From 7a7f9a1453a397cd0f850417e92df4d86f062572 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Wed, 15 Sep 2021 09:07:51 +0200
Subject: [PATCH 1/4] build: ensure all relevant calls are checked for
 availability at build time

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 meson.build | 125 +++++++++++++++++++++++++++++-----------------------
 1 file changed, 71 insertions(+), 54 deletions(-)

diff --git a/meson.build b/meson.build
index b28ffd588..472c98b96 100644
--- a/meson.build
+++ b/meson.build
@@ -199,45 +199,55 @@ foreach decl : [
 endforeach
 
 foreach ident : [
-        ['memfd_create',      '''#include <sys/mman.h>'''],
-        ['gettid',            '''#include <sys/types.h>
-                                 #include <unistd.h>'''],
-        ['pivot_root',        '''#include <stdlib.h>
-                                 #include <unistd.h>'''],     # no known header declares pivot_root
-        ['setns',             '''#include <sched.h>'''],
-        ['renameat2',         '''#include <stdio.h>
-                                 #include <fcntl.h>'''],
-        ['kcmp',              '''#include <linux/kcmp.h>'''],
-        ['keyctl',            '''#include <sys/types.h>
-                                 #include <keyutils.h>'''],
-        ['bpf',               '''#include <sys/syscall.h>
-                                 #include <unistd.h>'''],
-        ['statx',             '''#include <sys/types.h>
-                                 #include <sys/stat.h>
-                                 #include <unistd.h>'''],
-        ['pidfd_send_signal', '''#include <stdlib.h>
-                                 #include <unistd.h>
-                                 #include <signal.h>
-                                 #include <sys/wait.h>'''],
-        ['pidfd_open',        '''#include <stdlib.h>
-                                 #include <unistd.h>
-                                 #include <signal.h>
-                                 #include <sys/wait.h>'''],
-        ['execveat',          '''#include <unistd.h>'''],
-        ['close_range',       '''#include <unistd.h>'''],
-        ['mount_setattr',     '''#include <sys/mount.h>'''],
-        ['move_mount',        '''#include <sys/mount.h>'''],
-        ['open_tree',         '''#include <sys/mount.h>'''],
-        ['strlcpy',	      '''#include <string.h>'''],
-        ['strlcat',	      '''#include <string.h>'''],
-        ['sethostname',	      '''#include <unistd.h>'''],
-        ['faccessat',         '''#include <fcntl.h>
-                                 #include <unistd.h>'''],
-        ['unshare',	      '''#include <sched.h>'''],
-        ['prlimit',	      '''#include <sys/time.h>
-                               #include <sys/resource.h>'''],
-        ['prlimit64',	      '''#include <sys/time.h>
-                               #include <sys/resource.h>'''],
+        ['bpf',               	'''#include <sys/syscall.h>
+				   #include <unistd.h>'''],
+        ['close_range',       	'''#include <unistd.h>'''],
+        ['execveat',          	'''#include <unistd.h>'''],
+        ['faccessat',         	'''#include <fcntl.h>
+				   #include <unistd.h>'''],
+        ['fexecve',          	'''#include <unistd.h>'''],
+        ['fsconfig',		'''#include <sys/mount.h>'''],
+        ['fsmount',		'''#include <sys/mount.h>'''],
+        ['fsopen',		'''#include <sys/mount.h>'''],
+        ['fspick',		'''#include <sys/mount.h>'''],
+        ['gettid',            	'''#include <sys/types.h>
+				   #include <unistd.h>'''],
+        ['kcmp',              	'''#include <linux/kcmp.h>'''],
+        ['keyctl',            	'''#include <sys/types.h>
+				   #include <keyutils.h>'''],
+        ['memfd_create',	'''#include <sys/mman.h>'''],
+        ['mount_setattr',	'''#include <sys/mount.h>'''],
+        ['move_mount',        	'''#include <sys/mount.h>'''],
+        ['openat2',         	'''#include <sys/types.h>
+				   #include <sys/stat.h>
+				   #include <fctnl.h>'''],
+        ['open_tree',         	'''#include <sys/mount.h>'''],
+        ['personality',	      	'''#include <sys/personality.h>'''],
+        ['pidfd_open',        	'''#include <stdlib.h>
+				   #include <unistd.h>
+				   #include <signal.h>
+				   #include <sys/wait.h>'''],
+        ['pidfd_send_signal', 	'''#include <stdlib.h>
+				   #include <unistd.h>
+				   #include <signal.h>
+				   #include <sys/wait.h>'''],
+        ['pivot_root',        	'''#include <stdlib.h>
+				   #include <unistd.h>'''],     # no known header declares pivot_root
+        ['prlimit',	      	'''#include <sys/time.h>
+				   #include <sys/resource.h>'''],
+        ['prlimit64',	      	'''#include <sys/time.h>
+				   #include <sys/resource.h>'''],
+        ['renameat2',         	'''#include <stdio.h>
+				   #include <fcntl.h>'''],
+        ['sethostname',	      	'''#include <unistd.h>'''],
+        ['setns',             	'''#include <sched.h>'''],
+        ['signalfd',	      	'''#include <sys/signalfd.h>'''],
+        ['statx',             	'''#include <sys/types.h>
+				   #include <sys/stat.h>
+				   #include <unistd.h>'''],
+        ['strlcat',	      	'''#include <string.h>'''],
+        ['strlcpy',	      	'''#include <string.h>'''],
+        ['unshare',	      	'''#include <sched.h>'''],
 ]
 
         if cc.has_function(ident[0], prefix : ident[1], args : '-D_GNU_SOURCE')
@@ -509,30 +519,37 @@ found_syscalls = []
 missing_syscalls = []
 
 foreach tuple : [
+        ['bpf'],
+        ['close_range'],
+        ['execveat'],
+        ['faccessat'],
         ['fexecve'],
-        ['memfd_create'],
+        ['fsconfig'],
+        ['fsmount'],
+        ['fsopen'],
+        ['fspick'],
         ['gettid'],
-        ['pivot_root'],
-        ['setns'],
-        ['renameat2'],
         ['kcmp'],
         ['keyctl'],
-        ['bpf'],
-        ['statx'],
-        ['pidfd_send_signal'],
-        ['pidfd_open'],
-        ['execveat'],
-        ['close_range'],
+        ['memfd_create'],
         ['mount_setattr'],
         ['move_mount'],
+        ['openat2'],
         ['open_tree'],
-        ['strlcpy'],
-        ['strlcat'],
-        ['sethostname'],
-        ['faccessat'],
-        ['unshare'],
+        ['personality'],
+        ['pidfd_open'],
+        ['pidfd_send_signal'],
+        ['pivot_root'],
         ['prlimit'],
         ['prlimit64'],
+        ['renameat2'],
+        ['sethostname'],
+        ['setns'],
+        ['signalfd'],
+        ['statx'],
+        ['strlcat'],
+        ['strlcpy'],
+        ['unshare'],
 ]
 
         if tuple.length() >= 2

From df0834edba4af9a46de2a56e147d9cafdfeb2df5 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Wed, 15 Sep 2021 10:12:41 +0200
Subject: [PATCH 2/4] network: fix integer comparisons

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/network.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/lxc/network.c b/src/lxc/network.c
index 654561d44..b87cf57e7 100644
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -1911,7 +1911,8 @@ int netdev_get_mtu(int ifindex)
 	call_cleaner(nlmsg_free) struct nlmsg *answer = NULL, *nlmsg = NULL;
 	struct nl_handler nlh;
 	call_cleaner(netlink_close) struct nl_handler *nlh_ptr = &nlh;
-	int readmore = 0, recv_len = 0;
+	int readmore = 0;
+	__u32 recv_len = 0;
 	int answer_len, err, res;
 	struct ifinfomsg *ifi;
 	struct nlmsghdr *msg;
@@ -2547,7 +2548,8 @@ static int ip_addr_get(int family, int ifindex, void **res)
 	int answer_len, err;
 	struct ifaddrmsg *ifa;
 	struct nlmsghdr *msg;
-	int readmore = 0, recv_len = 0;
+	int readmore = 0;
+	__u32 recv_len = 0;
 
 	err = netlink_open(nlh_ptr, NETLINK_ROUTE);
 	if (err)

From a9502f5dc965a5808d2a5b91d45eb1fa13b92d3b Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Wed, 15 Sep 2021 10:28:50 +0200
Subject: [PATCH 3/4] cgroups: fix declarations and headers

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/cgroups/cgfsng.c | 2 +-
 src/lxc/cgroups/cgroup.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index b111f521c..6a5d9eeab 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -30,9 +30,9 @@
 #include <sys/types.h>
 #include <unistd.h>
 
+#include "cgroup.h"
 #include "af_unix.h"
 #include "caps.h"
-#include "cgroup.h"
 #include "cgroup2_devices.h"
 #include "cgroup_utils.h"
 #include "commands.h"
diff --git a/src/lxc/cgroups/cgroup.h b/src/lxc/cgroups/cgroup.h
index d26559d11..a809b8253 100644
--- a/src/lxc/cgroups/cgroup.h
+++ b/src/lxc/cgroups/cgroup.h
@@ -313,7 +313,7 @@ static inline int cgroup_unified_fd(const struct cgroup_ops *ops)
 			       __first, __VA_ARGS__);                  \
 	})
 
-static void put_cgroup_ctx(struct cgroup_ctx *ctx)
+static inline void put_cgroup_ctx(struct cgroup_ctx *ctx)
 {
 	if (!IS_ERR_OR_NULL(ctx)) {
 		for (__u32 idx = 0; idx < ctx->fd_len; idx++)

From 25dff4d158bfba1765a9f52b29de521bafb70252 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Wed, 15 Sep 2021 10:42:04 +0200
Subject: [PATCH 4/4] build: support lto

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 meson.build | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meson.build b/meson.build
index 472c98b96..ea5ee5d75 100644
--- a/meson.build
+++ b/meson.build
@@ -4,6 +4,7 @@ project('lxc', 'c',
         version : '4.0.0',
         license : 'LGPLv2+',
         default_options: [
+		'b_lto=true',
 		'b_colorout=always',
 		'b_asneeded=true',
 		'b_pie=true',