diff mbox series

[ovs-dev,v7,2/8] lib, ovs-vsctl: Add zero-initializations

Message ID 20230415152155.762025-3-jamestiotio@gmail.com
State Changes Requested, archived
Headers show
Series treewide: Fix multiple Coverity defects | expand

Checks

Context Check Description
ovsrobot/apply-robot warning apply and check: warning
ovsrobot/github-robot-_Build_and_Test success github build: passed
ovsrobot/intel-ovs-compilation success test: success

Commit Message

James Raphael Tiovalen April 15, 2023, 3:21 p.m. UTC 
This commit adds zero-initializations by changing `SFL_ALLOC` from
`malloc` to `xzalloc`, initializing a `pollfd` struct variable with
zeroes, and changing some calls to `xmalloc` to `xzalloc`. This is to
prevent potential data leaks or undefined behavior from potentially
uninitialized variables.

Some variables would always be initialized by either the code flow or
the compiler. Thus, some of the associated Coverity reports might be
false positives. That said, it is still considered best practice to
zero-initialize variables upfront just in case to ensure the overall
resilience and security of OVS, as long as they do not impact
performance-critical code. As a bonus, it would also make static
analyzer tools, such as Coverity, happy.

Signed-off-by: James Raphael Tiovalen <jamestiotio@gmail.com>
---
 lib/latch-unix.c      | 2 +-
 lib/sflow_agent.c     | 3 +++
 lib/sflow_api.h       | 2 +-
 utilities/ovs-vsctl.c | 5 ++---
 4 files changed, 7 insertions(+), 5 deletions(-)

Comments

0-day Robot April 15, 2023, 3:41 p.m. UTC | #1 
Bleep bloop.  Greetings James Raphael Tiovalen, I am a robot and I have tried out your patch.
Thanks for your contribution.

I encountered some error that I wasn't expecting.  See the details below.


checkpatch:
WARNING: Line has non-spaces leading whitespace
#57 FILE: lib/sflow_agent.c:207:
	ovs_assert(newsm);

WARNING: Line has non-spaces leading whitespace
#65 FILE: lib/sflow_agent.c:247:
	ovs_assert(newpl);

Lines checked: 115, Warnings: 2, Errors: 0


Please check this out.  If you feel there has been an error, please email aconole@redhat.com

Thanks,
0-day Robot
Simon Horman April 21, 2023, 10:11 a.m. UTC | #2 
On Sat, Apr 15, 2023 at 11:21:49PM +0800, James Raphael Tiovalen wrote:
> This commit adds zero-initializations by changing `SFL_ALLOC` from
> `malloc` to `xzalloc`, initializing a `pollfd` struct variable with
> zeroes, and changing some calls to `xmalloc` to `xzalloc`. This is to
> prevent potential data leaks or undefined behavior from potentially
> uninitialized variables.
> 
> Some variables would always be initialized by either the code flow or
> the compiler. Thus, some of the associated Coverity reports might be
> false positives. That said, it is still considered best practice to
> zero-initialize variables upfront just in case to ensure the overall
> resilience and security of OVS, as long as they do not impact
> performance-critical code. As a bonus, it would also make static
> analyzer tools, such as Coverity, happy.
> 
> Signed-off-by: James Raphael Tiovalen <jamestiotio@gmail.com>
> ---
>  lib/latch-unix.c      | 2 +-
>  lib/sflow_agent.c     | 3 +++
>  lib/sflow_api.h       | 2 +-
>  utilities/ovs-vsctl.c | 5 ++---
>  4 files changed, 7 insertions(+), 5 deletions(-)
> 
> diff --git a/lib/latch-unix.c b/lib/latch-unix.c
> index f4d10c39a..262f111e4 100644
> --- a/lib/latch-unix.c
> +++ b/lib/latch-unix.c
> @@ -71,7 +71,7 @@ latch_set(struct latch *latch)
>  bool
>  latch_is_set(const struct latch *latch)
>  {
> -    struct pollfd pfd;
> +    struct pollfd pfd = {0, 0, 0};

Perhaps it's just me, but I'd have written this as:

       struct pollfd pfd = {0};

>      int retval;
>  
>      pfd.fd = latch->fds[0];
> diff --git a/lib/sflow_agent.c b/lib/sflow_agent.c
> index c95f654a5..0bb5ae7e9 100644
> --- a/lib/sflow_agent.c
> +++ b/lib/sflow_agent.c
> @@ -153,6 +153,7 @@ void sfl_agent_tick(SFLAgent *agent, time_t now)
>  SFLReceiver *sfl_agent_addReceiver(SFLAgent *agent)
>  {
>      SFLReceiver *rcv = (SFLReceiver *)sflAlloc(agent, sizeof(SFLReceiver));
> +    ovs_assert(rcv);

I was wondering if we could move the assert inside sflAlloc.
And also have sflAlloc zero the memory, perhaps only in the callback
case to allow xzalloc to do it's thing.

>      sfl_receiver_init(rcv, agent);
>      /* add to end of list - to preserve the receiver index numbers for existing receivers */
>      {
> @@ -203,6 +204,7 @@ SFLSampler *sfl_agent_addSampler(SFLAgent *agent, SFLDataSource_instance *pdsi)
>  
>      {
>  	SFLSampler *newsm = (SFLSampler *)sflAlloc(agent, sizeof(SFLSampler));
> +	ovs_assert(newsm);
>  	sfl_sampler_init(newsm, agent, pdsi);

sfl_sampler_init zero's newsm.
If it is always zero, perhaps that memset can be removed from
sfl_sampler_init(). Avoiding extra work. Or is that too risky in your
opinion?

>  	if(prev) prev->nxt = newsm;
>  	else agent->samplers = newsm;
> @@ -242,6 +244,7 @@ SFLPoller *sfl_agent_addPoller(SFLAgent *agent,
>      /* either we found the insert point, or reached the end of the list... */
>      {
>  	SFLPoller *newpl = (SFLPoller *)sflAlloc(agent, sizeof(SFLPoller));
> +	ovs_assert(newpl);
>  	sfl_poller_init(newpl, agent, pdsi, magic, getCountersFn);
>  	if(prev) prev->nxt = newpl;
>  	else agent->pollers = newpl;
James Raphael Tiovalen May 1, 2023, 2:49 p.m. UTC | #3 
On Fri, Apr 21, 2023 at 6:11 PM Simon Horman <simon.horman@corigine.com> wrote:
>
> Perhaps it's just me, but I'd have written this as:
>
>        struct pollfd pfd = {0};
>

Got it. I will update this in the next patch version.

>
> I was wondering if we could move the assert inside sflAlloc.
> And also have sflAlloc zero the memory, perhaps only in the callback
> case to allow xzalloc to do it's thing.
>

Sure thing. I will implement this in the next patch version.

>
> sfl_sampler_init zero's newsm.
> If it is always zero, perhaps that memset can be removed from
> sfl_sampler_init(). Avoiding extra work. Or is that too risky in your
> opinion?
>

`sfl_receiver_init()` and `sfl_poller_init()` also zero `rcv` and
`newpl` respectively. However, I do not think that we should remove
the `memset()`s in the `*_init()` functions as they are also used when
the SFLReceiver, SFLSampler, or SFLPoller is reset. I would recommend
keeping both.

Best regards,
James Raphael Tiovalen
diff mbox series

Patch

diff --git a/lib/latch-unix.c b/lib/latch-unix.c
index f4d10c39a..262f111e4 100644
--- a/lib/latch-unix.c
+++ b/lib/latch-unix.c
@@ -71,7 +71,7 @@  latch_set(struct latch *latch)
 bool
 latch_is_set(const struct latch *latch)
 {
-    struct pollfd pfd;
+    struct pollfd pfd = {0, 0, 0};
     int retval;
 
     pfd.fd = latch->fds[0];
diff --git a/lib/sflow_agent.c b/lib/sflow_agent.c
index c95f654a5..0bb5ae7e9 100644
--- a/lib/sflow_agent.c
+++ b/lib/sflow_agent.c
@@ -153,6 +153,7 @@  void sfl_agent_tick(SFLAgent *agent, time_t now)
 SFLReceiver *sfl_agent_addReceiver(SFLAgent *agent)
 {
     SFLReceiver *rcv = (SFLReceiver *)sflAlloc(agent, sizeof(SFLReceiver));
+    ovs_assert(rcv);
     sfl_receiver_init(rcv, agent);
     /* add to end of list - to preserve the receiver index numbers for existing receivers */
     {
@@ -203,6 +204,7 @@  SFLSampler *sfl_agent_addSampler(SFLAgent *agent, SFLDataSource_instance *pdsi)
 
     {
 	SFLSampler *newsm = (SFLSampler *)sflAlloc(agent, sizeof(SFLSampler));
+	ovs_assert(newsm);
 	sfl_sampler_init(newsm, agent, pdsi);
 	if(prev) prev->nxt = newsm;
 	else agent->samplers = newsm;
@@ -242,6 +244,7 @@  SFLPoller *sfl_agent_addPoller(SFLAgent *agent,
     /* either we found the insert point, or reached the end of the list... */
     {
 	SFLPoller *newpl = (SFLPoller *)sflAlloc(agent, sizeof(SFLPoller));
+	ovs_assert(newpl);
 	sfl_poller_init(newpl, agent, pdsi, magic, getCountersFn);
 	if(prev) prev->nxt = newpl;
 	else agent->pollers = newpl;
diff --git a/lib/sflow_api.h b/lib/sflow_api.h
index a0530b37a..eb23e2acd 100644
--- a/lib/sflow_api.h
+++ b/lib/sflow_api.h
@@ -337,7 +337,7 @@  void sfl_agent_sysError(SFLAgent *agent, char *modName, char *msg);
 
 u_int32_t sfl_receiver_samplePacketsSent(SFLReceiver *receiver);
 
-#define SFL_ALLOC malloc
+#define SFL_ALLOC xzalloc
 #define SFL_FREE free
 
 #endif /* SFLOW_API_H */
diff --git a/utilities/ovs-vsctl.c b/utilities/ovs-vsctl.c
index 2f5ac1a26..b3c75f8ba 100644
--- a/utilities/ovs-vsctl.c
+++ b/utilities/ovs-vsctl.c
@@ -575,7 +575,7 @@  add_bridge_to_cache(struct vsctl_context *vsctl_ctx,
                     struct ovsrec_bridge *br_cfg, const char *name,
                     struct vsctl_bridge *parent, int vlan)
 {
-    struct vsctl_bridge *br = xmalloc(sizeof *br);
+    struct vsctl_bridge *br = xzalloc(sizeof *br);
     br->br_cfg = br_cfg;
     br->name = xstrdup(name);
     ovs_list_init(&br->ports);
@@ -659,7 +659,7 @@  static struct vsctl_port *
 add_port_to_cache(struct vsctl_context *vsctl_ctx, struct vsctl_bridge *parent,
                   struct ovsrec_port *port_cfg)
 {
-    struct vsctl_port *port;
+    struct vsctl_port *port = xzalloc(sizeof *port);
 
     if (port_cfg->tag
         && *port_cfg->tag >= 0 && *port_cfg->tag <= 4095) {
@@ -671,7 +671,6 @@  add_port_to_cache(struct vsctl_context *vsctl_ctx, struct vsctl_bridge *parent,
         }
     }
 
-    port = xmalloc(sizeof *port);
     ovs_list_push_back(&parent->ports, &port->ports_node);
     ovs_list_init(&port->ifaces);
     port->port_cfg = port_cfg;