mount: Fix ioctl to not use GNU C extension

Signed-off-by: Colin Walters <[email protected]>
containers · Sep 26, 2024 · 58a9aa0 · 58a9aa0
1 parent bcbc609
commit 58a9aa0
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 17 deletions.
diff --git a/libcomposefs/lcfs-mount.c b/libcomposefs/lcfs-mount.c
@@ -221,23 +221,20 @@ static errint_t lcfs_validate_mount_options(struct lcfs_mount_state_s *state)
 
 static errint_t lcfs_validate_verity_fd(struct lcfs_mount_state_s *state)
 {
-	struct {
-		struct fsverity_digest fsv;
-		char buf[MAX_DIGEST_SIZE];
-	} buf;
+	char buf[sizeof(struct fsverity_digest) + MAX_DIGEST_SIZE];
+	struct fsverity_digest *fsv = (struct fsverity_digest *)&buf;
 	int res;
 
 	if (state->expected_digest_len != 0) {
-		buf.fsv.digest_size = MAX_DIGEST_SIZE;
-		res = ioctl(state->fd, FS_IOC_MEASURE_VERITY, &buf.fsv);
+		fsv->digest_size = MAX_DIGEST_SIZE;
+		res = ioctl(state->fd, FS_IOC_MEASURE_VERITY, fsv);
 		if (res == -1) {
 			if (errno == ENODATA || errno == EOPNOTSUPP || errno == ENOTTY)
 				return -ENOVERITY;
 			return -errno;
 		}
-		if (buf.fsv.digest_size != state->expected_digest_len ||
-		    memcmp(state->expected_digest, buf.fsv.digest,
-			   buf.fsv.digest_size) != 0)
+		if (fsv->digest_size != state->expected_digest_len ||
+		    memcmp(state->expected_digest, fsv->digest, fsv->digest_size) != 0)
 			return -EWRONGVERITY;
 	}
 

diff --git a/libcomposefs/lcfs-writer.c b/libcomposefs/lcfs-writer.c
@@ -579,15 +579,13 @@ int lcfs_compute_fsverity_from_fd(uint8_t *digest, int fd)
 // position will always be reset to zero if needed.
 int lcfs_fd_get_fsverity(uint8_t *digest, int fd)
 {
-	struct {
-		struct fsverity_digest fsv;
-		char buf[MAX_DIGEST_SIZE];
-	} buf;
+	char buf[sizeof(struct fsverity_digest) + MAX_DIGEST_SIZE];
+	struct fsverity_digest *fsv = (struct fsverity_digest *)&buf;
 
 	// First, ask the kernel if the file already has fsverity; if so we just return
 	// that.
-	buf.fsv.digest_size = MAX_DIGEST_SIZE;
-	int res = ioctl(fd, FS_IOC_MEASURE_VERITY, &buf.fsv);
+	fsv->digest_size = MAX_DIGEST_SIZE;
+	int res = ioctl(fd, FS_IOC_MEASURE_VERITY, fsv);
 	if (res == -1) {
 		// Under this condition, the file didn't have fsverity enabled or the
 		// kernel doesn't support it at all.  We need to compute it in the current process.
@@ -603,11 +601,11 @@ int lcfs_fd_get_fsverity(uint8_t *digest, int fd)
 	}
 	// The file has fsverity enabled, but with an unexpected different algorithm (e.g. sha512).
 	// This is going to be a weird corner case.  For now, we error out.
-	if (buf.fsv.digest_size != LCFS_DIGEST_SIZE) {
+	if (fsv->digest_size != LCFS_DIGEST_SIZE) {
 		return -EWRONGVERITY;
 	}
 
-	memcpy(digest, buf.buf, LCFS_DIGEST_SIZE);
+	memcpy(digest, buf + sizeof(struct fsverity_digest), LCFS_DIGEST_SIZE);
 
 	return 0;
 }