- dev - passt

[PATCH] tap: Avoid bogus missingReturn cppcheck warning in tap_l2_max_len()
by Stefano Brivio 17 May '25

17 May '25

Cppcheck 2.14.2 on Alpine Linux (musl) says that: tap.c:111:19: error: Found an exit path from function with non-void return type that has missing return statement [missingReturn] switch (c->mode) { ^ This exit path is not reachable because we ASSERT(0) after the switch, but for some reason cppcheck doesn't see this with musl headers. Hide the warning with a redundant return statement. Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com> --- tap.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tap.c b/tap.c index d630f6d..6db5d88 100644 --- a/tap.c +++ b/tap.c @@ -118,6 +118,8 @@ unsigned long tap_l2_max_len(const struct ctx *c) } /* NOLINTEND(bugprone-branch-clone) */ ASSERT(0); + + return 0; /* Unreachable, for cppcheck's sake */ } /** -- 2.43.0

2 3

[PATCH 0/1] selinux: Transition to pasta_t in containers
by Max Chernoff 17 May '25

17 May '25

Hi, Currently, pasta runs in the container_runtime_exec_t context when running in a container. This commit updates the SELinux policy so that pasta instead runs in the pasta_t context. I'm more familiar with CIL, so I initially developed the modified policy in CIL, and then later ported it to the kernel policy language. My original CIL source is available here: https://github.com/gucci-on-fleek/maxchernoff.ca/blob/master/etc/selinux/lo… I've tested this on Fedora 42 with rootless Podman, with both unconfined (unconfined_u) and confined (user_u) users, and with both TCP and UDP. I've never actually used the email workflow for Git before, so please let me know if I've done something wrong. Thanks, -- Max Max Chernoff (1): selinux: Transition to pasta_t in containers contrib/selinux/pasta.fc | 10 ++++++---- contrib/selinux/pasta.te | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 4 deletions(-) -- 2.49.0

3 12

[PATCH 0/3] Standardize and correct function comment headers
by Laurent Vivier 16 May '25

16 May '25

This series cleans up function comment headers in iov, virtio, and vhost_user modules for improved consistency and accuracy. The following changes are included: iov: Standardize function comment headers (Ensures /** and func_name() syntax for uniformity) virtio: Correct and align comment headers (Addresses format, typos, tags, param names in .c/.h) vhost_user: Correct and align function comment headers (Corrects params, func names in comments, & docs in .c) Full details can be found in the individual patch descriptions. Laurent Vivier (3): vhost_user: Correct and align function comment headers virtio: Correct and align comment headers iov: Standardize function comment headers iov.c | 15 ++-- vhost_user.c | 221 +++++++++++++++++++++++++-------------------------- vhost_user.h | 2 +- virtio.c | 29 ++++--- virtio.h | 4 +- 5 files changed, 137 insertions(+), 134 deletions(-) -- 2.49.0

2 4

[PATCH] codespell: Correct typos in comments and error message
by Laurent Vivier 16 May '25

16 May '25

This commit addresses several spelling errors identified by the `codespell` tool. The corrections apply to: - Code comments in `fwd.c`, `ip.h`, `isolation.c`, and `log.c`. - An error message string in `vhost_user.c`. Specifically, the following misspellings were corrected: - "adddress" to "address" - "capabilites" to "capabilities" - "Musn't" to "Mustn't" - "calculatd" to "calculated" - "Invalide" to "Invalid" Signed-off-by: Laurent Vivier <lvivier(a)redhat.com> --- fwd.c | 2 +- ip.h | 2 +- isolation.c | 8 ++++---- log.c | 2 +- vhost_user.c | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/fwd.c b/fwd.c index 49aabc34aa18..250cf5640b85 100644 --- a/fwd.c +++ b/fwd.c @@ -418,7 +418,7 @@ uint8_t fwd_nat_from_splice(const struct ctx *c, uint8_t proto, else tgt->eaddr = inany_loopback6; - /* Preserve the specific loopback adddress used, but let the kernel pick + /* Preserve the specific loopback address used, but let the kernel pick * a source port on the target side */ tgt->oaddr = ini->eaddr; diff --git a/ip.h b/ip.h index 471c57ee4c71..24509d9c11cd 100644 --- a/ip.h +++ b/ip.h @@ -118,7 +118,7 @@ static inline uint32_t ip6_get_flow_lbl(const struct ipv6hdr *ip6h) char *ipv6_l4hdr(const struct pool *p, int idx, size_t offset, uint8_t *proto, size_t *dlen); -/* IPv6 link-local all-nodes multicast adddress, ff02::1 */ +/* IPv6 link-local all-nodes multicast address, ff02::1 */ static const struct in6_addr in6addr_ll_all_nodes = { .s6_addr = { 0xff, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, diff --git a/isolation.c b/isolation.c index c944fb35c3a4..bbcd23b72271 100644 --- a/isolation.c +++ b/isolation.c @@ -129,7 +129,7 @@ static void drop_caps_ep_except(uint64_t keep) * additional layer of protection. Executing this requires * CAP_SETPCAP, which we will have within our userns. * - * Note that dropping capabilites from the bounding set limits + * Note that dropping capabilities from the bounding set limits * exec()ed processes, but does not remove them from the effective or * permitted sets, so it doesn't reduce our own capabilities. */ @@ -174,8 +174,8 @@ static void clamp_caps(void) * Should: * - drop unneeded capabilities * - close all open files except for standard streams and the one from --fd - * Musn't: - * - remove filesytem access (we need to access files during setup) + * Mustn't: + * - remove filesystem access (we need to access files during setup) */ void isolate_initial(int argc, char **argv) { @@ -194,7 +194,7 @@ void isolate_initial(int argc, char **argv) * * It's debatable whether it's useful to drop caps when we * retain SETUID and SYS_ADMIN, but we might as well. We drop - * further capabilites in isolate_user() and + * further capabilities in isolate_user() and * isolate_prefork(). */ keep = BIT(CAP_NET_BIND_SERVICE) | BIT(CAP_SETUID) | BIT(CAP_SETGID) | diff --git a/log.c b/log.c index d40d7ae2a92c..5d7d76f68b2e 100644 --- a/log.c +++ b/log.c @@ -402,7 +402,7 @@ void __setlogmask(int mask) * logfile_init() - Open log file and write header with PID, version, path * @name: Identifier for header: passt or pasta * @path: Path to log file - * @size: Maximum size of log file: log_cut_size is calculatd here + * @size: Maximum size of log file: log_cut_size is calculated here */ void logfile_init(const char *name, const char *path, size_t size) { diff --git a/vhost_user.c b/vhost_user.c index 105f77a5df2b..ca36763cabaf 100644 --- a/vhost_user.c +++ b/vhost_user.c @@ -1021,7 +1021,7 @@ static bool vu_set_device_state_fd_exec(struct vu_dev *vdev, if (direction != VHOST_USER_TRANSFER_STATE_DIRECTION_SAVE && direction != VHOST_USER_TRANSFER_STATE_DIRECTION_LOAD) - die("Invalide device_state_fd direction: %d", direction); + die("Invalid device_state_fd direction: %d", direction); migrate_request(vdev->context, msg->fds[0], direction == VHOST_USER_TRANSFER_STATE_DIRECTION_LOAD); -- 2.49.0

2 1

[PATCH v3] test: Display count of skipped tests in status and summary
by Laurent Vivier 16 May '25

16 May '25

This commit enhances test reporting by tracking and displaying the number of skipped tests. The skipped test count is now visible in the tmux status bar during execution and included in the final test summary log. This provides a more complete overview of test suite results. Signed-off-by: Laurent Vivier <lvivier(a)redhat.com> --- Notes: v3: correcly generate exit code v2: add missing comma before SKIPPED in report log test/lib/term | 7 +++++-- test/run | 6 +++--- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/test/lib/term b/test/lib/term index ed690de82c20..089364c67f85 100755 --- a/test/lib/term +++ b/test/lib/term @@ -19,6 +19,7 @@ STATUS_FILE_INDEX=0 STATUS_COLS= STATUS_PASS=0 STATUS_FAIL=0 +STATUS_SKIPPED=0 PR_RED='\033[1;31m' PR_GREEN='\033[1;32m' @@ -439,19 +440,21 @@ info_layout() { # status_test_ok() - Update counter of passed tests, log and display message status_test_ok() { STATUS_PASS=$((STATUS_PASS + 1)) - tmux set status-right "PASS: ${STATUS_PASS} | FAIL: ${STATUS_FAIL} | #(TZ="UTC" date -Iseconds)" + tmux set status-right "PASS: ${STATUS_PASS} | FAIL: ${STATUS_FAIL} | SKIPPED: ${STATUS_SKIPPED} | #(TZ="UTC" date -Iseconds)" info_passed } # status_test_fail() - Update counter of failed tests, log and display message status_test_fail() { STATUS_FAIL=$((STATUS_FAIL + 1)) - tmux set status-right "PASS: ${STATUS_PASS} | FAIL: ${STATUS_FAIL} | #(TZ="UTC" date -Iseconds)" + tmux set status-right "PASS: ${STATUS_PASS} | FAIL: ${STATUS_FAIL} | SKIPPED: ${STATUS_SKIPPED} | #(TZ="UTC" date -Iseconds)" info_failed } # status_test_fail() - Update counter of failed tests, log and display message status_test_skip() { + STATUS_SKIPPED=$((STATUS_SKIPPED + 1)) + tmux set status-right "PASS: ${STATUS_PASS} | FAIL: ${STATUS_FAIL} | SKIPPED: ${STATUS_SKIPPED} | #(TZ="UTC" date -Iseconds)" info_skipped } diff --git a/test/run b/test/run index 4e86f30fb750..f73c31196558 100755 --- a/test/run +++ b/test/run @@ -202,7 +202,7 @@ skip_distro() { perf_finish [ ${CI} -eq 1 ] && video_stop - log "PASS: ${STATUS_PASS}, FAIL: ${STATUS_FAIL}" + log "PASS: ${STATUS_PASS}, FAIL: ${STATUS_FAIL}, SKIPPED: ${STATUS_SKIPPED}" pause_continue \ "Press any key to keep test session open" \ @@ -236,7 +236,7 @@ run_selected() { done teardown "${__setup}" - log "PASS: ${STATUS_PASS}, FAIL: ${STATUS_FAIL}" + log "PASS: ${STATUS_PASS}, FAIL: ${STATUS_FAIL}, SKIPPED: ${STATUS_SKIPPED}" pause_continue \ "Press any key to keep test session open" \ @@ -307,4 +307,4 @@ fi tail -n1 ${LOGFILE} echo "Log at ${LOGFILE}" -exit $(tail -n1 ${LOGFILE} | sed -n 's/.*FAIL: $.*$$/\1/p') +exit $(tail -n1 ${LOGFILE} | sed -n 's/.*FAIL: $.*$,.*$/\1/p') -- 2.49.0

2 1

[PATCH 0/4] Fedora 42: Static Analysis and Compiler Warning Fixes
by Laurent Vivier 14 May '25

14 May '25

This patch series addresses a collection of warnings and errors flagged by GCC and Clang's static analyzer across various modules. The fixes primarily involve clarifying code intent where warnings were false positives or applying specific attributes to suppress warnings for intentionally designed code constructs. The series consists of the following patches (in order of application): 1. **dhcpv6: fix GCC error (unterminated-string-initialization)** Silences GCC error for an intentionally non-NUL-terminated string. 2. **virtio: Fix Clang warning (bugprone-sizeof-expression, cert-arr39-c)** Justifies intentional `sizeof` usage in pointer arithmetic against Clang warnings. 3. **ndp: Fix Clang analyzer warning (clang-analyzer-security.PointerSub)** Clarifies pointer subtraction as a valid C idiom for struct offset calculation. 4. **flow: fix clang error (clang-analyzer-security.PointerSub)** Confirms pointers in `flow_idx()` reference the same array, validating subtraction. Laurent Vivier (4): dhcpv6: fix GCC error (unterminated-string-initialization) virtio: Fix Clang warning (bugprone-sizeof-expression, cert-arr39-c) ndp: Fix Clang analyzer warning (clang-analyzer-security.PointerSub) flow: Fix clang error (clang-analyzer-security.PointerSub) dhcpv6.c | 4 +++- flow_table.h | 1 + ndp.c | 1 + virtio.c | 1 + 4 files changed, 6 insertions(+), 1 deletion(-) -- 2.49.0

2 5

[PATCH v2] test: Display count of skipped tests in status and summary
by Laurent Vivier 14 May '25

14 May '25

This commit enhances test reporting by tracking and displaying the number of skipped tests. The skipped test count is now visible in the tmux status bar during execution and included in the final test summary log. This provides a more complete overview of test suite results. Signed-off-by: Laurent Vivier <lvivier(a)redhat.com> --- Notes: v2: add missing comma before SKIPPED in report log test/lib/term | 7 +++++-- test/run | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/test/lib/term b/test/lib/term index ed690de82c20..089364c67f85 100755 --- a/test/lib/term +++ b/test/lib/term @@ -19,6 +19,7 @@ STATUS_FILE_INDEX=0 STATUS_COLS= STATUS_PASS=0 STATUS_FAIL=0 +STATUS_SKIPPED=0 PR_RED='\033[1;31m' PR_GREEN='\033[1;32m' @@ -439,19 +440,21 @@ info_layout() { # status_test_ok() - Update counter of passed tests, log and display message status_test_ok() { STATUS_PASS=$((STATUS_PASS + 1)) - tmux set status-right "PASS: ${STATUS_PASS} | FAIL: ${STATUS_FAIL} | #(TZ="UTC" date -Iseconds)" + tmux set status-right "PASS: ${STATUS_PASS} | FAIL: ${STATUS_FAIL} | SKIPPED: ${STATUS_SKIPPED} | #(TZ="UTC" date -Iseconds)" info_passed } # status_test_fail() - Update counter of failed tests, log and display message status_test_fail() { STATUS_FAIL=$((STATUS_FAIL + 1)) - tmux set status-right "PASS: ${STATUS_PASS} | FAIL: ${STATUS_FAIL} | #(TZ="UTC" date -Iseconds)" + tmux set status-right "PASS: ${STATUS_PASS} | FAIL: ${STATUS_FAIL} | SKIPPED: ${STATUS_SKIPPED} | #(TZ="UTC" date -Iseconds)" info_failed } # status_test_fail() - Update counter of failed tests, log and display message status_test_skip() { + STATUS_SKIPPED=$((STATUS_SKIPPED + 1)) + tmux set status-right "PASS: ${STATUS_PASS} | FAIL: ${STATUS_FAIL} | SKIPPED: ${STATUS_SKIPPED} | #(TZ="UTC" date -Iseconds)" info_skipped } diff --git a/test/run b/test/run index 4e86f30fb750..51e5a3351f7a 100755 --- a/test/run +++ b/test/run @@ -202,7 +202,7 @@ skip_distro() { perf_finish [ ${CI} -eq 1 ] && video_stop - log "PASS: ${STATUS_PASS}, FAIL: ${STATUS_FAIL}" + log "PASS: ${STATUS_PASS}, FAIL: ${STATUS_FAIL}, SKIPPED: ${STATUS_SKIPPED}" pause_continue \ "Press any key to keep test session open" \ @@ -236,7 +236,7 @@ run_selected() { done teardown "${__setup}" - log "PASS: ${STATUS_PASS}, FAIL: ${STATUS_FAIL}" + log "PASS: ${STATUS_PASS}, FAIL: ${STATUS_FAIL}, SKIPPED: ${STATUS_SKIPPED}" pause_continue \ "Press any key to keep test session open" \ -- 2.49.0

1 1

[PATCH v2] test: Display count of skipped tests in status and summary
by Laurent Vivier 14 May '25

14 May '25

This commit enhances test reporting by tracking and displaying the number of skipped tests. The skipped test count is now visible in the tmux status bar during execution and included in the final test summary log. This provides a more complete overview of test suite results. Signed-off-by: Laurent Vivier <lvivier(a)redhat.com> --- Notes: v2: add missing comma before SKIPPED in report log test/lib/term | 7 +++++-- test/run | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/test/lib/term b/test/lib/term index ed690de82c20..089364c67f85 100755 --- a/test/lib/term +++ b/test/lib/term @@ -19,6 +19,7 @@ STATUS_FILE_INDEX=0 STATUS_COLS= STATUS_PASS=0 STATUS_FAIL=0 +STATUS_SKIPPED=0 PR_RED='\033[1;31m' PR_GREEN='\033[1;32m' @@ -439,19 +440,21 @@ info_layout() { # status_test_ok() - Update counter of passed tests, log and display message status_test_ok() { STATUS_PASS=$((STATUS_PASS + 1)) - tmux set status-right "PASS: ${STATUS_PASS} | FAIL: ${STATUS_FAIL} | #(TZ="UTC" date -Iseconds)" + tmux set status-right "PASS: ${STATUS_PASS} | FAIL: ${STATUS_FAIL} | SKIPPED: ${STATUS_SKIPPED} | #(TZ="UTC" date -Iseconds)" info_passed } # status_test_fail() - Update counter of failed tests, log and display message status_test_fail() { STATUS_FAIL=$((STATUS_FAIL + 1)) - tmux set status-right "PASS: ${STATUS_PASS} | FAIL: ${STATUS_FAIL} | #(TZ="UTC" date -Iseconds)" + tmux set status-right "PASS: ${STATUS_PASS} | FAIL: ${STATUS_FAIL} | SKIPPED: ${STATUS_SKIPPED} | #(TZ="UTC" date -Iseconds)" info_failed } # status_test_fail() - Update counter of failed tests, log and display message status_test_skip() { + STATUS_SKIPPED=$((STATUS_SKIPPED + 1)) + tmux set status-right "PASS: ${STATUS_PASS} | FAIL: ${STATUS_FAIL} | SKIPPED: ${STATUS_SKIPPED} | #(TZ="UTC" date -Iseconds)" info_skipped } diff --git a/test/run b/test/run index 4e86f30fb750..a6070d28e8c4 100755 --- a/test/run +++ b/test/run @@ -202,7 +202,7 @@ skip_distro() { perf_finish [ ${CI} -eq 1 ] && video_stop - log "PASS: ${STATUS_PASS}, FAIL: ${STATUS_FAIL}" + log "PASS: ${STATUS_PASS}, FAIL: ${STATUS_FAIL} SKIPPED: ${STATUS_SKIPPED}" pause_continue \ "Press any key to keep test session open" \ @@ -236,7 +236,7 @@ run_selected() { done teardown "${__setup}" - log "PASS: ${STATUS_PASS}, FAIL: ${STATUS_FAIL}" + log "PASS: ${STATUS_PASS}, FAIL: ${STATUS_FAIL} SKIPPED: ${STATUS_SKIPPED}" pause_continue \ "Press any key to keep test session open" \ -- 2.49.0

1 1

[PATCH] test: Display count of skipped tests in status and summary
by Laurent Vivier 14 May '25

14 May '25

This commit enhances test reporting by tracking and displaying the number of skipped tests. The skipped test count is now visible in the tmux status bar during execution and included in the final test summary log. This provides a more complete overview of test suite results. Signed-off-by: Laurent Vivier <lvivier(a)redhat.com> --- test/lib/term | 7 +++++-- test/run | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/test/lib/term b/test/lib/term index ed690de82c20..089364c67f85 100755 --- a/test/lib/term +++ b/test/lib/term @@ -19,6 +19,7 @@ STATUS_FILE_INDEX=0 STATUS_COLS= STATUS_PASS=0 STATUS_FAIL=0 +STATUS_SKIPPED=0 PR_RED='\033[1;31m' PR_GREEN='\033[1;32m' @@ -439,19 +440,21 @@ info_layout() { # status_test_ok() - Update counter of passed tests, log and display message status_test_ok() { STATUS_PASS=$((STATUS_PASS + 1)) - tmux set status-right "PASS: ${STATUS_PASS} | FAIL: ${STATUS_FAIL} | #(TZ="UTC" date -Iseconds)" + tmux set status-right "PASS: ${STATUS_PASS} | FAIL: ${STATUS_FAIL} | SKIPPED: ${STATUS_SKIPPED} | #(TZ="UTC" date -Iseconds)" info_passed } # status_test_fail() - Update counter of failed tests, log and display message status_test_fail() { STATUS_FAIL=$((STATUS_FAIL + 1)) - tmux set status-right "PASS: ${STATUS_PASS} | FAIL: ${STATUS_FAIL} | #(TZ="UTC" date -Iseconds)" + tmux set status-right "PASS: ${STATUS_PASS} | FAIL: ${STATUS_FAIL} | SKIPPED: ${STATUS_SKIPPED} | #(TZ="UTC" date -Iseconds)" info_failed } # status_test_fail() - Update counter of failed tests, log and display message status_test_skip() { + STATUS_SKIPPED=$((STATUS_SKIPPED + 1)) + tmux set status-right "PASS: ${STATUS_PASS} | FAIL: ${STATUS_FAIL} | SKIPPED: ${STATUS_SKIPPED} | #(TZ="UTC" date -Iseconds)" info_skipped } diff --git a/test/run b/test/run index 4e86f30fb750..a6070d28e8c4 100755 --- a/test/run +++ b/test/run @@ -202,7 +202,7 @@ skip_distro() { perf_finish [ ${CI} -eq 1 ] && video_stop - log "PASS: ${STATUS_PASS}, FAIL: ${STATUS_FAIL}" + log "PASS: ${STATUS_PASS}, FAIL: ${STATUS_FAIL} SKIPPED: ${STATUS_SKIPPED}" pause_continue \ "Press any key to keep test session open" \ @@ -236,7 +236,7 @@ run_selected() { done teardown "${__setup}" - log "PASS: ${STATUS_PASS}, FAIL: ${STATUS_FAIL}" + log "PASS: ${STATUS_PASS}, FAIL: ${STATUS_FAIL} SKIPPED: ${STATUS_SKIPPED}" pause_continue \ "Press any key to keep test session open" \ -- 2.49.0

2 1

[PATCH] flow: close socket fd on error
by Laurent Vivier 14 May '25

14 May '25

In eea8a76caf85 ("flow: fix podman issue #26073"), we unregister the fd from epoll_ctl() in case of error, but we also need to close it. As flowside_sock_l4() also calls sock_l4_sa() via flowside_sock_splice() we can do it unconditionally. Fixes: eea8a76caf85 ("flow: fix podman issue #26073") Signed-off-by: Laurent Vivier <lvivier(a)redhat.com> --- udp_flow.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/udp_flow.c b/udp_flow.c index b3a13b7993d5..4c6b3c2ca8da 100644 --- a/udp_flow.c +++ b/udp_flow.c @@ -88,8 +88,8 @@ static int udp_flow_sock(const struct ctx *c, if (flowside_connect(c, s, pif, side) < 0) { int rc = -errno; - if (pif == PIF_HOST) - epoll_del(c, s); + epoll_del(c, s); + close(s); flow_dbg_perror(uflow, "Couldn't connect flow socket"); return rc; -- 2.49.0

3 2