA9xR19bs8pZVRs25yo/mRio9/XPs+tPoL0IPzeL8kEUE=
=y9sC
-----END PGP SIGNATURE-----

--XbW1H3RdJPpryZVT--