From 3cd2d4f942b75a913e54a64b506c9f58c009e38b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edwin.torok@cloud.com>
Date: Tue, 18 Feb 2025 18:19:04 +0000
Subject: [PATCH 1/6] CA-406953: Fix pointer truncation in assert code
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The assert here checks for alignment, so technically truncating the upper bits is not wrong,
but use the correct size.

Signed-off-by: Edwin Török <edwin.torok@cloud.com>
---
 lib/statefileio.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/statefileio.c b/lib/statefileio.c
index a3322bc..1b0593e 100755
--- a/lib/statefileio.c
+++ b/lib/statefileio.c
@@ -39,6 +39,7 @@
 #include <assert.h>
 #include <errno.h>
 #include <pthread.h>
+#include <stdint.h>
 #include <signal.h>
 #include <string.h>
 #include <unistd.h>
@@ -354,7 +355,7 @@ sf_checksum(
 {
     MTC_U32 sum = 0;
 
-    assert((((MTC_U32)p) & 3) == 0 && (((MTC_U32)end) & 3) == 0);
+    assert((((uintptr_t)p) & 3) == 0 && (((uintptr_t)end) & 3) == 0);
 
     while (p < end)
     {

From a3cfaa245af1cbf8aff3c1a41db2bf7ca6711a05 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edwin.torok@cloud.com>
Date: Tue, 18 Feb 2025 17:46:42 +0000
Subject: [PATCH 2/6] CA-406953: Fix uninitialized argument in watchdog.c
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Whether we logged on page allocation failures or not depended on `ret`
which was always uninitialized.
Choose not to log, because logging can delay us by an arbitrary amount,
and fencing is time sensitive.

Signed-off-by: Edwin Török <edwin.torok@cloud.com>
---
 daemon/watchdog.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/daemon/watchdog.c b/daemon/watchdog.c
index bacd9b6..cc0fe83 100755
--- a/daemon/watchdog.c
+++ b/daemon/watchdog.c
@@ -994,7 +994,7 @@ watchdog_selffence(void)
     log_message(MTC_LOG_INFO, "watchdog_selffence.\n");
     
     // Attempt to shutdown domain 0 immediately
-    do_domain_shutdown_self(ret);
+    do_domain_shutdown_self(MTC_ERROR_HB_FENCEREQUESTED);
     // We shouldn't get here but if we do then invoke the watchdog:
 
     if (instance_num == 0)

From ed3aaf76ecf3774db09cdf72f8336a4e8faf2d48 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edwin.torok@cloud.com>
Date: Tue, 18 Feb 2025 17:46:30 +0000
Subject: [PATCH 3/6] CA-406953: Fix uninitialized return in bond_mon.c
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Edwin Török <edwin.torok@cloud.com>
---
 daemon/bond_mon.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/daemon/bond_mon.c b/daemon/bond_mon.c
index bfca082..87d85b2 100755
--- a/daemon/bond_mon.c
+++ b/daemon/bond_mon.c
@@ -358,6 +358,7 @@ bm_initialize(
         com_close(bm_object);
         bm_object = HA_COMMON_OBJECT_INVALID_HANDLE_VALUE;
 #endif
+        ret = MTC_ERROR_INVALID_PARAMETER;
 
         break;
     }

From f45bdaf773d83e922299f1a2c8abba3c54f23733 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edwin.torok@cloud.com>
Date: Tue, 18 Feb 2025 18:18:49 +0000
Subject: [PATCH 4/6] CA-406953: Fix pointer argument truncation in hypercall
 invocations
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

cleanupwatchdog.c:240:32: warning: cast to smaller integer type 'unsigned int' from 'sched_watchdog_t *' (aka 'struct sched_watchdog *') [-Wpointer-to-int-cast]
  240 |     hypercall.arg[1] = (__u64) (unsigned int) &arg;  // pointer to u64
      |                                ^~~~~~~~~~~~~~~~~~~

Signed-off-by: Edwin Török <edwin.torok@cloud.com>
---
 commands/cleanupwatchdog.c | 2 +-
 daemon/watchdog.c          | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/commands/cleanupwatchdog.c b/commands/cleanupwatchdog.c
index 4af02b0..5e39afc 100755
--- a/commands/cleanupwatchdog.c
+++ b/commands/cleanupwatchdog.c
@@ -237,7 +237,7 @@ do_watchdog_disable(uint32_t *id)
 
     hypercall.op = __HYPERVISOR_sched_op;
     hypercall.arg[0] = SCHEDOP_watchdog;
-    hypercall.arg[1] = (__u64) (unsigned int) &arg;  // pointer to u64
+    hypercall.arg[1] = (uintptr_t) &arg;  // pointer to u64
     arg.id = *id;
     arg.timeout = 0;
 
diff --git a/daemon/watchdog.c b/daemon/watchdog.c
index bacd9b6..a467da3 100755
--- a/daemon/watchdog.c
+++ b/daemon/watchdog.c
@@ -407,7 +407,7 @@ do_watchdog_hypercall(uint32_t *id, uint32_t timeout, MTC_STATUS currentstatus)
 
     hypercall.op = __HYPERVISOR_sched_op;
     hypercall.arg[0] = SCHEDOP_watchdog;
-    hypercall.arg[1] = (__u64) (unsigned int) &arg;  // pointer to u64
+    hypercall.arg[1] = (uintptr_t) &arg;  // pointer to u64
     arg.id = *id;
     arg.timeout = timeout;
     
@@ -501,7 +501,7 @@ do_domain_shutdown_self(MTC_STATUS currentstatus)
 
     hypercall.op = __HYPERVISOR_sched_op;
     hypercall.arg[0] = SCHEDOP_remote_shutdown;
-    hypercall.arg[1] = (__u64) (unsigned int) &arg;  // pointer to u64
+    hypercall.arg[1] = (uintptr_t) &arg;  // pointer to u64
     arg.domain_id = 0;
     arg.reason = 1; // reboot
     

From 1d279d5676e018d304531b9ecdae500c2be61e1a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edwin.torok@cloud.com>
Date: Tue, 18 Feb 2025 18:12:35 +0000
Subject: [PATCH 5/6] CA-406953: Use compiler provided offsetof macro
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Avoid these warnings:
```
statefileio.c:216:22: warning: cast to smaller integer type 'unsigned int' from 'struct _sf_global *' [-Wpointer-to-int-cast]
```

Signed-off-by: Edwin Török <edwin.torok@cloud.com>
---
 include/mtctypes.h | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/include/mtctypes.h b/include/mtctypes.h
index 16b7e61..2e1f81e 100755
--- a/include/mtctypes.h
+++ b/include/mtctypes.h
@@ -54,7 +54,7 @@
 //
 
 #include <sys/time.h>
-
+#include <stddef.h>
 
 //
 //
@@ -442,8 +442,7 @@ MTC_ASSERT_SIZE(sizeof (void *) == MTC_POINTER_SIZE);
 
 #define _rounddiv(num, div)     (((num) + (div) - 1) / (div))
 #define _roundup(num, div)      (_rounddiv(num, div) * (div))
-#define _struct_offset(structname, element) \
-                                ((unsigned int)&(((structname *)0)->element))
+#define _struct_offset(structname, element) offsetof(structname, element)
 
 #ifndef _min
 #define _min(X, Y)      ((X < Y)? (X): (Y))

From f1f263dfa99e17d62f0f6bcf0c9d70c800ea226c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edwin.torok@cloud.com>
Date: Tue, 18 Feb 2025 17:35:52 +0000
Subject: [PATCH 6/6] CA-406953: make pointer truncation a compilation error
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Edwin Török <edwin.torok@cloud.com>
---
 default-debug.mk   | 2 +-
 default-release.mk | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/default-debug.mk b/default-debug.mk
index 1eb82de..fb27629 100755
--- a/default-debug.mk
+++ b/default-debug.mk
@@ -4,7 +4,7 @@
 
 CC=gcc
 SOURCEDIR=..
-CFLAGS=-g -Wall -Wno-multichar
+CFLAGS=-g -Wall -Wno-multichar -Werror=pointer-to-int-cast -O
 
 
 OBJDIR=$(SOURCEDIR)/debug
diff --git a/default-release.mk b/default-release.mk
index 2a31b81..44960fe 100755
--- a/default-release.mk
+++ b/default-release.mk
@@ -4,7 +4,7 @@
 
 CC=gcc
 SOURCEDIR=..
-CFLAGS=-g -Wall -Wno-multichar
+CFLAGS=-g -Wall -Wno-multichar -Werror=pointer-to-int-cast
 
 CFLAGS+=-DNDEBUG 
 OBJDIR=$(SOURCEDIR)/release