systemd-252-14

Resolves: #2176918,#2180120
This commit is contained in:
Jan Macku 2023-03-21 14:10:11 +01:00
parent 6cce65c41b
commit 2a07d74ee6
9 changed files with 3159 additions and 1 deletions

View File

@ -0,0 +1,172 @@
From 97e7419df4912abc62ca379afbb6721b008fbf87 Mon Sep 17 00:00:00 2001
From: Mark Laws <mdl@60hz.org>
Date: Mon, 14 Nov 2022 21:48:09 +0900
Subject: [PATCH] systemd: Support OOMPolicy in scope units
Closes #25376.
(cherry picked from commit 5fa098357e0ea9f05b00ed5b04a36ef9f64037db)
Resolves: #2176918
---
man/org.freedesktop.systemd1.xml | 6 ++++++
src/core/dbus-scope.c | 6 ++++++
src/core/scope.c | 19 ++++++++++++++++---
src/core/scope.h | 2 ++
src/shared/bus-unit-util.c | 3 +++
5 files changed, 33 insertions(+), 3 deletions(-)
diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml
index c2f70870c7..40510c43eb 100644
--- a/man/org.freedesktop.systemd1.xml
+++ b/man/org.freedesktop.systemd1.xml
@@ -10150,6 +10150,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
readonly t RuntimeMaxUSec = ...;
@org.freedesktop.DBus.Property.EmitsChangedSignal("const")
readonly t RuntimeRandomizedExtraUSec = ...;
+ @org.freedesktop.DBus.Property.EmitsChangedSignal("const")
+ readonly s OOMPolicy = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
readonly s Slice = '...';
@org.freedesktop.DBus.Property.EmitsChangedSignal("false")
@@ -10324,6 +10326,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
<!--property RuntimeRandomizedExtraUSec is not documented!-->
+ <!--property OOMPolicy is not documented!-->
+
<!--property Slice is not documented!-->
<!--property ControlGroupId is not documented!-->
@@ -10506,6 +10510,8 @@ node /org/freedesktop/systemd1/unit/session_2d1_2escope {
<variablelist class="dbus-property" generated="True" extra-ref="RuntimeRandomizedExtraUSec"/>
+ <variablelist class="dbus-property" generated="True" extra-ref="OOMPolicy"/>
+
<variablelist class="dbus-property" generated="True" extra-ref="Slice"/>
<variablelist class="dbus-property" generated="True" extra-ref="ControlGroup"/>
diff --git a/src/core/dbus-scope.c b/src/core/dbus-scope.c
index 7d2ceb0765..7b07bb8bb9 100644
--- a/src/core/dbus-scope.c
+++ b/src/core/dbus-scope.c
@@ -5,6 +5,7 @@
#include "bus-get-properties.h"
#include "dbus-cgroup.h"
#include "dbus-kill.h"
+#include "dbus-manager.h"
#include "dbus-scope.h"
#include "dbus-unit.h"
#include "dbus-util.h"
@@ -39,6 +40,7 @@ int bus_scope_method_abandon(sd_bus_message *message, void *userdata, sd_bus_err
}
static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_result, scope_result, ScopeResult);
+static BUS_DEFINE_SET_TRANSIENT_PARSE(oom_policy, OOMPolicy, oom_policy_from_string);
const sd_bus_vtable bus_scope_vtable[] = {
SD_BUS_VTABLE_START(0),
@@ -47,6 +49,7 @@ const sd_bus_vtable bus_scope_vtable[] = {
SD_BUS_PROPERTY("Result", "s", property_get_result, offsetof(Scope, result), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
SD_BUS_PROPERTY("RuntimeMaxUSec", "t", bus_property_get_usec, offsetof(Scope, runtime_max_usec), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("RuntimeRandomizedExtraUSec", "t", bus_property_get_usec, offsetof(Scope, runtime_rand_extra_usec), SD_BUS_VTABLE_PROPERTY_CONST),
+ SD_BUS_PROPERTY("OOMPolicy", "s", bus_property_get_oom_policy, offsetof(Scope, oom_policy), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_SIGNAL("RequestStop", NULL, 0),
SD_BUS_METHOD("Abandon", NULL, NULL, bus_scope_method_abandon, SD_BUS_VTABLE_UNPRIVILEGED),
SD_BUS_VTABLE_END
@@ -77,6 +80,9 @@ static int bus_scope_set_transient_property(
if (streq(name, "RuntimeRandomizedExtraUSec"))
return bus_set_transient_usec(u, name, &s->runtime_rand_extra_usec, message, flags, error);
+ if (streq(name, "OOMPolicy"))
+ return bus_set_transient_oom_policy(u, name, &s->oom_policy, message, flags, error);
+
if (streq(name, "PIDs")) {
_cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL;
unsigned n = 0;
diff --git a/src/core/scope.c b/src/core/scope.c
index 54a6cc63e4..e2fc4cc995 100644
--- a/src/core/scope.c
+++ b/src/core/scope.c
@@ -43,6 +43,7 @@ static void scope_init(Unit *u) {
s->timeout_stop_usec = u->manager->default_timeout_stop_usec;
u->ignore_on_isolate = true;
s->user = s->group = NULL;
+ s->oom_policy = _OOM_POLICY_INVALID;
}
static void scope_done(Unit *u) {
@@ -194,6 +195,11 @@ static int scope_add_extras(Scope *s) {
if (r < 0)
return r;
+ if (s->oom_policy < 0)
+ s->oom_policy = s->cgroup_context.delegate ? OOM_CONTINUE : UNIT(s)->manager->default_oom_policy;
+
+ s->cgroup_context.memory_oom_group = s->oom_policy == OOM_KILL;
+
return scope_add_default_dependencies(s);
}
@@ -286,11 +292,13 @@ static void scope_dump(Unit *u, FILE *f, const char *prefix) {
"%sScope State: %s\n"
"%sResult: %s\n"
"%sRuntimeMaxSec: %s\n"
- "%sRuntimeRandomizedExtraSec: %s\n",
+ "%sRuntimeRandomizedExtraSec: %s\n"
+ "%sOOMPolicy: %s\n",
prefix, scope_state_to_string(s->state),
prefix, scope_result_to_string(s->result),
prefix, FORMAT_TIMESPAN(s->runtime_max_usec, USEC_PER_SEC),
- prefix, FORMAT_TIMESPAN(s->runtime_rand_extra_usec, USEC_PER_SEC));
+ prefix, FORMAT_TIMESPAN(s->runtime_rand_extra_usec, USEC_PER_SEC),
+ prefix, oom_policy_to_string(s->oom_policy));
cgroup_context_dump(UNIT(s), f, prefix);
kill_context_dump(&s->kill_context, f, prefix);
@@ -635,11 +643,16 @@ static void scope_notify_cgroup_oom_event(Unit *u, bool managed_oom) {
else
log_unit_debug(u, "Process of control group was killed by the OOM killer.");
- /* This will probably need to be modified when scope units get an oom-policy */
+ if (s->oom_policy == OOM_CONTINUE)
+ return;
+
switch (s->state) {
case SCOPE_START_CHOWN:
case SCOPE_RUNNING:
+ scope_enter_signal(s, SCOPE_STOP_SIGTERM, SCOPE_FAILURE_OOM_KILL);
+ break;
+
case SCOPE_STOP_SIGTERM:
scope_enter_signal(s, SCOPE_STOP_SIGKILL, SCOPE_FAILURE_OOM_KILL);
break;
diff --git a/src/core/scope.h b/src/core/scope.h
index 6a228f1177..c9574a32c2 100644
--- a/src/core/scope.h
+++ b/src/core/scope.h
@@ -38,6 +38,8 @@ struct Scope {
char *user;
char *group;
+
+ OOMPolicy oom_policy;
};
extern const UnitVTable scope_vtable;
diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
index b850a28e85..922011eccd 100644
--- a/src/shared/bus-unit-util.c
+++ b/src/shared/bus-unit-util.c
@@ -2142,6 +2142,9 @@ static int bus_append_scope_property(sd_bus_message *m, const char *field, const
if (STR_IN_SET(field, "User", "Group"))
return bus_append_string(m, field, eq);
+ if (streq(field, "OOMPolicy"))
+ return bus_append_string(m, field, eq);
+
return 0;
}

View File

@ -0,0 +1,33 @@
From 60f4b73b48b7e9d3f734ecdf63fa5ba9ab3c2338 Mon Sep 17 00:00:00 2001
From: Mark Laws <mdl@60hz.org>
Date: Thu, 24 Nov 2022 14:56:29 +0900
Subject: [PATCH] systemd: Default to OOMPolicy=continue for login session
scopes
If the kernel OOM kills a process under a login session scope, we don't want to
kill the user's other processes for no good reason.
(cherry picked from commit 98b6c94b577205d31b019286c2a84cc9af244ea0)
Resolves: #2176918
---
src/login/logind-dbus.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 86a5decf3f..2ab26b9c6d 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -3970,6 +3970,12 @@ int manager_start_scope(
if (r < 0)
return r;
+ /* For login session scopes, if a process is OOM killed by the kernel, *don't* terminate the rest of
+ the scope */
+ r = sd_bus_message_append(m, "(sv)", "OOMPolicy", "s", "continue");
+ if (r < 0)
+ return r;
+
/* disable TasksMax= for the session scope, rely on the slice setting for it */
r = sd_bus_message_append(m, "(sv)", "TasksMax", "t", UINT64_MAX);
if (r < 0)

View File

@ -0,0 +1,48 @@
From 1e066581a0bdfe5848dfc701e84e5d7d431699f5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 13 Dec 2022 15:25:55 +0100
Subject: [PATCH] man: rework description of OOMPolicy= a bit
One had to read to the very end of the long description to notice that
the setting is actually primarily intended for oomd. So let's mention oomd
right at the beginning.
(cherry picked from commit 100d37d4f3111a97f51e37b51eea9243cb037b61)
Resolves: #2176918
---
man/systemd.service.xml | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/man/systemd.service.xml b/man/systemd.service.xml
index 8d8dd77689..cae520ceab 100644
--- a/man/systemd.service.xml
+++ b/man/systemd.service.xml
@@ -1123,17 +1123,18 @@
<varlistentry>
<term><varname>OOMPolicy=</varname></term>
- <listitem><para>Configure the out-of-memory (OOM) kernel killer policy. Note that the userspace OOM
+ <listitem><para>Configure the out-of-memory (OOM) killing policy for the kernel and the userspace OOM
killer
- <citerefentry><refentrytitle>systemd-oomd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
- is a more flexible solution that aims to prevent out-of-memory situations for the userspace, not just
- the kernel.</para>
-
- <para>On Linux, when memory becomes scarce to the point that the kernel has trouble allocating memory
- for itself, it might decide to kill a running process in order to free up memory and reduce memory
- pressure. This setting takes one of <constant>continue</constant>, <constant>stop</constant> or
+ <citerefentry><refentrytitle>systemd-oomd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
+ On Linux, when memory becomes scarce to the point that the kernel has trouble allocating memory for
+ itself, it might decide to kill a running process in order to free up memory and reduce memory
+ pressure. Note that <filename>systemd-oomd.service</filename> is a more flexible solution that aims
+ to prevent out-of-memory situations for the userspace too, not just the kernel, by attempting to
+ terminate services earlier, before the kernel would have to act.</para>
+
+ <para>This setting takes one of <constant>continue</constant>, <constant>stop</constant> or
<constant>kill</constant>. If set to <constant>continue</constant> and a process of the service is
- killed by the kernel's OOM killer this is logged but the service continues running. If set to
+ killed by the OOM killer, this is logged but the service continues running. If set to
<constant>stop</constant> the event is logged but the service is terminated cleanly by the service
manager. If set to <constant>kill</constant> and one of the service's processes is killed by the OOM
killer the kernel is instructed to kill all remaining processes of the service too, by setting the

View File

@ -0,0 +1,93 @@
From 53464ce69ec5202b9abfb35ddbd58c61e2e0ba18 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 13 Dec 2022 15:26:58 +0100
Subject: [PATCH] core,man: add missing integration of OOMPolicy= in scopes
Fixup for 5fa098357e0ea9f05b00ed5b04a36ef9f64037db.
(cherry picked from commit d5a1657d5a78e9a101fa91e60921bed54ec162b8)
Resolves: #2176918
---
man/systemd.scope.xml | 2 ++
man/systemd.service.xml | 22 ++++++++++------------
src/core/load-fragment-gperf.gperf.in | 1 +
3 files changed, 13 insertions(+), 12 deletions(-)
diff --git a/man/systemd.scope.xml b/man/systemd.scope.xml
index 17d2700069..95969bf097 100644
--- a/man/systemd.scope.xml
+++ b/man/systemd.scope.xml
@@ -105,6 +105,8 @@
of scope units are the following:</para>
<variablelist class='unit-directives'>
+ <xi:include href="systemd.service.xml" xpointer="oom-policy" />
+
<varlistentry>
<term><varname>RuntimeMaxSec=</varname></term>
diff --git a/man/systemd.service.xml b/man/systemd.service.xml
index cae520ceab..1c9e59f722 100644
--- a/man/systemd.service.xml
+++ b/man/systemd.service.xml
@@ -1120,7 +1120,7 @@
above.</para></listitem>
</varlistentry>
- <varlistentry>
+ <varlistentry id='oom-policy'>
<term><varname>OOMPolicy=</varname></term>
<listitem><para>Configure the out-of-memory (OOM) killing policy for the kernel and the userspace OOM
@@ -1133,18 +1133,17 @@
terminate services earlier, before the kernel would have to act.</para>
<para>This setting takes one of <constant>continue</constant>, <constant>stop</constant> or
- <constant>kill</constant>. If set to <constant>continue</constant> and a process of the service is
- killed by the OOM killer, this is logged but the service continues running. If set to
- <constant>stop</constant> the event is logged but the service is terminated cleanly by the service
- manager. If set to <constant>kill</constant> and one of the service's processes is killed by the OOM
- killer the kernel is instructed to kill all remaining processes of the service too, by setting the
+ <constant>kill</constant>. If set to <constant>continue</constant> and a process in the unit is
+ killed by the OOM killer, this is logged but the unit continues running. If set to
+ <constant>stop</constant> the event is logged but the unit is terminated cleanly by the service
+ manager. If set to <constant>kill</constant> and one of the unit's processes is killed by the OOM
+ killer the kernel is instructed to kill all remaining processes of the unit too, by setting the
<filename>memory.oom.group</filename> attribute to <constant>1</constant>; also see <ulink
- url="https://docs.kernel.org/admin-guide/cgroup-v2.html">kernel documentation</ulink>.
- </para>
+ url="https://docs.kernel.org/admin-guide/cgroup-v2.html">kernel documentation</ulink>.</para>
<para>Defaults to the setting <varname>DefaultOOMPolicy=</varname> in
<citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- is set to, except for services where <varname>Delegate=</varname> is turned on, where it defaults to
+ is set to, except for units where <varname>Delegate=</varname> is turned on, where it defaults to
<constant>continue</constant>.</para>
<para>Use the <varname>OOMScoreAdjust=</varname> setting to configure whether processes of the unit
@@ -1154,10 +1153,9 @@
details.</para>
<para>This setting also applies to <command>systemd-oomd</command>. Similarly to the kernel OOM
- kills, this setting determines the state of the service after <command>systemd-oomd</command> kills a
- cgroup associated with the service.</para></listitem>
+ kills, this setting determines the state of the unit after <command>systemd-oomd</command> kills a
+ cgroup associated with it.</para></listitem>
</varlistentry>
-
</variablelist>
<para id='shared-unit-options'>Check
diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in
index 7675b7bb2e..81a5971339 100644
--- a/src/core/load-fragment-gperf.gperf.in
+++ b/src/core/load-fragment-gperf.gperf.in
@@ -555,6 +555,7 @@ Path.TriggerLimitBurst, config_parse_unsigned,
Scope.RuntimeMaxSec, config_parse_sec, 0, offsetof(Scope, runtime_max_usec)
Scope.RuntimeRandomizedExtraSec, config_parse_sec, 0, offsetof(Scope, runtime_rand_extra_usec)
Scope.TimeoutStopSec, config_parse_sec, 0, offsetof(Scope, timeout_stop_usec)
+Scope.OOMPolicy, config_parse_oom_policy, 0, offsetof(Scope, oom_policy)
{# The [Install] section is ignored here #}
Install.Alias, NULL, 0, 0
Install.WantedBy, NULL, 0, 0

View File

@ -0,0 +1,161 @@
From d2bab1cb6c0d7242dbaca55d507f886f7ec0fa6c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Koutn=C3=BD?= <mkoutny@suse.com>
Date: Thu, 6 Oct 2022 19:06:08 +0200
Subject: [PATCH] meson: Store fuzz tests in structured way
Put fuzzer tests into dictionary that maps `fuzzer->list of inputs`
instead of the flat list.
This is just refactoring with no intentional .
(cherry picked from commit 7db5761ddaa53eba197b5abc485e3290f47c661f)
Related: #2176918
---
meson.build | 69 ++++++++++++++++++-------------------------
test/fuzz/meson.build | 22 ++++++++++----
2 files changed, 45 insertions(+), 46 deletions(-)
diff --git a/meson.build b/meson.build
index 35704947e3..dc7388cfe3 100644
--- a/meson.build
+++ b/meson.build
@@ -4013,19 +4013,14 @@ foreach tuple : fuzzers
build_by_default : fuzzer_build)
fuzzer_exes += exe
- if want_tests != 'false'
+ if want_tests != 'false' and name in fuzz_regression_tests
# Run the fuzz regression tests without any sanitizers enabled.
# Additional invocations with sanitizers may be added below.
- foreach p : fuzz_regression_tests
- b = p.split('/')[-2]
- c = p.split('/')[-1]
-
- if b == name
- test('@0@_@1@'.format(b, c),
- exe,
- suite : 'fuzzers',
- args : [project_source_root / p])
- endif
+ foreach fuzz_in : fuzz_regression_tests[name]
+ test('@0@_@1@'.format(name, fuzz_in),
+ exe,
+ suite : 'fuzzers',
+ args : [project_source_root / fuzz_testsdir / name / fuzz_in])
endforeach
endif
endforeach
@@ -4128,45 +4123,39 @@ endif
############################################################
# Enable tests for all supported sanitizers
-foreach tuple : sanitizers
+foreach tuple : fuzz_sanitizers
sanitizer = tuple[0]
build = tuple[1]
if cc.has_link_argument('-fsanitize=@0@'.format(sanitizer))
- prev = ''
- foreach p : fuzz_regression_tests
- b = p.split('/')[-2]
- c = p.split('/')[-1]
-
- name = '@0@:@1@'.format(b, sanitizer)
-
- if name != prev
- if want_tests == 'false'
- message('Not compiling @0@ because tests is set to false'.format(name))
- elif fuzz_tests
- exe = custom_target(
- name,
- output : name,
- depends : build,
- command : [ln, '-fs',
- build.full_path() / b,
- '@OUTPUT@'],
- build_by_default : true)
- else
- message('Not compiling @0@ because fuzz-tests is set to false'.format(name))
- endif
+ foreach fuzzer, fuzz_ins : fuzz_regression_tests
+ name = '@0@:@1@'.format(fuzzer, sanitizer)
+ if want_tests == 'false'
+ message('Not compiling @0@ because tests is set to false'.format(name))
+ continue
endif
- prev = name
-
- if fuzz_tests
- test('@0@_@1@_@2@'.format(b, c, sanitizer),
+ if not fuzz_tests
+ message('Not compiling @0@ because fuzz-tests is set to false'.format(name))
+ continue
+ endif
+ exe = custom_target(
+ name,
+ output : name,
+ depends : build,
+ command : [ln, '-fs',
+ build.full_path() / fuzzer,
+ '@OUTPUT@'],
+ build_by_default : true)
+
+ foreach fuzz_in : fuzz_ins
+ test('@0@_@1@_@2@'.format(fuzzer, fuzz_in, sanitizer),
env,
suite : 'fuzz+san',
env : ['UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1'],
timeout : 60,
args : [exe.full_path(),
- project_source_root / p])
- endif
+ project_source_root / fuzz_testsdir / fuzzer / fuzz_in])
+ endforeach
endforeach
endif
endforeach
diff --git a/test/fuzz/meson.build b/test/fuzz/meson.build
index 80362d4154..82738fd1b7 100644
--- a/test/fuzz/meson.build
+++ b/test/fuzz/meson.build
@@ -16,24 +16,34 @@ sanitize_address_undefined = custom_target(
' '.join(cc.cmd_array()),
cxx_cmd])
-sanitizers = [['address,undefined', sanitize_address_undefined]]
+fuzz_sanitizers = [['address,undefined', sanitize_address_undefined]]
+fuzz_testsdir = 'test/fuzz'
if git.found() and fs.exists(project_source_root / '.git')
out = run_command(env, '-u', 'GIT_WORK_TREE',
git, '--git-dir=@0@/.git'.format(project_source_root),
- 'ls-files', ':/test/fuzz/*/*',
+ 'ls-files', ':/@0@/*/*'.format(fuzz_testsdir),
check: true)
else
- out = run_command(sh, '-c', 'cd "@0@"; echo test/fuzz/*/*'.format(project_source_root), check: true)
+ out = run_command(sh, '-c', 'cd "@0@"; echo @1@/*/*'.format(project_source_root, fuzz_testsdir), check: true)
endif
-fuzz_regression_tests = []
+fuzz_regression_tests = {}
foreach p : out.stdout().split()
# Remove the last entry which is ''.
#
# Also, backslashes get mangled, so skip test. See
# https://github.com/mesonbuild/meson/issues/1564.
- if not p.contains('\\')
- fuzz_regression_tests += p
+ if p.contains('\\')
+ continue
endif
+ fuzzer = p.split('/')[-2]
+ fuzz_in = p.split('/')[-1]
+ if fuzzer not in fuzz_regression_tests
+ fuzz_regression_tests += {fuzzer: []}
+ endif
+ # Meson parser provision for: fuzz_regression_tests[fuzzer] += [fuzz_in]
+ l = fuzz_regression_tests[fuzzer]
+ l += [fuzz_in]
+ fuzz_regression_tests += {fuzzer: l}
endforeach

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,35 @@
From a810aef1f95727ec3e044441bf02e0261b2e09ec Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Sat, 7 Jan 2023 10:27:05 +0100
Subject: [PATCH] oss-fuzz: include generated corpora in the final zip file
Since the files with generated directives are now automatically
generated during build, they're now under the respective build directory
which the current oss-fuzz CI script didn't account for.
Follow-up to: #24958
Fixes: #25859
(cherry picked from commit bef8d18b3f9776fdb28fc9a4820f9ce9418422f9)
Related: #2176918
---
tools/oss-fuzz.sh | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/tools/oss-fuzz.sh b/tools/oss-fuzz.sh
index 793411ed84..7e9312b833 100755
--- a/tools/oss-fuzz.sh
+++ b/tools/oss-fuzz.sh
@@ -97,7 +97,10 @@ rm -rf "$hosts"
# The seed corpus is a separate flat archive for each fuzzer,
# with a fixed name ${fuzzer}_seed_corpus.zip.
for d in test/fuzz/fuzz-*; do
- zip -jqr "$OUT/$(basename "$d")_seed_corpus.zip" "$d"
+ fuzzer="$(basename "$d")"
+ # Include the build-generated corpora if any as well
+ readarray -t generated < <(find "$build/test/fuzz" -maxdepth 1 -name "${fuzzer}*" -type f)
+ zip -jqr "$OUT/${fuzzer}_seed_corpus.zip" "$d" "${generated[@]}"
done
# get fuzz-dns-packet corpus

View File

@ -0,0 +1,38 @@
From 25223b64f043d9b78d1f70ee7e4a2a3b7a579a84 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Fri, 17 Mar 2023 14:00:15 +0100
Subject: [PATCH] unit: In cgroupv1, gracefully terminate delegated scopes
again
Instantly killing delegated scopes is just not viable for our
needs in OCP 4.13 in cgroupv1 mode. We will accept the possibility
of timeouts instead.
Co-authored-by: Colin Walters <walters@verbum.org>
rhel-only
Resolves: #2180120
---
src/core/unit.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/core/unit.c b/src/core/unit.c
index c319e99d71..0d1a590a3f 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -4616,8 +4616,13 @@ int unit_kill_context(
* however should not exist in non-delegated units. On the unified hierarchy that's different,
* there we get proper events. Hence rely on them. */
+ /* (RHEL9): we patch out a check for delegation here that exists upstream
+ * and accept a possible delayed shutdown due to races in favor of
+ * not just insta-killing the processes.
+ */
+
if (cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER) > 0 ||
- (detect_container() == 0 && !unit_cgroup_delegate(u)))
+ (detect_container() == 0))
wait_for_exit = true;
if (send_sighup) {

View File

@ -21,7 +21,7 @@
Name: systemd
Url: https://systemd.io
Version: 252
Release: 8%{?dist}
Release: 14%{?dist}
# For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+
Summary: System and Service Manager
@ -304,6 +304,14 @@ Patch0223: 0223-test-add-coverage-for-26467.patch
Patch0224: 0224-test-add-coverage-for-24177.patch
Patch0225: 0225-logind-session-make-stopping-of-idle-session-visible.patch
Patch0226: 0226-journal-file-Fix-return-value-in-bump_entry_array.patch
Patch0227: 0227-systemd-Support-OOMPolicy-in-scope-units.patch
Patch0228: 0228-systemd-Default-to-OOMPolicy-continue-for-login-sess.patch
Patch0229: 0229-man-rework-description-of-OOMPolicy-a-bit.patch
Patch0230: 0230-core-man-add-missing-integration-of-OOMPolicy-in-sco.patch
Patch0231: 0231-meson-Store-fuzz-tests-in-structured-way.patch
Patch0232: 0232-meson-Generate-fuzzer-inputs-with-directives.patch
Patch0233: 0233-oss-fuzz-include-generated-corpora-in-the-final-zip-.patch
Patch0234: 0234-unit-In-cgroupv1-gracefully-terminate-delegated-scop.patch
# Downstream-only patches (90009999)
@ -1125,6 +1133,16 @@ getent passwd systemd-oom &>/dev/null || useradd -r -l -g systemd-oom -d / -s /s
%files standalone-sysusers -f .file-list-standalone-sysusers
%changelog
* Tue Mar 21 2023 systemd maintenance team <systemd-maint@redhat.com> - 252-14
- systemd: Support OOMPolicy in scope units (#2176918)
- systemd: Default to OOMPolicy=continue for login session scopes (#2176918)
- man: rework description of OOMPolicy= a bit (#2176918)
- core,man: add missing integration of OOMPolicy= in scopes (#2176918)
- meson: Store fuzz tests in structured way (#2176918)
- meson: Generate fuzzer inputs with directives (#2176918)
- oss-fuzz: include generated corpora in the final zip file (#2176918)
- unit: In cgroupv1, gracefully terminate delegated scopes again (#2180120)
* Mon Feb 27 2023 systemd maintenance team <systemd-maint@redhat.com> - 252-8
- journal-file: Fix return value in bump_entry_array() (#2173682)