composefs: Ensure buffer is suitably aligned for struct fsverity_digest #3340
Conversation
struct fsverity_digest starts with a __u16, so it will normally require 16-bit alignment, which is not guaranteed for a char array. Resolves: ostreedev#3339 Signed-off-by: Simon McVittie <[email protected]>
|
On closer inspection, I don't have libcomposefs in my build environment either (we don't have it in Debian yet and I don't have enough mental bandwidth to be responsible for it) so I'm doing this completely blind. (Thanks, CI!) |
|
Thanks for this! What I'd hoped to do is land containers/composefs#394 and then we can switch to it. Now the point that arises here is that the libcomposefs code is doing the same thing. Of course fsverity-utils has a different copy of this code; it seems to heap allocate https://github.com/ebiggers/fsverity-utils/blob/2543e6e5037c0b1b448282c2793f8a6ce8b12d71/programs/cmd_measure.c#L47 Hmm anyways I think you're right. So I will also update the composefs code. |
It's pretty easy to make a temporary loopback, no? Not to mention temporary VMs. |
|
We also should double check the alignment for https://github.com/containers/composefs-rs/blob/7571eb0dd5789f84cfb1515e0a0b4f3ab603f17d/src/fsverity/ioctl.rs#L60 |
|
Yeah, that one is good because we're actually using a structure with a |
As per Standard C, that should be sufficiently well-aligned for any built-in type, so that's fine. It's stack and static allocations that are the usual problem with alignment.
I'm sure that's pretty easy if you have an immutable/image-based OS and a basic knowledge of how fsverity works; but, sorry, I have neither of those things, and my time is already spread more thinly than I can really cope with, so there's a pretty low limit to how much "can't you just" I am able to add here. |
struct fsverity_digest starts with a __u16, so it will normally require 16-bit alignment, which is not guaranteed for a char array.
Resolves: #3339
This is untested: sorry, I don't currently have any filesystems with fsverity enabled.