Makefile: enable clang-tidy in presubmit tests

Fix all errors it points to.
The one in netlink_send_ext is concerning.

Makefile

@@ -248,8 +248,10 @@ bin/syz-fmt:
 
 tidy:
 	# A single check is enabled for now. But it's always fixable and proved to be useful.
-	clang-tidy -quiet -header-filter=.* -checks=-*,misc-definitions-in-headers -warnings-as-errors=* \
+	clang-tidy -quiet -header-filter=.* -warnings-as-errors=* \
 		-extra-arg=-DGOOS_$(TARGETOS)=1 -extra-arg=-DGOARCH_$(TARGETARCH)=1 \
+		-extra-arg=-DHOSTGOOS_$(HOSTOS)=1 -extra-arg=-DGIT_REVISION=\"$(REV)\" \
+		-checks=-*,misc-definitions-in-headers,bugprone-macro-parentheses,clang-analyzer-*,-clang-analyzer-security.insecureAPI*,-clang-analyzer-optin.performance* \
 		executor/*.cc
 
 lint:
@@ -265,7 +267,7 @@ presubmit:
 
 presubmit_smoke:
 	$(MAKE) generate
-	$(MAKE) -j100 check_commits check_diff check_copyright check_language check_links presubmit_build
+	$(MAKE) -j100 check_commits check_diff check_copyright check_language check_links presubmit_build tidy
 	$(MAKE) test
 
 presubmit_build:

executor/common_linux.h

@@ -184,10 +184,10 @@ static int netlink_send_ext(struct nlmsg* nlmsg, int sock,
 	if (n != hdr->nlmsg_len)
 		fail("short netlink write: %d/%d", n, hdr->nlmsg_len);
 	n = recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0);
-	if (hdr->nlmsg_type == NLMSG_DONE) {
+	if (reply_len)
 		*reply_len = 0;
+	if (hdr->nlmsg_type == NLMSG_DONE)
 		return 0;
-	}
 	if (n < sizeof(struct nlmsghdr))
 		fail("short netlink read: %d", n);
 	if (reply_len && hdr->nlmsg_type == reply_type) {
@@ -1381,12 +1381,6 @@ static long syz_emit_ethernet(volatile long a0, volatile long a1, volatile long
 #define CQ_RING_OVERFLOW_OFFSET 284
 #define CQ_FLAGS_OFFSET 280
 #define CQ_CQES_OFFSET 320
-#define SQ_ARRAY_OFFSET(sq_entries, cq_entries) (round_up(CQ_CQES_OFFSET + cq_entries * SIZEOF_IO_URING_CQE, 64))
-
-uint32 round_up(uint32 x, uint32 a)
-{
-	return (x + a - 1) & ~(a - 1);
-}
 
 #if SYZ_EXECUTOR || __NR_syz_io_uring_complete
 
@@ -1538,7 +1532,7 @@ static long syz_io_uring_submit(volatile long a0, volatile long a1, volatile lon
 	uint32 cq_ring_entries = *(uint32*)(ring_ptr + CQ_RING_ENTRIES_OFFSET);
 
 	// Compute the sq_array offset
-	uint32 sq_array_off = SQ_ARRAY_OFFSET(sq_ring_entries, cq_ring_entries);
+	uint32 sq_array_off = (CQ_CQES_OFFSET + cq_ring_entries * SIZEOF_IO_URING_CQE + 63) & ~63;
 
 	// Get the ptr to the destination for the sqe
 	if (sq_ring_entries)
@@ -3452,8 +3446,8 @@ static int do_sandbox_namespace(void)
 #define AID_EVERYBODY 9997
 #define AID_APP 10000
 
-#define UNTRUSTED_APP_UID AID_APP + 999
-#define UNTRUSTED_APP_GID AID_APP + 999
+#define UNTRUSTED_APP_UID (AID_APP + 999)
+#define UNTRUSTED_APP_GID (AID_APP + 999)
 
 const char* const SELINUX_CONTEXT_UNTRUSTED_APP = "u:r:untrusted_app:s0:c512,c768";
 const char* const SELINUX_LABEL_APP_DATA_FILE = "u:object_r:app_data_file:s0:c512,c768";

executor/kvm_gen.cc

@@ -5,8 +5,8 @@
 
 #include <stdio.h>
 
-#define PRINT(x)                                   \
-	extern const unsigned char x[], x##_end[]; \
+#define PRINT(x)                                    \
+	extern const unsigned char(x)[], x##_end[]; \
 	print(#x, x, x##_end);
 
 void print(const char* name, const unsigned char* start, const unsigned char* end)

pkg/csource/generated.go

@@ -2424,10 +2424,10 @@ static int netlink_send_ext(struct nlmsg* nlmsg, int sock,
 	if (n != hdr->nlmsg_len)
 		fail("short netlink write: %d/%d", n, hdr->nlmsg_len);
 	n = recv(sock, nlmsg->buf, sizeof(nlmsg->buf), 0);
-	if (hdr->nlmsg_type == NLMSG_DONE) {
+	if (reply_len)
 		*reply_len = 0;
+	if (hdr->nlmsg_type == NLMSG_DONE)
 		return 0;
-	}
 	if (n < sizeof(struct nlmsghdr))
 		fail("short netlink read: %d", n);
 	if (reply_len && hdr->nlmsg_type == reply_type) {
@@ -3535,12 +3535,6 @@ static long syz_emit_ethernet(volatile long a0, volatile long a1, volatile long
 #define CQ_RING_OVERFLOW_OFFSET 284
 #define CQ_FLAGS_OFFSET 280
 #define CQ_CQES_OFFSET 320
-#define SQ_ARRAY_OFFSET(sq_entries, cq_entries) (round_up(CQ_CQES_OFFSET + cq_entries * SIZEOF_IO_URING_CQE, 64))
-
-uint32 round_up(uint32 x, uint32 a)
-{
-	return (x + a - 1) & ~(a - 1);
-}
 
 #if SYZ_EXECUTOR || __NR_syz_io_uring_complete
 struct io_uring_cqe {
@@ -3648,7 +3642,7 @@ static long syz_io_uring_submit(volatile long a0, volatile long a1, volatile lon
 
 	uint32 sq_ring_entries = *(uint32*)(ring_ptr + SQ_RING_ENTRIES_OFFSET);
 	uint32 cq_ring_entries = *(uint32*)(ring_ptr + CQ_RING_ENTRIES_OFFSET);
-	uint32 sq_array_off = SQ_ARRAY_OFFSET(sq_ring_entries, cq_ring_entries);
+	uint32 sq_array_off = (CQ_CQES_OFFSET + cq_ring_entries * SIZEOF_IO_URING_CQE + 63) & ~63;
 	if (sq_ring_entries)
 		sqes_index %= sq_ring_entries;
 	char* sqe_dest = sqes_ptr + sqes_index * SIZEOF_IO_URING_SQE;
@@ -8249,8 +8243,8 @@ static void set_app_seccomp_filter()
 #define AID_EVERYBODY 9997
 #define AID_APP 10000
 
-#define UNTRUSTED_APP_UID AID_APP + 999
-#define UNTRUSTED_APP_GID AID_APP + 999
+#define UNTRUSTED_APP_UID (AID_APP + 999)
+#define UNTRUSTED_APP_GID (AID_APP + 999)
 
 const char* const SELINUX_CONTEXT_UNTRUSTED_APP = "u:r:untrusted_app:s0:c512,c768";
 const char* const SELINUX_LABEL_APP_DATA_FILE = "u:object_r:app_data_file:s0:c512,c768";

tools/docker/env/Dockerfile

@@ -22,7 +22,7 @@ LABEL homepage="https://github.com/google/syzkaller"
 RUN dpkg --add-architecture i386 && \
 	apt-get update && \
 	DEBIAN_FRONTEND=noninteractive apt-get install -y -q --no-install-recommends \
-	sudo make nano git curl ca-certificates clang-format binutils g++ clang \
+	sudo make nano git curl ca-certificates clang-format clang-tidy binutils g++ clang \
 	g++-arm-linux-gnueabi g++-aarch64-linux-gnu g++-powerpc64le-linux-gnu \
 	g++-mips64el-linux-gnuabi64 g++-s390x-linux-gnu g++-riscv64-linux-gnu \
 	libc6-dev:i386 linux-libc-dev:i386 lib32gcc-8-dev lib32stdc++-8-dev \