From: Arnd Bergmann <[email protected]>
I started getting warnings for this one file, though I can't see what changed
since it was originally introduced in commit fec7b6690541 ("samples: add an
example of seccomp user trap").
samples/seccomp/user-trap.c: In function 'send_fd':
samples/seccomp/user-trap.c:50:11: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
50 | *((int *)CMSG_DATA(cmsg)) = fd;
| ~^~~~~~~~~~~~~~~~~~~~~~~
samples/seccomp/user-trap.c: In function 'recv_fd':
samples/seccomp/user-trap.c:83:18: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
83 | return *((int *)CMSG_DATA(cmsg));
| ~^~~~~~~~~~~~~~~~~~~~~~~
Using a temporary pointer variable avoids the warning.
Signed-off-by: Arnd Bergmann <[email protected]>
---
samples/seccomp/user-trap.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/samples/seccomp/user-trap.c b/samples/seccomp/user-trap.c
index 20291ec6489f..a23fec357b5d 100644
--- a/samples/seccomp/user-trap.c
+++ b/samples/seccomp/user-trap.c
@@ -33,6 +33,7 @@ static int send_fd(int sock, int fd)
{
struct msghdr msg = {};
struct cmsghdr *cmsg;
+ int *fd_ptr;
char buf[CMSG_SPACE(sizeof(int))] = {0}, c = 'c';
struct iovec io = {
.iov_base = &c,
@@ -47,7 +48,8 @@ static int send_fd(int sock, int fd)
cmsg->cmsg_level = SOL_SOCKET;
cmsg->cmsg_type = SCM_RIGHTS;
cmsg->cmsg_len = CMSG_LEN(sizeof(int));
- *((int *)CMSG_DATA(cmsg)) = fd;
+ fd_ptr = (int *)CMSG_DATA(cmsg);
+ *fd_ptr = fd;
msg.msg_controllen = cmsg->cmsg_len;
if (sendmsg(sock, &msg, 0) < 0) {
@@ -62,6 +64,7 @@ static int recv_fd(int sock)
{
struct msghdr msg = {};
struct cmsghdr *cmsg;
+ int *fd_ptr;
char buf[CMSG_SPACE(sizeof(int))] = {0}, c = 'c';
struct iovec io = {
.iov_base = &c,
@@ -79,8 +82,9 @@ static int recv_fd(int sock)
}
cmsg = CMSG_FIRSTHDR(&msg);
+ fd_ptr = (int *)CMSG_DATA(cmsg);
- return *((int *)CMSG_DATA(cmsg));
+ return *fd_ptr;
}
static int user_trap_syscall(int nr, unsigned int flags)
--
2.39.2
On Mon, 12 Feb 2024 12:17:31 +0100, Arnd Bergmann wrote:
> I started getting warnings for this one file, though I can't see what changed
> since it was originally introduced in commit fec7b6690541 ("samples: add an
> example of seccomp user trap").
>
> samples/seccomp/user-trap.c: In function 'send_fd':
> samples/seccomp/user-trap.c:50:11: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
> 50 | *((int *)CMSG_DATA(cmsg)) = fd;
> | ~^~~~~~~~~~~~~~~~~~~~~~~
> samples/seccomp/user-trap.c: In function 'recv_fd':
> samples/seccomp/user-trap.c:83:18: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
> 83 | return *((int *)CMSG_DATA(cmsg));
> | ~^~~~~~~~~~~~~~~~~~~~~~~
>
> [...]
Applied to for-next/seccomp, thanks!
[1/1] samples: user-trap: fix strict-aliasing warning
https://git.kernel.org/kees/c/9ad28ca5238d
Take care,
--
Kees Cook
On Mon, Feb 12, 2024 at 10:42:27AM -0800, Kees Cook wrote:
> On Mon, 12 Feb 2024 12:17:31 +0100, Arnd Bergmann wrote:
> > I started getting warnings for this one file, though I can't see what changed
> > since it was originally introduced in commit fec7b6690541 ("samples: add an
> > example of seccomp user trap").
> >
> > samples/seccomp/user-trap.c: In function 'send_fd':
> > samples/seccomp/user-trap.c:50:11: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
> > 50 | *((int *)CMSG_DATA(cmsg)) = fd;
> > | ~^~~~~~~~~~~~~~~~~~~~~~~
> > samples/seccomp/user-trap.c: In function 'recv_fd':
> > samples/seccomp/user-trap.c:83:18: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
> > 83 | return *((int *)CMSG_DATA(cmsg));
> > | ~^~~~~~~~~~~~~~~~~~~~~~~
> >
> > [...]
>
> Applied to for-next/seccomp, thanks!
>
> [1/1] samples: user-trap: fix strict-aliasing warning
> https://git.kernel.org/kees/c/9ad28ca5238d
>
> Take care,
If you happen to update the trailers, looks good to me too:
Acked-by: Tycho Andersen <[email protected]>
I also don't understand what changed, or why this really fixes it.
We're still "violating" strict aliasing as far as I can tell, since we
just introduce `int *fd_ptr` insted of memcpy()-ing out the fd into
an int?
But whatever shuts the compiler up works for me.
Tycho