Re: [PATCH for-6.2 0/4] Zero sockaddr_in when initializing it

[Eric Blake <eblake@redhat.com>]

On Fri, Aug 13, 2021 at 04:05:02PM +0100, Peter Maydell wrote:
> The POSIX spec for sockaddr_in says that implementations are allowed
> to have implementation-dependent extensions controlled by extra
> fields in the struct, and that the way to ensure these are not
> accidentally activated is to zero out the whole data structure.
> We have several places in our codebase where we don't zero-init
> sockaddr_in structs and so (at least in theory) might run into this.
> Coverity spotted the ones in the net code (CID 1005338); the
> others in this series I found by looking at all uses of sockaddr_in.
> (The gdbstub patch changes also a sockaddr_un use, for symmetry.)
> 
> Thanks to Eric for the analysis of what the spec says and why
> Coverity is correct here.

FWIW, the POSIX wording is interesting - it requires portable
applications to zero out sockaddr_in6 (and even states that memset()
is not yet a portable way to do that on exotic hardware, although a
future version of POSIX may add a zero-bit constraint on
implementations; in practice we only use qemu on hardware where
memset() to zero properly sets pointers to NULL and floating points to
0.0).  But for sockaddr_in, it merely recommends it, with an
acknowledgment that much existing code fails to do so.  Or put another
way, POSIX gives carte blanche to implementations to add IPv6
extensions, but advises that IPv4 implementations should be wary of
extensions that trigger off of uninitialized fields.

Since you are fixing IPv4 usage, and not IPv6, I agree with your
designation that this is 6.2 material, and not a regression fix to
rush into 6.1 (should other patches warrant rc4) - we are unlikely to
be running on an implementation where the uninitialized fields cause
noticeable behavior changes to IPv4 behavior.

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization:  qemu.org | libvirt.org