tree-wide: don't play games with alignment around file_handle

The payload of a file_handle structure is not 64bit aligned. So far used _alignas_() to align it to 64bit as a whole, which by accident has the side-effect that the payload ends up being aligned to 64bit too, but this is ugly, because it's really just an accident... Let's do this properly, and just use proper unaligned 64bit reads to access the field, and do not assume aligning the structure as a whole also aligns the payload part of it. Follow-up for: fd51a7d8b5b1c710c3b59e877bc35b2739dcc350
ptyfwd: do not try to read from PTYForward.input_fd when read-only mode
2025-10-01 09:44:46 +02:00 · 2025-08-18 21:50:55 +09:00 · 2025-08-18 13:05:12 +01:00 · 2025-08-18 13:03:18 +01:00 · 2025-08-18 13:02:21 +01:00
5 changed files with 13 additions and 7 deletions
--- a/src/basic/cgroup-util.c
+++ b/src/basic/cgroup-util.c
@ -30,6 +30,7 @@
 #include "string-table.h"
 #include "string-util.h"
 #include "strv.h"
+#include "unaligned.h"
 #include "unit-name.h"
 #include "user-util.h"
 #include "xattr-util.h"
@ -38,7 +39,7 @@
 typedef union {
        struct file_handle file_handle;
        uint8_t space[offsetof(struct file_handle, f_handle) + sizeof(uint64_t)];
-} _alignas_(uint64_t) cg_file_handle;
+} cg_file_handle;

 #define CG_FILE_HANDLE_INIT                                     \
        (cg_file_handle) {                                      \
@ -46,7 +47,8 @@ typedef union {
                .file_handle.handle_type = FILEID_KERNFS,       \
        }

-#define CG_FILE_HANDLE_CGROUPID(fh) (*CAST_ALIGN_PTR(uint64_t, (fh).file_handle.f_handle))
+/* The .f_handle field is not aligned to 64bit on some archs, hence read it via an unaligned accessor */
+#define CG_FILE_HANDLE_CGROUPID(fh) unaligned_read_ne64(fh.file_handle.f_handle)

 int cg_path_open(const char *controller, const char *path) {
        _cleanup_free_ char *fs = NULL;
@ -71,7 +73,7 @@ int cg_cgroupid_open(int cgroupfs_fd, uint64_t id) {
        }

        cg_file_handle fh = CG_FILE_HANDLE_INIT;
-        CG_FILE_HANDLE_CGROUPID(fh) = id;
+        unaligned_write_ne64(fh.file_handle.f_handle, id);

        return RET_NERRNO(open_by_handle_at(cgroupfs_fd, &fh.file_handle, O_DIRECTORY|O_CLOEXEC));
 }
--- a/src/basic/pidfd-util.c
+++ b/src/basic/pidfd-util.c
@ -16,6 +16,7 @@
 #include "stat-util.h"
 #include "stdio-util.h"
 #include "string-util.h"
+#include "unaligned.h"

 static thread_local int have_pidfs = -1;

@ -239,7 +240,7 @@ int pidfd_get_inode_id_impl(int fd, uint64_t *ret) {
                union {
                        struct file_handle file_handle;
                        uint8_t space[offsetof(struct file_handle, f_handle) + sizeof(uint64_t)];
-                } _alignas_(uint64_t) fh = {
+                } fh = {
                        .file_handle.handle_bytes = sizeof(uint64_t),
                        .file_handle.handle_type = FILEID_KERNFS,
                };
@ -248,7 +249,8 @@ int pidfd_get_inode_id_impl(int fd, uint64_t *ret) {
                r = RET_NERRNO(name_to_handle_at(fd, "", &fh.file_handle, &mnt_id, AT_EMPTY_PATH));
                if (r >= 0) {
                        if (ret)
-                                *ret = *CAST_ALIGN_PTR(uint64_t, fh.file_handle.f_handle);
+                                /* Note, "struct file_handle" is 32bit aligned usually, but we need to read a 64bit value from it */
+                                *ret = unaligned_read_ne64(fh.file_handle.f_handle);
                        return 0;
                }
                assert(r != -EOVERFLOW);
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@ -537,7 +537,7 @@ static int parse_one_option(const char *option) {
 #if HAVE_OPENSSL
                _cleanup_strv_free_ char **l = NULL;

-                l = strv_split(optarg, ":");
+                l = strv_split(val, ":");
                if (!l)
                        return log_oom();

--- a/src/shared/ptyfwd.c
+++ b/src/shared/ptyfwd.c
@ -810,7 +810,7 @@ static int shovel_force(PTYForward *f) {

        if (!f->master_hangup)
                f->master_writable = f->master_readable = true;
-        if (!f->stdin_hangup)
+        if (!f->stdin_hangup && f->input_fd >= 0)
                f->stdin_readable = true;
        if (!f->stdout_hangup)
                f->stdout_writable = true;
--- a/src/test/test-nss-hosts.c
+++ b/src/test/test-nss-hosts.c
@ -483,6 +483,7 @@ static int run(int argc, char **argv) {

        assert_se(path_extract_directory(argv[0], &dir) >= 0);

+#if HAVE_SECCOMP
        if (geteuid() != 0 || !is_seccomp_available())
                log_tests_skipped("Not privileged or seccomp is not available");
        else {
@ -508,6 +509,7 @@ static int run(int argc, char **argv) {
                        _exit(EXIT_SUCCESS);
                }
        }
+#endif

        STRV_FOREACH(module, modules) {
                r = test_one_module(dir, *module, names, addresses, n_addresses);
Author	SHA1	Message	Date
Lennart Poettering	c24f405ace	tree-wide: don't play games with alignment around file_handle The payload of a file_handle structure is not 64bit aligned. So far used _alignas_() to align it to 64bit as a whole, which by accident has the side-effect that the payload ends up being aligned to 64bit too, but this is ugly, because it's really just an accident... Let's do this properly, and just use proper unaligned 64bit reads to access the field, and do not assume aligning the structure as a whole also aligns the payload part of it. Follow-up for: fd51a7d8b5b1c710c3b59e877bc35b2739dcc350	2025-08-18 21:50:55 +09:00
Yu Watanabe	73c4350fda	ptyfwd: do not try to read from PTYForward.input_fd when read-only mode Fixes the following error message (the last line): ``` [FAILED] Failed to start TEST-60-MOUNT-RATELIMIT.service. Sending SIGTERM to remaining processes... Sending SIGKILL to remaining processes... All filesystems, swaps, loop devices, MD devices and DM devices detached. Exiting container. Failed to read from pty input fd: Bad file descriptor ``` Follow-up for b823809bca6cd531a54fcf0f02427aea7cd3e651 and cf89e48028ed3b651f63ba624175394c3c0d8efa.	2025-08-18 13:05:12 +01:00
Lennart Poettering	b5be05a106	cryptsetup: reference right variable Fixes: #38576	2025-08-18 13:03:18 +01:00
Antonio Alvarez Feijoo	a83ba27b89	test-nss-hosts: do not call seccomp functions if HAVE_SECCOMP is not set Otherwise, the build fails: ``` Features ... disabled : ACL, SECCOMP, ... ... [1592/2115] Compiling C object test-nss-hosts.p/src_test_test-nss-hosts.c.o FAILED: test-nss-hosts.p/src_test_test-nss-hosts.c.o ... In file included from ../src/test/test-nss-hosts.c:27: ../src/test/test-nss-hosts.c: In function ‘run’: ../src/test/test-nss-hosts.c:497:43: error: implicit declaration of function ‘seccomp_filter_set_add_by_name’ [-Werror=implicit-function-declaration] 497 \| ASSERT_OK(seccomp_filter_set_add_by_name(filter, /* add = / true, s)); \| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ../src/shared/tests.h:181:24: note: in definition of macro ‘ASSERT_OK’ 181 \| typeof(expr) _result = (expr); \ \| ^~~~ ../src/test/test-nss-hosts.c:497:43: warning: nested extern declaration of ‘seccomp_filter_set_add_by_name’ [-Wnested-externs] 497 \| ASSERT_OK(seccomp_filter_set_add_by_name(filter, / add = / true, s)); \| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ../src/shared/tests.h:181:24: note: in definition of macro ‘ASSERT_OK’ 181 \| typeof(expr) _result = (expr); \ \| ^~~~ ../src/test/test-nss-hosts.c:498:35: error: implicit declaration of function ‘seccomp_load_syscall_filter_set_raw’ [-Werror=implicit-function-declaration] 498 \| ASSERT_OK(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, filter, SCMP_ACT_ERRNO(ENOSYS), / log_missing = / true)); \| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ../src/shared/tests.h:181:24: note: in definition of macro ‘ASSERT_OK’ 181 \| typeof(expr) _result = (expr); \ \| ^~~~ ../src/test/test-nss-hosts.c:498:35: warning: nested extern declaration of ‘seccomp_load_syscall_filter_set_raw’ [-Wnested-externs] 498 \| ASSERT_OK(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, filter, SCMP_ACT_ERRNO(ENOSYS), / log_missing = / true)); \| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ../src/shared/tests.h:181:24: note: in definition of macro ‘ASSERT_OK’ 181 \| typeof(expr) _result = (expr); \ \| ^~~~ ../src/test/test-nss-hosts.c:498:71: error: ‘SCMP_ACT_ALLOW’ undeclared (first use in this function) 498 \| ASSERT_OK(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, filter, SCMP_ACT_ERRNO(ENOSYS), / log_missing = / true)); \| ^~~~~~~~~~~~~~ ../src/shared/tests.h:181:24: note: in definition of macro ‘ASSERT_OK’ 181 \| typeof(expr) _result = (expr); \ \| ^~~~ ../src/test/test-nss-hosts.c:498:71: note: each undeclared identifier is reported only once for each function it appears in 498 \| ASSERT_OK(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, filter, SCMP_ACT_ERRNO(ENOSYS), / log_missing = / true)); \| ^~~~~~~~~~~~~~ ../src/shared/tests.h:181:24: note: in definition of macro ‘ASSERT_OK’ 181 \| typeof(expr) _result = (expr); \ \| ^~~~ ../src/test/test-nss-hosts.c:498:95: error: implicit declaration of function ‘SCMP_ACT_ERRNO’ [-Werror=implicit-function-declaration] 498 \| ASSERT_OK(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, filter, SCMP_ACT_ERRNO(ENOSYS), / log_missing = / true)); \| ^~~~~~~~~~~~~~ ../src/shared/tests.h:181:24: note: in definition of macro ‘ASSERT_OK’ 181 \| typeof(expr) _result = (expr); \ \| ^~~~ ../src/test/test-nss-hosts.c:498:95: warning: nested extern declaration of ‘SCMP_ACT_ERRNO’ [-Wnested-externs] 498 \| ASSERT_OK(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, filter, SCMP_ACT_ERRNO(ENOSYS), / log_missing = */ true)); \| ^~~~~~~~~~~~~~ ../src/shared/tests.h:181:24: note: in definition of macro ‘ASSERT_OK’ 181 \| typeof(expr) _result = (expr); \ \| ^~~~ cc1: some warnings being treated as errors ``` Fixes 788b3e030e717404cbb65b4261bff2ef7ddb1b90	2025-08-18 13:02:21 +01:00