[Swan-dev] netlink.h:NLMSG_OK change to avoid GCC warnings

Antony Antony antony at phenome.org
Fri Aug 28 12:11:08 EEST 2015 

Here is a data point. 

I don't see the warning you mentioned. May be I need a newer gcc? There is no warning on stock Ubuntu 15.04, i686, and libreswan master.

gcc --version
gcc (Ubuntu 4.9.2-10ubuntu13) 4.9.2

root at vivid32:~# uname -m
i686

cc -c -pthread   -g  -fexceptions -fstack-protector-all -fno-strict-aliasing -fPIE -DPIE -DFORCE_PR_ASSERT -DDNSSEC -DKLIPS -DLIBCURL -DUSE_MD5 -DHAVE_NM -DUSE_SHA2 -DUSE_SHA1 -DFIPSPRODUCTCHECK=\"/etc/system-fips\" -DIPSEC_CONF=\"/etc/ipsec.conf\" -DIPSEC_CONFDDIR=\"/etc/ipsec.d\" -DIPSEC_NSSDIR=\"/etc/ipsec.d\" -DIPSEC_CONFDIR=\"/etc\" -DIPSEC_EXECDIR=\"/usr/local/libexec/ipsec\" -DIPSEC_SBINDIR=\"/usr/local/sbin\" -DIPSEC_VARDIR=\"/var\" -DPOLICYGROUPSDIR=\"/etc/ipsec.d/policies\" -DSHARED_SECRETS_FILE=\"/etc/ipsec.secrets\" -DGCC_LINT -DALLOW_MICROSOFT_BAD_PROPOSAL -Werror -Wall -Wextra -Wformat -Wformat-nonliteral -Wformat-security -Wundef -Wmissing-declarations -Wredundant-decls -Wnested-externs -I/home/a/libreswan/ports/linux/include -I/home/a/libreswan/ports/linux/include -I/home/a/libreswan/ports/linux/include -I/home/a/libreswan/ports/linux/include -I/home/a/libreswan/programs/pluto -I/home/a/libreswan/programs/addconn/ -I/home/a/libreswan -I/home/a/libreswan/linux/include -I/home/a/libreswan/include -I/usr/include/nss -I/usr/include/nspr   /home/a/libreswan/programs/addconn/addconn.c


On Thu, Aug 27, 2015 at 03:42:26PM -0400, D. Hugh Redelmeier wrote:
> [I want to send this to the kernel API developers.  Does it look 
> reasonable?]
> 
> [Can someone test on a 32-bit system where libreswan addcon.c got build 
> warnings?  That would involve testing with and without the hacky casts to 
> unsigned short I added to the second argument of the two calls to NLMSG_OK 
> in addcon.c.  All appears well in my 64-bit system.]
> 
> Summary: please add a cast to avoid a GCC warning on 32-bit userland.
> 
> GCC seems to have added a new warning that netlink.h provokes on i386.
> netlink.h should be changed to avoid this, even though the netlink.h
> code is correct.
> 
> GCC's warning is to flag comparisons where the implicit "Usual
> Arithmetic Conversions" could lead to a surprising result.
> 
> Consider this context:
> 	int i;
> 	unsigned u;
> The C standard says that i<u is evaluated as (unsigned)i < u.
> This can easily be a surprise because a negative value of i will be 
> silently treated as a very large positive value.
> 
> In include/uapi/linux/netlink.h:
> #define NLMSG_OK(nlh,len) ((len) >= (int)sizeof(struct nlmsghdr) && \
> 			   (nlh)->nlmsg_len >= sizeof(struct nlmsghdr) && \
> 			   (nlh)->nlmsg_len <= (len))
> 
> This comparison looks suspicious to GCC:
> 	(nlh)->nlmsg_len <= (len)
> nlmsg_len is of type __u32.  If int is 32 bits, this compare will be
> done as
> 	(nlh)->nlmsg_len <= (unsigned)(len)
> We know that this is actually safe because the first conjunct
> determined that len isn't negative but the GCC apparently doesn't know.
> 
> A change that would calm GCC and also be correct would be to add
> a cast to:
> 	(nlh)->nlmsg_len <= (unsigned)(len))
> But I imagine that len might well actually have type ssize_t.  It is
> often the result of a call to recvfrom(2), which is a ssize_t.  So I
> think that this would be safer:
> 	(nlh)->nlmsg_len <= (size_t)(len))
> I know of no system where size_t is narrower than unsigned.
> 
> This problem came up when building a userland component of libreswan in a 
> 32-bit environment with a recent GCC and was reported by Lennart Sorensen.
> 
> diff --git a/include/uapi/linux/netlink.h b/include/uapi/linux/netlink.h
> index cf6a65c..0343f58 100644
> --- a/include/uapi/linux/netlink.h
> +++ b/include/uapi/linux/netlink.h
> @@ -86,7 +86,7 @@ struct nlmsghdr {
>  				  (struct nlmsghdr*)(((char*)(nlh)) + NLMSG_ALIGN((nlh)->nlmsg_len)))
>  #define NLMSG_OK(nlh,len) ((len) >= (int)sizeof(struct nlmsghdr) && \
>  			   (nlh)->nlmsg_len >= sizeof(struct nlmsghdr) && \
> -			   (nlh)->nlmsg_len <= (len))
> +			   (nlh)->nlmsg_len <= (size_t)(len))
>  #define NLMSG_PAYLOAD(nlh,len) ((nlh)->nlmsg_len - NLMSG_SPACE((len)))
>  
>  #define NLMSG_NOOP		0x1	/* Nothing.		*/
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
>

More information about the Swan-dev mailing list