Merge pull request #3697 from brauner/2021-02-25/fixes

src/lxc/af_unix.c

@@ -113,7 +113,7 @@ int lxc_abstract_unix_connect(const char *path)
 }
 
 int lxc_abstract_unix_send_fds_iov(int fd, const int *sendfds, int num_sendfds,
-				   struct iovec *iov, size_t iovlen)
+				   struct iovec *const iov, size_t iovlen)
 {
 	__do_free char *cmsgbuf = NULL;
 	int ret;
@@ -176,6 +176,12 @@ static ssize_t lxc_abstract_unix_recv_fds_iov(int fd,
 	size_t cmsgbufsize = CMSG_SPACE(sizeof(struct ucred)) +
 			     CMSG_SPACE(ret_fds->fd_count_max * sizeof(int));
 
+	if (ret_fds->flags & ~UNIX_FDS_ACCEPT_MASK)
+		return ret_errno(EINVAL);
+
+	if (hweight32((ret_fds->flags & ~UNIX_FDS_ACCEPT_NONE)) > 1)
+		return ret_errno(EINVAL);
+
 	cmsgbuf = zalloc(cmsgbufsize);
 	if (!cmsgbuf)
 		return ret_errno(ENOMEM);
@@ -202,7 +208,7 @@ again:
                 if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
 			__u32 idx;
 			/*
-			 * This causes some compilers to complaing about
+			 * This causes some compilers to complain about
 			 * increased alignment requirements but I haven't found
 			 * a better way to deal with this yet. Suggestions
 			 * welcome!
@@ -225,7 +231,22 @@ again:
 				return syserrno_set(-EFBIG, "Received excessive number of file descriptors");
 			}
 
+			if (msg.msg_flags & MSG_CTRUNC) {
+				for (idx = 0; idx < num_raw; idx++)
+					close(fds_raw[idx]);
+
+				return syserrno_set(-EFBIG, "Control message was truncated; closing all fds and rejecting incomplete message");
+			}
+
 			if (ret_fds->fd_count_max > num_raw) {
+				if (!(ret_fds->flags & UNIX_FDS_ACCEPT_LESS)) {
+					for (idx = 0; idx < num_raw; idx++)
+						close(fds_raw[idx]);
+
+					return syserrno_set(-EINVAL, "Received fewer file descriptors than we expected %u != %u",
+							    ret_fds->fd_count_max, num_raw);
+				}
+
 				/*
 				 * Make sure any excess entries in the fd array
 				 * are set to -EBADF so our cleanup functions
@@ -234,16 +255,33 @@ again:
 				for (idx = num_raw; idx < ret_fds->fd_count_max; idx++)
 					ret_fds->fd[idx] = -EBADF;
 
-				WARN("Received fewer file descriptors than we expected %u != %u", ret_fds->fd_count_max, num_raw);
+				ret_fds->flags |= UNIX_FDS_RECEIVED_LESS;
 			} else if (ret_fds->fd_count_max < num_raw) {
+				if (!(ret_fds->flags & UNIX_FDS_ACCEPT_MORE)) {
+					for (idx = 0; idx < num_raw; idx++)
+						close(fds_raw[idx]);
+
+					return syserrno_set(-EINVAL, "Received more file descriptors than we expected %u != %u",
+							    ret_fds->fd_count_max, num_raw);
+				}
+
 				/* Make sure we close any excess fds we received. */
 				for (idx = ret_fds->fd_count_max; idx < num_raw; idx++)
 					close(fds_raw[idx]);
 
-				WARN("Received more file descriptors than we expected %u != %u", ret_fds->fd_count_max, num_raw);
-
 				/* Cap the number of received file descriptors. */
 				num_raw = ret_fds->fd_count_max;
+				ret_fds->flags |= UNIX_FDS_RECEIVED_MORE;
+			} else {
+				ret_fds->flags |= UNIX_FDS_RECEIVED_EXACT;
+			}
+
+			if (hweight32((ret_fds->flags & ~UNIX_FDS_ACCEPT_MASK)) > 1) {
+				for (idx = 0; idx < num_raw; idx++)
+					close(fds_raw[idx]);
+
+				return syserrno_set(-EINVAL, "Invalid flag combination; closing to not risk leaking fds %u != %u",
+						    ret_fds->fd_count_max, num_raw);
 			}
 
 			memcpy(ret_fds->fd, CMSG_DATA(cmsg), num_raw * sizeof(int));
@@ -252,6 +290,15 @@ again:
 		}
 	}
 
+	if (ret_fds->fd_count_ret == 0) {
+		ret_fds->flags |= UNIX_FDS_RECEIVED_NONE;
+
+		/* We expected to receive file descriptors. */
+		if ((ret_fds->flags & UNIX_FDS_ACCEPT_MASK) &&
+		    !(ret_fds->flags & UNIX_FDS_ACCEPT_NONE))
+			return syserrno_set(-EINVAL, "Received no file descriptors");
+	}
+
 	return ret;
 }
 

src/lxc/af_unix.h

@@ -12,15 +12,88 @@
 #include "macro.h"
 #include "memory_utils.h"
 
+#define KERNEL_SCM_MAX_FD 253
+
+/* Allow the caller to set expectations. */
+
+/*
+ * UNIX_FDS_ACCEPT_EXACT will only succeed if the exact amount of fds has been
+ * received  (unless combined with UNIX_FDS_ACCEPT_NONE).
+ */
+#define UNIX_FDS_ACCEPT_EXACT ((__u32)(1 << 0)) /* default */
+
+/*
+ * UNIX_FDS_ACCEPT_LESS will also succeed if less than the requested number of
+ * fd has been received. If the UNIX_FDS_ACCEPT_NONE flag is not raised than at
+ * least one fd must be received.
+ * */
+#define UNIX_FDS_ACCEPT_LESS ((__u32)(1 << 1))
+
+/*
+ * UNIX_FDS_ACCEPT_MORE will also succeed if more than the requested number of
+ * fds have been received. Any additional fds will be silently closed.  If the
+ * UNIX_FDS_ACCEPT_NONE flag is not raised than at least one fd must be
+ * received.
+ */
+#define UNIX_FDS_ACCEPT_MORE ((__u32)(1 << 2)) /* wipe any extra fds */
+
 /*
- * Technically 253 is the kernel limit but we want to the struct to be a
- * multiple of 8.
+ * UNIX_FDS_ACCEPT_NONE can be specified with any of the above flags and
+ * indicates that the caller will accept no file descriptors to be received.
  */
-#define KERNEL_SCM_MAX_FD 252
+#define UNIX_FDS_ACCEPT_NONE ((__u32)(1 << 3))
 
+/* UNIX_FDS_ACCEPT_MASK is the value of all the above flags or-ed together. */
+#define UNIX_FDS_ACCEPT_MASK (UNIX_FDS_ACCEPT_EXACT | UNIX_FDS_ACCEPT_LESS | UNIX_FDS_ACCEPT_MORE | UNIX_FDS_ACCEPT_NONE)
+
+/* Allow the callee to communicate reality. */
+
+/* UNIX_FDS_RECEIVED_EXACT indicates that the exact number of fds was received. */
+#define UNIX_FDS_RECEIVED_EXACT ((__u32)(1 << 16))
+
+/*
+ * UNIX_FDS_RECEIVED_LESS indicates that less than the requested number of fd
+ * has been received.
+ */
+#define UNIX_FDS_RECEIVED_LESS ((__u32)(1 << 17))
+
+/*
+ * UNIX_FDS_RECEIVED_MORE indicates that more than the requested number of fd
+ * has been received.
+ */
+#define UNIX_FDS_RECEIVED_MORE ((__u32)(1 << 18))
+
+/* UNIX_FDS_RECEIVED_NONE indicates that no fds have been received. */
+#define UNIX_FDS_RECEIVED_NONE ((__u32)(1 << 19))
+
+/**
+ * Defines a generic struct to receive file descriptors from unix sockets.
+ * @fd_count_max : Either the exact or maximum number of file descriptors the
+ *                 caller is willing to accept. Must be smaller than
+ *                 KERNEL_SCM_MAX_FDs; larger values will be rejected.
+ *                 Filled in by the caller.
+ * @fd_count_ret : The actually received number of file descriptors.
+ *                 Filled in by the callee.
+ * @flags        : Flags to negotiate expectations about the number of file
+ *                 descriptors to receive.
+ *                 Filled in by the caller and callee. The caller's flag space
+ *                 is UNIX_FDS_ACCEPT_* other values will be rejected. The
+ *                 caller may only set one of {EXACT, LESS, MORE}. In addition
+ *                 they can raise the NONE flag. Any combination of {EXACT,
+ *                 LESS, MORE} will be rejected.
+ *                 The callee's flag space is UNIX_FDS_RECEIVED_*. Only ever
+ *                 one of those values will be set.
+ * @fd           : Array to store received file descriptors into. Filled by the
+ *                 callee on success. If less file descriptors are received
+ *                 than requested in @fd_count_max the callee will ensure that
+ *                 all additional slots will be set to -EBADF. Nonetheless, the
+ *                 caller should only ever use @fd_count_ret to iterate through
+ *                 @fd after a successful receive.
+ */
 struct unix_fds {
 	__u32 fd_count_max;
 	__u32 fd_count_ret;
+	__u32 flags;
 	__s32 fd[KERNEL_SCM_MAX_FD];
 } __attribute__((aligned(8)));
 

src/lxc/commands.c

@@ -118,6 +118,38 @@ static int __transfer_cgroup_fd(struct unix_fds *fds, struct cgroup_fd *fd)
 	return 0;
 }
 
+static ssize_t lxc_cmd_rsp_recv_fds(int fd_sock, struct unix_fds *fds,
+				    struct lxc_cmd_rsp *rsp,
+				    const char *cur_cmdstr)
+{
+	ssize_t ret;
+
+	ret = lxc_abstract_unix_recv_fds(fd_sock, fds, rsp, sizeof(*rsp));
+	if (ret < 0)
+		return ret;
+
+	/*
+	 * If we end up here with fewer or more file descriptors the caller
+	 * must have set flags to indicate that they are fine with this.
+	 * Otherwise the call would have failed.
+	 */
+
+	if (fds->flags & UNIX_FDS_RECEIVED_EXACT)
+		return log_info(ret, "Received exact number of file descriptors %u == %u",
+				fds->fd_count_max, fds->fd_count_ret);
+
+	if (fds->flags & UNIX_FDS_RECEIVED_LESS)
+		return log_info(ret, "Received less file descriptors %u < %u",
+				fds->fd_count_ret, fds->fd_count_max);
+
+	if (fds->flags & UNIX_FDS_RECEIVED_MORE)
+		return log_info(ret, "Received more file descriptors (excessive fds were automatically closed) %u > %u",
+				fds->fd_count_ret, fds->fd_count_max);
+
+	INFO("Command \"%s\" received response", cur_cmdstr);
+	return ret;
+}
+
 /*
  * lxc_cmd_rsp_recv: Receive a response to a command
  *
@@ -134,15 +166,17 @@ static int __transfer_cgroup_fd(struct unix_fds *fds, struct cgroup_fd *fd)
  * As a special case, the response for LXC_CMD_GET_TTY_FD is created here as
  * it contains an fd for the ptx pty passed through the unix socket.
  */
-static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
+static ssize_t lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
 {
 	__do_free void *__private_ptr = NULL;
 	struct lxc_cmd_tty_rsp_data *data_console = NULL;
-	call_cleaner(put_unix_fds) struct unix_fds *fds = &(struct unix_fds){};
+	call_cleaner(put_unix_fds) struct unix_fds *fds = &(struct unix_fds){
+		.fd[0 ... KERNEL_SCM_MAX_FD - 1] = -EBADF,
+	};
 	struct lxc_cmd_rsp *rsp = &cmd->rsp;
-	int cur_cmd = cmd->req.cmd, fret = 0;
+	int cur_cmd = cmd->req.cmd;
 	const char *cur_cmdstr;
-	int ret;
+	ssize_t bytes_recv;
 
 	/*
 	 * Determine whether this command will receive file descriptors and how
@@ -163,12 +197,24 @@ static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
 	case LXC_CMD_GET_SECCOMP_NOTIFY_FD:
 		__fallthrough;
 	case LXC_CMD_GET_DEVPTS_FD:
-		__fallthrough;
+		fds->fd_count_max = 1;
+		/*
+		 * The kernel might not support the required features or the
+		 * server might be too old.
+		 */
+		fds->flags = UNIX_FDS_ACCEPT_EXACT | UNIX_FDS_ACCEPT_NONE;
+		break;
 	case LXC_CMD_GET_TTY_FD:
+		/*
+		 * The requested terminal can be busy so it's perfectly fine
+		 * for LXC_CMD_GET_TTY to receive no file descriptor.
+		 */
 		fds->fd_count_max = 1;
+		fds->flags = UNIX_FDS_ACCEPT_EXACT | UNIX_FDS_ACCEPT_NONE;
 		break;
 	case LXC_CMD_GET_CGROUP_CTX:
 		fds->fd_count_max = CGROUP_CTX_MAX_FD;
+		fds->flags |= UNIX_FDS_ACCEPT_LESS;
 		break;
 	default:
 		fds->fd_count_max = 0;
@@ -176,22 +222,9 @@ static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
 	}
 
 	/* Receive the first response including file descriptors if any. */
-	ret = lxc_abstract_unix_recv_fds(sock, fds, rsp, sizeof(*rsp));
-	if (ret < 0)
-		return syserrno(ret, "Failed to receive response for command \"%s\"", cur_cmdstr);
-
-	/*
-	 * Verify that we actually received any file descriptors if the command
-	 * expects to do so.
-	 */
-	if (fds->fd_count_max == 0) {
-		WARN("Command \"%s\" received response", cur_cmdstr);
-	} else if (fds->fd_count_ret == 0) {
-		TRACE("Command \"%s\" received response without any of the expected %u file descriptors", cur_cmdstr, fds->fd_count_max);
-		fret = -EBADF;
-	} else {
-		TRACE("Command \"%s\" received response with %u of %u expected file descriptors", cur_cmdstr, fds->fd_count_ret, fds->fd_count_max);
-	}
+	bytes_recv = lxc_cmd_rsp_recv_fds(sock, fds, rsp, cur_cmdstr);
+	if (bytes_recv < 0)
+		return bytes_recv;
 
 	/*
 	 * Ensure that no excessive data is sent unless someone retrieves the
@@ -199,7 +232,7 @@ static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
 	 */
 	if ((rsp->datalen > LXC_CMD_DATA_MAX) &&
 	    (cur_cmd != LXC_CMD_CONSOLE_LOG))
-		return syserrno_set(fret ?: -E2BIG, "Response data for command \"%s\" is too long: %d bytes > %d",
+		return syserrno_set(-E2BIG, "Response data for command \"%s\" is too long: %d bytes > %d",
 				    cur_cmdstr, rsp->datalen, LXC_CMD_DATA_MAX);
 
 	/*
@@ -216,23 +249,20 @@ static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
 	case LXC_CMD_GET_DEVPTS_FD:		/* no data */
 		__fallthrough;
 	case LXC_CMD_GET_SECCOMP_NOTIFY_FD:	/* no data */
-		if (!fret)
 		rsp->data = INT_TO_PTR(move_fd(fds->fd[0]));
-
-		/* Return for any command that doesn't expect additional data. */
-		return log_debug(fret ?: ret, "Finished processing \"%s\" with file descriptor %d", cur_cmdstr, PTR_TO_INT(rsp->data));
+		return log_debug(0, "Finished processing \"%s\" with file descriptor %d", cur_cmdstr, PTR_TO_INT(rsp->data));
 	case LXC_CMD_GET_CGROUP_FD:		/* data */
 		__fallthrough;
 	case LXC_CMD_GET_LIMIT_CGROUP_FD:	/* data */
 		if (rsp->datalen > sizeof(struct cgroup_fd))
-			return syserrno_set(fret ?: -EINVAL, "Invalid response size from server for \"%s\"", cur_cmdstr);
+			return syserrno_set(-EINVAL, "Invalid response size from server for \"%s\"", cur_cmdstr);
 
 		/* Don't pointlessly allocate. */
 		rsp->data = (void *)cmd->req.data;
 		break;
 	case LXC_CMD_GET_CGROUP_CTX:		/* data */
 		if (rsp->datalen > sizeof(struct cgroup_ctx))
-			return syserrno_set(fret ?: -EINVAL, "Invalid response size from server for \"%s\"", cur_cmdstr);
+			return syserrno_set(-EINVAL, "Invalid response size from server for \"%s\"", cur_cmdstr);
 
 		/* Don't pointlessly allocate. */
 		rsp->data = (void *)cmd->req.data;
@@ -240,14 +270,14 @@ static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
 	case LXC_CMD_GET_TTY_FD:			/* data */
 		/*
 		 * recv() returns 0 bytes when a tty cannot be allocated,
-		 * rsp->ret is < 0 when the peer permission check failed
+		 * rsp->ret is < 0 when the peer permission check failed.
 		 */
-		if (ret == 0 || rsp->ret < 0)
+		if (bytes_recv == 0 || rsp->ret < 0)
 			return 0;
 
 		__private_ptr = malloc(sizeof(struct lxc_cmd_tty_rsp_data));
 		if (!__private_ptr)
-			return syserrno_set(fret ?: -ENOMEM, "Failed to receive response for command \"%s\"", cur_cmdstr);
+			return syserrno_set(-ENOMEM, "Failed to receive response for command \"%s\"", cur_cmdstr);
 		data_console = (struct lxc_cmd_tty_rsp_data *)__private_ptr;
 		data_console->ptxfd = move_fd(fds->fd[0]);
 		data_console->ttynum = PTR_TO_INT(rsp->data);
@@ -267,48 +297,40 @@ static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
 		break;
 	}
 
-	if (rsp->datalen == 0) {
-		DEBUG("Command \"%s\" requested no additional data", cur_cmdstr);
-		/*
-		 * Note that LXC_CMD_GET_TTY_FD historically allocates memory
-		 * to return info to the caller. That's why we jump to no_data
-		 * so we ensure that the allocated data is wiped if we return
-		 * early here.
-		 */
-		goto no_data;
-	}
+	if (rsp->datalen > 0) {
+		int err;
 
 		/*
 		 * All commands ending up here expect data so rsp->data must be valid.
 		 * Either static or allocated memory.
 		 */
 		if (!rsp->data)
-		return syserrno_set(fret ?: -ENOMEM, "Failed to prepare response buffer for command \"%s\"", cur_cmdstr);
+			return syserrno_set(-ENOMEM, "Failed to prepare response buffer for command \"%s\"",
+					    cur_cmdstr);
 
-	ret = lxc_recv_nointr(sock, rsp->data, rsp->datalen, 0);
-	if (ret != rsp->datalen)
-		return syserrno(-errno, "Failed to receive response data for command \"%s\": %d != %d", cur_cmdstr, ret, rsp->datalen);
+		bytes_recv = lxc_recv_nointr(sock, rsp->data, rsp->datalen, 0);
+		if (bytes_recv != rsp->datalen)
+			return syserrno(-errno, "Failed to receive response data for command \"%s\": %zd != %d",
+					cur_cmdstr, bytes_recv, rsp->datalen);
 
 		switch (cur_cmd) {
 		case LXC_CMD_GET_CGROUP_CTX:
-		if (!fret)
-			ret = __transfer_cgroup_ctx_fds(fds, rsp->data);
-		/* Make sure any received fds are wiped by us. */
+			err = __transfer_cgroup_ctx_fds(fds, rsp->data);
 			break;
 		case LXC_CMD_GET_CGROUP_FD:
 			__fallthrough;
 		case LXC_CMD_GET_LIMIT_CGROUP_FD:
-		if (!fret)
-			ret = __transfer_cgroup_fd(fds, rsp->data);
-		/* Make sure any received fds are wiped by us. */
+			err = __transfer_cgroup_fd(fds, rsp->data);
 			break;
+		default:
+			err = 0;
+		}
+		if (err < 0)
+			return syserrno(err, "Failed to transfer file descriptors for command \"%s\"", cur_cmdstr);
 	}
 
-no_data:
-	if (!fret && ret >= 0)
 	move_ptr(__private_ptr);
-
-	return fret ?: ret;
+	return bytes_recv;
 }
 
 /*
@@ -376,6 +398,17 @@ static inline int rsp_one_fd(int fd, int fd_send, struct lxc_cmd_rsp *rsp)
 	return LXC_CMD_REAP_CLIENT_FD;
 }
 
+static inline int rsp_one_fd_keep(int fd, int fd_send, struct lxc_cmd_rsp *rsp)
+{
+	int ret;
+
+	ret = rsp_one_fd(fd, fd_send, rsp);
+	if (ret == LXC_CMD_REAP_CLIENT_FD)
+		ret = LXC_CMD_KEEP_CLIENT_FD;
+
+	return ret;
+}
+
 __access_r(3, 2) static int rsp_many_fds(int fd, __u32 fds_len,
 					 const __s32 fds[static 2],
 					 struct lxc_cmd_rsp *rsp)
@@ -456,12 +489,12 @@ static int lxc_cmd_send(const char *name, struct lxc_cmd_rr *cmd,
  * the slot with lxc_cmd_fd_cleanup(). The socket fd will be returned in the
  * cmd response structure.
  */
-static int lxc_cmd(const char *name, struct lxc_cmd_rr *cmd, int *stopped,
+static ssize_t lxc_cmd(const char *name, struct lxc_cmd_rr *cmd, bool *stopped,
 		       const char *lxcpath, const char *hashed_sock_name)
 {
 	__do_close int client_fd = -EBADF;
-	int ret = -1;
 	bool stay_connected = false;
+	ssize_t ret;
 
 	if (cmd->req.cmd == LXC_CMD_GET_TTY_FD ||
 	    cmd->req.cmd == LXC_CMD_ADD_STATE_CLIENT)
@@ -471,11 +504,10 @@ static int lxc_cmd(const char *name, struct lxc_cmd_rr *cmd, int *stopped,
 
 	client_fd = lxc_cmd_send(name, cmd, lxcpath, hashed_sock_name);
 	if (client_fd < 0) {
-		if (errno == ECONNREFUSED || errno == EPIPE)
+		if (IN_SET(errno, ECONNREFUSED, EPIPE))
 			*stopped = 1;
 
-		return log_trace_errno(-1, errno, "Command \"%s\" failed to connect command socket",
-				       lxc_cmd_str(cmd->req.cmd));
+		return systrace(-errno, "Command \"%s\" failed to connect command socket", lxc_cmd_str(cmd->req.cmd));
 	}
 
 	ret = lxc_cmd_rsp_recv(client_fd, cmd);
@@ -493,10 +525,11 @@ static int lxc_cmd(const char *name, struct lxc_cmd_rr *cmd, int *stopped,
 
 int lxc_try_cmd(const char *name, const char *lxcpath)
 {
-	int stopped, ret;
-	struct lxc_cmd_rr cmd = {
-		.req = { .cmd = LXC_CMD_GET_INIT_PID },
-	};
+	bool stopped = false;
+	ssize_t ret;
+	struct lxc_cmd_rr cmd;
+
+	lxc_cmd_init(&cmd, LXC_CMD_GET_INIT_PID);
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (stopped)
@@ -508,7 +541,8 @@ int lxc_try_cmd(const char *name, const char *lxcpath)
 	if (ret > 0)
 		return 0;
 
-	/* At this point we weren't denied access, and the container *was*
+	/*
+	 * At this point we weren't denied access, and the container *was*
 	 * started. There was some inexplicable error in the protocol.  I'm not
 	 * clear on whether we should return -1 here, but we didn't receive a
 	 * -EACCES, so technically it's not that we're not allowed to control
@@ -552,16 +586,12 @@ static int validate_string_request(int fd, const struct lxc_cmd_req *req)
  */
 pid_t lxc_cmd_get_init_pid(const char *name, const char *lxcpath)
 {
-	int ret, stopped;
-	pid_t pid = -1;
-	struct lxc_cmd_rr cmd = {
-		.req = {
-			.cmd = LXC_CMD_GET_INIT_PID
-		},
-		.rsp = {
-			.data = PID_TO_PTR(pid)
-		}
-	};
+	bool stopped = false;
+	ssize_t ret;
+	pid_t pid;
+	struct lxc_cmd_rr cmd;
+
+	lxc_cmd_init(&cmd, LXC_CMD_GET_INIT_PID);
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0)
@@ -571,7 +601,8 @@ pid_t lxc_cmd_get_init_pid(const char *name, const char *lxcpath)
 	if (pid < 0)
 		return -1;
 
-	/* We need to assume that pid_t can actually hold any pid given to us
+	/*
+	 * We need to assume that pid_t can actually hold any pid given to us
 	 * by the kernel. If it can't it's a libc bug.
 	 */
 	return (pid_t)pid;
@@ -590,28 +621,22 @@ static int lxc_cmd_get_init_pid_callback(int fd, struct lxc_cmd_req *req,
 
 int lxc_cmd_get_init_pidfd(const char *name, const char *lxcpath)
 {
-	int pidfd;
-	int ret, stopped;
-	struct lxc_cmd_rr cmd = {
-		.req = {
-			.cmd = LXC_CMD_GET_INIT_PIDFD,
-		},
-		.rsp = {
-			.data = INT_TO_PTR(-EBADF),
-			.ret = ENOSYS,
-		},
-	};
+	bool stopped = false;
+	int pidfd, ret;
+	struct lxc_cmd_rr cmd;
+
+	lxc_cmd_init(&cmd, LXC_CMD_GET_INIT_PIDFD);
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0)
-		return log_debug_errno(-1, errno, "Failed to process init pidfd command");
+		return sysdebug("Failed to process init pidfd command");
 
 	if (cmd.rsp.ret < 0)
-		return syserrno_set(cmd.rsp.ret, "Failed to receive init pidfd");
+		return sysdebug_set(cmd.rsp.ret, "Failed to receive init pidfd");
 
 	pidfd = PTR_TO_INT(cmd.rsp.data);
 	if (pidfd < 0)
-		return syserrno_set(pidfd, "Failed to receive init pidfd");
+		return sysdebug_set(pidfd, "Failed to receive init pidfd");
 
 	return pidfd;
 }
@@ -633,12 +658,11 @@ static int lxc_cmd_get_init_pidfd_callback(int fd, struct lxc_cmd_req *req,
 
 int lxc_cmd_get_devpts_fd(const char *name, const char *lxcpath)
 {
-	int ret, stopped;
-	struct lxc_cmd_rr cmd = {
-		.req = {
-			.cmd = LXC_CMD_GET_DEVPTS_FD,
-		},
-	};
+	bool stopped = false;
+	ssize_t ret;
+	struct lxc_cmd_rr cmd;
+
+	lxc_cmd_init(&cmd, LXC_CMD_GET_DEVPTS_FD);
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0)
@@ -668,12 +692,11 @@ static int lxc_cmd_get_devpts_fd_callback(int fd, struct lxc_cmd_req *req,
 int lxc_cmd_get_seccomp_notify_fd(const char *name, const char *lxcpath)
 {
 #ifdef HAVE_SECCOMP_NOTIFY
-	int ret, stopped;
-	struct lxc_cmd_rr cmd = {
-		.req = {
-			.cmd = LXC_CMD_GET_SECCOMP_NOTIFY_FD,
-		},
-	};
+	bool stopped = false;
+	ssize_t ret;
+	struct lxc_cmd_rr cmd;
+
+	lxc_cmd_init(&cmd, LXC_CMD_GET_SECCOMP_NOTIFY_FD);
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0)
@@ -710,17 +733,12 @@ static int lxc_cmd_get_seccomp_notify_fd_callback(int fd, struct lxc_cmd_req *re
 int lxc_cmd_get_cgroup_ctx(const char *name, const char *lxcpath,
 			   size_t size_ret_ctx, struct cgroup_ctx *ret_ctx)
 {
-	struct lxc_cmd_rr cmd = {
-		.req = {
-			.cmd		= LXC_CMD_GET_CGROUP_CTX,
-			.datalen	= size_ret_ctx,
-			.data		= ret_ctx,
-		},
-		.rsp = {
-			.ret = -ENOSYS,
-		},
-	};
-	int ret, stopped;
+	bool stopped = false;
+	ssize_t ret;
+	struct lxc_cmd_rr cmd;
+
+	lxc_cmd_init(&cmd, LXC_CMD_GET_CGROUP_CTX);
+	lxc_cmd_data(&cmd, size_ret_ctx, ret_ctx);
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0)
@@ -741,7 +759,7 @@ static int lxc_cmd_get_cgroup_ctx_callback(int fd, struct lxc_cmd_req *req,
 	};
 	struct cgroup_ops *cgroup_ops = handler->cgroup_ops;
 	struct cgroup_ctx ctx_server = {};
-	int ret;
+	ssize_t ret;
 
 	ret = copy_struct_from_client(sizeof(struct cgroup_ctx), &ctx_server,
 				      req->datalen, req->data);
@@ -770,12 +788,11 @@ static int lxc_cmd_get_cgroup_ctx_callback(int fd, struct lxc_cmd_req *req,
  */
 int lxc_cmd_get_clone_flags(const char *name, const char *lxcpath)
 {
-	int ret, stopped;
-	struct lxc_cmd_rr cmd = {
-		.req = {
-			.cmd = LXC_CMD_GET_CLONE_FLAGS,
-		},
-	};
+	bool stopped = false;
+	ssize_t ret;
+	struct lxc_cmd_rr cmd;
+
+	lxc_cmd_init(&cmd, LXC_CMD_GET_CLONE_FLAGS);
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0)
@@ -795,23 +812,18 @@ static int lxc_cmd_get_clone_flags_callback(int fd, struct lxc_cmd_req *req,
 	return lxc_cmd_rsp_send_reap(fd, &rsp);
 }
 
-static char *lxc_cmd_get_cgroup_path_do(const char *name, const char *lxcpath,
-					const char *subsystem,
+static char *lxc_cmd_get_cgroup_path_callback(const char *name,
+					      const char *lxcpath,
+					      const char *controller,
 					      lxc_cmd_t command)
 {
-	int ret, stopped;
-	struct lxc_cmd_rr cmd = {
-		.req = {
-			.cmd = command,
-			.data = subsystem,
-			.datalen = 0,
-		},
-	};
+	bool stopped = false;
+	ssize_t ret;
+	struct lxc_cmd_rr cmd;
 
-	cmd.req.data = subsystem;
-	cmd.req.datalen = 0;
-	if (subsystem)
-		cmd.req.datalen = strlen(subsystem) + 1;
+	lxc_cmd_init(&cmd, command);
+	if (controller)
+		lxc_cmd_data(&cmd, strlen(controller) + 1, controller);
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0)
@@ -826,8 +838,8 @@ static char *lxc_cmd_get_cgroup_path_do(const char *name, const char *lxcpath,
 			 * it sees an unknown command and just closes the
 			 * socket, sending us an EOF.
 			 */
-			return lxc_cmd_get_cgroup_path_do(name, lxcpath,
-							  subsystem,
+			return lxc_cmd_get_cgroup_path_callback(name, lxcpath,
+								controller,
 								LXC_CMD_GET_CGROUP);
 		}
 		return NULL;
@@ -841,50 +853,50 @@ static char *lxc_cmd_get_cgroup_path_do(const char *name, const char *lxcpath,
 
 /*
  * lxc_cmd_get_cgroup_path: Calculate a container's cgroup path for a
- * particular subsystem. This is the cgroup path relative to the root
+ * particular controller. This is the cgroup path relative to the root
  * of the cgroup filesystem.
  *
  * @name      : name of container to connect to
  * @lxcpath   : the lxcpath in which the container is running
- * @subsystem : the subsystem being asked about
+ * @controller : the controller being asked about
  *
  * Returns the path on success, NULL on failure. The caller must free() the
  * returned path.
  */
 char *lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath,
-			      const char *subsystem)
+			      const char *controller)
 {
-	return lxc_cmd_get_cgroup_path_do(name, lxcpath, subsystem,
+	return lxc_cmd_get_cgroup_path_callback(name, lxcpath, controller,
 						LXC_CMD_GET_CGROUP);
 }
 
 /*
  * lxc_cmd_get_limit_cgroup_path: Calculate a container's limit cgroup
- * path for a particular subsystem. This is the cgroup path relative to the
+ * path for a particular controller. This is the cgroup path relative to the
  * root of the cgroup filesystem. This may be the same as the path returned by
  * lxc_cmd_get_cgroup_path if the container doesn't have a limit path prefix
  * set.
  *
  * @name      : name of container to connect to
  * @lxcpath   : the lxcpath in which the container is running
- * @subsystem : the subsystem being asked about
+ * @controller : the controller being asked about
  *
  * Returns the path on success, NULL on failure. The caller must free() the
  * returned path.
  */
 char *lxc_cmd_get_limit_cgroup_path(const char *name, const char *lxcpath,
-				    const char *subsystem)
+				    const char *controller)
 {
-	return lxc_cmd_get_cgroup_path_do(name, lxcpath, subsystem,
+	return lxc_cmd_get_cgroup_path_callback(name, lxcpath, controller,
 						LXC_CMD_GET_LIMIT_CGROUP);
 }
 
-static int lxc_cmd_get_cgroup_callback_do(int fd, struct lxc_cmd_req *req,
+static int __lxc_cmd_get_cgroup_callback(int fd, struct lxc_cmd_req *req,
 					 struct lxc_handler *handler,
 					 struct lxc_epoll_descr *descr,
 					 bool limiting_cgroup)
 {
-	int ret;
+	ssize_t ret;
 	const char *path;
 	const void *reqdata;
 	struct lxc_cmd_rsp rsp;
@@ -919,14 +931,14 @@ static int lxc_cmd_get_cgroup_callback(int fd, struct lxc_cmd_req *req,
 				       struct lxc_handler *handler,
 				       struct lxc_epoll_descr *descr)
 {
-	return lxc_cmd_get_cgroup_callback_do(fd, req, handler, descr, false);
+	return __lxc_cmd_get_cgroup_callback(fd, req, handler, descr, false);
 }
 
 static int lxc_cmd_get_limit_cgroup_callback(int fd, struct lxc_cmd_req *req,
 					     struct lxc_handler *handler,
 					     struct lxc_epoll_descr *descr)
 {
-	return lxc_cmd_get_cgroup_callback_do(fd, req, handler, descr, true);
+	return __lxc_cmd_get_cgroup_callback(fd, req, handler, descr, true);
 }
 
 /*
@@ -942,13 +954,15 @@ static int lxc_cmd_get_limit_cgroup_callback(int fd, struct lxc_cmd_req *req,
 char *lxc_cmd_get_config_item(const char *name, const char *item,
 			      const char *lxcpath)
 {
-	int ret, stopped;
-	struct lxc_cmd_rr cmd = {
-		.req = { .cmd = LXC_CMD_GET_CONFIG_ITEM,
-			 .data = item,
-			 .datalen = strlen(item) + 1,
-		       },
-	};
+	bool stopped = false;
+	ssize_t ret;
+	struct lxc_cmd_rr cmd;
+
+	if (is_empty_string(item))
+		return NULL;
+
+	lxc_cmd_init(&cmd, LXC_CMD_GET_CONFIG_ITEM);
+	lxc_cmd_data(&cmd, strlen(item) + 1, item);
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0)
@@ -1004,12 +1018,11 @@ out:
  */
 int lxc_cmd_get_state(const char *name, const char *lxcpath)
 {
-	int ret, stopped;
-	struct lxc_cmd_rr cmd = {
-		.req = {
-			.cmd = LXC_CMD_GET_STATE,
-		},
-	};
+	bool stopped = false;
+	ssize_t ret;
+	struct lxc_cmd_rr cmd;
+
+	lxc_cmd_init(&cmd, LXC_CMD_GET_STATE);
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0 && stopped)
@@ -1048,12 +1061,11 @@ static int lxc_cmd_get_state_callback(int fd, struct lxc_cmd_req *req,
  */
 int lxc_cmd_stop(const char *name, const char *lxcpath)
 {
-	int ret, stopped;
-	struct lxc_cmd_rr cmd = {
-		.req = {
-			.cmd = LXC_CMD_STOP,
-		},
-	};
+	bool stopped = false;
+	ssize_t ret;
+	struct lxc_cmd_rr cmd;
+
+	lxc_cmd_init(&cmd, LXC_CMD_STOP);
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0) {
@@ -1145,13 +1157,12 @@ static int lxc_cmd_terminal_winch_callback(int fd, struct lxc_cmd_req *req,
 int lxc_cmd_get_tty_fd(const char *name, int *ttynum, int *fd, const char *lxcpath)
 {
 	__do_free struct lxc_cmd_tty_rsp_data *rspdata = NULL;
-	int ret, stopped;
-	struct lxc_cmd_rr cmd = {
-		.req = {
-			.cmd	= LXC_CMD_GET_TTY_FD,
-			.data	= INT_TO_PTR(*ttynum),
-		},
-	};
+	bool stopped = false;
+	ssize_t ret;
+	struct lxc_cmd_rr cmd;
+
+	lxc_cmd_init(&cmd, LXC_CMD_GET_TTY_FD);
+	lxc_cmd_data(&cmd, ENCODE_INTO_PTR_LEN, INT_TO_PTR(*ttynum));
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0)
@@ -1171,32 +1182,32 @@ int lxc_cmd_get_tty_fd(const char *name, int *ttynum, int *fd, const char *lxcpa
 	*fd = rspdata->ptxfd;
 	*ttynum = rspdata->ttynum;
 
-	return log_info(ret, "Alloced fd %d for tty %d via socket %d", *fd, rspdata->ttynum, ret);
+	return log_info(ret, "Alloced fd %d for tty %d via socket %zd", *fd, rspdata->ttynum, ret);
 }
 
 static int lxc_cmd_get_tty_fd_callback(int fd, struct lxc_cmd_req *req,
 				       struct lxc_handler *handler,
 				       struct lxc_epoll_descr *descr)
 {
-	int ptxfd, ret;
 	struct lxc_cmd_rsp rsp = {
 		.ret = -EBADF,
 	};
-	int ttynum = PTR_TO_INT(req->data);
+	int ptxfd, ret, ttynum;
 
+	ttynum = PTR_TO_INT(req->data);
 	ptxfd = lxc_terminal_allocate(handler->conf, fd, &ttynum);
 	if (ptxfd < 0)
 		return lxc_cmd_rsp_send_reap(fd, &rsp);
 
 	rsp.ret = 0;
 	rsp.data = INT_TO_PTR(ttynum);
-	ret = lxc_abstract_unix_send_fds(fd, &ptxfd, 1, &rsp, sizeof(rsp));
+	ret = rsp_one_fd_keep(fd, ptxfd, &rsp);
 	if (ret < 0) {
 		lxc_terminal_free(handler->conf, fd);
 		return ret;
 	}
 
-	return log_debug(0, "Send tty to client");
+	return log_debug(ret, "Send tty to client");
 }
 
 /*
@@ -1208,12 +1219,11 @@ static int lxc_cmd_get_tty_fd_callback(int fd, struct lxc_cmd_req *req,
  */
 char *lxc_cmd_get_name(const char *hashed_sock_name)
 {
-	int ret, stopped;
-	struct lxc_cmd_rr cmd = {
-		.req = {
-			.cmd = LXC_CMD_GET_NAME,
-		},
-	};
+	bool stopped = false;
+	ssize_t ret;
+	struct lxc_cmd_rr cmd;
+
+	lxc_cmd_init(&cmd, LXC_CMD_GET_NAME);
 
 	ret = lxc_cmd(NULL, &cmd, &stopped, NULL, hashed_sock_name);
 	if (ret < 0)
@@ -1249,12 +1259,11 @@ static int lxc_cmd_get_name_callback(int fd, struct lxc_cmd_req *req,
  */
 char *lxc_cmd_get_lxcpath(const char *hashed_sock_name)
 {
-	int ret, stopped;
-	struct lxc_cmd_rr cmd = {
-		.req = {
-			.cmd = LXC_CMD_GET_LXCPATH,
-		},
-	};
+	bool stopped = false;
+	ssize_t ret;
+	struct lxc_cmd_rr cmd;
+
+	lxc_cmd_init(&cmd, LXC_CMD_GET_LXCPATH);
 
 	ret = lxc_cmd(NULL, &cmd, &stopped, NULL, hashed_sock_name);
 	if (ret < 0)
@@ -1284,15 +1293,13 @@ int lxc_cmd_add_state_client(const char *name, const char *lxcpath,
 			     int *state_client_fd)
 {
 	__do_close int clientfd = -EBADF;
-	int state, stopped;
+	bool stopped = false;
+	int state;
 	ssize_t ret;
-	struct lxc_cmd_rr cmd = {
-		.req = {
-			.cmd     = LXC_CMD_ADD_STATE_CLIENT,
-			.data    = states,
-			.datalen = (sizeof(lxc_state_t) * MAX_STATE)
-		},
-	};
+	struct lxc_cmd_rr cmd;
+
+	lxc_cmd_init(&cmd, LXC_CMD_ADD_STATE_CLIENT);
+	lxc_cmd_data(&cmd, (sizeof(lxc_state_t) * MAX_STATE), states);
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (states[STOPPED] != 0 && stopped != 0)
@@ -1353,23 +1360,22 @@ reap_fd:
 int lxc_cmd_add_bpf_device_cgroup(const char *name, const char *lxcpath,
 				  struct device_item *device)
 {
-	int stopped = 0;
-	struct lxc_cmd_rr cmd = {
-		.req = {
-			.cmd     = LXC_CMD_ADD_BPF_DEVICE_CGROUP,
-			.data    = device,
-			.datalen = sizeof(struct device_item),
-		},
-	};
-	int ret;
+	bool stopped = false;
+	ssize_t ret;
+	struct lxc_cmd_rr cmd;
 
 	if (strlen(device->access) > STRLITERALLEN("rwm"))
-		return log_error_errno(-1, EINVAL, "Invalid access mode specified %s",
-				       device->access);
+		return syserrno_set(-EINVAL, "Invalid access mode specified %s", device->access);
+
+	lxc_cmd_init(&cmd, LXC_CMD_ADD_BPF_DEVICE_CGROUP);
+	lxc_cmd_data(&cmd, sizeof(struct device_item), device);
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
-	if (ret < 0 || cmd.rsp.ret < 0)
-		return log_error_errno(-1, errno, "Failed to add new bpf device cgroup rule");
+	if (ret < 0)
+		return syserrno_set(ret, "Failed to process new bpf device cgroup command");
+
+	if (cmd.rsp.ret < 0)
+		return syserrno_set(cmd.rsp.ret, "Failed to add new bpf device cgroup rule");
 
 	return 0;
 }
@@ -1407,17 +1413,17 @@ out:
 int lxc_cmd_console_log(const char *name, const char *lxcpath,
 			struct lxc_console_log *log)
 {
-	int ret, stopped;
-	struct lxc_cmd_console_log data;
+	bool stopped = false;
+	struct lxc_cmd_console_log data = {
+		.clear		= log->clear,
+		.read		= log->read,
+		.read_max	= *log->read_max,
+	};
+	ssize_t ret;
 	struct lxc_cmd_rr cmd;
 
-	data.clear = log->clear;
-	data.read = log->read;
-	data.read_max = *log->read_max;
-
-	cmd.req.cmd = LXC_CMD_CONSOLE_LOG;
-	cmd.req.data = &data;
-	cmd.req.datalen = sizeof(struct lxc_cmd_console_log);
+	lxc_cmd_init(&cmd, LXC_CMD_CONSOLE_LOG);
+	lxc_cmd_data(&cmd, sizeof(struct lxc_cmd_console_log), &data);
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0)
@@ -1483,14 +1489,12 @@ out:
 int lxc_cmd_serve_state_clients(const char *name, const char *lxcpath,
 				lxc_state_t state)
 {
-	int stopped;
+	bool stopped = false;
 	ssize_t ret;
-	struct lxc_cmd_rr cmd = {
-		.req = {
-			.cmd  = LXC_CMD_SERVE_STATE_CLIENTS,
-			.data = INT_TO_PTR(state)
-		},
-	};
+	struct lxc_cmd_rr cmd;
+
+	lxc_cmd_init(&cmd, LXC_CMD_SERVE_STATE_CLIENTS);
+	lxc_cmd_data(&cmd, ENCODE_INTO_PTR_LEN, INT_TO_PTR(state));
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0)
@@ -1521,13 +1525,12 @@ int lxc_cmd_seccomp_notify_add_listener(const char *name, const char *lxcpath,
 {
 
 #ifdef HAVE_SECCOMP_NOTIFY
-	int ret, stopped;
-	struct lxc_cmd_rr cmd = {
-		.req = {
-			.cmd = LXC_CMD_SECCOMP_NOTIFY_ADD_LISTENER,
-			.data = INT_TO_PTR(fd),
-		},
-	};
+	bool stopped = false;
+	ssize_t ret;
+	struct lxc_cmd_rr cmd;
+
+	lxc_cmd_init(&cmd, LXC_CMD_SECCOMP_NOTIFY_ADD_LISTENER);
+	lxc_cmd_data(&cmd, ENCODE_INTO_PTR_LEN, INT_TO_PTR(fd));
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0)
@@ -1581,13 +1584,12 @@ out:
 
 int lxc_cmd_freeze(const char *name, const char *lxcpath, int timeout)
 {
-	int ret, stopped;
-	struct lxc_cmd_rr cmd = {
-		.req = {
-			.cmd = LXC_CMD_FREEZE,
-			.data = INT_TO_PTR(timeout),
-		},
-	};
+	bool stopped = false;
+	ssize_t ret;
+	struct lxc_cmd_rr cmd;
+
+	lxc_cmd_init(&cmd, LXC_CMD_FREEZE);
+	lxc_cmd_data(&cmd, ENCODE_INTO_PTR_LEN, INT_TO_PTR(timeout));
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret <= 0 || cmd.rsp.ret < 0)
@@ -1614,13 +1616,12 @@ static int lxc_cmd_freeze_callback(int fd, struct lxc_cmd_req *req,
 
 int lxc_cmd_unfreeze(const char *name, const char *lxcpath, int timeout)
 {
-	int ret, stopped;
-	struct lxc_cmd_rr cmd = {
-		.req = {
-			.cmd = LXC_CMD_UNFREEZE,
-			.data = INT_TO_PTR(timeout),
-		},
-	};
+	bool stopped = false;
+	ssize_t ret;
+	struct lxc_cmd_rr cmd;
+
+	lxc_cmd_init(&cmd, LXC_CMD_UNFREEZE);
+	lxc_cmd_data(&cmd, ENCODE_INTO_PTR_LEN, INT_TO_PTR(timeout));
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret <= 0 || cmd.rsp.ret < 0)
@@ -1648,17 +1649,12 @@ static int lxc_cmd_unfreeze_callback(int fd, struct lxc_cmd_req *req,
 int lxc_cmd_get_cgroup_fd(const char *name, const char *lxcpath,
 			  size_t size_ret_fd, struct cgroup_fd *ret_fd)
 {
-	int ret, stopped;
-	struct lxc_cmd_rr cmd = {
-		.req = {
-			.cmd = LXC_CMD_GET_CGROUP_FD,
-			.datalen = sizeof(struct cgroup_fd),
-			.data = ret_fd,
-		},
-		.rsp = {
-			ret = -ENOSYS,
-		},
-	};
+	bool stopped = false;
+	ssize_t ret;
+	struct lxc_cmd_rr cmd;
+
+	lxc_cmd_init(&cmd, LXC_CMD_GET_CGROUP_FD);
+	lxc_cmd_data(&cmd, sizeof(struct cgroup_fd), ret_fd);
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0)
@@ -1673,17 +1669,12 @@ int lxc_cmd_get_cgroup_fd(const char *name, const char *lxcpath,
 int lxc_cmd_get_limit_cgroup_fd(const char *name, const char *lxcpath,
 				size_t size_ret_fd, struct cgroup_fd *ret_fd)
 {
-	int ret, stopped;
-	struct lxc_cmd_rr cmd = {
-		.req = {
-			.cmd = LXC_CMD_GET_LIMIT_CGROUP_FD,
-			.datalen = sizeof(struct cgroup_fd),
-			.data = ret_fd,
-		},
-		.rsp = {
-			ret = -ENOSYS,
-		},
-	};
+	bool stopped = false;
+	ssize_t ret;
+	struct lxc_cmd_rr cmd;
+
+	lxc_cmd_init(&cmd, LXC_CMD_GET_LIMIT_CGROUP_FD);
+	lxc_cmd_data(&cmd, sizeof(struct cgroup_fd), ret_fd);
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0)
@@ -1743,15 +1734,11 @@ static int lxc_cmd_get_limit_cgroup_fd_callback(int fd, struct lxc_cmd_req *req,
 
 int lxc_cmd_get_cgroup2_fd(const char *name, const char *lxcpath)
 {
-	int ret, stopped;
-	struct lxc_cmd_rr cmd = {
-		.req = {
-			.cmd = LXC_CMD_GET_CGROUP2_FD,
-		},
-		.rsp = {
-			ret = -ENOSYS,
-		},
-	};
+	bool stopped = false;
+	ssize_t ret;
+	struct lxc_cmd_rr cmd;
+
+	lxc_cmd_init(&cmd, LXC_CMD_GET_CGROUP2_FD);
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0)
@@ -1765,15 +1752,11 @@ int lxc_cmd_get_cgroup2_fd(const char *name, const char *lxcpath)
 
 int lxc_cmd_get_limit_cgroup2_fd(const char *name, const char *lxcpath)
 {
-	int ret, stopped;
-	struct lxc_cmd_rr cmd = {
-		.req = {
-			.cmd = LXC_CMD_GET_LIMIT_CGROUP2_FD,
-		},
-		.rsp = {
-			.ret = -ENOSYS,
-		},
-	};
+	bool stopped = false;
+	ssize_t ret;
+	struct lxc_cmd_rr cmd;
+
+	lxc_cmd_init(&cmd, LXC_CMD_GET_LIMIT_CGROUP2_FD);
 
 	ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
 	if (ret < 0)
@@ -1785,7 +1768,7 @@ int lxc_cmd_get_limit_cgroup2_fd(const char *name, const char *lxcpath)
 	return PTR_TO_INT(cmd.rsp.data);
 }
 
-static int lxc_cmd_get_cgroup2_fd_callback_do(int fd, struct lxc_cmd_req *req,
+static int __lxc_cmd_get_cgroup2_fd_callback(int fd, struct lxc_cmd_req *req,
 					     struct lxc_handler *handler,
 					     struct lxc_epoll_descr *descr,
 					     bool limiting_cgroup)
@@ -1815,16 +1798,14 @@ static int lxc_cmd_get_cgroup2_fd_callback(int fd, struct lxc_cmd_req *req,
 					   struct lxc_handler *handler,
 					   struct lxc_epoll_descr *descr)
 {
-	return lxc_cmd_get_cgroup2_fd_callback_do(fd, req, handler, descr,
-						  false);
+	return __lxc_cmd_get_cgroup2_fd_callback(fd, req, handler, descr, false);
 }
 
 static int lxc_cmd_get_limit_cgroup2_fd_callback(int fd, struct lxc_cmd_req *req,
 						 struct lxc_handler *handler,
 						 struct lxc_epoll_descr *descr)
 {
-	return lxc_cmd_get_cgroup2_fd_callback_do(fd, req, handler, descr,
-						  true);
+	return __lxc_cmd_get_cgroup2_fd_callback(fd, req, handler, descr, true);
 }
 
 static int lxc_cmd_rsp_send_enosys(int fd, int id)
@@ -2018,7 +1999,7 @@ static int lxc_cmd_accept(int fd, uint32_t events, void *data,
 	return ret;
 }
 
-int lxc_cmd_init(const char *name, const char *lxcpath, const char *suffix)
+int lxc_server_init(const char *name, const char *lxcpath, const char *suffix)
 {
 	__do_close int fd = -EBADF;
 	int ret;

src/lxc/commands.h

@@ -3,6 +3,7 @@
 #ifndef __LXC_COMMANDS_H
 #define __LXC_COMMANDS_H
 
+#include <errno.h>
 #include <stdio.h>
 #include <sys/types.h>
 #include <unistd.h>
@@ -19,6 +20,7 @@
  * have specific reasons to keep the file descriptor alive.
  */
 #define LXC_CMD_REAP_CLIENT_FD 1
+#define LXC_CMD_KEEP_CLIENT_FD 2
 
 typedef enum {
 	LXC_CMD_GET_TTY_FD			= 0,
@@ -56,6 +58,8 @@ struct lxc_cmd_req {
 	const void *data;
 };
 
+#define ENCODE_INTO_PTR_LEN 0
+
 struct lxc_cmd_rsp {
 	int ret; /* 0 on success, -errno on failure */
 	int datalen;
@@ -67,6 +71,20 @@ struct lxc_cmd_rr {
 	struct lxc_cmd_rsp rsp;
 };
 
+static inline void lxc_cmd_init(struct lxc_cmd_rr *cmd, lxc_cmd_t command)
+{
+	*cmd = (struct lxc_cmd_rr){
+		.req = {.cmd = command },
+		.rsp = {.ret = -ENOSYS },
+	};
+}
+
+static inline void lxc_cmd_data(struct lxc_cmd_rr *cmd, int len_data, const void *data)
+{
+	cmd->req.data = data;
+	cmd->req.datalen = len_data;
+}
+
 struct lxc_cmd_tty_rsp_data {
 	int ptxfd;
 	int ttynum;
@@ -85,10 +103,10 @@ __hidden extern int lxc_cmd_get_tty_fd(const char *name, int *ttynum, int *fd,
 				       const char *lxcpath);
 /*
  * Get the 'real' cgroup path (as seen in /proc/self/cgroup) for a container
- * for a particular subsystem
+ * for a particular controller
  */
 __hidden extern char *lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath,
-					      const char *subsystem);
+					      const char *controller);
 __hidden extern int lxc_cmd_get_clone_flags(const char *name, const char *lxcpath);
 __hidden extern char *lxc_cmd_get_config_item(const char *name, const char *item,
 					      const char *lxcpath);
@@ -122,7 +140,7 @@ __hidden extern int lxc_cmd_serve_state_clients(const char *name, const char *lx
 struct lxc_epoll_descr;
 struct lxc_handler;
 
-__hidden extern int lxc_cmd_init(const char *name, const char *lxcpath, const char *suffix);
+__hidden extern int lxc_server_init(const char *name, const char *lxcpath, const char *suffix);
 __hidden extern int lxc_cmd_mainloop_add(const char *name, struct lxc_epoll_descr *descr,
 					 struct lxc_handler *handler);
 __hidden extern int lxc_try_cmd(const char *name, const char *lxcpath);
@@ -147,7 +165,7 @@ __hidden extern int lxc_cmd_get_cgroup_fd(const char *name, const char *lxcpath,
 					  struct cgroup_fd *ret_fd);
 __hidden extern char *lxc_cmd_get_limit_cgroup_path(const char *name,
 						    const char *lxcpath,
-						    const char *subsystem);
+						    const char *controller);
 __hidden extern int lxc_cmd_get_limit_cgroup2_fd(const char *name,
 						 const char *lxcpath);
 __hidden extern int lxc_cmd_get_limit_cgroup_fd(const char *name,

src/lxc/log.h

@@ -508,10 +508,10 @@ __lxc_unused static inline void LXC_##LEVEL(struct lxc_log_locinfo* locinfo,	\
 		__internal_ret__;                             \
 	})
 
-#define sysdebug(__ret__, format, ...)                        \
+#define systrace(__ret__, format, ...)                        \
 	({                                                    \
 		typeof(__ret__) __internal_ret__ = (__ret__); \
-		SYSDEBUG(format, ##__VA_ARGS__);              \
+		SYSTRACE(format, ##__VA_ARGS__);              \
 		__internal_ret__;                             \
 	})
 
@@ -525,7 +525,7 @@ __lxc_unused static inline void LXC_##LEVEL(struct lxc_log_locinfo* locinfo,	\
 #define syserrno_set(__ret__, format, ...)                    \
 	({                                                    \
 		typeof(__ret__) __internal_ret__ = (__ret__); \
-		errno = abs(__ret__);                         \
+		errno = labs(__ret__);                        \
 		SYSERROR(format, ##__VA_ARGS__);              \
 		__internal_ret__;                             \
 	})
@@ -533,11 +533,39 @@ __lxc_unused static inline void LXC_##LEVEL(struct lxc_log_locinfo* locinfo,	\
 #define syswarn_set(__ret__, format, ...)                     \
 	({                                                    \
 		typeof(__ret__) __internal_ret__ = (__ret__); \
-		errno = abs(__ret__);                         \
+		errno = labs(__ret__);                        \
 		SYSWARN(format, ##__VA_ARGS__);               \
 		__internal_ret__;                             \
 	})
 
+#define syserror(format, ...)                    \
+	({                                       \
+		SYSERROR(format, ##__VA_ARGS__); \
+		(-errno);                        \
+	})
+
+#define syserror_set(__ret__, format, ...)                    \
+	({                                                    \
+		typeof(__ret__) __internal_ret__ = (__ret__); \
+		errno = labs(__ret__);                        \
+		SYSERROR(format, ##__VA_ARGS__);              \
+		__internal_ret__;                             \
+	})
+
+#define sysdebug(format, ...)                    \
+	({                                       \
+		SYSDEBUG(format, ##__VA_ARGS__); \
+		(-errno);                        \
+	})
+
+#define sysdebug_set(__ret__, format, ...)                    \
+	({                                                    \
+		typeof(__ret__) __internal_ret__ = (__ret__); \
+		errno = labs(__ret__);                        \
+		SYSDEBUG(format, ##__VA_ARGS__);              \
+		__internal_ret__;                             \
+	})
+
 #define log_error(__ret__, format, ...)                       \
 	({                                                    \
 		typeof(__ret__) __internal_ret__ = (__ret__); \

src/lxc/macro.h

@@ -708,4 +708,29 @@ enum {
 		_min1 < _min2 ? _min1 : _min2; \
 	})
 
+#define BUILD_BUG_ON_ZERO(e) ((int)(sizeof(struct { int:(-!!(e)); })))
+
+/*
+ * Compile time versions of __arch_hweightN()
+ */
+#define __const_hweight8(w)		\
+	((unsigned int)			\
+	 ((!!((w) & (1ULL << 0))) +	\
+	  (!!((w) & (1ULL << 1))) +	\
+	  (!!((w) & (1ULL << 2))) +	\
+	  (!!((w) & (1ULL << 3))) +	\
+	  (!!((w) & (1ULL << 4))) +	\
+	  (!!((w) & (1ULL << 5))) +	\
+	  (!!((w) & (1ULL << 6))) +	\
+	  (!!((w) & (1ULL << 7)))))
+
+#define __const_hweight16(w) (__const_hweight8(w)  + __const_hweight8((w)  >> 8 ))
+#define __const_hweight32(w) (__const_hweight16(w) + __const_hweight16((w) >> 16))
+#define __const_hweight64(w) (__const_hweight32(w) + __const_hweight32((w) >> 32))
+
+#define hweight8(w) __const_hweight8(w)
+#define hweight16(w) __const_hweight16(w)
+#define hweight32(w) __const_hweight32(w)
+#define hweight64(w) __const_hweight64(w)
+
 #endif /* __LXC_MACRO_H */

src/lxc/start.c

@@ -715,7 +715,7 @@ struct lxc_handler *lxc_init_handler(struct lxc_handler *old,
 	}
 
 	if (handler->conf->reboot == REBOOT_NONE) {
-		handler->conf->maincmd_fd = lxc_cmd_init(name, lxcpath, "command");
+		handler->conf->maincmd_fd = lxc_server_init(name, lxcpath, "command");
 		if (handler->conf->maincmd_fd < 0) {
 			ERROR("Failed to set up command socket");
 			goto on_error;

src/tests/lxc-test-lxc-attach

@@ -45,17 +45,21 @@ set -e
 
 allocate_pty="nopty"
 
+ATTACH_LOG=$(mktemp --dry-run)
+
 FAIL() {
 	echo -n "Failed " >&2
 	echo "$*" >&2
+	cat "${ATTACH_LOG}"
+	rm -f "${ATTACH_LOG}" || true
         lxc-destroy -n busy -f
 	exit 1
 }
 
 # Create a container, start it and wait for it to be in running state.
-lxc-create -t busybox -n busy || FAIL "creating busybox container"
-lxc-start -n busy -d || FAIL "starting busybox container"
-lxc-wait -n busy -s RUNNING || FAIL "waiting for busybox container to run"
+lxc-create -t busybox -n busy -l trace -o "${ATTACH_LOG}" || FAIL "creating busybox container"
+lxc-start -n busy -d -l trace -o "${ATTACH_LOG}" || FAIL "starting busybox container"
+lxc-wait -n busy -s RUNNING -l trace -o "${ATTACH_LOG}" || FAIL "waiting for busybox container to run"
 
 if [ -t 0 ] && [ -t 1 ] && [ -t 2 ]; then
 	allocate_pty="pty"
@@ -68,7 +72,7 @@ fi
 # stdout --> attached to pty
 # stderr --> attached to pty
 for i in `seq 1 100`; do
-	attach=$(lxc-attach -n busy -- hostname || FAIL "to allocate or setup pty")
+	attach=$(lxc-attach -n busy -l trace -o "${ATTACH_LOG}" -- hostname || FAIL "to allocate or setup pty")
 	if [ "$attach" != "busy" ]; then
 		FAIL "lxc-attach -n busy -- hostname"
 	fi
@@ -77,7 +81,7 @@ done
 # stdin  --> /dev/null
 # stdout --> attached to pty
 # stderr --> attached to pty
-attach=$(lxc-attach -n busy -- hostname < /dev/null || FAIL "to allocate or setup pty")
+attach=$(lxc-attach -n busy -l trace -o "${ATTACH_LOG}" -- hostname < /dev/null || FAIL "to allocate or setup pty")
 if [ "$attach" != "busy" ]; then
         FAIL "lxc-attach -n busy -- hostname < /dev/null"
 fi
@@ -85,7 +89,7 @@ fi
 # stdin  --> attached to pty
 # stdout --> /dev/null
 # stderr --> attached to pty
-attach=$(lxc-attach -n busy -- hostname > /dev/null || FAIL "to allocate or setup pty")
+attach=$(lxc-attach -n busy -l trace -o "${ATTACH_LOG}" -- hostname > /dev/null || FAIL "to allocate or setup pty")
 if [ -n "$attach" ]; then
         FAIL "lxc-attach -n busy -- hostname > /dev/null"
 fi
@@ -93,7 +97,7 @@ fi
 # stdin  --> attached to pty
 # stdout --> attached to pty
 # stderr --> /dev/null
-attach=$(lxc-attach -n busy -- hostname 2> /dev/null || FAIL "to allocate or setup pty")
+attach=$(lxc-attach -n busy -l trace -o "${ATTACH_LOG}" -- hostname 2> /dev/null || FAIL "to allocate or setup pty")
 if [ "$attach" != "busy" ]; then
         FAIL "lxc-attach -n busy -- hostname 2> /dev/null < /dev/null"
 fi
@@ -101,7 +105,7 @@ fi
 # stdin  --> /dev/null
 # stdout --> attached to pty
 # stderr --> /dev/null
-attach=$(lxc-attach -n busy -- hostname 2> /dev/null < /dev/null || FAIL "to allocate or setup pty")
+attach=$(lxc-attach -n busy -l trace -o "${ATTACH_LOG}" -- hostname 2> /dev/null < /dev/null || FAIL "to allocate or setup pty")
 if [ "$attach" != "busy" ]; then
         FAIL "lxc-attach -n busy -- hostname 2> /dev/null < /dev/null"
 fi
@@ -114,7 +118,7 @@ fi
 # stdin  --> attached to pty
 # stdout --> /dev/null
 # stderr --> attached to pty
-attach=$( ( lxc-attach -n busy -- sh -c 'hostname >&2' > /dev/null ) 2>&1 || FAIL "to allocate or setup pty")
+attach=$( ( lxc-attach -n busy -l trace -o "${ATTACH_LOG}" -- sh -c 'hostname >&2' > /dev/null ) 2>&1 || FAIL "to allocate or setup pty")
 if [ "$attach" != "busy" ]; then
         FAIL "lxc-attach -n busy -- sh -c 'hostname >&2' > /dev/null"
 fi
@@ -126,7 +130,7 @@ fi
 # stdin  --> attached to pty
 # stdout --> attach to pty
 # stderr --> /dev/null
-attach=$( ( lxc-attach -n busy -- sh -c 'hostname >&2' 2> /dev/null ) 2>&1 || FAIL "to allocate or setup pty")
+attach=$( ( lxc-attach -n busy -l trace -o "${ATTACH_LOG}" -- sh -c 'hostname >&2' 2> /dev/null ) 2>&1 || FAIL "to allocate or setup pty")
 if [ -n "$attach" ]; then
         FAIL "lxc-attach -n busy -- sh -c 'hostname >&2' 2> /dev/null"
 fi
@@ -136,7 +140,7 @@ fi
 # stdout --> /dev/null
 # stderr --> attached to pty
 # (As we expect the exit code of the command to be 1 we ignore it.)
-attach=$(lxc-attach -n busy -- sh -c 'rm 2>&1' > /dev/null || true)
+attach=$(lxc-attach -n busy -l trace -o "${ATTACH_LOG}" -- sh -c 'rm 2>&1' > /dev/null || true)
 if [ -n "$attach" ]; then
         FAIL "lxc-attach -n busy -- sh -c 'rm 2>&1' > /dev/null"
 fi
@@ -146,7 +150,7 @@ fi
 # - stdout --> attached to pty
 # - stderr --> /dev/null
 # (As we expect the exit code of the command to be 1 we ignore it.)
-attach=$(lxc-attach -n busy -- sh -c 'rm 2>&1' 2> /dev/null || true)
+attach=$(lxc-attach -n busy -l trace -o "${ATTACH_LOG}" -- sh -c 'rm 2>&1' 2> /dev/null || true)
 if [ -z "$attach" ]; then
         FAIL "lxc-attach -n busy -- sh -c 'rm 2>&1' 2> /dev/null"
 fi
@@ -154,7 +158,7 @@ fi
 # stdin  --> $in
 # stdout --> attached to pty
 # stderr --> attached to pty
-attach=$(echo hostname | lxc-attach -n busy -- || FAIL "to allocate or setup pty")
+attach=$(echo hostname | lxc-attach -n busy -l trace -o "${ATTACH_LOG}" -- || FAIL "to allocate or setup pty")
 if [ "$attach" != "busy" ]; then
         FAIL "echo hostname | lxc-attach -n busy --"
 fi
@@ -165,7 +169,7 @@ fi
 out=$(mktemp /tmp/out_XXXX)
 err=$(mktemp /tmp/err_XXXX)
 trap "rm -f $out $err" EXIT INT QUIT PIPE
-lxc-attach -n busy -- sh -c 'echo OUT; echo ERR >&2' > $out 2> $err || FAIL "to allocate or setup pty"
+lxc-attach -n busy -l trace -o "${ATTACH_LOG}" -- sh -c 'echo OUT; echo ERR >&2' > $out 2> $err || FAIL "to allocate or setup pty"
 outcontent=$(cat $out)
 errcontent=$(cat $err)
 if [ "$outcontent" != "OUT" ] || [ "$errcontent" != "ERR" ]; then
@@ -181,7 +185,7 @@ rm -f $out $err
 out=$(mktemp /tmp/out_XXXX)
 err=$(mktemp /tmp/err_XXXX)
 trap "rm -f $out $err" EXIT INT QUIT PIPE
-echo "hostname; rm" | lxc-attach -n busy > $out 2> $err || true
+echo "hostname; rm" | lxc-attach -n busy -l trace -o "${ATTACH_LOG}" > $out 2> $err || true
 outcontent=$(cat $out)
 errcontent=$(cat $err)
 if [ "$outcontent" != "busy" ] || [ -z "$errcontent" ]; then
@@ -191,5 +195,6 @@ fi
 rm -f $out $err
 
 lxc-destroy -n busy -f
+rm -f "${ATTACH_LOG}" || true
 
 exit 0

src/tests/lxc-test-unpriv

@@ -87,6 +87,7 @@ cleanup() {
 		echo "FAIL"
 		exit 1
 	fi
+	rm -f "${UNPRIV_LOG}" || true
 	echo "PASS"
 }