rpms
/
systemd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import systemd-239-58.el8

This commit is contained in:
CentOS Sources 2022-03-29 15:05:02 -04:00 committed by Stepan Oksanichenko
parent 32e6fc48f5
commit 7c64f1ca23
108 changed files with 113561 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
SOURCES/0637-sd-hwdb-allow-empty-properties.patch Normal file
View File

@ -0,0 +1,33 @@
From 2ab6e6ae9853e410310268efc0cea7f2276979ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 20 Oct 2020 17:12:42 +0200
Subject: [PATCH] sd-hwdb: allow empty properties
So far we didn't allow empty properties, but it makes sense to do so, for
example to distinguish empty data from lack of data. It also makes it easy to
override properties (back to the empty) value for specific cases.
(cherry picked from commit afe87974dd57741f74dd87165b251886f24c859f)
Related: #2005009
---
src/hwdb/hwdb.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/hwdb/hwdb.c b/src/hwdb/hwdb.c
index 317cad8a67..af085cdb75 100644
--- a/src/hwdb/hwdb.c
+++ b/src/hwdb/hwdb.c
@@ -462,10 +462,9 @@ static int insert_data(struct trie *trie, char **match_list, char *line,
while (isblank(line[0]) && isblank(line[1]))
line++;
- if (isempty(line + 1) || isempty(value))
+ if (isempty(line + 1))
return log_syntax(NULL, LOG_WARNING, filename, line_number, EINVAL,
- "Empty %s in \"%s=%s\", ignoring",
- isempty(line + 1) ? "key" : "value",
+ "Empty key in \"%s=%s\", ignoring",
line, value);
STRV_FOREACH(entry, match_list)

104589
SOURCES/0638-Update-hwdb.patch Normal file
View File

File diff suppressed because it is too large Load Diff

26
SOURCES/0639-Disable-libpitc-to-fix-CentOS-Stream-CI.patch Normal file
View File

@ -0,0 +1,26 @@
From b029865ef6d8b23ecdbfda4e277a3f75cb59ee94 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Mon, 25 Oct 2021 15:27:27 +0200
Subject: [PATCH] Disable libpitc to fix CentOS Stream CI
We have disabled it in our spec starting with 8.5.0, so let's follow
suit here.
Related: #2017033
---
.github/workflows/unit_tests.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/unit_tests.sh b/.github/workflows/unit_tests.sh
index ad4584ec1d..def38bffe2 100755
--- a/.github/workflows/unit_tests.sh
+++ b/.github/workflows/unit_tests.sh
@@ -50,7 +50,7 @@ CONFIGURE_OPTS=(
-Dgnutls=true
-Dmicrohttpd=true
-Dlibidn2=true
- -Dlibiptc=true
+ -Dlibiptc=false
-Dlibcurl=true
-Defi=true
-Dtpm=true

25
SOURCES/0640-rpm-Fix-typo-in-_environmentdir.patch Normal file
View File

@ -0,0 +1,25 @@
From 74cbe4b73a1dbb1113c822690561b8b41b2fb60a Mon Sep 17 00:00:00 2001
From: Neal Gompa <ngompa13@gmail.com>
Date: Mon, 25 Jun 2018 12:56:50 -0400
Subject: [PATCH] rpm: Fix typo in %_environmentdir
Signed-off-by: Neal Gompa <ngompa13@gmail.com>
(cherry picked from commit 6ea4cb975f99cdfd447332ffa9631790a5975eea)
Resolves: #2018024
---
src/core/macros.systemd.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/macros.systemd.in b/src/core/macros.systemd.in
index f3b74f4273..a24d7bbe58 100644
--- a/src/core/macros.systemd.in
+++ b/src/core/macros.systemd.in
@@ -18,7 +18,7 @@
%_sysctldir @sysctldir@
%_sysusersdir @sysusersdir@
%_tmpfilesdir @tmpfilesdir@
-%_environmnentdir @environmentdir@
+%_environmentdir @environmentdir@
%_modulesloaddir @modulesloaddir@
%_modprobedir @modprobedir@
%_systemdgeneratordir @systemgeneratordir@

30
SOURCES/0641-rpm-Add-misspelled-_environmentdir-macro-for-tempora.patch Normal file
View File

@ -0,0 +1,30 @@
From 7b2d5268cf43a4ed7847bdbed2328bccddd5a716 Mon Sep 17 00:00:00 2001
From: Neal Gompa <ngompa13@gmail.com>
Date: Tue, 26 Jun 2018 07:42:29 -0400
Subject: [PATCH] rpm: Add misspelled %_environmentdir macro for temporary
compatibility
This should be removed after systemd 240 is released.
Signed-off-by: Neal Gompa <ngompa13@gmail.com>
(cherry picked from commit a6bb5504583e3267d35fa385fe20f60fd998ca5d)
Related: #2018024
---
src/core/macros.systemd.in | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/core/macros.systemd.in b/src/core/macros.systemd.in
index a24d7bbe58..abbb42b22f 100644
--- a/src/core/macros.systemd.in
+++ b/src/core/macros.systemd.in
@@ -26,6 +26,10 @@
%_systemd_system_env_generator_dir @systemenvgeneratordir@
%_systemd_user_env_generator_dir @userenvgeneratordir@
+# Because we had one release with a typo...
+# This is temporary (Remove after systemd 240 is released)
+%_environmnentdir %_environmentdir
+
%systemd_requires \
Requires(post): systemd \
Requires(preun): systemd \

32
SOURCES/0642-rpm-emit-warning-when-macro-with-typo-is-used.patch Normal file
View File

@ -0,0 +1,32 @@
From 4d994a262ec1ad3e33e197cb09aa5aeabb5835dd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 3 Jul 2018 15:40:53 +0200
Subject: [PATCH] rpm: emit warning when macro with typo is used
Follow-up for a6bb550458. Suggested by @ignatenkobrain.
$ rpmbuild --eval %_environmentdir
/usr/lib/environment.d
$ rpmbuild --eval %_environmnentdir
warning: Use %_environmentdir instead
/usr/lib/environment.d
(cherry picked from commit be9bf171bbf764997551f8a9b3c2aba5c6a875d3)
Related: #2018024
---
src/core/macros.systemd.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/macros.systemd.in b/src/core/macros.systemd.in
index abbb42b22f..fe7ca26a34 100644
--- a/src/core/macros.systemd.in
+++ b/src/core/macros.systemd.in
@@ -28,7 +28,7 @@
# Because we had one release with a typo...
# This is temporary (Remove after systemd 240 is released)
-%_environmnentdir %_environmentdir
+%_environmnentdir %{warn:Use %%_environmentdir instead}%_environmentdir
%systemd_requires \
Requires(post): systemd \

75
SOURCES/0643-Remove-unintended-additions-to-systemd-analyze-man-p.patch Normal file
View File

@ -0,0 +1,75 @@
From f29b7bcd85d4e8d824d36fecc130a0d74af718f8 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Tue, 12 Oct 2021 16:47:48 +0200
Subject: [PATCH] Remove unintended additions to systemd-analyze man page
These changes were introduced in commit
a2e00522971897909db2a81b4daf10e5700f453e .
Resolves: #2004765
---
man/systemd-analyze.xml | 51 +----------------------------------------
1 file changed, 1 insertion(+), 50 deletions(-)
diff --git a/man/systemd-analyze.xml b/man/systemd-analyze.xml
index 7c873cbdd1..e17ff0cf90 100644
--- a/man/systemd-analyze.xml
+++ b/man/systemd-analyze.xml
@@ -354,56 +354,7 @@ $ eog targets.svg</programlisting>
they elapse next. This takes the same input as the <varname>OnCalendar=</varname> setting in
<citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
following the syntax described in
- <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>. By
- default, only the next time the calendar expression will elapse is shown; use
- <option>--iterations=</option> to show the specified number of next times the expression
- elapses.</para>
-
- <example>
- <title>Show leap days in the near future</title>
-
- <programlisting>$ systemd-analyze calendar --iterations=5 '*-2-29 0:0:0'
- Original form: *-2-29 0:0:0
-Normalized form: *-02-29 00:00:00
- Next elapse: Sat 2020-02-29 00:00:00 UTC
- From now: 11 months 15 days left
- Iter. #2: Thu 2024-02-29 00:00:00 UTC
- From now: 4 years 11 months left
- Iter. #3: Tue 2028-02-29 00:00:00 UTC
- From now: 8 years 11 months left
- Iter. #4: Sun 2032-02-29 00:00:00 UTC
- From now: 12 years 11 months left
- Iter. #5: Fri 2036-02-29 00:00:00 UTC
- From now: 16 years 11 months left
-</programlisting>
- </example>
- </refsect2>
-
- <refsect2>
- <title><command>systemd-analyze timespan <replaceable>EXPRESSION</replaceable>...</command></title>
-
- <para>This command parses a time span and outputs the normalized form and the equivalent value in
- microseconds. The time span should adhere to the same syntax documented in
- <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
- Values without associated magnitudes are parsed as seconds.</para>
-
- <example>
- <title>Show parsing of timespans</title>
-
- <programlisting>$ systemd-analyze timespan 1s 300s '1year 0.000001s'
-Original: 1s
- μs: 1000000
- Human: 1s
-
-Original: 300s
- μs: 300000000
- Human: 5min
-
-Original: 1year 0.000001s
- μs: 31557600000001
- Human: 1y 1us
-</programlisting>
- </example>
+ <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
</refsect2>
<refsect2>

21
SOURCES/0644-Disable-iptables-for-CI.patch Normal file
View File

@ -0,0 +1,21 @@
From ffd20a699280a4732d0fe4cddafe12ee8010ddb6 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Wed, 13 Oct 2021 10:01:59 +0200
Subject: [PATCH] Disable iptables for CI
---
.github/workflows/unit_tests.sh | 1 -
1 file changed, 1 deletion(-)
diff --git a/.github/workflows/unit_tests.sh b/.github/workflows/unit_tests.sh
index def38bffe2..814870e7a0 100755
--- a/.github/workflows/unit_tests.sh
+++ b/.github/workflows/unit_tests.sh
@@ -92,7 +92,6 @@ SYSTEMD_BUILD_DEPS=(
gnutls-devel
gobject-introspection-devel
gperf
- iptables-devel
kmod-devel
libacl-devel
libblkid-devel

103
SOURCES/0645-core-fix-SIGABRT-on-empty-exec-command-argv.patch Normal file
View File

@ -0,0 +1,103 @@
From 8e322f5bc24547963978be071a8a2547abad875a Mon Sep 17 00:00:00 2001
From: Henri Chain <henri.chain@enioka.com>
Date: Tue, 5 Oct 2021 13:10:31 +0200
Subject: [PATCH] core: fix SIGABRT on empty exec command argv
This verifies that the argv part of any exec_command parameters that
are sent through dbus is not empty at deserialization time.
There is an additional check in service.c service_verify() that again
checks if all exec_commands are correctly populated, after the service
has been loaded, whether through dbus or otherwise.
Fixes #20933.
(cherry picked from commit 29500cf8c47e6eb0518d171d62aa8213020c9152)
Resolves: #2020239
---
src/core/dbus-execute.c | 4 ++++
src/core/service.c | 12 +++++++++++
test/TEST-23-TYPE-EXEC/testsuite.sh | 31 +++++++++++++++++++++++++++++
3 files changed, 47 insertions(+)
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index 8348663000..2e64f0baf4 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -969,6 +969,10 @@ int bus_set_transient_exec_command(
if (r < 0)
return r;
+ if (strv_isempty(argv))
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
+ "\"%s\" argv cannot be empty", name);
+
r = sd_bus_message_read(message, "b", &b);
if (r < 0)
return r;
diff --git a/src/core/service.c b/src/core/service.c
index 5e3e75b5ae..12adf89dd4 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -536,6 +536,18 @@ static int service_verify(Service *s) {
if (UNIT(s)->load_state != UNIT_LOADED)
return 0;
+ for (ServiceExecCommand c = 0; c < _SERVICE_EXEC_COMMAND_MAX; c++) {
+ ExecCommand *command;
+
+ LIST_FOREACH(command, command, s->exec_command[c])
+ if (strv_isempty(command->argv)) {
+ log_unit_error(UNIT(s),
+ "Service has an empty argv in %s=. Refusing.",
+ service_exec_command_to_string(c));
+ return -ENOEXEC;
+ }
+ }
+
if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]) {
log_unit_error(UNIT(s), "Service lacks both ExecStart= and ExecStop= setting. Refusing.");
return -ENOEXEC;
diff --git a/test/TEST-23-TYPE-EXEC/testsuite.sh b/test/TEST-23-TYPE-EXEC/testsuite.sh
index 80734bbbdc..e0c34cfd04 100755
--- a/test/TEST-23-TYPE-EXEC/testsuite.sh
+++ b/test/TEST-23-TYPE-EXEC/testsuite.sh
@@ -21,6 +21,37 @@ systemd-run --unit=four -p Type=exec /bin/sleep infinity
! systemd-run --unit=five -p Type=exec -p User=idontexist /bin/sleep infinity
! systemd-run --unit=six -p Type=exec /tmp/brokenbinary
+# For issue #20933
+
+# Should work normally
+busctl call \
+ org.freedesktop.systemd1 /org/freedesktop/systemd1 \
+ org.freedesktop.systemd1.Manager StartTransientUnit \
+ "ssa(sv)a(sa(sv))" test-20933-ok.service replace 1 \
+ ExecStart "a(sasb)" 1 \
+ /usr/bin/sleep 2 /usr/bin/sleep 1 true \
+ 0
+
+# DBus call should fail but not crash systemd
+busctl call \
+ org.freedesktop.systemd1 /org/freedesktop/systemd1 \
+ org.freedesktop.systemd1.Manager StartTransientUnit \
+ "ssa(sv)a(sa(sv))" test-20933-bad.service replace 1 \
+ ExecStart "a(sasb)" 1 \
+ /usr/bin/sleep 0 true \
+ 0 && { echo 'unexpected success'; exit 1; }
+
+# Same but with the empty argv in the middle
+busctl call \
+ org.freedesktop.systemd1 /org/freedesktop/systemd1 \
+ org.freedesktop.systemd1.Manager StartTransientUnit \
+ "ssa(sv)a(sa(sv))" test-20933-bad-middle.service replace 1 \
+ ExecStart "a(sasb)" 3 \
+ /usr/bin/sleep 2 /usr/bin/sleep 1 true \
+ /usr/bin/sleep 0 true \
+ /usr/bin/sleep 2 /usr/bin/sleep 1 true \
+ 0 && { echo 'unexpected success'; exit 1; }
+
systemd-analyze set-log-level info
echo OK > /testok

39
SOURCES/0646-core-service-also-check-path-in-exec-commands.patch Normal file
View File

@ -0,0 +1,39 @@
From 71ebbd2da606c9cb4da694bbcc925078f253f496 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 6 Oct 2021 00:19:41 +0900
Subject: [PATCH] core/service: also check path in exec commands
(cherry picked from commit 8688a389cabdff61efe187bb85cc1776de03c460)
Related: #2020239
---
src/core/service.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/core/service.c b/src/core/service.c
index 12adf89dd4..ae31973774 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -539,13 +539,21 @@ static int service_verify(Service *s) {
for (ServiceExecCommand c = 0; c < _SERVICE_EXEC_COMMAND_MAX; c++) {
ExecCommand *command;
- LIST_FOREACH(command, command, s->exec_command[c])
+ LIST_FOREACH(command, command, s->exec_command[c]) {
+ if (!path_is_absolute(command->path) && !filename_is_valid(command->path)) {
+ log_unit_error(UNIT(s),
+ "Service %s= binary path \"%s\" is neither a valid executable name nor an absolute path. Refusing.",
+ command->path,
+ service_exec_command_to_string(c));
+ return -ENOEXEC;
+ }
if (strv_isempty(command->argv)) {
log_unit_error(UNIT(s),
"Service has an empty argv in %s=. Refusing.",
service_exec_command_to_string(c));
return -ENOEXEC;
}
+ }
}
if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]) {

124
SOURCES/0647-mount-util-fix-fd_is_mount_point-when-both-the-paren.patch Normal file
View File

@ -0,0 +1,124 @@
From 397aaad6da5c4bfb160adca7a68f865086f2ed0a Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Thu, 30 Sep 2021 14:05:36 +0200
Subject: [PATCH] mount-util: fix fd_is_mount_point() when both the parent and
directory are network fs
The second call to name_to_handle_at_loop() didn't check for the specific
errors that can happen when the parent dir is mounted by nfs and instead of
falling back like it's done for the child dir, fd_is_mount_point() failed in
this case.
(cherry picked from commit 964ccab8286a7e75d7e9107f574f5cb23752bd5d)
Resolves: #2015057
---
src/basic/mount-util.c | 71 ++++++++++++++++++++++++------------------
1 file changed, 41 insertions(+), 30 deletions(-)
diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c
index 45348bf878..0c709001be 100644
--- a/src/basic/mount-util.c
+++ b/src/basic/mount-util.c
@@ -139,6 +139,19 @@ static int fd_fdinfo_mnt_id(int fd, const char *filename, int flags, int *mnt_id
return safe_atoi(p, mnt_id);
}
+static bool is_name_to_handle_at_fatal_error(int err) {
+ /* name_to_handle_at() can return "acceptable" errors that are due to the context. For
+ * example the kernel does not support name_to_handle_at() at all (ENOSYS), or the syscall
+ * was blocked (EACCES/EPERM; maybe through seccomp, because we are running inside of a
+ * container), or the mount point is not triggered yet (EOVERFLOW, think nfs4), or some
+ * general name_to_handle_at() flakiness (EINVAL). However other errors are not supposed to
+ * happen and therefore are considered fatal ones. */
+
+ assert(err < 0);
+
+ return !IN_SET(err, -EOPNOTSUPP, -ENOSYS, -EACCES, -EPERM, -EOVERFLOW, -EINVAL);
+}
+
int fd_is_mount_point(int fd, const char *filename, int flags) {
_cleanup_free_ struct file_handle *h = NULL, *h_parent = NULL;
int mount_id = -1, mount_id_parent = -1;
@@ -173,42 +186,40 @@ int fd_is_mount_point(int fd, const char *filename, int flags) {
* real mounts of their own. */
r = name_to_handle_at_loop(fd, filename, &h, &mount_id, flags);
- if (IN_SET(r, -ENOSYS, -EACCES, -EPERM, -EOVERFLOW, -EINVAL))
- /* This kernel does not support name_to_handle_at() at all (ENOSYS), or the syscall was blocked
- * (EACCES/EPERM; maybe through seccomp, because we are running inside of a container?), or the mount
- * point is not triggered yet (EOVERFLOW, think nfs4), or some general name_to_handle_at() flakiness
- * (EINVAL): fall back to simpler logic. */
- goto fallback_fdinfo;
- else if (r == -EOPNOTSUPP)
- /* This kernel or file system does not support name_to_handle_at(), hence let's see if the upper fs
- * supports it (in which case it is a mount point), otherwise fallback to the traditional stat()
- * logic */
+ if (r < 0) {
+ if (is_name_to_handle_at_fatal_error(r))
+ return r;
+ if (r != -EOPNOTSUPP)
+ goto fallback_fdinfo;
+
+ /* This kernel or file system does not support name_to_handle_at(), hence let's see
+ * if the upper fs supports it (in which case it is a mount point), otherwise fall
+ * back to the traditional stat() logic */
nosupp = true;
- else if (r < 0)
- return r;
+ }
r = name_to_handle_at_loop(fd, "", &h_parent, &mount_id_parent, AT_EMPTY_PATH);
- if (r == -EOPNOTSUPP) {
+ if (r < 0) {
+ if (is_name_to_handle_at_fatal_error(r))
+ return r;
+ if (r != -EOPNOTSUPP)
+ goto fallback_fdinfo;
if (nosupp)
- /* Neither parent nor child do name_to_handle_at()? We have no choice but to fall back. */
+ /* Both the parent and the directory can't do name_to_handle_at() */
goto fallback_fdinfo;
- else
- /* The parent can't do name_to_handle_at() but the directory we are interested in can? If so,
- * it must be a mount point. */
- return 1;
- } else if (r < 0)
- return r;
- /* The parent can do name_to_handle_at() but the
- * directory we are interested in can't? If so, it
- * must be a mount point. */
+ /* The parent can't do name_to_handle_at() but the directory we are
+ * interested in can? If so, it must be a mount point. */
+ return 1;
+ }
+
+ /* The parent can do name_to_handle_at() but the directory we are interested in can't? If
+ * so, it must be a mount point. */
if (nosupp)
return 1;
- /* If the file handle for the directory we are
- * interested in and its parent are identical, we
- * assume this is the root directory, which is a mount
- * point. */
+ /* If the file handle for the directory we are interested in and its parent are identical,
+ * we assume this is the root directory, which is a mount point. */
if (h->handle_bytes == h_parent->handle_bytes &&
h->handle_type == h_parent->handle_type &&
@@ -300,10 +311,10 @@ int path_get_mnt_id(const char *path, int *ret) {
int r;
r = name_to_handle_at_loop(AT_FDCWD, path, NULL, ret, 0);
- if (IN_SET(r, -EOPNOTSUPP, -ENOSYS, -EACCES, -EPERM, -EOVERFLOW, -EINVAL)) /* kernel/fs don't support this, or seccomp blocks access, or untriggered mount, or name_to_handle_at() is flaky */
- return fd_fdinfo_mnt_id(AT_FDCWD, path, 0, ret);
+ if (r == 0 || is_name_to_handle_at_fatal_error(r))
+ return r;
- return r;
+ return fd_fdinfo_mnt_id(AT_FDCWD, path, 0, ret);
}
int umount_recursive(const char *prefix, int flags) {

28
SOURCES/0648-basic-add-vmware-hypervisor-detection-from-device-tr.patch Normal file
View File

@ -0,0 +1,28 @@
From 537055fc407d7cff32ddd3414a6900ccff579c46 Mon Sep 17 00:00:00 2001
From: Cyprien Laplace <claplace@vmware.com>
Date: Thu, 14 Nov 2019 09:42:14 -0500
Subject: [PATCH] basic: add vmware hypervisor detection from device-tree
Allow ConditionVirtualization=vmware to work on ESXi on arm VMs
using device-tree.
(cherry picked from commit 4d4ac92c928fcbc60b85fcbf8370af3883ee63db)
Resolves: #1959150
---
src/basic/virt.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/basic/virt.c b/src/basic/virt.c
index 0b88005ed6..8d862b6d67 100644
--- a/src/basic/virt.c
+++ b/src/basic/virt.c
@@ -122,6 +122,8 @@ static int detect_vm_device_tree(void) {
return VIRTUALIZATION_KVM;
else if (strstr(hvtype, "xen"))
return VIRTUALIZATION_XEN;
+ else if (strstr(hvtype, "vmware"))
+ return VIRTUALIZATION_VMWARE;
else
return VIRTUALIZATION_VM_OTHER;
#else

45
SOURCES/0649-pam-do-not-require-a-non-expired-password-for-user-..patch Normal file
View File

@ -0,0 +1,45 @@
From a677e477ef541d172ede2a5bd728a4ff1ffb312d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 1 Jun 2021 16:17:16 +0200
Subject: [PATCH] pam: do not require a non-expired password for user@.service
Without this parameter, we would allow user@ to start if the user
has no password (i.e. the password is "locked"). But when the user does have a password,
and it is marked as expired, we would refuse to start the service.
There are other authentication mechanisms and we should not tie this service to
the password state.
The documented way to disable an *account* is to call 'chage -E0'. With a disabled
account, user@.service will still refuse to start:
systemd[16598]: PAM failed: User account has expired
systemd[16598]: PAM failed: User account has expired
systemd[16598]: user@1005.service: Failed to set up PAM session: Operation not permitted
systemd[16598]: user@1005.service: Failed at step PAM spawning /usr/lib/systemd/systemd: Operation not permitted
systemd[1]: user@1005.service: Main process exited, code=exited, status=224/PAM
systemd[1]: user@1005.service: Failed with result 'exit-code'.
systemd[1]: Failed to start user@1005.service.
systemd[1]: Stopping user-runtime-dir@1005.service...
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1961746.
(cherry picked from commit 71889176e4372b443018584c3520c1ff3efe2711)
Resolves: #1961746
---
src/login/systemd-user.m4 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/login/systemd-user.m4 b/src/login/systemd-user.m4
index 4f85b4b7fe..20c8999331 100644
--- a/src/login/systemd-user.m4
+++ b/src/login/systemd-user.m4
@@ -2,7 +2,7 @@
#
# Used by systemd --user instances.
-account required pam_unix.so
+account sufficient pam_unix.so no_pass_expiry
m4_ifdef(`HAVE_SELINUX',
session required pam_selinux.so close
session required pam_selinux.so nottys open

26
SOURCES/0650-udev-rules-add-rule-to-create-dev-ptp_hyperv.patch Normal file
View File

@ -0,0 +1,26 @@
From c0e530dc95fa7842ec1a48fd5df98956a76ae26c Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@microsoft.com>
Date: Fri, 26 Feb 2021 10:25:31 +0000
Subject: [PATCH] udev rules: add rule to create /dev/ptp_hyperv
As for the KVM case, necessary for network cards with
PTP devices when running a guest on HyperV
(cherry picked from commit 32e868f058da8b90add00b2958c516241c532b70)
Resolves: #1991834
---
rules/50-udev-default.rules.in | 2 ++
1 file changed, 2 insertions(+)
diff --git a/rules/50-udev-default.rules.in b/rules/50-udev-default.rules.in
index 191f56f42e..36657ce1a4 100644
--- a/rules/50-udev-default.rules.in
+++ b/rules/50-udev-default.rules.in
@@ -83,4 +83,6 @@ KERNEL=="kvm", GROUP="kvm", MODE="@DEV_KVM_MODE@", OPTIONS+="static_node=kvm"
SUBSYSTEM=="ptp", ATTR{clock_name}=="KVM virtual PTP", SYMLINK += "ptp_kvm"
+SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK += "ptp_hyperv"
+
LABEL="default_end"

223
SOURCES/0651-process-util-explicitly-handle-processes-lacking-par.patch Normal file
View File

@ -0,0 +1,223 @@
From 9b30c003c8f80bf44f18168d07ea11c48e6d8864 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 7 Jul 2021 15:57:51 +0200
Subject: [PATCH] process-util: explicitly handle processes lacking parents in
get_process_ppid()
Let's make sure we signal out-of-band via an error message if a process
doesn't have a parent process whose PID we could return. Otherwise we'll
too likely hide errors, as we return an invalid PID 0, which in other
contexts has special meaning (i.e. usually "myself").
Replaces: #20153
This is based on work by @dtardon, but goes a different route, by
ensuring we propagate a proper error in this case.
This modernizes the function in question a bit in other ways, i.e.
renames stuff and makes the return parameter optional.
(cherry picked from commit 0c4d1e6d96a549054bfe0597d197f829838917f1)
Resolves: #1977569
---
src/basic/process-util.c | 27 +++++++++++++-------
src/coredump/coredump.c | 23 +++++++++--------
src/test/test-process-util.c | 48 +++++++++++++++++++++++++++++++++---
3 files changed, 74 insertions(+), 24 deletions(-)
diff --git a/src/basic/process-util.c b/src/basic/process-util.c
index 0a4a747ba4..6016d83d41 100644
--- a/src/basic/process-util.c
+++ b/src/basic/process-util.c
@@ -603,20 +603,23 @@ int get_process_environ(pid_t pid, char **env) {
return 0;
}
-int get_process_ppid(pid_t pid, pid_t *_ppid) {
- int r;
+int get_process_ppid(pid_t pid, pid_t *ret) {
_cleanup_free_ char *line = NULL;
long unsigned ppid;
const char *p;
+ int r;
assert(pid >= 0);
- assert(_ppid);
if (pid == 0 || pid == getpid_cached()) {
- *_ppid = getppid();
+ if (ret)
+ *ret = getppid();
return 0;
}
+ if (pid == 1) /* PID 1 has no parent, shortcut this case */
+ return -EADDRNOTAVAIL;
+
p = procfs_file_alloca(pid, "stat");
r = read_one_line_file(p, &line);
if (r == -ENOENT)
@@ -624,9 +627,8 @@ int get_process_ppid(pid_t pid, pid_t *_ppid) {
if (r < 0)
return r;
- /* Let's skip the pid and comm fields. The latter is enclosed
- * in () but does not escape any () in its value, so let's
- * skip over it manually */
+ /* Let's skip the pid and comm fields. The latter is enclosed in () but does not escape any () in its
+ * value, so let's skip over it manually */
p = strrchr(line, ')');
if (!p)
@@ -640,10 +642,17 @@ int get_process_ppid(pid_t pid, pid_t *_ppid) {
&ppid) != 1)
return -EIO;
- if ((long unsigned) (pid_t) ppid != ppid)
+ /* If ppid is zero the process has no parent. Which might be the case for PID 1 but also for
+ * processes originating in other namespaces that are inserted into a pidns. Return a recognizable
+ * error in this case. */
+ if (ppid == 0)
+ return -EADDRNOTAVAIL;
+
+ if ((pid_t) ppid < 0 || (long unsigned) (pid_t) ppid != ppid)
return -ERANGE;
- *_ppid = (pid_t) ppid;
+ if (ret)
+ *ret = (pid_t) ppid;
return 0;
}
diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
index 2a130e8838..fb3a6ecfe9 100644
--- a/src/coredump/coredump.c
+++ b/src/coredump/coredump.c
@@ -591,8 +591,7 @@ static int get_process_ns(pid_t pid, const char *namespace, ino_t *ns) {
return 0;
}
-static int get_mount_namespace_leader(pid_t pid, pid_t *container_pid) {
- pid_t cpid = pid, ppid = 0;
+static int get_mount_namespace_leader(pid_t pid, pid_t *ret) {
ino_t proc_mntns;
int r = 0;
@@ -602,8 +601,12 @@ static int get_mount_namespace_leader(pid_t pid, pid_t *container_pid) {
for (;;) {
ino_t parent_mntns;
+ pid_t ppid;
- r = get_process_ppid(cpid, &ppid);
+ r = get_process_ppid(pid, &ppid);
+ if (r == -EADDRNOTAVAIL) /* Reached the top (i.e. typically PID 1, but could also be a process
+ * whose parent is not in our pidns) */
+ return -ENOENT;
if (r < 0)
return r;
@@ -611,17 +614,13 @@ static int get_mount_namespace_leader(pid_t pid, pid_t *container_pid) {
if (r < 0)
return r;
- if (proc_mntns != parent_mntns)
- break;
-
- if (ppid == 1)
- return -ENOENT;
+ if (proc_mntns != parent_mntns) {
+ *ret = ppid;
+ return 0;
+ }
- cpid = ppid;
+ pid = ppid;
}
-
- *container_pid = ppid;
- return 0;
}
/* Returns 1 if the parent was found.
diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c
index 26e3247993..6b14ff592b 100644
--- a/src/test/test-process-util.c
+++ b/src/test/test-process-util.c
@@ -19,6 +19,7 @@
#include "macro.h"
#include "parse-util.h"
#include "process-util.h"
+#include "procfs-util.h"
#include "signal-util.h"
#include "stdio-util.h"
#include "string-util.h"
@@ -56,9 +57,12 @@ static void test_get_process_comm(pid_t pid) {
assert_se(get_process_cmdline(pid, 1, false, &d) >= 0);
log_info("PID"PID_FMT" cmdline truncated to 1: '%s'", pid, d);
- assert_se(get_process_ppid(pid, &e) >= 0);
- log_info("PID"PID_FMT" PPID: "PID_FMT, pid, e);
- assert_se(pid == 1 ? e == 0 : e > 0);
+ r = get_process_ppid(pid, &e);
+ assert_se(pid == 1 ? r == -EADDRNOTAVAIL : r >= 0);
+ if (r >= 0) {
+ log_info("PID"PID_FMT" PPID: "PID_FMT, pid, e);
+ assert_se(e > 0);
+ }
assert_se(is_kernel_thread(pid) == 0 || pid != 1);
@@ -585,6 +589,43 @@ static void test_ioprio_class_from_to_string(void) {
test_ioprio_class_from_to_string_one("-1", -1);
}
+static void test_get_process_ppid(void) {
+ uint64_t limit;
+ int r;
+
+ log_info("/* %s */", __func__);
+
+ assert_se(get_process_ppid(1, NULL) == -EADDRNOTAVAIL);
+
+ /* the process with the PID above the global limit definitely doesn't exist. Verify that */
+ assert_se(procfs_tasks_get_limit(&limit) >= 0);
+ assert_se(limit >= INT_MAX || get_process_ppid(limit+1, NULL) == -ESRCH);
+
+ for (pid_t pid = 0;;) {
+ _cleanup_free_ char *c1 = NULL, *c2 = NULL;
+ pid_t ppid;
+
+ r = get_process_ppid(pid, &ppid);
+ if (r == -EADDRNOTAVAIL) {
+ log_info("No further parent PID");
+ break;
+ }
+
+ assert_se(r >= 0);
+
+ /* NOTE: The size is SIZE_MAX in the original commit, but it would require backporting a
+ * lot more stuff to support that (the current version of get_process_cmdline() just fails with
+ * ENOMEM). UINT16_MAX should be enough for practical purposes.
+ */
+ assert_se(get_process_cmdline(pid, UINT16_MAX, true, &c1) >= 0);
+ assert_se(get_process_cmdline(ppid, UINT16_MAX, true, &c2) >= 0);
+
+ log_info("Parent of " PID_FMT " (%s) is " PID_FMT " (%s).", pid, c1, ppid, c2);
+
+ pid = ppid;
+ }
+}
+
int main(int argc, char *argv[]) {
log_set_max_level(LOG_DEBUG);
log_parse_environment();
@@ -614,6 +655,7 @@ int main(int argc, char *argv[]) {
test_safe_fork();
test_pid_to_ptr();
test_ioprio_class_from_to_string();
+ test_get_process_ppid();
return 0;
}

30
SOURCES/0652-errno-util-add-ERRNO_IS_PRIVILEGE-helper.patch Normal file
View File

@ -0,0 +1,30 @@
From c078d4d4bc3a61d186a98e03afc699b11134e09f Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 20 Nov 2019 12:22:40 +0100
Subject: [PATCH] errno-util: add ERRNO_IS_PRIVILEGE() helper
(cherry picked from commit e884e000714c2db006384058a63788ffcce8c8b8)
Related: #1977569
---
src/basic/util.h | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/basic/util.h b/src/basic/util.h
index c70467f98c..76b76d7e91 100644
--- a/src/basic/util.h
+++ b/src/basic/util.h
@@ -170,6 +170,13 @@ static inline int negative_errno(void) {
return -errno;
}
+/* Two different errors for access problems */
+static inline bool ERRNO_IS_PRIVILEGE(int r) {
+ return IN_SET(abs(r),
+ EACCES,
+ EPERM);
+}
+
static inline unsigned u64log2(uint64_t n) {
#if __SIZEOF_LONG_LONG__ == 8
return (n > 1) ? (unsigned) __builtin_clzll(n) ^ 63U : 0;

318
SOURCES/0653-procfs-util-fix-confusion-wrt.-quantity-limit-and-ma.patch Normal file
View File

@ -0,0 +1,318 @@
From 62678ec1aa02b53cb116b6f7dd72a54bf61153b7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 2 Nov 2021 18:18:21 +0100
Subject: [PATCH] procfs-util: fix confusion wrt. quantity limit and maximum
value
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From packit/rawhide-arm64 logs:
Assertion 'limit >= INT_MAX || get_process_ppid(limit+1, NULL) == -ESRCH' failed at src/test/test-process-util.c:855, function test_get_process_ppid(). Aborting.
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
The kernel has a few different limits. In particular kernel.threads-max can be
set to some lower value, and kernel.pid_max can be set to a higher value. This
is nice because it reduces PID reuse, even if the number of threads that is
allowed is limited. But the tests assumed that we cannot have a thread with
PID above MIN(kernel.threads-max, kernel.pid_max-1), which is not valid.
So let's rework the whole thing: let's expose the helpers to read
kernel.threads-max and kernel.pid_max, and print what they return in tests.
procfs_tasks_get_limit() was something that is only used in tests, and wasn't
very well defined, so let's drop it.
Fixes #21193.
(cherry picked from commit c3dead53d50e334f2d072a2248256983d6dc9f8c)
Related: #1977569
---
src/basic/procfs-util.c | 53 +++++++++---------------------------
src/basic/procfs-util.h | 4 ++-
src/basic/util.c | 49 +++++++++++++++++++++++----------
src/test/test-process-util.c | 10 +++++--
src/test/test-procfs-util.c | 37 +++++++++++++++++++------
5 files changed, 88 insertions(+), 65 deletions(-)
diff --git a/src/basic/procfs-util.c b/src/basic/procfs-util.c
index 7aaf95bfce..fa5671dd72 100644
--- a/src/basic/procfs-util.c
+++ b/src/basic/procfs-util.c
@@ -12,54 +12,34 @@
#include "stdio-util.h"
#include "string-util.h"
-int procfs_tasks_get_limit(uint64_t *ret) {
+int procfs_get_pid_max(uint64_t *ret) {
_cleanup_free_ char *value = NULL;
- uint64_t pid_max, threads_max;
int r;
assert(ret);
- /* So there are two sysctl files that control the system limit of processes:
- *
- * 1. kernel.threads-max: this is probably the sysctl that makes more sense, as it directly puts a limit on
- * concurrent tasks.
- *
- * 2. kernel.pid_max: this limits the numeric range PIDs can take, and thus indirectly also limits the number
- * of concurrent threads. AFAICS it's primarily a compatibility concept: some crappy old code used a signed
- * 16bit type for PIDs, hence the kernel provides a way to ensure the PIDs never go beyond INT16_MAX by
- * default.
- *
- * By default #2 is set to much lower values than #1, hence the limit people come into contact with first, as
- * it's the lowest boundary they need to bump when they want higher number of processes.
- *
- * Also note the weird definition of #2: PIDs assigned will be kept below this value, which means the number of
- * tasks that can be created is one lower, as PID 0 is not a valid process ID. */
-
r = read_one_line_file("/proc/sys/kernel/pid_max", &value);
if (r < 0)
return r;
- r = safe_atou64(value, &pid_max);
- if (r < 0)
- return r;
+ return safe_atou64(value, ret);
+}
- value = mfree(value);
- r = read_one_line_file("/proc/sys/kernel/threads-max", &value);
- if (r < 0)
- return r;
+int procfs_get_threads_max(uint64_t *ret) {
+ _cleanup_free_ char *value = NULL;
+ int r;
- r = safe_atou64(value, &threads_max);
+ assert(ret);
+
+ r = read_one_line_file("/proc/sys/kernel/threads-max", &value);
if (r < 0)
return r;
- /* Subtract one from pid_max, since PID 0 is not a valid PID */
- *ret = MIN(pid_max-1, threads_max);
- return 0;
+ return safe_atou64(value, ret);
}
int procfs_tasks_set_limit(uint64_t limit) {
char buffer[DECIMAL_STR_MAX(uint64_t)+1];
- _cleanup_free_ char *value = NULL;
uint64_t pid_max;
int r;
@@ -74,10 +54,7 @@ int procfs_tasks_set_limit(uint64_t limit) {
* set it to the maximum. */
limit = CLAMP(limit, 20U, TASKS_MAX);
- r = read_one_line_file("/proc/sys/kernel/pid_max", &value);
- if (r < 0)
- return r;
- r = safe_atou64(value, &pid_max);
+ r = procfs_get_pid_max(&pid_max);
if (r < 0)
return r;
@@ -98,14 +75,10 @@ int procfs_tasks_set_limit(uint64_t limit) {
/* Hmm, we couldn't write this? If so, maybe it was already set properly? In that case let's not
* generate an error */
- value = mfree(value);
- if (read_one_line_file("/proc/sys/kernel/threads-max", &value) < 0)
- return r; /* return original error */
-
- if (safe_atou64(value, &threads_max) < 0)
+ if (procfs_get_threads_max(&threads_max) < 0)
return r; /* return original error */
- if (MIN(pid_max-1, threads_max) != limit)
+ if (MIN(pid_max - 1, threads_max) != limit)
return r; /* return original error */
/* Yay! Value set already matches what we were trying to set, hence consider this a success. */
diff --git a/src/basic/procfs-util.h b/src/basic/procfs-util.h
index 5a44e9eff7..caaee8b0b6 100644
--- a/src/basic/procfs-util.h
+++ b/src/basic/procfs-util.h
@@ -5,7 +5,9 @@
#include "time-util.h"
-int procfs_tasks_get_limit(uint64_t *ret);
+int procfs_get_pid_max(uint64_t *ret);
+int procfs_get_threads_max(uint64_t *ret);
+
int procfs_tasks_set_limit(uint64_t limit);
int procfs_tasks_get_current(uint64_t *ret);
diff --git a/src/basic/util.c b/src/basic/util.c
index 609f8c2f33..548e3652cc 100644
--- a/src/basic/util.c
+++ b/src/basic/util.c
@@ -527,23 +527,46 @@ uint64_t physical_memory_scale(uint64_t v, uint64_t max) {
}
uint64_t system_tasks_max(void) {
-
- uint64_t a = TASKS_MAX, b = TASKS_MAX;
+ uint64_t a = TASKS_MAX, b = TASKS_MAX, c = TASKS_MAX;
_cleanup_free_ char *root = NULL;
int r;
- /* Determine the maximum number of tasks that may run on this system. We check three sources to determine this
- * limit:
+ /* Determine the maximum number of tasks that may run on this system. We check three sources to
+ * determine this limit:
+ *
+ * a) kernel.threads-max sysctl: the maximum number of tasks (threads) the kernel allows.
+ *
+ * This puts a direct limit on the number of concurrent tasks.
+ *
+ * b) kernel.pid_max sysctl: the maximum PID value.
+ *
+ * This limits the numeric range PIDs can take, and thus indirectly also limits the number of
+ * concurrent threads. It's primarily a compatibility concept: some crappy old code used a signed
+ * 16bit type for PIDs, hence the kernel provides a way to ensure the PIDs never go beyond
+ * INT16_MAX by default.
*
- * a) the maximum tasks value the kernel allows on this architecture
- * b) the cgroups pids_max attribute for the system
- * c) the kernel's configured maximum PID value
+ * Also note the weird definition: PIDs assigned will be kept below this value, which means
+ * the number of tasks that can be created is one lower, as PID 0 is not a valid process ID.
*
- * And then pick the smallest of the three */
+ * c) pids.max on the root cgroup: the kernel's configured maximum number of tasks.
+ *
+ * and then pick the smallest of the three.
+ *
+ * By default pid_max is set to much lower values than threads-max, hence the limit people come into
+ * contact with first, as it's the lowest boundary they need to bump when they want higher number of
+ * processes.
+ */
+
+ r = procfs_get_threads_max(&a);
+ if (r < 0)
+ log_debug_errno(r, "Failed to read kernel.threads-max, ignoring: %m");
- r = procfs_tasks_get_limit(&a);
+ r = procfs_get_pid_max(&b);
if (r < 0)
- log_debug_errno(r, "Failed to read maximum number of tasks from /proc, ignoring: %m");
+ log_debug_errno(r, "Failed to read kernel.pid_max, ignoring: %m");
+ else if (b > 0)
+ /* Subtract one from pid_max, since PID 0 is not a valid PID */
+ b--;
r = cg_get_root_path(&root);
if (r < 0)
@@ -555,15 +578,13 @@ uint64_t system_tasks_max(void) {
if (r < 0)
log_debug_errno(r, "Failed to read pids.max attribute of cgroup root, ignoring: %m");
else if (!streq(value, "max")) {
- r = safe_atou64(value, &b);
+ r = safe_atou64(value, &c);
if (r < 0)
log_debug_errno(r, "Failed to parse pids.max attribute of cgroup root, ignoring: %m");
}
}
- return MIN3(TASKS_MAX,
- a <= 0 ? TASKS_MAX : a,
- b <= 0 ? TASKS_MAX : b);
+ return MIN3(a, b, c);
}
uint64_t system_tasks_max_scale(uint64_t v, uint64_t max) {
diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c
index 6b14ff592b..6295889b47 100644
--- a/src/test/test-process-util.c
+++ b/src/test/test-process-util.c
@@ -598,8 +598,14 @@ static void test_get_process_ppid(void) {
assert_se(get_process_ppid(1, NULL) == -EADDRNOTAVAIL);
/* the process with the PID above the global limit definitely doesn't exist. Verify that */
- assert_se(procfs_tasks_get_limit(&limit) >= 0);
- assert_se(limit >= INT_MAX || get_process_ppid(limit+1, NULL) == -ESRCH);
+ assert_se(procfs_get_pid_max(&limit) >= 0);
+ log_debug("kernel.pid_max = %"PRIu64, limit);
+
+ if (limit < INT_MAX) {
+ r = get_process_ppid(limit + 1, NULL);
+ log_debug_errno(r, "get_process_limit(%"PRIu64") → %d/%m", limit + 1, r);
+ assert(r == -ESRCH);
+ }
for (pid_t pid = 0;;) {
_cleanup_free_ char *c1 = NULL, *c2 = NULL;
diff --git a/src/test/test-procfs-util.c b/src/test/test-procfs-util.c
index 1d0612985b..bb6943fed0 100644
--- a/src/test/test-procfs-util.c
+++ b/src/test/test-procfs-util.c
@@ -5,11 +5,13 @@
#include "log.h"
#include "parse-util.h"
#include "procfs-util.h"
+#include "process-util.h"
+#include "util.h"
int main(int argc, char *argv[]) {
char buf[CONST_MAX(FORMAT_TIMESPAN_MAX, FORMAT_BYTES_MAX)];
nsec_t nsec;
- uint64_t v;
+ uint64_t v, w;
int r;
log_parse_environment();
@@ -24,22 +26,41 @@ int main(int argc, char *argv[]) {
assert_se(procfs_tasks_get_current(&v) >= 0);
log_info("Current number of tasks: %" PRIu64, v);
- assert_se(procfs_tasks_get_limit(&v) >= 0);
+ v = TASKS_MAX;
+ r = procfs_get_pid_max(&v);
+ assert(r >= 0 || r == -ENOENT || ERRNO_IS_PRIVILEGE(r));
+ log_info("kernel.pid_max: %"PRIu64, v);
+
+ w = TASKS_MAX;
+ r = procfs_get_threads_max(&w);
+ assert(r >= 0 || r == -ENOENT || ERRNO_IS_PRIVILEGE(r));
+ log_info("kernel.threads-max: %"PRIu64, w);
+
+ v = MIN(v - (v > 0), w);
+
+ assert_se(r >= 0);
log_info("Limit of tasks: %" PRIu64, v);
assert_se(v > 0);
- assert_se(procfs_tasks_set_limit(v) >= 0);
+ r = procfs_tasks_set_limit(v);
+ if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r)) {
+ log_notice_errno(r, "Skipping test: can't set task limits");
+ return EXIT_TEST_SKIP;
+ }
+ assert(r >= 0);
if (v > 100) {
- uint64_t w;
+ log_info("Reducing limit by one to %"PRIu64"…", v-1);
+
r = procfs_tasks_set_limit(v-1);
- assert_se(IN_SET(r, 0, -EPERM, -EACCES, -EROFS));
+ log_info_errno(r, "procfs_tasks_set_limit: %m");
+ assert_se(r >= 0 || ERRNO_IS_PRIVILEGE(r));
- assert_se(procfs_tasks_get_limit(&w) >= 0);
- assert_se((r == 0 && w == v - 1) || (r < 0 && w == v));
+ assert_se(procfs_get_threads_max(&w) >= 0);
+ assert_se(r >= 0 ? w == v - 1 : w == v);
assert_se(procfs_tasks_set_limit(v) >= 0);
- assert_se(procfs_tasks_get_limit(&w) >= 0);
+ assert_se(procfs_get_threads_max(&w) >= 0);
assert_se(v == w);
}

31
SOURCES/0654-test-process-util-also-add-EROFS-to-the-list-of-good.patch Normal file
View File

@ -0,0 +1,31 @@
From fe15b97e44beb69305d3970a3748624ae76f9f04 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 3 Nov 2021 09:39:16 +0100
Subject: [PATCH] test-process-util: also add EROFS to the list of "good"
errors
It is only added in the one place where we actually try to set the
setting to a new value. Before we were testing if we can set to it the
existing value, which was a noop. We could still get a permission error,
but this is the first place where we would propagate EROFS.
(cherry picked from commit 6434a83d01d96e9f9a17ed9ce1f04a7d64859950)
Related: #1977569
---
src/test/test-procfs-util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/test/test-procfs-util.c b/src/test/test-procfs-util.c
index bb6943fed0..d656c4df4f 100644
--- a/src/test/test-procfs-util.c
+++ b/src/test/test-procfs-util.c
@@ -53,7 +53,7 @@ int main(int argc, char *argv[]) {
r = procfs_tasks_set_limit(v-1);
log_info_errno(r, "procfs_tasks_set_limit: %m");
- assert_se(r >= 0 || ERRNO_IS_PRIVILEGE(r));
+ assert_se(r >= 0 || ERRNO_IS_PRIVILEGE(r) || r == -EROFS);
assert_se(procfs_get_threads_max(&w) >= 0);
assert_se(r >= 0 ? w == v - 1 : w == v);

146
SOURCES/0655-journal-refresh-cached-credentials-of-stdout-streams.patch Normal file
View File

@ -0,0 +1,146 @@
From a42cf9af339f48f633fa0b17a960e1e407b7450f Mon Sep 17 00:00:00 2001
From: Lorenz Bauer <lmb@cloudflare.com>
Date: Mon, 4 Nov 2019 16:35:46 +0000
Subject: [PATCH] journal: refresh cached credentials of stdout streams
journald assumes that getsockopt(SO_PEERCRED) correctly identifies the
process on the remote end of the socket. However, this is incorrect
according to man 7 socket:
The returned credentials are those that were in effect at the
time of the call to connect(2) or socketpair(2).
This becomes a problem when a new process inherits the stdout stream
from a parent. First, log messages from the child process will
be attributed to the parent. Second, the struct ucred used by journald
becomes invalid as soon as the parent exits. Further sendmsg calls then
fail with ENOENT. Logs for the child process then vanish from the journal.
Fix this by using recvmsg on the stdout stream, and refreshing the cached
struct ucred if SCM_CREDENTIALS indicate a new process.
Fixes #13708
(cherry picked from commit 09d0b46ab61bebafe5bdc1be95ee153dfb13d6bc)
Resolves: #1931806
---
src/journal/journald-stream.c | 49 ++++++++++++++++++++++++++--
test/TEST-04-JOURNAL/test-journal.sh | 13 ++++++++
2 files changed, 60 insertions(+), 2 deletions(-)
diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c
index 6f8a4011ff..302a82d3d7 100644
--- a/src/journal/journald-stream.c
+++ b/src/journal/journald-stream.c
@@ -484,11 +484,22 @@ static int stdout_stream_scan(StdoutStream *s, bool force_flush) {
}
static int stdout_stream_process(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
+ uint8_t buf[CMSG_SPACE(sizeof(struct ucred))];
StdoutStream *s = userdata;
+ struct ucred *ucred = NULL;
+ struct cmsghdr *cmsg;
+ struct iovec iovec;
size_t limit;
ssize_t l;
int r;
+ struct msghdr msghdr = {
+ .msg_iov = &iovec,
+ .msg_iovlen = 1,
+ .msg_control = buf,
+ .msg_controllen = sizeof(buf),
+ };
+
assert(s);
if ((revents|EPOLLIN|EPOLLHUP) != (EPOLLIN|EPOLLHUP)) {
@@ -508,20 +519,50 @@ static int stdout_stream_process(sd_event_source *es, int fd, uint32_t revents,
* always leave room for a terminating NUL we might need to add. */
limit = MIN(s->allocated - 1, s->server->line_max);
- l = read(s->fd, s->buffer + s->length, limit - s->length);
+ iovec = IOVEC_MAKE(s->buffer + s->length, limit - s->length);
+
+ l = recvmsg(s->fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
if (l < 0) {
- if (errno == EAGAIN)
+ if (IN_SET(errno, EINTR, EAGAIN))
return 0;
log_warning_errno(errno, "Failed to read from stream: %m");
goto terminate;
}
+ cmsg_close_all(&msghdr);
if (l == 0) {
stdout_stream_scan(s, true);
goto terminate;
}
+ CMSG_FOREACH(cmsg, &msghdr)
+ if (cmsg->cmsg_level == SOL_SOCKET &&
+ cmsg->cmsg_type == SCM_CREDENTIALS &&
+ cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
+ ucred = (struct ucred *)CMSG_DATA(cmsg);
+ break;
+ }
+
+ /* Invalidate the context if the pid of the sender changed.
+ * This happens when a forked process inherits stdout / stderr
+ * from a parent. In this case getpeercred returns the ucred
+ * of the parent, which can be invalid if the parent has exited
+ * in the meantime.
+ */
+ if (ucred && ucred->pid != s->ucred.pid) {
+ /* force out any previously half-written lines from a
+ * different process, before we switch to the new ucred
+ * structure for everything we just added */
+ r = stdout_stream_scan(s, true);
+ if (r < 0)
+ goto terminate;
+
+ s->ucred = *ucred;
+ client_context_release(s->server, s->context);
+ s->context = NULL;
+ }
+
s->length += l;
r = stdout_stream_scan(s, false);
if (r < 0)
@@ -559,6 +600,10 @@ int stdout_stream_install(Server *s, int fd, StdoutStream **ret) {
if (r < 0)
return log_error_errno(r, "Failed to determine peer credentials: %m");
+ r = setsockopt_int(fd, SOL_SOCKET, SO_PASSCRED, true);
+ if (r < 0)
+ return log_error_errno(r, "SO_PASSCRED failed: %m");
+
if (mac_selinux_use()) {
r = getpeersec(fd, &stream->label);
if (r < 0 && r != -EOPNOTSUPP)
diff --git a/test/TEST-04-JOURNAL/test-journal.sh b/test/TEST-04-JOURNAL/test-journal.sh
index 260cae09ab..52a6ee84d1 100755
--- a/test/TEST-04-JOURNAL/test-journal.sh
+++ b/test/TEST-04-JOURNAL/test-journal.sh
@@ -63,6 +63,19 @@ grep -q '^PRIORITY=6$' /output
! grep -q '^FOO=' /output
! grep -q '^SYSLOG_FACILITY=' /output
+# https://github.com/systemd/systemd/issues/13708
+ID=$(journalctl --new-id128 | sed -n 2p)
+systemd-cat -t "$ID" bash -c 'echo parent; (echo child) & wait' &
+PID=$!
+wait %%
+journalctl --sync
+# We can drop this grep when https://github.com/systemd/systemd/issues/13937
+# has a fix.
+journalctl -b -o export -t "$ID" --output-fields=_PID | grep '^_PID=' >/output
+[[ `grep -c . /output` -eq 2 ]]
+grep -q "^_PID=$PID" /output
+grep -vq "^_PID=$PID" /output
+
# Don't lose streams on restart
systemctl start forever-print-hola
sleep 3

35
SOURCES/0656-util-lib-introduce-HAS_FEATURE_ADDRESS_SANITIZER.patch Normal file
View File

@ -0,0 +1,35 @@
From 39b10c9e7e4ad80adc0e8c43f7d1917edee515dd Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Sun, 2 Dec 2018 08:28:24 +0100
Subject: [PATCH] util-lib: introduce HAS_FEATURE_ADDRESS_SANITIZER
https://clang.llvm.org/docs/AddressSanitizer.html#conditional-compilation-with-has-feature-address-sanitizer
(cherry picked from commit 289acab951c5937fdf6d3a2666f411fd66dd20e5)
Related: #2017033
---
src/basic/macro.h | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/basic/macro.h b/src/basic/macro.h
index 0fe6a62aa8..62f2359633 100644
--- a/src/basic/macro.h
+++ b/src/basic/macro.h
@@ -55,6 +55,17 @@
# endif
#endif
+#if !defined(HAS_FEATURE_ADDRESS_SANITIZER)
+# if defined(__has_feature)
+# if __has_feature(address_sanitizer)
+# define HAS_FEATURE_ADDRESS_SANITIZER 1
+# endif
+# endif
+# if !defined(HAS_FEATURE_ADDRESS_SANITIZER)
+# define HAS_FEATURE_ADDRESS_SANITIZER 0
+# endif
+#endif
+
/* Temporarily disable some warnings */
#define DISABLE_WARNING_DECLARATION_AFTER_STATEMENT \
_Pragma("GCC diagnostic push"); \

34
SOURCES/0657-ci-skip-test-execute-on-GH-Actions-under-ASan.patch Normal file
View File

@ -0,0 +1,34 @@
From c0c7a5d73bd53375f90fbe70287512269bc8de16 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Tue, 12 Jan 2021 22:14:59 +0100
Subject: [PATCH] ci: skip test-execute on GH Actions under ASan
It seems to suffer from the same issue as on Travis CI, where the test
randomly fails due to timeouts in its subtests.
See: https://github.com/systemd/systemd/issues/10696#issuecomment-758501797
(cherry picked from commit f1a8fed286e3b9527b1837e9d5c6cb8d88bd2041)
Related: #2017033
---
src/test/test-execute.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/test/test-execute.c b/src/test/test-execute.c
index 294f8fe7dd..5303652b93 100644
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@@ -798,6 +798,13 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+#if HAS_FEATURE_ADDRESS_SANITIZER
+ if (strstr_ptr(ci_environment(), "travis") || strstr_ptr(ci_environment(), "github-actions")) {
+ log_notice("Running on Travis CI/GH Actions under ASan, skipping, see https://github.com/systemd/systemd/issues/10696");
+ return EXIT_TEST_SKIP;
+ }
+#endif
+
(void) unsetenv("USER");
(void) unsetenv("LOGNAME");
(void) unsetenv("SHELL");

27
SOURCES/0658-test-seccomp-accept-ENOSYS-from-sysctl-2-too.patch Normal file
View File

@ -0,0 +1,27 @@
From 8c15742d1194e0db9a2555553e4d77ebb441b3dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 22 Sep 2020 19:05:17 +0200
Subject: [PATCH] test-seccomp: accept ENOSYS from sysctl(2) too
It seems that kernel 5.9 started returning that.
(cherry picked from commit 0af05e485a3a88f454c714901eb6109307dc893e)
Related: #2017033
---
src/test/test-seccomp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c
index 5eb1c78b8b..6ec04c4c55 100644
--- a/src/test/test-seccomp.c
+++ b/src/test/test-seccomp.c
@@ -239,7 +239,7 @@ static void test_protect_sysctl(void) {
if (pid == 0) {
#if defined __NR__sysctl && __NR__sysctl >= 0
assert_se(syscall(__NR__sysctl, NULL) < 0);
- assert_se(errno == EFAULT);
+ assert_se(IN_SET(errno, EFAULT, ENOSYS));
#endif
assert_se(seccomp_protect_sysctl() >= 0);

51
SOURCES/0659-test-accept-that-char-device-0-0-can-now-be-created-.patch Normal file
View File

@ -0,0 +1,51 @@
From e61aa66a63bcfe9ce0d80f0db691ba40218b872a Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 14 Aug 2020 21:50:55 +0200
Subject: [PATCH] test: accept that char device 0/0 can now be created witout
privileges
Fixes: #16721
(cherry picked from commit 5b5ce6298e5a1c09beacd5c963e2350979cbf94a)
Related: #2017033
---
src/test/test-fs-util.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c
index e3338ea440..aa32629f62 100644
--- a/src/test/test-fs-util.c
+++ b/src/test/test-fs-util.c
@@ -518,8 +518,8 @@ static void test_touch_file(void) {
assert_se(timespec_load(&st.st_mtim) == test_mtime);
if (geteuid() == 0) {
- a = strjoina(p, "/cdev");
- r = mknod(a, 0775 | S_IFCHR, makedev(0, 0));
+ a = strjoina(p, "/bdev");
+ r = mknod(a, 0775 | S_IFBLK, makedev(0, 0));
if (r < 0 && errno == EPERM && detect_container() > 0) {
log_notice("Running in unprivileged container? Skipping remaining tests in %s", __func__);
return;
@@ -529,17 +529,17 @@ static void test_touch_file(void) {
assert_se(lstat(a, &st) >= 0);
assert_se(st.st_uid == test_uid);
assert_se(st.st_gid == test_gid);
- assert_se(S_ISCHR(st.st_mode));
+ assert_se(S_ISBLK(st.st_mode));
assert_se((st.st_mode & 0777) == 0640);
assert_se(timespec_load(&st.st_mtim) == test_mtime);
- a = strjoina(p, "/bdev");
- assert_se(mknod(a, 0775 | S_IFBLK, makedev(0, 0)) >= 0);
+ a = strjoina(p, "/cdev");
+ assert_se(mknod(a, 0775 | S_IFCHR, makedev(0, 0)) >= 0);
assert_se(touch_file(a, false, test_mtime, test_uid, test_gid, 0640) >= 0);
assert_se(lstat(a, &st) >= 0);
assert_se(st.st_uid == test_uid);
assert_se(st.st_gid == test_gid);
- assert_se(S_ISBLK(st.st_mode));
+ assert_se(S_ISCHR(st.st_mode));
assert_se((st.st_mode & 0777) == 0640);
assert_se(timespec_load(&st.st_mtim) == test_mtime);
}

54
SOURCES/0660-meson-do-not-fail-if-rsync-is-not-installed-with-mes.patch Normal file
View File

@ -0,0 +1,54 @@
From d5cefb7293d2999dcad81bd71933b319ca6c3590 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 12 Apr 2021 14:03:32 +0200
Subject: [PATCH] meson: do not fail if rsync is not installed with meson
0.57.2
https://github.com/mesonbuild/meson/issues/8641
Our CI started to fail. Even if the change is reverted in meson,
we need a quick workaround here.
(cherry picked from commit 7c5fd25119a495009ea62f79e5daec34cc464628)
Related: #2017033
---
man/meson.build | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
diff --git a/man/meson.build b/man/meson.build
index a953d34098..efc8836d0c 100644
--- a/man/meson.build
+++ b/man/meson.build
@@ -178,17 +178,20 @@ html = custom_target(
depends : html_pages,
command : ['echo'])
-run_target(
- 'doc-sync',
- depends : man_pages + html_pages,
- command : ['rsync', '-rlv',
- '--delete-excluded',
- '--include=man',
- '--include=*.html',
- '--exclude=*',
- '--omit-dir-times',
- meson.current_build_dir(),
- get_option('www-target')])
+rsync = find_program('rsync', required : false)
+if rsync.found()
+ run_target(
+ 'doc-sync',
+ depends : man_pages + html_pages,
+ command : [rsync, '-rlv',
+ '--delete-excluded',
+ '--include=man',
+ '--include=*.html',
+ '--exclude=*',
+ '--omit-dir-times',
+ meson.current_build_dir(),
+ get_option('www-target')])
+endif
############################################################

27
SOURCES/0661-pid1-fix-free-of-uninitialized-pointer-in-unit_fail_.patch Normal file
View File

@ -0,0 +1,27 @@
From 30afbfdc82eb61f3bf47d6b1fa67a61d0ffcc4f2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 14 Dec 2018 08:16:31 +0100
Subject: [PATCH] pid1: fix free of uninitialized pointer in
unit_fail_if_noncanonical()
https://bugzilla.redhat.com/show_bug.cgi?id=1653068
(cherry picked from commit 58d9d89b4b41189bdcea86c2ad5cf708b7d54aca)
Related: #1970945
---
src/core/unit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/unit.c b/src/core/unit.c
index 93c13e58d9..152a860d08 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -4785,7 +4785,7 @@ void unit_warn_if_dir_nonempty(Unit *u, const char* where) {
}
int unit_fail_if_noncanonical(Unit *u, const char* where) {
- _cleanup_free_ char *canonical_where;
+ _cleanup_free_ char *canonical_where = NULL;
int r;
assert(u);

32
SOURCES/0662-sd-event-take-ref-on-event-loop-object-before-dispat.patch Normal file
View File

@ -0,0 +1,32 @@
From f025def77efc6bb1473b719e905fa70ed20b08d3 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 8 Sep 2021 15:42:11 +0200
Subject: [PATCH] sd-event: take ref on event loop object before dispatching
event sources
Idea is that all public APIs should take reference on objects that get
exposed to user-provided callbacks. We take the reference as a
protection from callbacks dropping it. We used to do this also here in
sd_event_loop(). However, in cleanup portion of f814c871e6 this was
accidentally dropped.
(cherry picked from commit 9f6ef467818f902fe5369c8e37a39a3901bdcf4f)
Related: #1970945
---
src/libsystemd/sd-event/sd-event.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
index f78da00c3a..47cf93b3f4 100644
--- a/src/libsystemd/sd-event/sd-event.c
+++ b/src/libsystemd/sd-event/sd-event.c
@@ -3838,7 +3838,7 @@ _public_ int sd_event_loop(sd_event *e) {
assert_return(!event_pid_changed(e), -ECHILD);
assert_return(e->state == SD_EVENT_INITIAL, -EBUSY);
- _unused_ _cleanup_(sd_event_unrefp) sd_event *ref = NULL;
+ _unused_ _cleanup_(sd_event_unrefp) sd_event *ref = sd_event_ref(e);
while (e->state != SD_EVENT_FINISHED) {
r = sd_event_run(e, (uint64_t) -1);

33
SOURCES/0663-core-consider-service-with-no-start-command-immediat.patch Normal file
View File

@ -0,0 +1,33 @@
From c667291303bb876707d86ac3ab9ca62355bae1b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 22:45:34 +0200
Subject: [PATCH] core: consider service with no start command immediately
started
The service would always be in state == SERVICE_INACTIVE, but it needs to go
through state == SERVICE_START so that SuccessAction/FailureAction are executed.
(cherry picked from commit ef5ae8e71329e43c277e6d4f983f0c0793047b94)
Related: #1860899
---
src/core/service.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/core/service.c b/src/core/service.c
index ae31973774..4da1c5accb 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -2055,6 +2055,12 @@ static void service_enter_start(Service *s) {
goto fail;
}
+ /* We force a fake state transition here. Otherwise, the unit would go directly from
+ * SERVICE_DEAD to SERVICE_DEAD without SERVICE_ACTIVATING or SERVICE_ACTIVE
+ * inbetween. This way we can later trigger actions that depend on the state
+ * transition, including SuccessAction=. */
+ service_set_state(s, SERVICE_START);
+
service_enter_start_post(s);
return;
}

84
SOURCES/0664-man-move-description-of-Action-modes-to-FailureActio.patch Normal file
View File

@ -0,0 +1,84 @@
From 12ce6830c63b4a27bb6d5b7729d70a86079b108f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 15:56:35 +0200
Subject: [PATCH] man: move description of *Action= modes to
FailureAction=/SuccessAction=
FailureAction=/SuccessAction= were added later then StartLimitAction=, so it
was easiest to refer to the existing description. But those two settings are
somewhat simpler (they just execute the action unconditionally) while
StartLimitAction= has additional timing and burst parameters, and they are
about to take on a more prominent role, so let's move the description of
allowed values.
(cherry picked from commit 454dd6ce7adb744584ecae9aa0bd1acf3a00e9ed)
Related: #1860899
---
man/systemd.unit.xml | 44 +++++++++++++++++++++++---------------------
1 file changed, 23 insertions(+), 21 deletions(-)
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 7605c43375..802db453a4 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -873,6 +873,24 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>FailureAction=</varname></term>
+ <term><varname>SuccessAction=</varname></term>
+
+ <listitem><para>Configure the action to take when the unit stops and enters a failed state or inactive
+ state. Takes one of <option>none</option>, <option>reboot</option>, <option>reboot-force</option>,
+ <option>reboot-immediate</option>, <option>poweroff</option>, <option>poweroff-force</option> or
+ <option>poweroff-immediate</option>. If <option>none</option> is set, no action will be triggered.
+ <option>reboot</option> causes a reboot following the normal shutdown procedure (i.e. equivalent to
+ <command>systemctl reboot</command>). <option>reboot-force</option> causes a forced reboot which will
+ terminate all processes forcibly but should cause no dirty file systems on reboot (i.e. equivalent to
+ <command>systemctl reboot -f</command>) and <option>reboot-immediate</option> causes immediate execution of the
+ <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call, which
+ might result in data loss. Similarly, <option>poweroff</option>, <option>poweroff-force</option>,
+ <option>poweroff-immediate</option> have the effect of powering down the system with similar semantics. Both
+ options default to <option>none</option>.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>JobTimeoutSec=</varname></term>
<term><varname>JobRunningTimeoutSec=</varname></term>
@@ -929,29 +947,13 @@
<varlistentry>
<term><varname>StartLimitAction=</varname></term>
- <listitem><para>Configure the action to take if the rate limit configured with
- <varname>StartLimitIntervalSec=</varname> and <varname>StartLimitBurst=</varname> is hit. Takes one of
- <option>none</option>, <option>reboot</option>, <option>reboot-force</option>,
- <option>reboot-immediate</option>, <option>poweroff</option>, <option>poweroff-force</option> or
- <option>poweroff-immediate</option>. If <option>none</option> is set, hitting the rate limit will trigger no
- action besides that the start will not be permitted. <option>reboot</option> causes a reboot following the
- normal shutdown procedure (i.e. equivalent to <command>systemctl reboot</command>).
- <option>reboot-force</option> causes a forced reboot which will terminate all processes forcibly but should
- cause no dirty file systems on reboot (i.e. equivalent to <command>systemctl reboot -f</command>) and
- <option>reboot-immediate</option> causes immediate execution of the
- <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call, which
- might result in data loss. Similarly, <option>poweroff</option>, <option>poweroff-force</option>,
- <option>poweroff-immediate</option> have the effect of powering down the system with similar
- semantics. Defaults to <option>none</option>.</para></listitem>
+ <listitem><para>Configure an additional action to take if the rate limit configured with
+ <varname>StartLimitIntervalSec=</varname> and <varname>StartLimitBurst=</varname> is hit. Takes the same
+ values as the setting <varname>FailureAction=</varname>/<varname>SuccessAction=</varname> settings and executes
+ the same actions. If <option>none</option> is set, hitting the rate limit will trigger no action besides that
+ the start will not be permitted. Defaults to <option>none</option>.</para></listitem>
</varlistentry>
- <varlistentry>
- <term><varname>FailureAction=</varname></term>
- <term><varname>SuccessAction=</varname></term>
- <listitem><para>Configure the action to take when the unit stops and enters a failed state or inactive
- state. Takes the same values as the setting <varname>StartLimitAction=</varname> setting and executes the same
- actions. Both options default to <option>none</option>.</para></listitem>
- </varlistentry>
<varlistentry>
<term><varname>RebootArgument=</varname></term>

361
SOURCES/0665-core-define-exit-and-exit-force-actions-for-user-uni.patch Normal file
View File

@ -0,0 +1,361 @@
From 19d91eef7f15b654cd96ad5350385e535fab9e2a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 13:28:39 +0200
Subject: [PATCH] core: define "exit" and "exit-force" actions for user units
and only accept that
We would accept e.g. FailureAction=reboot-force in user units and then do an
exit in the user manager. Let's be stricter, and define "exit"/"exit-force" as
the only supported actions in user units.
v2:
- rename 'exit' to 'exit-force' and add new 'exit'
- add test for the parsing function
(cherry picked from commit 54fcb6192c618726d11404b24b1a1e9ec3169ee1)
Related: #1860899
---
TODO | 4 +++
man/systemd.unit.xml | 26 +++++++++-------
src/core/dbus-unit.c | 37 ++++++++++++++++++++++-
src/core/emergency-action.c | 47 ++++++++++++++++++++++-------
src/core/emergency-action.h | 5 ++++
src/core/load-fragment.c | 42 +++++++++++++++++++++++++-
src/test/meson.build | 5 ++++
src/test/test-emergency-action.c | 51 ++++++++++++++++++++++++++++++++
8 files changed, 195 insertions(+), 22 deletions(-)
create mode 100644 src/test/test-emergency-action.c
diff --git a/TODO b/TODO
index 3100e067d6..0705b6b08e 100644
--- a/TODO
+++ b/TODO
@@ -4,6 +4,10 @@ Bugfixes:
* copy.c: set the right chattrs before copying files and others after
+* Many manager configuration settings that are only applicable to user
+ manager or system manager can be always set. It would be better to reject
+ them when parsing config.
+
External:
* Fedora: add an rpmlint check that verifies that all unit files in the RPM are listed in %systemd_post macros.
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 802db453a4..5772a6684e 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -877,18 +877,24 @@
<term><varname>FailureAction=</varname></term>
<term><varname>SuccessAction=</varname></term>
- <listitem><para>Configure the action to take when the unit stops and enters a failed state or inactive
- state. Takes one of <option>none</option>, <option>reboot</option>, <option>reboot-force</option>,
- <option>reboot-immediate</option>, <option>poweroff</option>, <option>poweroff-force</option> or
- <option>poweroff-immediate</option>. If <option>none</option> is set, no action will be triggered.
- <option>reboot</option> causes a reboot following the normal shutdown procedure (i.e. equivalent to
- <command>systemctl reboot</command>). <option>reboot-force</option> causes a forced reboot which will
- terminate all processes forcibly but should cause no dirty file systems on reboot (i.e. equivalent to
- <command>systemctl reboot -f</command>) and <option>reboot-immediate</option> causes immediate execution of the
+ <listitem><para>Configure the action to take when the unit stops and enters a failed state or inactive state.
+ Takes one of <option>none</option>, <option>reboot</option>, <option>reboot-force</option>,
+ <option>reboot-immediate</option>, <option>poweroff</option>, <option>poweroff-force</option>,
+ <option>poweroff-immediate</option>, <option>exit</option>, and <option>exit-force</option>. In system mode,
+ all options except <option>exit</option> and <option>exit-force</option> are allowed. In user mode, only
+ <option>none</option>, <option>exit</option>, and <option>exit-force</option> are allowed. Both options default
+ to <option>none</option>.</para>
+
+ <para>If <option>none</option> is set, no action will be triggered. <option>reboot</option> causes a reboot
+ following the normal shutdown procedure (i.e. equivalent to <command>systemctl reboot</command>).
+ <option>reboot-force</option> causes a forced reboot which will terminate all processes forcibly but should
+ cause no dirty file systems on reboot (i.e. equivalent to <command>systemctl reboot -f</command>) and
+ <option>reboot-immediate</option> causes immediate execution of the
<citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call, which
might result in data loss. Similarly, <option>poweroff</option>, <option>poweroff-force</option>,
- <option>poweroff-immediate</option> have the effect of powering down the system with similar semantics. Both
- options default to <option>none</option>.</para></listitem>
+ <option>poweroff-immediate</option> have the effect of powering down the system with similar
+ semantics. <option>exit</option> causes the user manager to exit following the normal shutdown procedure, and
+ <option>exit-force</option> causes it terminate without shutting down services.</para></listitem>
</varlistentry>
<varlistentry>
diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
index 549a166abc..e7ea9db3ac 100644
--- a/src/core/dbus-unit.c
+++ b/src/core/dbus-unit.c
@@ -1564,8 +1564,43 @@ static int bus_unit_set_live_property(
return 0;
}
+static int bus_set_transient_emergency_action(
+ Unit *u,
+ const char *name,
+ EmergencyAction *p,
+ sd_bus_message *message,
+ UnitWriteFlags flags,
+ sd_bus_error *error) {
+
+ const char *s;
+ EmergencyAction v;
+ int r;
+ bool system;
+
+ assert(p);
+
+ r = sd_bus_message_read(message, "s", &s);
+ if (r < 0)
+ return r;
+
+ system = MANAGER_IS_SYSTEM(u->manager);
+ r = parse_emergency_action(s, system, &v);
+ if (v < 0)
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
+ v == -EOPNOTSUPP ? "EmergencyAction setting invalid for manager type: %s"
+ : "Invalid %s setting: %s",
+ name, s);
+
+ if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
+ *p = v;
+ unit_write_settingf(u, flags, name,
+ "%s=%s", name, s);
+ }
+
+ return 1;
+}
+
static BUS_DEFINE_SET_TRANSIENT_PARSE(collect_mode, CollectMode, collect_mode_from_string);
-static BUS_DEFINE_SET_TRANSIENT_PARSE(emergency_action, EmergencyAction, emergency_action_from_string);
static BUS_DEFINE_SET_TRANSIENT_PARSE(job_mode, JobMode, job_mode_from_string);
static int bus_set_transient_conditions(
diff --git a/src/core/emergency-action.c b/src/core/emergency-action.c
index 766a3b4d2b..00f5996317 100644
--- a/src/core/emergency-action.c
+++ b/src/core/emergency-action.c
@@ -39,15 +39,6 @@ int emergency_action(
return -ECANCELED;
}
- if (!MANAGER_IS_SYSTEM(m)) {
- /* Downgrade all options to simply exiting if we run
- * in user mode */
-
- log_warning("Exiting: %s", reason);
- m->exit_code = MANAGER_EXIT;
- return -ECANCELED;
- }
-
switch (action) {
case EMERGENCY_ACTION_REBOOT:
@@ -80,11 +71,26 @@ int emergency_action(
(void) reboot(RB_AUTOBOOT);
break;
+ case EMERGENCY_ACTION_EXIT:
+ assert(MANAGER_IS_USER(m));
+
+ log_and_status(m, "Exiting", reason);
+
+ (void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_EXIT_TARGET, JOB_REPLACE_IRREVERSIBLY, NULL, NULL);
+ break;
+
case EMERGENCY_ACTION_POWEROFF:
log_and_status(m, "Powering off", reason);
(void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_POWEROFF_TARGET, JOB_REPLACE_IRREVERSIBLY, NULL, NULL);
break;
+ case EMERGENCY_ACTION_EXIT_FORCE:
+ assert(MANAGER_IS_USER(m));
+
+ log_and_status(m, "Exiting immediately", reason);
+ m->exit_code = MANAGER_EXIT;
+ break;
+
case EMERGENCY_ACTION_POWEROFF_FORCE:
log_and_status(m, "Forcibly powering off", reason);
m->exit_code = MANAGER_POWEROFF;
@@ -113,6 +119,27 @@ static const char* const emergency_action_table[_EMERGENCY_ACTION_MAX] = {
[EMERGENCY_ACTION_REBOOT_IMMEDIATE] = "reboot-immediate",
[EMERGENCY_ACTION_POWEROFF] = "poweroff",
[EMERGENCY_ACTION_POWEROFF_FORCE] = "poweroff-force",
- [EMERGENCY_ACTION_POWEROFF_IMMEDIATE] = "poweroff-immediate"
+ [EMERGENCY_ACTION_POWEROFF_IMMEDIATE] = "poweroff-immediate",
+ [EMERGENCY_ACTION_EXIT] = "exit",
+ [EMERGENCY_ACTION_EXIT_FORCE] = "exit-force",
};
DEFINE_STRING_TABLE_LOOKUP(emergency_action, EmergencyAction);
+
+int parse_emergency_action(
+ const char *value,
+ bool system,
+ EmergencyAction *ret) {
+
+ EmergencyAction x;
+
+ x = emergency_action_from_string(value);
+ if (x < 0)
+ return -EINVAL;
+
+ if ((system && x >= _EMERGENCY_ACTION_FIRST_USER_ACTION) ||
+ (!system && x != EMERGENCY_ACTION_NONE && x < _EMERGENCY_ACTION_FIRST_USER_ACTION))
+ return -EOPNOTSUPP;
+
+ *ret = x;
+ return 0;
+}
diff --git a/src/core/emergency-action.h b/src/core/emergency-action.h
index 61791f176f..646ccc4e6b 100644
--- a/src/core/emergency-action.h
+++ b/src/core/emergency-action.h
@@ -13,6 +13,9 @@ typedef enum EmergencyAction {
EMERGENCY_ACTION_POWEROFF,
EMERGENCY_ACTION_POWEROFF_FORCE,
EMERGENCY_ACTION_POWEROFF_IMMEDIATE,
+ EMERGENCY_ACTION_EXIT,
+ _EMERGENCY_ACTION_FIRST_USER_ACTION = EMERGENCY_ACTION_EXIT,
+ EMERGENCY_ACTION_EXIT_FORCE,
_EMERGENCY_ACTION_MAX,
_EMERGENCY_ACTION_INVALID = -1
} EmergencyAction;
@@ -24,3 +27,5 @@ int emergency_action(Manager *m, EmergencyAction action, const char *reboot_arg,
const char* emergency_action_to_string(EmergencyAction i) _const_;
EmergencyAction emergency_action_from_string(const char *s) _pure_;
+
+int parse_emergency_action(const char *value, bool system, EmergencyAction *ret);
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index e0d7b8f7f8..c102ffb9f0 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -77,7 +77,6 @@ DEFINE_CONFIG_PARSE(config_parse_socket_protocol, supported_socket_protocol_from
DEFINE_CONFIG_PARSE(config_parse_exec_secure_bits, secure_bits_from_string, "Failed to parse secure bits");
DEFINE_CONFIG_PARSE_ENUM(config_parse_collect_mode, collect_mode, CollectMode, "Failed to parse garbage collection mode");
DEFINE_CONFIG_PARSE_ENUM(config_parse_device_policy, cgroup_device_policy, CGroupDevicePolicy, "Failed to parse device policy");
-DEFINE_CONFIG_PARSE_ENUM(config_parse_emergency_action, emergency_action, EmergencyAction, "Failed to parse failure action specifier");
DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_keyring_mode, exec_keyring_mode, ExecKeyringMode, "Failed to parse keyring mode");
DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_utmp_mode, exec_utmp_mode, ExecUtmpMode, "Failed to parse utmp mode");
DEFINE_CONFIG_PARSE_ENUM(config_parse_job_mode, job_mode, JobMode, "Failed to parse job mode");
@@ -4253,6 +4252,47 @@ int config_parse_job_running_timeout_sec(
return 0;
}
+int config_parse_emergency_action(
+ const char* unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ Manager *m = NULL;
+ EmergencyAction *x = data;
+ int r;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ if (unit)
+ m = ((Unit*) userdata)->manager;
+ else
+ m = data;
+
+ r = parse_emergency_action(rvalue, MANAGER_IS_SYSTEM(m), x);
+ if (r < 0) {
+ if (r == -EOPNOTSUPP)
+ log_syntax(unit, LOG_ERR, filename, line, r,
+ "%s= specified as %s mode action, ignoring: %s",
+ lvalue, MANAGER_IS_SYSTEM(m) ? "user" : "system", rvalue);
+ else
+ log_syntax(unit, LOG_ERR, filename, line, r,
+ "Failed to parse %s=, ignoring: %s", lvalue, rvalue);
+ return 0;
+ }
+
+ return 0;
+}
+
#define FOLLOW_MAX 8
static int open_follow(char **filename, FILE **_f, Set *names, char **_final) {
diff --git a/src/test/meson.build b/src/test/meson.build
index 7b310d4ec7..40cf56d73d 100644
--- a/src/test/meson.build
+++ b/src/test/meson.build
@@ -65,6 +65,11 @@ tests += [
libshared],
[]],
+ [['src/test/test-emergency-action.c'],
+ [libcore,
+ libshared],
+ []],
+
[['src/test/test-job-type.c'],
[libcore,
libshared],
diff --git a/src/test/test-emergency-action.c b/src/test/test-emergency-action.c
new file mode 100644
index 0000000000..493b23227e
--- /dev/null
+++ b/src/test/test-emergency-action.c
@@ -0,0 +1,51 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
+#include "emergency-action.h"
+#include "tests.h"
+
+static void test_parse_emergency_action(void) {
+ EmergencyAction x;
+
+ log_info("/* %s */", __func__);
+
+ assert_se(parse_emergency_action("none", false, &x) == 0);
+ assert_se(x == EMERGENCY_ACTION_NONE);
+ assert_se(parse_emergency_action("reboot", false, &x) == -EOPNOTSUPP);
+ assert_se(parse_emergency_action("reboot-force", false, &x) == -EOPNOTSUPP);
+ assert_se(parse_emergency_action("reboot-immediate", false, &x) == -EOPNOTSUPP);
+ assert_se(parse_emergency_action("poweroff", false, &x) == -EOPNOTSUPP);
+ assert_se(parse_emergency_action("poweroff-force", false, &x) == -EOPNOTSUPP);
+ assert_se(parse_emergency_action("poweroff-immediate", false, &x) == -EOPNOTSUPP);
+ assert_se(x == EMERGENCY_ACTION_NONE);
+ assert_se(parse_emergency_action("exit", false, &x) == 0);
+ assert_se(x == EMERGENCY_ACTION_EXIT);
+ assert_se(parse_emergency_action("exit-force", false, &x) == 0);
+ assert_se(x == EMERGENCY_ACTION_EXIT_FORCE);
+ assert_se(parse_emergency_action("exit-forcee", false, &x) == -EINVAL);
+
+ assert_se(parse_emergency_action("none", true, &x) == 0);
+ assert_se(x == EMERGENCY_ACTION_NONE);
+ assert_se(parse_emergency_action("reboot", true, &x) == 0);
+ assert_se(x == EMERGENCY_ACTION_REBOOT);
+ assert_se(parse_emergency_action("reboot-force", true, &x) == 0);
+ assert_se(x == EMERGENCY_ACTION_REBOOT_FORCE);
+ assert_se(parse_emergency_action("reboot-immediate", true, &x) == 0);
+ assert_se(x == EMERGENCY_ACTION_REBOOT_IMMEDIATE);
+ assert_se(parse_emergency_action("poweroff", true, &x) == 0);
+ assert_se(x == EMERGENCY_ACTION_POWEROFF);
+ assert_se(parse_emergency_action("poweroff-force", true, &x) == 0);
+ assert_se(x == EMERGENCY_ACTION_POWEROFF_FORCE);
+ assert_se(parse_emergency_action("poweroff-immediate", true, &x) == 0);
+ assert_se(parse_emergency_action("exit", true, &x) == -EOPNOTSUPP);
+ assert_se(parse_emergency_action("exit-force", true, &x) == -EOPNOTSUPP);
+ assert_se(parse_emergency_action("exit-forcee", true, &x) == -EINVAL);
+ assert_se(x == EMERGENCY_ACTION_POWEROFF_IMMEDIATE);
+}
+
+int main(int argc, char **argv) {
+ test_setup_logging(LOG_INFO);
+
+ test_parse_emergency_action();
+
+ return EXIT_SUCCESS;
+}

40
SOURCES/0666-core-accept-system-mode-emergency-action-specifiers-.patch Normal file
View File

@ -0,0 +1,40 @@
From 9dbb6564826a0def39a77ad292aecde75537d164 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 14:49:36 +0200
Subject: [PATCH] core: accept system mode emergency action specifiers with a
warning
Before we would only accept those "system" values, so there wasn't other
chocie. Let's provide backwards compatiblity in case somebody made use of
this functionality in user mode.
v2: use 'exit-force' not 'exit'
v3: use error value in log_syntax
(cherry picked from commit 469f76f170db39c72578e869ec7c087bb43f9350)
Related: #1860899
---
src/core/load-fragment.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index c102ffb9f0..c0b1fd4f91 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -4280,6 +4280,16 @@ int config_parse_emergency_action(
r = parse_emergency_action(rvalue, MANAGER_IS_SYSTEM(m), x);
if (r < 0) {
+ if (r == -EOPNOTSUPP && MANAGER_IS_USER(m)) {
+ /* Compat mode: remove for systemd 241. */
+
+ log_syntax(unit, LOG_INFO, filename, line, r,
+ "%s= in user mode specified as \"%s\", using \"exit-force\" instead.",
+ lvalue, rvalue);
+ *x = EMERGENCY_ACTION_EXIT_FORCE;
+ return 0;
+ }
+
if (r == -EOPNOTSUPP)
log_syntax(unit, LOG_ERR, filename, line, r,
"%s= specified as %s mode action, ignoring: %s",

43
SOURCES/0667-core-allow-services-with-no-commands-but-SuccessActi.patch Normal file
View File

@ -0,0 +1,43 @@
From f97c6d921fb6b3d7ba88e064b03d3dd767df9ba1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 15:07:42 +0200
Subject: [PATCH] core: allow services with no commands but SuccessAction set
(cherry picked from commit 3f00d379fa6221a4570c8cd955afd9b661787db9)
Related: #1860899
---
src/core/service.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/core/service.c b/src/core/service.c
index 4da1c5accb..7969bbf071 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -556,8 +556,13 @@ static int service_verify(Service *s) {
}
}
- if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]) {
- log_unit_error(UNIT(s), "Service lacks both ExecStart= and ExecStop= setting. Refusing.");
+ if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]
+ && UNIT(s)->success_action == EMERGENCY_ACTION_NONE) {
+ /* FailureAction= only makes sense if one of the start or stop commands is specified.
+ * SuccessAction= will be executed unconditionally if no commands are specified. Hence,
+ * either a command or SuccessAction= are required. */
+
+ log_unit_error(UNIT(s), "Service has no ExecStart=, ExecStop=, or SuccessAction=. Refusing.");
return -ENOEXEC;
}
@@ -566,8 +571,8 @@ static int service_verify(Service *s) {
return -ENOEXEC;
}
- if (!s->remain_after_exit && !s->exec_command[SERVICE_EXEC_START]) {
- log_unit_error(UNIT(s), "Service has no ExecStart= setting, which is only allowed for RemainAfterExit=yes services. Refusing.");
+ if (!s->remain_after_exit && !s->exec_command[SERVICE_EXEC_START] && UNIT(s)->success_action == EMERGENCY_ACTION_NONE) {
+ log_unit_error(UNIT(s), "Service has no ExecStart= and no SuccessAction= settings and does not have RemainAfterExit=yes set. Refusing.");
return -ENOEXEC;
}

120
SOURCES/0668-core-limit-service-watchdogs-no-to-actual-watchdog-c.patch Normal file
View File

@ -0,0 +1,120 @@
From b8358d4edf1896a821c9370c9ba31c2bb07c277a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 15:24:44 +0200
Subject: [PATCH] core: limit service-watchdogs=no to actual "watchdog"
commands
The setting is now only looked at when considering an action for a job timeout
or unit start limit. It is ignored for ctrl-alt-del, SuccessAction, SuccessFailure.
v2: turn the parameter into a flag field
v3: rename Options to Flags
(cherry picked from commit 1710d4beff6329cf6ae0767953cad09593517b2a)
Related: #1860899
---
src/core/emergency-action.c | 3 ++-
src/core/emergency-action.h | 8 +++++++-
src/core/job.c | 3 ++-
src/core/manager.c | 2 +-
src/core/unit.c | 9 ++++++---
5 files changed, 18 insertions(+), 7 deletions(-)
diff --git a/src/core/emergency-action.c b/src/core/emergency-action.c
index 00f5996317..e9e757dfa3 100644
--- a/src/core/emergency-action.c
+++ b/src/core/emergency-action.c
@@ -24,6 +24,7 @@ static void log_and_status(Manager *m, const char *message, const char *reason)
int emergency_action(
Manager *m,
EmergencyAction action,
+ EmergencyActionFlags options,
const char *reboot_arg,
const char *reason) {
@@ -34,7 +35,7 @@ int emergency_action(
if (action == EMERGENCY_ACTION_NONE)
return -ECANCELED;
- if (!m->service_watchdogs) {
+ if (FLAGS_SET(options, EMERGENCY_ACTION_IS_WATCHDOG) && !m->service_watchdogs) {
log_warning("Watchdog disabled! Not acting on: %s", reason);
return -ECANCELED;
}
diff --git a/src/core/emergency-action.h b/src/core/emergency-action.h
index 646ccc4e6b..efbfaf6c6a 100644
--- a/src/core/emergency-action.h
+++ b/src/core/emergency-action.h
@@ -20,10 +20,16 @@ typedef enum EmergencyAction {
_EMERGENCY_ACTION_INVALID = -1
} EmergencyAction;
+typedef enum EmergencyActionFlags {
+ EMERGENCY_ACTION_IS_WATCHDOG = 1 << 0,
+} EmergencyActionFlags;
+
#include "macro.h"
#include "manager.h"
-int emergency_action(Manager *m, EmergencyAction action, const char *reboot_arg, const char *reason);
+int emergency_action(Manager *m,
+ EmergencyAction action, EmergencyActionFlags options,
+ const char *reboot_arg, const char *reason);
const char* emergency_action_to_string(EmergencyAction i) _const_;
EmergencyAction emergency_action_from_string(const char *s) _pure_;
diff --git a/src/core/job.c b/src/core/job.c
index 870ec0a387..d647aac42d 100644
--- a/src/core/job.c
+++ b/src/core/job.c
@@ -1076,7 +1076,8 @@ static int job_dispatch_timer(sd_event_source *s, uint64_t monotonic, void *user
u = j->unit;
job_finish_and_invalidate(j, JOB_TIMEOUT, true, false);
- emergency_action(u->manager, u->job_timeout_action, u->job_timeout_reboot_arg, "job timed out");
+ emergency_action(u->manager, u->job_timeout_action, EMERGENCY_ACTION_IS_WATCHDOG,
+ u->job_timeout_reboot_arg, "job timed out");
return 0;
}
diff --git a/src/core/manager.c b/src/core/manager.c
index 3c44ad3dbc..ac1b198b21 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -2528,7 +2528,7 @@ static void manager_handle_ctrl_alt_del(Manager *m) {
if (ratelimit_below(&m->ctrl_alt_del_ratelimit) || m->cad_burst_action == EMERGENCY_ACTION_NONE)
manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE_IRREVERSIBLY);
else
- emergency_action(m, m->cad_burst_action, NULL,
+ emergency_action(m, m->cad_burst_action, 0, NULL,
"Ctrl-Alt-Del was pressed more than 7 times within 2s");
}
diff --git a/src/core/unit.c b/src/core/unit.c
index 152a860d08..dc5c89c195 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1669,7 +1669,8 @@ int unit_start_limit_test(Unit *u) {
log_unit_warning(u, "Start request repeated too quickly.");
u->start_limit_hit = true;
- return emergency_action(u->manager, u->start_limit_action, u->reboot_arg, "unit failed");
+ return emergency_action(u->manager, u->start_limit_action, EMERGENCY_ACTION_IS_WATCHDOG,
+ u->reboot_arg, "unit failed");
}
bool unit_shall_confirm_spawn(Unit *u) {
@@ -2469,9 +2470,11 @@ void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, UnitNotifyFlag
unit_check_binds_to(u);
if (os != UNIT_FAILED && ns == UNIT_FAILED)
- (void) emergency_action(u->manager, u->failure_action, u->reboot_arg, "unit failed");
+ (void) emergency_action(u->manager, u->failure_action, 0,
+ u->reboot_arg, "unit failed");
else if (!UNIT_IS_INACTIVE_OR_FAILED(os) && ns == UNIT_INACTIVE)
- (void) emergency_action(u->manager, u->success_action, u->reboot_arg, "unit succeeded");
+ (void) emergency_action(u->manager, u->success_action, 0,
+ u->reboot_arg, "unit succeeded");
}
unit_add_to_dbus_queue(u);

56
SOURCES/0669-units-use-SuccessAction-exit-force-in-systemd-exit.s.patch Normal file
View File

@ -0,0 +1,56 @@
From b0394ad25fd601b9ef29d26b87f12b0a0c17cda0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 15:09:11 +0200
Subject: [PATCH] units: use SuccessAction=exit-force in systemd-exit.service
Fixes #10414.
v2:
- rename .service.in to .service
- rename 'exit' to 'exit-force'
(cherry picked from commit 631c9b7bf2dab5065d753a7b1cfaff5b100b3c90)
Resolves: #1860899
---
units/user/meson.build | 2 +-
units/user/{systemd-exit.service.in => systemd-exit.service} | 5 +----
2 files changed, 2 insertions(+), 5 deletions(-)
rename units/user/{systemd-exit.service.in => systemd-exit.service} (87%)
diff --git a/units/user/meson.build b/units/user/meson.build
index b1c2e95597..36341a42f5 100644
--- a/units/user/meson.build
+++ b/units/user/meson.build
@@ -14,6 +14,7 @@ units = [
'sockets.target',
'sound.target',
'timers.target',
+ 'systemd-exit.service',
'systemd-tmpfiles-clean.timer',
]
@@ -23,7 +24,6 @@ foreach file : units
endforeach
in_units = [
- 'systemd-exit.service',
'systemd-tmpfiles-clean.service',
'systemd-tmpfiles-setup.service',
]
diff --git a/units/user/systemd-exit.service.in b/units/user/systemd-exit.service
similarity index 87%
rename from units/user/systemd-exit.service.in
rename to units/user/systemd-exit.service
index d69273f6b3..1d3b61e3ab 100644
--- a/units/user/systemd-exit.service.in
+++ b/units/user/systemd-exit.service
@@ -13,7 +13,4 @@ Documentation=man:systemd.special(7)
DefaultDependencies=no
Requires=shutdown.target
After=shutdown.target
-
-[Service]
-Type=oneshot
-ExecStart=@SYSTEMCTL@ --user --force exit
+SuccessAction=exit-force

51
SOURCES/0670-units-use-SuccessAction-reboot-force-in-systemd-rebo.patch Normal file
View File

@ -0,0 +1,51 @@
From f531c34dd8ead33b9972bcd06017ac80ccedb757 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 15:30:53 +0200
Subject: [PATCH] units: use SuccessAction=reboot-force in
systemd-reboot.service
(cherry picked from commit d85515edcf9700dc068201ab9f7103f04f3b25b2)
Related: #1860899
---
units/meson.build | 2 +-
units/{systemd-reboot.service.in => systemd-reboot.service} | 5 +----
2 files changed, 2 insertions(+), 5 deletions(-)
rename units/{systemd-reboot.service.in => systemd-reboot.service} (89%)
diff --git a/units/meson.build b/units/meson.build
index a1cd2524dc..b482431a10 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -97,6 +97,7 @@ units = [
'sockets.target.wants/'],
['systemd-networkd.socket', 'ENABLE_NETWORKD',
join_paths(pkgsysconfdir, 'system/sockets.target.wants/')],
+ ['systemd-reboot.service', ''],
['systemd-rfkill.socket', 'ENABLE_RFKILL'],
['systemd-tmpfiles-clean.timer', '',
'timers.target.wants/'],
@@ -182,7 +183,6 @@ in_units = [
['systemd-quotacheck.service', 'ENABLE_QUOTACHECK'],
['systemd-random-seed.service', 'ENABLE_RANDOMSEED',
'sysinit.target.wants/'],
- ['systemd-reboot.service', ''],
['systemd-remount-fs.service', '',
'local-fs.target.wants/'],
['systemd-resolved.service', 'ENABLE_RESOLVE',
diff --git a/units/systemd-reboot.service.in b/units/systemd-reboot.service
similarity index 89%
rename from units/systemd-reboot.service.in
rename to units/systemd-reboot.service
index 4763ccfdca..505f60aabf 100644
--- a/units/systemd-reboot.service.in
+++ b/units/systemd-reboot.service
@@ -13,7 +13,4 @@ Documentation=man:systemd-halt.service(8)
DefaultDependencies=no
Requires=shutdown.target umount.target final.target
After=shutdown.target umount.target final.target
-
-[Service]
-Type=oneshot
-ExecStart=@SYSTEMCTL@ --force reboot
+SuccessAction=reboot-force

56
SOURCES/0671-units-use-SuccessAction-poweroff-force-in-systemd-po.patch Normal file
View File

@ -0,0 +1,56 @@
From 7e84234d9953f7ffacf7fff82679c9c9c3b78b7e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 15:34:57 +0200
Subject: [PATCH] units: use SuccessAction=poweroff-force in
systemd-poweroff.service
Explicit systemctl calls remain in systemd-halt.service and the system
systemd-exit.service. To convert systemd-halt, we'd need to add
SuccessAction=halt-force. Halting doesn't make much sense, so let's just
leave that is. systemd-exit.service will be converted in the next commit.
(cherry picked from commit afa6206583dfbc93e29981cb5d713841e4ca2865)
Related: #1860899
---
units/meson.build | 2 +-
...{systemd-poweroff.service.in => systemd-poweroff.service} | 5 +----
2 files changed, 2 insertions(+), 5 deletions(-)
rename units/{systemd-poweroff.service.in => systemd-poweroff.service} (89%)
diff --git a/units/meson.build b/units/meson.build
index b482431a10..6fa804148b 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -97,6 +97,7 @@ units = [
'sockets.target.wants/'],
['systemd-networkd.socket', 'ENABLE_NETWORKD',
join_paths(pkgsysconfdir, 'system/sockets.target.wants/')],
+ ['systemd-poweroff.service', ''],
['systemd-reboot.service', ''],
['systemd-rfkill.socket', 'ENABLE_RFKILL'],
['systemd-tmpfiles-clean.timer', '',
@@ -179,7 +180,6 @@ in_units = [
['systemd-nspawn@.service', ''],
['systemd-portabled.service', 'ENABLE_PORTABLED',
'dbus-org.freedesktop.portable1.service'],
- ['systemd-poweroff.service', ''],
['systemd-quotacheck.service', 'ENABLE_QUOTACHECK'],
['systemd-random-seed.service', 'ENABLE_RANDOMSEED',
'sysinit.target.wants/'],
diff --git a/units/systemd-poweroff.service.in b/units/systemd-poweroff.service
similarity index 89%
rename from units/systemd-poweroff.service.in
rename to units/systemd-poweroff.service
index e9fd655508..8d1d54389b 100644
--- a/units/systemd-poweroff.service.in
+++ b/units/systemd-poweroff.service
@@ -13,7 +13,4 @@ Documentation=man:systemd-halt.service(8)
DefaultDependencies=no
Requires=shutdown.target umount.target final.target
After=shutdown.target umount.target final.target
-
-[Service]
-Type=oneshot
-ExecStart=@SYSTEMCTL@ --force poweroff
+SuccessAction=poweroff-force

164
SOURCES/0672-units-allow-and-use-SuccessAction-exit-force-in-syst.patch Normal file
View File

@ -0,0 +1,164 @@
From c0aa64901aa4d5d7c917fccf0993819fb1a1262f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 16:34:45 +0200
Subject: [PATCH] units: allow and use SuccessAction=exit-force in system
systemd-exit.service
C.f. 287419c119ef961db487a281162ab037eba70c61: 'systemctl exit 42' can be
used to set an exit value and pulls in exit.target, which pulls in systemd-exit.service,
which calls org.fdo.Manager.Exit, which calls method_exit(), which sets the objective
to MANAGER_EXIT. Allow the same to happen through SuccessAction=exit.
v2: update for 'exit' and 'exit-force'
(cherry picked from commit a400bd8c2a6285576edf8e2147e1d17aab129501)
Related: #1860899
---
man/systemd.unit.xml | 7 +++--
src/core/emergency-action.c | 27 +++++++++++--------
src/test/test-emergency-action.c | 6 ++---
units/meson.build | 2 +-
...d-exit.service.in => systemd-exit.service} | 5 +---
5 files changed, 24 insertions(+), 23 deletions(-)
rename units/{systemd-exit.service.in => systemd-exit.service} (88%)
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 5772a6684e..e80c760dd6 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -881,9 +881,8 @@
Takes one of <option>none</option>, <option>reboot</option>, <option>reboot-force</option>,
<option>reboot-immediate</option>, <option>poweroff</option>, <option>poweroff-force</option>,
<option>poweroff-immediate</option>, <option>exit</option>, and <option>exit-force</option>. In system mode,
- all options except <option>exit</option> and <option>exit-force</option> are allowed. In user mode, only
- <option>none</option>, <option>exit</option>, and <option>exit-force</option> are allowed. Both options default
- to <option>none</option>.</para>
+ all options are allowed. In user mode, only <option>none</option>, <option>exit</option>, and
+ <option>exit-force</option> are allowed. Both options default to <option>none</option>.</para>
<para>If <option>none</option> is set, no action will be triggered. <option>reboot</option> causes a reboot
following the normal shutdown procedure (i.e. equivalent to <command>systemctl reboot</command>).
@@ -893,7 +892,7 @@
<citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call, which
might result in data loss. Similarly, <option>poweroff</option>, <option>poweroff-force</option>,
<option>poweroff-immediate</option> have the effect of powering down the system with similar
- semantics. <option>exit</option> causes the user manager to exit following the normal shutdown procedure, and
+ semantics. <option>exit</option> causes the manager to exit following the normal shutdown procedure, and
<option>exit-force</option> causes it terminate without shutting down services.</para></listitem>
</varlistentry>
diff --git a/src/core/emergency-action.c b/src/core/emergency-action.c
index e9e757dfa3..44b92ae6f8 100644
--- a/src/core/emergency-action.c
+++ b/src/core/emergency-action.c
@@ -13,6 +13,7 @@
#include "special.h"
#include "string-table.h"
#include "terminal-util.h"
+#include "virt.h"
static void log_and_status(Manager *m, const char *message, const char *reason) {
log_warning("%s: %s", message, reason);
@@ -73,12 +74,14 @@ int emergency_action(
break;
case EMERGENCY_ACTION_EXIT:
- assert(MANAGER_IS_USER(m));
-
- log_and_status(m, "Exiting", reason);
+ if (MANAGER_IS_USER(m) || detect_container() > 0) {
+ log_and_status(m, "Exiting", reason);
+ (void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_EXIT_TARGET, JOB_REPLACE_IRREVERSIBLY, NULL, NULL);
+ break;
+ }
- (void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_EXIT_TARGET, JOB_REPLACE_IRREVERSIBLY, NULL, NULL);
- break;
+ log_notice("Doing \"poweroff\" action instead of an \"exit\" emergency action.");
+ _fallthrough_;
case EMERGENCY_ACTION_POWEROFF:
log_and_status(m, "Powering off", reason);
@@ -86,11 +89,14 @@ int emergency_action(
break;
case EMERGENCY_ACTION_EXIT_FORCE:
- assert(MANAGER_IS_USER(m));
+ if (MANAGER_IS_USER(m) || detect_container() > 0) {
+ log_and_status(m, "Exiting immediately", reason);
+ m->exit_code = MANAGER_EXIT;
+ break;
+ }
- log_and_status(m, "Exiting immediately", reason);
- m->exit_code = MANAGER_EXIT;
- break;
+ log_notice("Doing \"poweroff-force\" action instead of an \"exit-force\" emergency action.");
+ _fallthrough_;
case EMERGENCY_ACTION_POWEROFF_FORCE:
log_and_status(m, "Forcibly powering off", reason);
@@ -137,8 +143,7 @@ int parse_emergency_action(
if (x < 0)
return -EINVAL;
- if ((system && x >= _EMERGENCY_ACTION_FIRST_USER_ACTION) ||
- (!system && x != EMERGENCY_ACTION_NONE && x < _EMERGENCY_ACTION_FIRST_USER_ACTION))
+ if (!system && x != EMERGENCY_ACTION_NONE && x < _EMERGENCY_ACTION_FIRST_USER_ACTION)
return -EOPNOTSUPP;
*ret = x;
diff --git a/src/test/test-emergency-action.c b/src/test/test-emergency-action.c
index 493b23227e..8ce28ed9f5 100644
--- a/src/test/test-emergency-action.c
+++ b/src/test/test-emergency-action.c
@@ -36,10 +36,10 @@ static void test_parse_emergency_action(void) {
assert_se(parse_emergency_action("poweroff-force", true, &x) == 0);
assert_se(x == EMERGENCY_ACTION_POWEROFF_FORCE);
assert_se(parse_emergency_action("poweroff-immediate", true, &x) == 0);
- assert_se(parse_emergency_action("exit", true, &x) == -EOPNOTSUPP);
- assert_se(parse_emergency_action("exit-force", true, &x) == -EOPNOTSUPP);
+ assert_se(parse_emergency_action("exit", true, &x) == 0);
+ assert_se(parse_emergency_action("exit-force", true, &x) == 0);
assert_se(parse_emergency_action("exit-forcee", true, &x) == -EINVAL);
- assert_se(x == EMERGENCY_ACTION_POWEROFF_IMMEDIATE);
+ assert_se(x == EMERGENCY_ACTION_EXIT_FORCE);
}
int main(int argc, char **argv) {
diff --git a/units/meson.build b/units/meson.build
index 6fa804148b..a74fa95195 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -86,6 +86,7 @@ units = [
'multi-user.target.wants/'],
['systemd-coredump.socket', 'ENABLE_COREDUMP',
'sockets.target.wants/'],
+ ['systemd-exit.service', ''],
['systemd-initctl.socket', '',
'sockets.target.wants/'],
['systemd-journal-gatewayd.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'],
@@ -135,7 +136,6 @@ in_units = [
['systemd-binfmt.service', 'ENABLE_BINFMT',
'sysinit.target.wants/'],
['systemd-coredump@.service', 'ENABLE_COREDUMP'],
- ['systemd-exit.service', ''],
['systemd-firstboot.service', 'ENABLE_FIRSTBOOT',
'sysinit.target.wants/'],
['systemd-fsck-root.service', ''],
diff --git a/units/systemd-exit.service.in b/units/systemd-exit.service
similarity index 88%
rename from units/systemd-exit.service.in
rename to units/systemd-exit.service
index 2fb6ebd767..6029b13a05 100644
--- a/units/systemd-exit.service.in
+++ b/units/systemd-exit.service
@@ -13,7 +13,4 @@ Documentation=man:systemd.special(7)
DefaultDependencies=no
Requires=shutdown.target
After=shutdown.target
-
-[Service]
-Type=oneshot
-ExecStart=@SYSTEMCTL@ --force exit
+SuccessAction=exit

174
SOURCES/0673-core-do-not-warn-about-mundane-emergency-actions.patch Normal file
View File

@ -0,0 +1,174 @@
From c8e9877d14c8742cc3732d305af2422f8a16f47d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 17 Oct 2018 17:27:20 +0200
Subject: [PATCH] core: do not "warn" about mundane emergency actions
For example in a container we'd log:
Oct 17 17:01:10 rawhide systemd[1]: Started Power-Off.
Oct 17 17:01:10 rawhide systemd[1]: Forcibly powering off: unit succeeded
Oct 17 17:01:10 rawhide systemd[1]: Reached target Power-Off.
Oct 17 17:01:10 rawhide systemd[1]: Shutting down.
and on the console we'd write (in red)
[ !! ] Forcibly powering off: unit succeeded
This is not useful in any way, and the fact that we're calling an "emergency action"
is an internal implementation detail. Let's log about c-a-d and the watchdog actions
only.
(cherry picked from commit c7adcb1af9946d0672c16bb4bb7eedf39b3d1fcb)
Related: #1860899
---
src/core/emergency-action.c | 29 ++++++++++++++++-------------
src/core/emergency-action.h | 1 +
src/core/job.c | 3 ++-
src/core/manager.c | 2 +-
src/core/unit.c | 3 ++-
5 files changed, 22 insertions(+), 16 deletions(-)
diff --git a/src/core/emergency-action.c b/src/core/emergency-action.c
index 44b92ae6f8..fea1cb83db 100644
--- a/src/core/emergency-action.c
+++ b/src/core/emergency-action.c
@@ -15,11 +15,12 @@
#include "terminal-util.h"
#include "virt.h"
-static void log_and_status(Manager *m, const char *message, const char *reason) {
- log_warning("%s: %s", message, reason);
- manager_status_printf(m, STATUS_TYPE_EMERGENCY,
- ANSI_HIGHLIGHT_RED " !! " ANSI_NORMAL,
- "%s: %s", message, reason);
+static void log_and_status(Manager *m, bool warn, const char *message, const char *reason) {
+ log_full(warn ? LOG_WARNING : LOG_DEBUG, "%s: %s", message, reason);
+ if (warn)
+ manager_status_printf(m, STATUS_TYPE_EMERGENCY,
+ ANSI_HIGHLIGHT_RED " !! " ANSI_NORMAL,
+ "%s: %s", message, reason);
}
int emergency_action(
@@ -41,17 +42,19 @@ int emergency_action(
return -ECANCELED;
}
+ bool warn = FLAGS_SET(options, EMERGENCY_ACTION_WARN);
+
switch (action) {
case EMERGENCY_ACTION_REBOOT:
- log_and_status(m, "Rebooting", reason);
+ log_and_status(m, warn, "Rebooting", reason);
(void) update_reboot_parameter_and_warn(reboot_arg);
(void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_REBOOT_TARGET, JOB_REPLACE_IRREVERSIBLY, NULL, NULL);
break;
case EMERGENCY_ACTION_REBOOT_FORCE:
- log_and_status(m, "Forcibly rebooting", reason);
+ log_and_status(m, warn, "Forcibly rebooting", reason);
(void) update_reboot_parameter_and_warn(reboot_arg);
m->exit_code = MANAGER_REBOOT;
@@ -59,7 +62,7 @@ int emergency_action(
break;
case EMERGENCY_ACTION_REBOOT_IMMEDIATE:
- log_and_status(m, "Rebooting immediately", reason);
+ log_and_status(m, warn, "Rebooting immediately", reason);
sync();
@@ -75,7 +78,7 @@ int emergency_action(
case EMERGENCY_ACTION_EXIT:
if (MANAGER_IS_USER(m) || detect_container() > 0) {
- log_and_status(m, "Exiting", reason);
+ log_and_status(m, warn, "Exiting", reason);
(void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_EXIT_TARGET, JOB_REPLACE_IRREVERSIBLY, NULL, NULL);
break;
}
@@ -84,13 +87,13 @@ int emergency_action(
_fallthrough_;
case EMERGENCY_ACTION_POWEROFF:
- log_and_status(m, "Powering off", reason);
+ log_and_status(m, warn, "Powering off", reason);
(void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_POWEROFF_TARGET, JOB_REPLACE_IRREVERSIBLY, NULL, NULL);
break;
case EMERGENCY_ACTION_EXIT_FORCE:
if (MANAGER_IS_USER(m) || detect_container() > 0) {
- log_and_status(m, "Exiting immediately", reason);
+ log_and_status(m, warn, "Exiting immediately", reason);
m->exit_code = MANAGER_EXIT;
break;
}
@@ -99,12 +102,12 @@ int emergency_action(
_fallthrough_;
case EMERGENCY_ACTION_POWEROFF_FORCE:
- log_and_status(m, "Forcibly powering off", reason);
+ log_and_status(m, warn, "Forcibly powering off", reason);
m->exit_code = MANAGER_POWEROFF;
break;
case EMERGENCY_ACTION_POWEROFF_IMMEDIATE:
- log_and_status(m, "Powering off immediately", reason);
+ log_and_status(m, warn, "Powering off immediately", reason);
sync();
diff --git a/src/core/emergency-action.h b/src/core/emergency-action.h
index efbfaf6c6a..2aa1497118 100644
--- a/src/core/emergency-action.h
+++ b/src/core/emergency-action.h
@@ -22,6 +22,7 @@ typedef enum EmergencyAction {
typedef enum EmergencyActionFlags {
EMERGENCY_ACTION_IS_WATCHDOG = 1 << 0,
+ EMERGENCY_ACTION_WARN = 1 << 1,
} EmergencyActionFlags;
#include "macro.h"
diff --git a/src/core/job.c b/src/core/job.c
index d647aac42d..43ab55ed18 100644
--- a/src/core/job.c
+++ b/src/core/job.c
@@ -1076,7 +1076,8 @@ static int job_dispatch_timer(sd_event_source *s, uint64_t monotonic, void *user
u = j->unit;
job_finish_and_invalidate(j, JOB_TIMEOUT, true, false);
- emergency_action(u->manager, u->job_timeout_action, EMERGENCY_ACTION_IS_WATCHDOG,
+ emergency_action(u->manager, u->job_timeout_action,
+ EMERGENCY_ACTION_IS_WATCHDOG|EMERGENCY_ACTION_WARN,
u->job_timeout_reboot_arg, "job timed out");
return 0;
diff --git a/src/core/manager.c b/src/core/manager.c
index ac1b198b21..ee976f70b3 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -2528,7 +2528,7 @@ static void manager_handle_ctrl_alt_del(Manager *m) {
if (ratelimit_below(&m->ctrl_alt_del_ratelimit) || m->cad_burst_action == EMERGENCY_ACTION_NONE)
manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE_IRREVERSIBLY);
else
- emergency_action(m, m->cad_burst_action, 0, NULL,
+ emergency_action(m, m->cad_burst_action, EMERGENCY_ACTION_WARN, NULL,
"Ctrl-Alt-Del was pressed more than 7 times within 2s");
}
diff --git a/src/core/unit.c b/src/core/unit.c
index dc5c89c195..23afa24c77 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1669,7 +1669,8 @@ int unit_start_limit_test(Unit *u) {
log_unit_warning(u, "Start request repeated too quickly.");
u->start_limit_hit = true;
- return emergency_action(u->manager, u->start_limit_action, EMERGENCY_ACTION_IS_WATCHDOG,
+ return emergency_action(u->manager, u->start_limit_action,
+ EMERGENCY_ACTION_IS_WATCHDOG|EMERGENCY_ACTION_WARN,
u->reboot_arg, "unit failed");
}

43
SOURCES/0674-core-return-true-from-cg_is_empty-on-ENOENT.patch Normal file
View File

@ -0,0 +1,43 @@
From 2aaa40e698f66fd10d0a7a71ca39637e24809e97 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 17 Oct 2018 17:48:35 +0200
Subject: [PATCH] core: return true from cg_is_empty* on ENOENT
(cherry picked from commit 1bcf3fc6c57d92927b96cad8c739099b4ceae236)
Related: #1860899
---
src/basic/cgroup-util.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
index 992b12811a..14abe6e014 100644
--- a/src/basic/cgroup-util.c
+++ b/src/basic/cgroup-util.c
@@ -1177,7 +1177,7 @@ int cg_is_empty(const char *controller, const char *path) {
r = cg_enumerate_processes(controller, path, &f);
if (r == -ENOENT)
- return 1;
+ return true;
if (r < 0)
return r;
@@ -1207,6 +1207,8 @@ int cg_is_empty_recursive(const char *controller, const char *path) {
* via the "populated" attribute of "cgroup.events". */
r = cg_read_event(controller, path, "populated", &t);
+ if (r == -ENOENT)
+ return true;
if (r < 0)
return r;
@@ -1221,7 +1223,7 @@ int cg_is_empty_recursive(const char *controller, const char *path) {
r = cg_enumerate_subgroups(controller, path, &d);
if (r == -ENOENT)
- return 1;
+ return true;
if (r < 0)
return r;

29
SOURCES/0675-macro-define-HAS_FEATURE_ADDRESS_SANITIZER-also-on-g.patch Normal file
View File

@ -0,0 +1,29 @@
From 01da36fadd365329cfd9e2c97eb419c63404b25f Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 3 Dec 2018 17:30:19 +0100
Subject: [PATCH] macro: define HAS_FEATURE_ADDRESS_SANITIZER also on gcc
Let's make differences between compilers more minimal.
(cherry picked from commit be5f77b26e22a806179c7b03e03d424682ed325c)
Related: #2017033
---
src/basic/macro.h | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/basic/macro.h b/src/basic/macro.h
index 62f2359633..e87026882f 100644
--- a/src/basic/macro.h
+++ b/src/basic/macro.h
@@ -56,7 +56,9 @@
#endif
#if !defined(HAS_FEATURE_ADDRESS_SANITIZER)
-# if defined(__has_feature)
+# ifdef __SANITIZE_ADDRESS__
+# define HAS_FEATURE_ADDRESS_SANITIZER 1
+# elif defined(__has_feature)
# if __has_feature(address_sanitizer)
# define HAS_FEATURE_ADDRESS_SANITIZER 1
# endif

104
SOURCES/0676-tests-add-helper-function-to-autodetect-CI-environme.patch Normal file
View File

@ -0,0 +1,104 @@
From 6fbbf368f5a6d181b21f448255d5a4182dc2ab3a Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Mon, 29 Nov 2021 13:00:21 +0100
Subject: [PATCH] tests: add helper function to autodetect CI environments
Sadly there is no standarized way to check if we're running in some
CI environment. So let's try to gather the heuristics in one helper
function.
Loosely cherry-picked from 4eb0c875f8825199a829ddc597874915fbee0a84.
Related: #2017033
---
src/basic/string-util.h | 6 ++++++
src/shared/tests.c | 42 +++++++++++++++++++++++++++++++++++++++++
src/shared/tests.h | 3 +++
3 files changed, 51 insertions(+)
diff --git a/src/basic/string-util.h b/src/basic/string-util.h
index 96a9260f93..742b566932 100644
--- a/src/basic/string-util.h
+++ b/src/basic/string-util.h
@@ -32,6 +32,12 @@ static inline bool streq_ptr(const char *a, const char *b) {
return strcmp_ptr(a, b) == 0;
}
+static inline char* strstr_ptr(const char *haystack, const char *needle) {
+ if (!haystack || !needle)
+ return NULL;
+ return strstr(haystack, needle);
+}
+
static inline const char* strempty(const char *s) {
return s ?: "";
}
diff --git a/src/shared/tests.c b/src/shared/tests.c
index 100b62b9b0..1da80d653f 100644
--- a/src/shared/tests.c
+++ b/src/shared/tests.c
@@ -7,7 +7,9 @@
#include <util.h>
#include "tests.h"
+#include "env-util.h"
#include "path-util.h"
+#include "strv.h"
char* setup_fake_runtime_dir(void) {
char t[] = "/tmp/fake-xdg-runtime-XXXXXX", *p;
@@ -75,3 +77,43 @@ void test_setup_logging(int level) {
log_parse_environment();
log_open();
}
+
+const char *ci_environment(void) {
+ /* We return a string because we might want to provide multiple bits of information later on: not
+ * just the general CI environment type, but also whether we're sanitizing or not, etc. The caller is
+ * expected to use strstr on the returned value. */
+ static const char *ans = (void*) UINTPTR_MAX;
+ const char *p;
+ int r;
+
+ if (ans != (void*) UINTPTR_MAX)
+ return ans;
+
+ /* We allow specifying the environment with $CITYPE. Nobody uses this so far, but we are ready. */
+ p = getenv("CITYPE");
+ if (!isempty(p))
+ return (ans = p);
+
+ if (getenv_bool("TRAVIS") > 0)
+ return (ans = "travis");
+ if (getenv_bool("SEMAPHORE") > 0)
+ return (ans = "semaphore");
+ if (getenv_bool("GITHUB_ACTIONS") > 0)
+ return (ans = "github-actions");
+ if (getenv("AUTOPKGTEST_ARTIFACTS") || getenv("AUTOPKGTEST_TMP"))
+ return (ans = "autopkgtest");
+
+ FOREACH_STRING(p, "CI", "CONTINOUS_INTEGRATION") {
+ /* Those vars are booleans according to Semaphore and Travis docs:
+ * https://docs.travis-ci.com/user/environment-variables/#default-environment-variables
+ * https://docs.semaphoreci.com/ci-cd-environment/environment-variables/#ci
+ */
+ r = getenv_bool(p);
+ if (r > 0)
+ return (ans = "unknown"); /* Some other unknown thing */
+ if (r == 0)
+ return (ans = NULL);
+ }
+
+ return (ans = NULL);
+}
diff --git a/src/shared/tests.h b/src/shared/tests.h
index 3d696d02fd..4f8f349097 100644
--- a/src/shared/tests.h
+++ b/src/shared/tests.h
@@ -5,3 +5,6 @@ char* setup_fake_runtime_dir(void);
bool test_is_running_from_builddir(char **exedir);
const char* get_testdata_dir(void);
void test_setup_logging(int level);
+
+/* Provide a convenient way to check if we're running in CI. */
+const char *ci_environment(void);

48
SOURCES/0677-strv-rework-FOREACH_STRING-macro.patch Normal file
View File

@ -0,0 +1,48 @@
From 3539a72c260063713e4ecba17966ba9a768d8af9 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 16 Jan 2019 00:13:38 +0100
Subject: [PATCH] strv: rework FOREACH_STRING() macro
So it's apparently problematic that we use STRV_MAKE() (i.e. a compound
initializer) outside of the {} block we use it in (and that includes
outside of the ({}) block, too). Hence, let's rework the macro to not
need that.
This also makes the macro shorter, which is definitely a good and more
readable. Moreover, it will now complain if the iterator is a "char*"
instead of a "const char*", which is good too.
Fixes: #11394
(cherry picked from commit 66a64081f82dfad90f2f9394a477820a2e3e6510)
Related: #2017033
---
src/basic/strv.h | 15 ++++-----------
1 file changed, 4 insertions(+), 11 deletions(-)
diff --git a/src/basic/strv.h b/src/basic/strv.h
index c1e4c973b6..a09d76706d 100644
--- a/src/basic/strv.h
+++ b/src/basic/strv.h
@@ -148,17 +148,10 @@ void strv_print(char **l);
_found; \
})
-#define FOREACH_STRING(x, ...) \
- for (char **_l = ({ \
- char **_ll = STRV_MAKE(__VA_ARGS__); \
- x = _ll ? _ll[0] : NULL; \
- _ll; \
- }); \
- _l && *_l; \
- x = ({ \
- _l ++; \
- _l[0]; \
- }))
+#define FOREACH_STRING(x, y, ...) \
+ for (char **_l = STRV_MAKE(({ x = y; }), ##__VA_ARGS__); \
+ x; \
+ x = *(++_l))
char **strv_reverse(char **l);
char **strv_shell_escape(char **l, const char *bad);

45
SOURCES/0678-test-systemctl-use-const-char-instead-of-char.patch Normal file
View File

@ -0,0 +1,45 @@
From fdfff847313222eed3306ac605db46d8cbd23212 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Mon, 29 Nov 2021 13:47:24 +0100
Subject: [PATCH] test,systemctl: use "const char*" instead of "char*"
as iterator for FOREACH_STRING()
The macro iterates through literal strings (i.e. constant strings),
hence it's more correct to have the iterator const too.
Based on b2238e380e5f2fbcc129643b3fbd66f2828fd57c.
Related: #2017033
---
src/systemctl/systemctl.c | 3 ++-
src/test/test-execute.c | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index 3dd7c1522f..b967550b97 100644
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@@ -7011,7 +7011,8 @@ static int run_editor(char **paths) {
if (r == 0) {
const char **args;
char *editor, **editor_args = NULL;
- char **tmp_path, **original_path, *p;
+ char **tmp_path, **original_path;
+ const char *p;
size_t n_editor_args = 0, i = 1;
size_t argc;
diff --git a/src/test/test-execute.c b/src/test/test-execute.c
index 5303652b93..7581d5ed68 100644
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@@ -146,7 +146,7 @@ invalid:
}
static bool is_inaccessible_available(void) {
- char *p;
+ const char *p;
FOREACH_STRING(p,
"/run/systemd/inaccessible/reg",

27
SOURCES/0679-ci-pass-the-GITHUB_ACTIONS-variable-to-the-CentOS-co.patch Normal file
View File

@ -0,0 +1,27 @@
From a8fd8d157c832ddad34a9a3e372579c58261f7fb Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Mon, 29 Nov 2021 13:59:41 +0100
Subject: [PATCH] ci: pass the $GITHUB_ACTIONS variable to the CentOS container
so we can properly skip tests which are problematic when running in GH
Actions.
Related: #2017033
rhel-only
---
.github/workflows/unit_tests.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/unit_tests.sh b/.github/workflows/unit_tests.sh
index 814870e7a0..c1311310fb 100755
--- a/.github/workflows/unit_tests.sh
+++ b/.github/workflows/unit_tests.sh
@@ -131,7 +131,7 @@ for phase in "${PHASES[@]}"; do
# Pull a Docker image and start a new container
docker pull quay.io/centos/centos:$CENTOS_RELEASE
info "Starting container $CONT_NAME"
- $DOCKER_RUN -v $REPO_ROOT:/build:rw \
+ $DOCKER_RUN -v $REPO_ROOT:/build:rw -e GITHUB_ACTIONS="$GITHUB_ACTIONS" \
-w /build --privileged=true --name $CONT_NAME \
-dit --net=host quay.io/centos/centos:$CENTOS_RELEASE /sbin/init

171
SOURCES/0680-lgtm-detect-uninitialized-variables-using-the-__clea.patch Normal file
View File

@ -0,0 +1,171 @@
From cecb3cc06f6025835324c1837c03def1d9be8eb1 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Wed, 1 Dec 2021 21:31:43 +0100
Subject: [PATCH] lgtm: detect uninitialized variables using the __cleanup__
attribute
This is a slightly modified version of the original
`cpp/uninitialized-local` CodeQL query which focuses only on variables
using the cleanup macros. Since this has proven to cause issues in the
past, let's panic on every uninitialized variable using any of the
cleanup macros (as long as they're written using the __cleanup__
attribute).
Some test results from a test I used when writing the query:
```
#define _cleanup_foo_ __attribute__((__cleanup__(foo)))
#define _cleanup_(x) __attribute__((__cleanup__(x)))
static inline void freep(void *p) {
*(void**)p = mfree(*(void**) p);
}
#define _cleanup_free_ _cleanup_(freep)
static inline void foo(char **p) {
if (*p)
*p = free(*p);
}
int main(void) {
__attribute__((__cleanup__(foo))) char *a;
char *b;
_cleanup_foo_ char *c;
char **d;
_cleanup_free_ char *e;
int r;
r = fun(&e);
if (r < 0)
return 1;
puts(a);
puts(b);
puts(c);
puts(*d);
puts(e);
return 0;
}
```
```
+| test.c:23:14:23:14 | e | The variable $@ may not be initialized here, but has a cleanup handler. | test.c:20:26:20:26 | e | e |
+| test.c:27:10:27:10 | a | The variable $@ may not be initialized here, but has a cleanup handler. | test.c:16:45:16:45 | a | a |
+| test.c:29:10:29:10 | c | The variable $@ may not be initialized here, but has a cleanup handler. | test.c:18:25:18:25 | c | c |
```
(cherry picked from commit 863bff75488d33f519deea6390988f3d9d72e6de)
Related: #2017033
---
.../UninitializedVariableWithCleanup.ql | 99 +++++++++++++++++++
1 file changed, 99 insertions(+)
create mode 100644 .lgtm/cpp-queries/UninitializedVariableWithCleanup.ql
diff --git a/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql b/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql
new file mode 100644
index 0000000000..6bf0ae01eb
--- /dev/null
+++ b/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql
@@ -0,0 +1,99 @@
+/**
+ * vi: sw=2 ts=2 et syntax=ql:
+ *
+ * Based on cpp/uninitialized-local.
+ *
+ * @name Potentially uninitialized local variable using the cleanup attribute
+ * @description Running the cleanup handler on a possibly uninitialized variable
+ * is generally a bad idea.
+ * @id cpp/uninitialized-local-with-cleanup
+ * @kind problem
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ */
+
+import cpp
+import semmle.code.cpp.controlflow.StackVariableReachability
+
+/**
+ * Auxiliary predicate: Types that don't require initialization
+ * before they are used, since they're stack-allocated.
+ */
+predicate allocatedType(Type t) {
+ /* Arrays: "int foo[1]; foo[0] = 42;" is ok. */
+ t instanceof ArrayType
+ or
+ /* Structs: "struct foo bar; bar.baz = 42" is ok. */
+ t instanceof Class
+ or
+ /* Typedefs to other allocated types are fine. */
+ allocatedType(t.(TypedefType).getUnderlyingType())
+ or
+ /* Type specifiers don't affect whether or not a type is allocated. */
+ allocatedType(t.getUnspecifiedType())
+}
+
+/**
+ * A declaration of a local variable using __attribute__((__cleanup__(x)))
+ * that leaves the variable uninitialized.
+ */
+DeclStmt declWithNoInit(LocalVariable v) {
+ result.getADeclaration() = v and
+ not exists(v.getInitializer()) and
+ /* The variable has __attribute__((__cleanup__(...))) set */
+ v.getAnAttribute().hasName("cleanup") and
+ /* The type of the variable is not stack-allocated. */
+ exists(Type t | t = v.getType() | not allocatedType(t))
+}
+
+class UninitialisedLocalReachability extends StackVariableReachability {
+ UninitialisedLocalReachability() { this = "UninitialisedLocal" }
+
+ override predicate isSource(ControlFlowNode node, StackVariable v) { node = declWithNoInit(v) }
+
+ /* Note: _don't_ use the `useOfVarActual()` predicate here (and a couple of lines
+ * below), as it assumes that the callee always modifies the variable if
+ * it's passed to the function.
+ *
+ * i.e.:
+ * _cleanup_free char *x;
+ * fun(&x);
+ * puts(x);
+ *
+ * `useOfVarActual()` won't treat this an an uninitialized read even if the callee
+ * doesn't modify the argument, however, `useOfVar()` will
+ */
+ override predicate isSink(ControlFlowNode node, StackVariable v) { useOfVar(v, node) }
+
+ override predicate isBarrier(ControlFlowNode node, StackVariable v) {
+ // only report the _first_ possibly uninitialized use
+ useOfVar(v, node) or
+ definitionBarrier(v, node)
+ }
+}
+
+pragma[noinline]
+predicate containsInlineAssembly(Function f) { exists(AsmStmt s | s.getEnclosingFunction() = f) }
+
+/**
+ * Auxiliary predicate: List common exceptions or false positives
+ * for this check to exclude them.
+ */
+VariableAccess commonException() {
+ // If the uninitialized use we've found is in a macro expansion, it's
+ // typically something like va_start(), and we don't want to complain.
+ result.getParent().isInMacroExpansion()
+ or
+ result.getParent() instanceof BuiltInOperation
+ or
+ // Finally, exclude functions that contain assembly blocks. It's
+ // anyone's guess what happens in those.
+ containsInlineAssembly(result.getEnclosingFunction())
+}
+
+from UninitialisedLocalReachability r, LocalVariable v, VariableAccess va
+where
+ r.reaches(_, v, va) and
+ not va = commonException()
+select va, "The variable $@ may not be initialized here, but has a cleanup handler.", v, v.getName()

84
SOURCES/0681-lgtm-replace-the-query-used-for-looking-for-fgets-wi.patch Normal file
View File

@ -0,0 +1,84 @@
From c4a34b71d4f51f071f7a722059e36388b41d30e4 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Mon, 11 Mar 2019 21:05:13 +0100
Subject: [PATCH] lgtm: replace the query used for looking for fgets with a
more general query
to make it easier to comlain about `strtok` :-)
Inspired by https://github.com/systemd/systemd/pull/11963, which, in turn,
was prompted by https://github.com/systemd/systemd/pull/11555.
(cherry picked from commit 7ba5ded9dbd7737bc368521f5ea7c90e5b06ab3e)
Related: #2017033
---
.../PotentiallyDangerousFunction.ql | 30 +++++++++++++++++++
.lgtm/cpp-queries/fgets.ql | 21 -------------
2 files changed, 30 insertions(+), 21 deletions(-)
create mode 100644 .lgtm/cpp-queries/PotentiallyDangerousFunction.ql
delete mode 100644 .lgtm/cpp-queries/fgets.ql
diff --git a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql b/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
new file mode 100644
index 0000000000..ba80f4ad8c
--- /dev/null
+++ b/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
@@ -0,0 +1,30 @@
+/**
+ * @name Use of potentially dangerous function
+ * @description Certain standard library functions are dangerous to call.
+ * @kind problem
+ * @problem.severity error
+ * @precision high
+ * @id cpp/potentially-dangerous-function
+ * @tags reliability
+ * security
+ *
+ * Borrowed from
+ * https://github.com/Semmle/ql/blob/master/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
+ */
+import cpp
+
+predicate potentiallyDangerousFunction(Function f, string message) {
+ (
+ f.getQualifiedName() = "fgets" and
+ message = "Call to fgets is potentially dangerous. Use read_line() instead."
+ ) or (
+ f.getQualifiedName() = "strtok" and
+ message = "Call to strtok is potentially dangerous. Use extract_first_word() instead."
+ )
+}
+
+from FunctionCall call, Function target, string message
+where
+ call.getTarget() = target and
+ potentiallyDangerousFunction(target, message)
+select call, message
diff --git a/.lgtm/cpp-queries/fgets.ql b/.lgtm/cpp-queries/fgets.ql
deleted file mode 100644
index a4181e4f3d..0000000000
--- a/.lgtm/cpp-queries/fgets.ql
+++ /dev/null
@@ -1,21 +0,0 @@
-/**
- * @name Use of fgets()
- * @description fgets() is dangerous to call. Use read_line() instead.
- * @kind problem
- * @problem.severity error
- * @precision high
- * @id cpp/fgets
- * @tags reliability
- * security
- */
-import cpp
-
-predicate dangerousFunction(Function function) {
- exists (string name | name = function.getQualifiedName() |
- name = "fgets")
-}
-
-from FunctionCall call, Function target
-where call.getTarget() = target
- and dangerousFunction(target)
-select call, target.getQualifiedName() + " is potentially dangerous"

48
SOURCES/0682-lgtm-beef-up-list-of-dangerous-questionnable-API-cal.patch Normal file
View File

@ -0,0 +1,48 @@
From 8b60932555141e1fe61a343863eae7655c2449a9 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 2 Apr 2019 12:43:47 +0200
Subject: [PATCH] lgtm: beef up list of dangerous/questionnable API calls not
to make
(cherry picked from commit 9b4805421eb2a7319f6507a26febfb9d2cdc3a93)
Related: #2017033
---
.../PotentiallyDangerousFunction.ql | 22 +++++++++++++++++--
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql b/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
index ba80f4ad8c..cd0284b37a 100644
--- a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
+++ b/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
@@ -16,10 +16,28 @@ import cpp
predicate potentiallyDangerousFunction(Function f, string message) {
(
f.getQualifiedName() = "fgets" and
- message = "Call to fgets is potentially dangerous. Use read_line() instead."
+ message = "Call to fgets() is potentially dangerous. Use read_line() instead."
) or (
f.getQualifiedName() = "strtok" and
- message = "Call to strtok is potentially dangerous. Use extract_first_word() instead."
+ message = "Call to strtok() is potentially dangerous. Use extract_first_word() instead."
+ ) or (
+ f.getQualifiedName() = "strsep" and
+ message = "Call to strsep() is potentially dangerous. Use extract_first_word() instead."
+ ) or (
+ f.getQualifiedName() = "dup" and
+ message = "Call to dup() is potentially dangerous. Use fcntl(fd, FD_DUPFD_CLOEXEC, 3) instead."
+ ) or (
+ f.getQualifiedName() = "htonl" and
+ message = "Call to htonl() is confusing. Use htobe32() instead."
+ ) or (
+ f.getQualifiedName() = "htons" and
+ message = "Call to htons() is confusing. Use htobe16() instead."
+ ) or (
+ f.getQualifiedName() = "ntohl" and
+ message = "Call to ntohl() is confusing. Use be32toh() instead."
+ ) or (
+ f.getQualifiedName() = "ntohs" and
+ message = "Call to ntohs() is confusing. Use be16toh() instead."
)
}

26
SOURCES/0683-lgtm-warn-about-strerror-use.patch Normal file
View File

@ -0,0 +1,26 @@
From af6eac25456d4ca7e8233e00aec7531e640f17af Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 5 Apr 2019 15:31:34 +0200
Subject: [PATCH] lgtm: warn about strerror() use
(cherry picked from commit 9ff46eded2b99d244455467eb55c0ff3f51c5362)
Related: #2017033
---
.lgtm/cpp-queries/PotentiallyDangerousFunction.ql | 3 +++
1 file changed, 3 insertions(+)
diff --git a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql b/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
index cd0284b37a..96712cf1c6 100644
--- a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
+++ b/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
@@ -38,6 +38,9 @@ predicate potentiallyDangerousFunction(Function f, string message) {
) or (
f.getQualifiedName() = "ntohs" and
message = "Call to ntohs() is confusing. Use be16toh() instead."
+ ) or (
+ f.getQualifiedName() = "strerror" and
+ message = "Call to strerror() is not thread-safe. Use strerror_r() or printf()'s %m format string instead."
)
}

27
SOURCES/0684-lgtm-complain-about-accept-people-should-use-accept4.patch Normal file
View File

@ -0,0 +1,27 @@
From bfa090ce83f2b0734c526a4426a20f6f0f943aa0 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 10 Apr 2019 19:36:40 +0200
Subject: [PATCH] lgtm: complain about accept() [people should use accept4()
instead, due to O_CLOEXEC]
(cherry picked from commit e2d0fa6feb3797246c8bfda3db45a2f5b62e1b5b)
Related: #2017033
---
.lgtm/cpp-queries/PotentiallyDangerousFunction.ql | 3 +++
1 file changed, 3 insertions(+)
diff --git a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql b/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
index 96712cf1c6..865330430d 100644
--- a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
+++ b/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
@@ -41,6 +41,9 @@ predicate potentiallyDangerousFunction(Function f, string message) {
) or (
f.getQualifiedName() = "strerror" and
message = "Call to strerror() is not thread-safe. Use strerror_r() or printf()'s %m format string instead."
+ ) or (
+ f.getQualifiedName() = "accept" and
+ message = "Call to accept() is not O_CLOEXEC-safe. Use accept4() instead."
)
}

40
SOURCES/0685-lgtm-don-t-treat-the-custom-note-as-a-list-of-tags.patch Normal file
View File

@ -0,0 +1,40 @@
From 6eeaef95566e6d85e714280c412e5df347838e34 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Thu, 2 Dec 2021 16:55:17 +0100
Subject: [PATCH] lgtm: don't treat the custom note as a list of tags
Just a cosmetic change.
(cherry picked from commit c7d70210fa45c3210b8b1eda51bc0f6d68bd8392)
Related: #2017033
---
.lgtm/cpp-queries/PotentiallyDangerousFunction.ql | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql b/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
index 865330430d..39e8dddd13 100644
--- a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
+++ b/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
@@ -1,15 +1,17 @@
/**
+ * vi: sw=2 ts=2 et syntax=ql:
+ *
+ * Borrowed from
+ * https://github.com/Semmle/ql/blob/master/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
+ *
* @name Use of potentially dangerous function
* @description Certain standard library functions are dangerous to call.
+ * @id cpp/potentially-dangerous-function
* @kind problem
* @problem.severity error
* @precision high
- * @id cpp/potentially-dangerous-function
* @tags reliability
* security
- *
- * Borrowed from
- * https://github.com/Semmle/ql/blob/master/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
*/
import cpp

42
SOURCES/0686-lgtm-ignore-certain-cleanup-functions.patch Normal file
View File

@ -0,0 +1,42 @@
From 42123e9614ea73c7f64c684c90e4dbb049ef67ef Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Sun, 5 Dec 2021 10:25:28 +0100
Subject: [PATCH] lgtm: ignore certain cleanup functions
as they don't do any illegal stuff even when used with an uninitialized
variable.
(cherry picked from commit af1868213657b38b8d4008608976eb81546cfb8e)
Related: #2017033
---
.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql b/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql
index 6bf0ae01eb..8c24b6d8f1 100644
--- a/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql
+++ b/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql
@@ -34,6 +34,13 @@ predicate allocatedType(Type t) {
allocatedType(t.getUnspecifiedType())
}
+/** Auxiliary predicate: List cleanup functions we want to explicitly ignore
+ * since they don't do anything illegal even when the variable is uninitialized
+ */
+predicate cleanupFunctionDenyList(string fun) {
+ fun = "erase_char"
+}
+
/**
* A declaration of a local variable using __attribute__((__cleanup__(x)))
* that leaves the variable uninitialized.
@@ -43,6 +50,8 @@ DeclStmt declWithNoInit(LocalVariable v) {
not exists(v.getInitializer()) and
/* The variable has __attribute__((__cleanup__(...))) set */
v.getAnAttribute().hasName("cleanup") and
+ /* Check if the cleanup function is not on a deny list */
+ not exists(Attribute a | a = v.getAnAttribute() and a.getName() = "cleanup" | cleanupFunctionDenyList(a.getAnArgument().getValueText())) and
/* The type of the variable is not stack-allocated. */
exists(Type t | t = v.getType() | not allocatedType(t))
}

96
SOURCES/0687-lgtm-detect-more-possible-problematic-scenarios.patch Normal file
View File

@ -0,0 +1,96 @@
From f9b19c9d4caaf870b30cce8a3d6be79eda099c4e Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Sun, 5 Dec 2021 16:11:35 +0100
Subject: [PATCH] lgtm: detect more possible problematic scenarios
1) don't ignore stack-allocated variables, since they may hide
heap-allocated stuff (compound types)
2) check if there's a return between the variable declaration and its
initialization; if so, treat the variable as uninitialized
3) introduction of 2) increased the query runtime exponentially, so
introduce some optimizations to bring it back to some reasonable
values
(cherry picked from commit c8fec8bf9b086f9fc7638db0f1a613a00d7c63a3)
Related: #2017033
---
.../UninitializedVariableWithCleanup.ql | 48 ++++++++++---------
1 file changed, 25 insertions(+), 23 deletions(-)
diff --git a/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql b/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql
index 8c24b6d8f1..6b3b62f8bc 100644
--- a/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql
+++ b/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql
@@ -16,24 +16,6 @@
import cpp
import semmle.code.cpp.controlflow.StackVariableReachability
-/**
- * Auxiliary predicate: Types that don't require initialization
- * before they are used, since they're stack-allocated.
- */
-predicate allocatedType(Type t) {
- /* Arrays: "int foo[1]; foo[0] = 42;" is ok. */
- t instanceof ArrayType
- or
- /* Structs: "struct foo bar; bar.baz = 42" is ok. */
- t instanceof Class
- or
- /* Typedefs to other allocated types are fine. */
- allocatedType(t.(TypedefType).getUnderlyingType())
- or
- /* Type specifiers don't affect whether or not a type is allocated. */
- allocatedType(t.getUnspecifiedType())
-}
-
/** Auxiliary predicate: List cleanup functions we want to explicitly ignore
* since they don't do anything illegal even when the variable is uninitialized
*/
@@ -47,13 +29,11 @@ predicate cleanupFunctionDenyList(string fun) {
*/
DeclStmt declWithNoInit(LocalVariable v) {
result.getADeclaration() = v and
- not exists(v.getInitializer()) and
+ not v.hasInitializer() and
/* The variable has __attribute__((__cleanup__(...))) set */
v.getAnAttribute().hasName("cleanup") and
/* Check if the cleanup function is not on a deny list */
- not exists(Attribute a | a = v.getAnAttribute() and a.getName() = "cleanup" | cleanupFunctionDenyList(a.getAnArgument().getValueText())) and
- /* The type of the variable is not stack-allocated. */
- exists(Type t | t = v.getType() | not allocatedType(t))
+ not cleanupFunctionDenyList(v.getAnAttribute().getAnArgument().getValueText())
}
class UninitialisedLocalReachability extends StackVariableReachability {
@@ -78,7 +58,29 @@ class UninitialisedLocalReachability extends StackVariableReachability {
override predicate isBarrier(ControlFlowNode node, StackVariable v) {
// only report the _first_ possibly uninitialized use
useOfVar(v, node) or
- definitionBarrier(v, node)
+ (
+ /* If there's an return statement somewhere between the variable declaration
+ * and a possible definition, don't accept is as a valid initialization.
+ *
+ * E.g.:
+ * _cleanup_free_ char *x;
+ * ...
+ * if (...)
+ * return;
+ * ...
+ * x = malloc(...);
+ *
+ * is not a valid initialization, since we might return from the function
+ * _before_ the actual iniitialization (emphasis on _might_, since we
+ * don't know if the return statement might ever evaluate to true).
+ */
+ definitionBarrier(v, node) and
+ not exists(ReturnStmt rs |
+ /* The attribute check is "just" a complexity optimization */
+ v.getFunction() = rs.getEnclosingFunction() and v.getAnAttribute().hasName("cleanup") |
+ rs.getLocation().isBefore(node.getLocation())
+ )
+ )
}
}

48
SOURCES/0688-lgtm-enable-more-and-potentially-useful-queries.patch Normal file
View File

@ -0,0 +1,48 @@
From 842c676a36abab0d92f1e68de2c8881fd00fdf4b Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Tue, 30 Nov 2021 23:40:28 +0100
Subject: [PATCH] lgtm: enable more (and potentially useful) queries
Not all available queries on LGTM are enabled by default, but some of
the excluded ones might come in handy, hence let's enable them
explicitly.
(cherry picked from commit 38f36b9f3443b4d2085799c772e901a402b84af3)
Related: #2017033
---
.lgtm.yml | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/.lgtm.yml b/.lgtm.yml
index 5948d8c2bc..fe93957b67 100644
--- a/.lgtm.yml
+++ b/.lgtm.yml
@@ -1,3 +1,27 @@
+---
+# vi: ts=2 sw=2 et:
+
+# Explicitly enable certain checks which are hidden by default
+queries:
+ - include: cpp/bad-strncpy-size
+ - include: cpp/declaration-hides-variable
+ - include: cpp/inconsistent-null-check
+ - include: cpp/mistyped-function-arguments
+ - include: cpp/nested-loops-with-same-variable
+ - include: cpp/sizeof-side-effect
+ - include: cpp/suspicious-pointer-scaling
+ - include: cpp/suspicious-pointer-scaling-void
+ - include: cpp/suspicious-sizeof
+ - include: cpp/unsafe-strcat
+ - include: cpp/unsafe-strncat
+ - include: cpp/unsigned-difference-expression-compared-zero
+ - include: cpp/unused-local-variable
+ - include:
+ tags:
+ - "security"
+ - "correctness"
+ severity: "error"
+
extraction:
cpp:
prepare:

36
SOURCES/0689-meson-avoid-bogus-meson-warning.patch Normal file
View File

@ -0,0 +1,36 @@
From 4433c31a80c4477b0a0c503c74e8faebc44f4453 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 7 Nov 2019 11:32:26 +0100
Subject: [PATCH] meson: avoid bogus meson warning
With meson-0.52.0-1.module_f31+6771+f5d842eb.noarch I get:
src/test/meson.build:19: WARNING: Overriding previous value of environment variable 'PATH' with a new one
When we're using *prepend*, the whole point is to modify an existing variable,
so meson shouldn't warn. But let's set avoid the warning and shorten things by
setting the final value immediately.
(cherry picked from commit cbe804947482998cc767bfb0c169e6263a6ef097)
---
src/test/meson.build | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/test/meson.build b/src/test/meson.build
index 40cf56d73d..6eaa62e53f 100644
--- a/src/test/meson.build
+++ b/src/test/meson.build
@@ -10,12 +10,11 @@ test_hashmap_ordered_c = custom_target(
test_include_dir = include_directories('.')
-path = run_command('sh', ['-c', 'echo "$PATH"']).stdout()
+path = run_command('sh', ['-c', 'echo "$PATH"']).stdout().strip()
test_env = environment()
test_env.set('SYSTEMD_KBD_MODEL_MAP', kbd_model_map)
test_env.set('SYSTEMD_LANGUAGE_FALLBACK_MAP', language_fallback_map)
-test_env.set('PATH', path)
-test_env.prepend('PATH', meson.build_root())
+test_env.set('PATH', '@0@:@1@'.format(meson.build_root(), path))
############################################################

33
SOURCES/0690-test-make-TEST-47-less-racy.patch Normal file
View File

@ -0,0 +1,33 @@
From de7125dcfe6d6c8af05262ab786f9fe7cbf15113 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Wed, 15 Dec 2021 12:15:19 +0100
Subject: [PATCH] test: make TEST-47 less racy
Based on:
- 2e7090e94d0c8b31d418555ab2f6a9b75318f6a4
- e00e2e0b50bbd120290572c8d1242703fb98b34e
- 197298ff9fc930de450330095cc5b67d165d0801
Related: #2017033
---
test/TEST-47-ISSUE-14566/testsuite.sh | 2 ++
1 file changed, 2 insertions(+)
diff --git a/test/TEST-47-ISSUE-14566/testsuite.sh b/test/TEST-47-ISSUE-14566/testsuite.sh
index d917cf52ff..b12b50e96c 100755
--- a/test/TEST-47-ISSUE-14566/testsuite.sh
+++ b/test/TEST-47-ISSUE-14566/testsuite.sh
@@ -6,11 +6,13 @@ systemd-analyze log-level debug
systemd-analyze log-target console
systemctl start issue_14566_test
+sleep 4
systemctl status issue_14566_test
leaked_pid=$(cat /leakedtestpid)
systemctl stop issue_14566_test
+sleep 4
# Leaked PID will still be around if we're buggy.
# I personally prefer to see 42.

179
SOURCES/0691-core-rename-unit_-start_limit-condition-assert-_test.patch Normal file
View File

@ -0,0 +1,179 @@
From 894d307d0d149adb46e630550566e5a3f6ff8d2e Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 18 Mar 2019 12:21:27 +0100
Subject: [PATCH] core: rename unit_{start_limit|condition|assert}_test() to
unit_test_xyz()
Just some renaming, no change in behaviour.
Background: I'd like to add more functions unit_test_xyz() that test
various things, hence let's streamline the naming a bit.
(cherry picked from commit 97a3f4ee052e1b8a0ff03accfa478e352891a84f)
Related: #2036608
---
src/core/automount.c | 2 +-
src/core/mount.c | 2 +-
src/core/path.c | 2 +-
src/core/service.c | 2 +-
src/core/socket.c | 2 +-
src/core/swap.c | 2 +-
src/core/timer.c | 2 +-
src/core/unit.c | 11 +++++------
src/core/unit.h | 2 +-
9 files changed, 13 insertions(+), 14 deletions(-)
diff --git a/src/core/automount.c b/src/core/automount.c
index 76e70f4dac..2bc160cb07 100644
--- a/src/core/automount.c
+++ b/src/core/automount.c
@@ -808,7 +808,7 @@ static int automount_start(Unit *u) {
return -ENOENT;
}
- r = unit_start_limit_test(u);
+ r = unit_test_start_limit(u);
if (r < 0) {
automount_enter_dead(a, AUTOMOUNT_FAILURE_START_LIMIT_HIT);
return r;
diff --git a/src/core/mount.c b/src/core/mount.c
index 7e80a0c974..aa586d88cb 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -1065,7 +1065,7 @@ static int mount_start(Unit *u) {
assert(IN_SET(m->state, MOUNT_DEAD, MOUNT_FAILED));
- r = unit_start_limit_test(u);
+ r = unit_test_start_limit(u);
if (r < 0) {
mount_enter_dead(m, MOUNT_FAILURE_START_LIMIT_HIT);
return r;
diff --git a/src/core/path.c b/src/core/path.c
index ed40bc6c19..4bccc0396b 100644
--- a/src/core/path.c
+++ b/src/core/path.c
@@ -565,7 +565,7 @@ static int path_start(Unit *u) {
return -ENOENT;
}
- r = unit_start_limit_test(u);
+ r = unit_test_start_limit(u);
if (r < 0) {
path_enter_dead(p, PATH_FAILURE_START_LIMIT_HIT);
return r;
diff --git a/src/core/service.c b/src/core/service.c
index 7969bbf071..1a1de43d0d 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -2388,7 +2388,7 @@ static int service_start(Unit *u) {
assert(IN_SET(s->state, SERVICE_DEAD, SERVICE_FAILED));
/* Make sure we don't enter a busy loop of some kind. */
- r = unit_start_limit_test(u);
+ r = unit_test_start_limit(u);
if (r < 0) {
service_enter_dead(s, SERVICE_FAILURE_START_LIMIT_HIT, false);
return r;
diff --git a/src/core/socket.c b/src/core/socket.c
index 50c32ed8f4..09491c6677 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -2469,7 +2469,7 @@ static int socket_start(Unit *u) {
assert(IN_SET(s->state, SOCKET_DEAD, SOCKET_FAILED));
- r = unit_start_limit_test(u);
+ r = unit_test_start_limit(u);
if (r < 0) {
socket_enter_dead(s, SOCKET_FAILURE_START_LIMIT_HIT);
return r;
diff --git a/src/core/swap.c b/src/core/swap.c
index a8f127f660..823699699e 100644
--- a/src/core/swap.c
+++ b/src/core/swap.c
@@ -851,7 +851,7 @@ static int swap_start(Unit *u) {
if (UNIT(other)->job && UNIT(other)->job->state == JOB_RUNNING)
return -EAGAIN;
- r = unit_start_limit_test(u);
+ r = unit_test_start_limit(u);
if (r < 0) {
swap_enter_dead(s, SWAP_FAILURE_START_LIMIT_HIT);
return r;
diff --git a/src/core/timer.c b/src/core/timer.c
index 1718ffc5a5..be16321296 100644
--- a/src/core/timer.c
+++ b/src/core/timer.c
@@ -599,7 +599,7 @@ static int timer_start(Unit *u) {
return -ENOENT;
}
- r = unit_start_limit_test(u);
+ r = unit_test_start_limit(u);
if (r < 0) {
timer_enter_dead(t, TIMER_FAILURE_START_LIMIT_HIT);
return r;
diff --git a/src/core/unit.c b/src/core/unit.c
index 23afa24c77..9013186d8a 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1633,7 +1633,7 @@ static bool unit_condition_test_list(Unit *u, Condition *first, const char *(*to
return triggered != 0;
}
-static bool unit_condition_test(Unit *u) {
+static bool unit_test_condition(Unit *u) {
assert(u);
dual_timestamp_get(&u->condition_timestamp);
@@ -1642,7 +1642,7 @@ static bool unit_condition_test(Unit *u) {
return u->condition_result;
}
-static bool unit_assert_test(Unit *u) {
+static bool unit_test_assert(Unit *u) {
assert(u);
dual_timestamp_get(&u->assert_timestamp);
@@ -1657,8 +1657,7 @@ void unit_status_printf(Unit *u, const char *status, const char *unit_status_msg
REENABLE_WARNING;
}
-
-int unit_start_limit_test(Unit *u) {
+int unit_test_start_limit(Unit *u) {
assert(u);
if (ratelimit_below(&u->start_limit)) {
@@ -1750,14 +1749,14 @@ int unit_start(Unit *u) {
* speed up activation in case there is some hold-off time,
* but we don't want to recheck the condition in that case. */
if (state != UNIT_ACTIVATING &&
- !unit_condition_test(u)) {
+ !unit_test_condition(u)) {
log_unit_debug(u, "Starting requested but condition failed. Not starting unit.");
return -EALREADY;
}
/* If the asserts failed, fail the entire job */
if (state != UNIT_ACTIVATING &&
- !unit_assert_test(u)) {
+ !unit_test_assert(u)) {
log_unit_notice(u, "Starting requested but asserts failed.");
return -EPROTO;
}
diff --git a/src/core/unit.h b/src/core/unit.h
index ec45b5fb48..a8bc350b66 100644
--- a/src/core/unit.h
+++ b/src/core/unit.h
@@ -786,7 +786,7 @@ static inline bool unit_supported(Unit *u) {
void unit_warn_if_dir_nonempty(Unit *u, const char* where);
int unit_fail_if_noncanonical(Unit *u, const char* where);
-int unit_start_limit_test(Unit *u);
+int unit_test_start_limit(Unit *u);
void unit_unref_uid(Unit *u, bool destroy_now);
int unit_ref_uid(Unit *u, uid_t uid, bool clean_ipc);

400
SOURCES/0692-core-Check-unit-start-rate-limiting-earlier.patch Normal file
View File

@ -0,0 +1,400 @@
From 471eda89a25a3ceac91a2d05e39a54aae78038ed Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 24 Aug 2021 16:46:47 +0100
Subject: [PATCH] core: Check unit start rate limiting earlier
Fixes #17433. Currently, if any of the validations we do before we
check start rate limiting fail, we can still enter a busy loop as
no rate limiting gets applied. A common occurence of this scenario
is path units triggering a service that fails a condition check.
To fix the issue, we simply move up start rate limiting checks to
be the first thing we do when starting a unit. To achieve this,
we add a new method to the unit vtable and implement it for the
relevant unit types so that we can do the start rate limit checks
earlier on.
(cherry picked from commit 9727f2427ff6b2e1f4ab927cc57ad8e888f04e95)
Related: #2036608
[msekleta: I've deleted part of the original commit that adds test for
issue #17433. This was necessary because upstream commit assumes newer
organization of the test code which we don't have in RHEL-8 tree. As
a consequence we must add explicit test for this in the internal
test-suite.]
---
src/core/automount.c | 23 +++++++++++++++++------
src/core/mount.c | 23 +++++++++++++++++------
src/core/path.c | 23 +++++++++++++++++------
src/core/service.c | 25 ++++++++++++++++++-------
src/core/socket.c | 23 +++++++++++++++++------
src/core/swap.c | 23 +++++++++++++++++------
src/core/timer.c | 22 ++++++++++++++++------
src/core/unit.c | 14 ++++++++++----
src/core/unit.h | 4 ++++
9 files changed, 133 insertions(+), 47 deletions(-)
diff --git a/src/core/automount.c b/src/core/automount.c
index 2bc160cb07..5e16adabb5 100644
--- a/src/core/automount.c
+++ b/src/core/automount.c
@@ -808,12 +808,6 @@ static int automount_start(Unit *u) {
return -ENOENT;
}
- r = unit_test_start_limit(u);
- if (r < 0) {
- automount_enter_dead(a, AUTOMOUNT_FAILURE_START_LIMIT_HIT);
- return r;
- }
-
r = unit_acquire_invocation_id(u);
if (r < 0)
return r;
@@ -1077,6 +1071,21 @@ static bool automount_supported(void) {
return supported;
}
+static int automount_test_start_limit(Unit *u) {
+ Automount *a = AUTOMOUNT(u);
+ int r;
+
+ assert(a);
+
+ r = unit_test_start_limit(u);
+ if (r < 0) {
+ automount_enter_dead(a, AUTOMOUNT_FAILURE_START_LIMIT_HIT);
+ return r;
+ }
+
+ return 0;
+}
+
static const char* const automount_result_table[_AUTOMOUNT_RESULT_MAX] = {
[AUTOMOUNT_SUCCESS] = "success",
[AUTOMOUNT_FAILURE_RESOURCES] = "resources",
@@ -1135,4 +1144,6 @@ const UnitVTable automount_vtable = {
[JOB_FAILED] = "Failed to unset automount %s.",
},
},
+
+ .test_start_limit = automount_test_start_limit,
};
diff --git a/src/core/mount.c b/src/core/mount.c
index aa586d88cb..22848847e5 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -1065,12 +1065,6 @@ static int mount_start(Unit *u) {
assert(IN_SET(m->state, MOUNT_DEAD, MOUNT_FAILED));
- r = unit_test_start_limit(u);
- if (r < 0) {
- mount_enter_dead(m, MOUNT_FAILURE_START_LIMIT_HIT);
- return r;
- }
-
r = unit_acquire_invocation_id(u);
if (r < 0)
return r;
@@ -1957,6 +1951,21 @@ static int mount_control_pid(Unit *u) {
return m->control_pid;
}
+static int mount_test_start_limit(Unit *u) {
+ Mount *m = MOUNT(u);
+ int r;
+
+ assert(m);
+
+ r = unit_test_start_limit(u);
+ if (r < 0) {
+ mount_enter_dead(m, MOUNT_FAILURE_START_LIMIT_HIT);
+ return r;
+ }
+
+ return 0;
+}
+
static const char* const mount_exec_command_table[_MOUNT_EXEC_COMMAND_MAX] = {
[MOUNT_EXEC_MOUNT] = "ExecMount",
[MOUNT_EXEC_UNMOUNT] = "ExecUnmount",
@@ -2048,4 +2057,6 @@ const UnitVTable mount_vtable = {
[JOB_TIMEOUT] = "Timed out unmounting %s.",
},
},
+
+ .test_start_limit = mount_test_start_limit,
};
diff --git a/src/core/path.c b/src/core/path.c
index 4bccc0396b..1e69a1f05f 100644
--- a/src/core/path.c
+++ b/src/core/path.c
@@ -565,12 +565,6 @@ static int path_start(Unit *u) {
return -ENOENT;
}
- r = unit_test_start_limit(u);
- if (r < 0) {
- path_enter_dead(p, PATH_FAILURE_START_LIMIT_HIT);
- return r;
- }
-
r = unit_acquire_invocation_id(u);
if (r < 0)
return r;
@@ -730,6 +724,21 @@ static void path_reset_failed(Unit *u) {
p->result = PATH_SUCCESS;
}
+static int path_test_start_limit(Unit *u) {
+ Path *p = PATH(u);
+ int r;
+
+ assert(p);
+
+ r = unit_test_start_limit(u);
+ if (r < 0) {
+ path_enter_dead(p, PATH_FAILURE_START_LIMIT_HIT);
+ return r;
+ }
+
+ return 0;
+}
+
static const char* const path_type_table[_PATH_TYPE_MAX] = {
[PATH_EXISTS] = "PathExists",
[PATH_EXISTS_GLOB] = "PathExistsGlob",
@@ -782,4 +791,6 @@ const UnitVTable path_vtable = {
.bus_vtable = bus_path_vtable,
.bus_set_property = bus_path_set_property,
+
+ .test_start_limit = path_test_start_limit,
};
diff --git a/src/core/service.c b/src/core/service.c
index 1a1de43d0d..c5f408d817 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -2387,13 +2387,6 @@ static int service_start(Unit *u) {
assert(IN_SET(s->state, SERVICE_DEAD, SERVICE_FAILED));
- /* Make sure we don't enter a busy loop of some kind. */
- r = unit_test_start_limit(u);
- if (r < 0) {
- service_enter_dead(s, SERVICE_FAILURE_START_LIMIT_HIT, false);
- return r;
- }
-
r = unit_acquire_invocation_id(u);
if (r < 0)
return r;
@@ -4081,6 +4074,22 @@ static bool service_needs_console(Unit *u) {
SERVICE_FINAL_SIGKILL);
}
+static int service_test_start_limit(Unit *u) {
+ Service *s = SERVICE(u);
+ int r;
+
+ assert(s);
+
+ /* Make sure we don't enter a busy loop of some kind. */
+ r = unit_test_start_limit(u);
+ if (r < 0) {
+ service_enter_dead(s, SERVICE_FAILURE_START_LIMIT_HIT, false);
+ return r;
+ }
+
+ return 0;
+}
+
static const char* const service_restart_table[_SERVICE_RESTART_MAX] = {
[SERVICE_RESTART_NO] = "no",
[SERVICE_RESTART_ON_SUCCESS] = "on-success",
@@ -4222,4 +4231,6 @@ const UnitVTable service_vtable = {
[JOB_FAILED] = "Stopped (with error) %s.",
},
},
+
+ .test_start_limit = service_test_start_limit,
};
diff --git a/src/core/socket.c b/src/core/socket.c
index 09491c6677..36d2e4f823 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -2469,12 +2469,6 @@ static int socket_start(Unit *u) {
assert(IN_SET(s->state, SOCKET_DEAD, SOCKET_FAILED));
- r = unit_test_start_limit(u);
- if (r < 0) {
- socket_enter_dead(s, SOCKET_FAILURE_START_LIMIT_HIT);
- return r;
- }
-
r = unit_acquire_invocation_id(u);
if (r < 0)
return r;
@@ -3267,6 +3261,21 @@ static int socket_control_pid(Unit *u) {
return s->control_pid;
}
+static int socket_test_start_limit(Unit *u) {
+ Socket *s = SOCKET(u);
+ int r;
+
+ assert(s);
+
+ r = unit_test_start_limit(u);
+ if (r < 0) {
+ socket_enter_dead(s, SOCKET_FAILURE_START_LIMIT_HIT);
+ return r;
+ }
+
+ return 0;
+}
+
static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
[SOCKET_EXEC_START_PRE] = "ExecStartPre",
[SOCKET_EXEC_START_CHOWN] = "ExecStartChown",
@@ -3359,4 +3368,6 @@ const UnitVTable socket_vtable = {
[JOB_TIMEOUT] = "Timed out stopping %s.",
},
},
+
+ .test_start_limit = socket_test_start_limit,
};
diff --git a/src/core/swap.c b/src/core/swap.c
index 823699699e..90fcd69300 100644
--- a/src/core/swap.c
+++ b/src/core/swap.c
@@ -851,12 +851,6 @@ static int swap_start(Unit *u) {
if (UNIT(other)->job && UNIT(other)->job->state == JOB_RUNNING)
return -EAGAIN;
- r = unit_test_start_limit(u);
- if (r < 0) {
- swap_enter_dead(s, SWAP_FAILURE_START_LIMIT_HIT);
- return r;
- }
-
r = unit_acquire_invocation_id(u);
if (r < 0)
return r;
@@ -1458,6 +1452,21 @@ static int swap_control_pid(Unit *u) {
return s->control_pid;
}
+static int swap_test_start_limit(Unit *u) {
+ Swap *s = SWAP(u);
+ int r;
+
+ assert(s);
+
+ r = unit_test_start_limit(u);
+ if (r < 0) {
+ swap_enter_dead(s, SWAP_FAILURE_START_LIMIT_HIT);
+ return r;
+ }
+
+ return 0;
+}
+
static const char* const swap_exec_command_table[_SWAP_EXEC_COMMAND_MAX] = {
[SWAP_EXEC_ACTIVATE] = "ExecActivate",
[SWAP_EXEC_DEACTIVATE] = "ExecDeactivate",
@@ -1547,4 +1556,6 @@ const UnitVTable swap_vtable = {
[JOB_TIMEOUT] = "Timed out deactivating swap %s.",
},
},
+
+ .test_start_limit = swap_test_start_limit,
};
diff --git a/src/core/timer.c b/src/core/timer.c
index be16321296..fb9ae17990 100644
--- a/src/core/timer.c
+++ b/src/core/timer.c
@@ -599,12 +599,6 @@ static int timer_start(Unit *u) {
return -ENOENT;
}
- r = unit_test_start_limit(u);
- if (r < 0) {
- timer_enter_dead(t, TIMER_FAILURE_START_LIMIT_HIT);
- return r;
- }
-
r = unit_acquire_invocation_id(u);
if (r < 0)
return r;
@@ -829,6 +823,21 @@ static void timer_timezone_change(Unit *u) {
timer_enter_waiting(t, false);
}
+static int timer_test_start_limit(Unit *u) {
+ Timer *t = TIMER(u);
+ int r;
+
+ assert(t);
+
+ r = unit_test_start_limit(u);
+ if (r < 0) {
+ timer_enter_dead(t, TIMER_FAILURE_START_LIMIT_HIT);
+ return r;
+ }
+
+ return 0;
+}
+
static const char* const timer_base_table[_TIMER_BASE_MAX] = {
[TIMER_ACTIVE] = "OnActiveSec",
[TIMER_BOOT] = "OnBootSec",
@@ -884,4 +893,5 @@ const UnitVTable timer_vtable = {
.bus_set_property = bus_timer_set_property,
.can_transient = true,
+ .test_start_limit = timer_test_start_limit,
};
diff --git a/src/core/unit.c b/src/core/unit.c
index 9013186d8a..f0df7452fa 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1728,10 +1728,16 @@ int unit_start(Unit *u) {
assert(u);
- /* If this is already started, then this will succeed. Note
- * that this will even succeed if this unit is not startable
- * by the user. This is relied on to detect when we need to
- * wait for units and when waiting is finished. */
+ /* Check start rate limiting early so that failure conditions don't cause us to enter a busy loop. */
+ if (UNIT_VTABLE(u)->test_start_limit) {
+ int r = UNIT_VTABLE(u)->test_start_limit(u);
+ if (r < 0)
+ return r;
+ }
+
+ /* If this is already started, then this will succeed. Note that this will even succeed if this unit
+ * is not startable by the user. This is relied on to detect when we need to wait for units and when
+ * waiting is finished. */
state = unit_active_state(u);
if (UNIT_IS_ACTIVE_OR_RELOADING(state))
return -EALREADY;
diff --git a/src/core/unit.h b/src/core/unit.h
index a8bc350b66..9e6f1bcf81 100644
--- a/src/core/unit.h
+++ b/src/core/unit.h
@@ -567,6 +567,10 @@ typedef struct UnitVTable {
/* The bus vtable */
const sd_bus_vtable *bus_vtable;
+ /* If this function is set, it's invoked first as part of starting a unit to allow start rate
+ * limiting checks to occur before we do anything else. */
+ int (*test_start_limit)(Unit *u);
+
/* The strings to print in status messages */
UnitStatusMessageFormats status_message_formats;

226
SOURCES/0693-sd-event-introduce-callback-invoked-when-event-sourc.patch Normal file
View File

@ -0,0 +1,226 @@
From 51210a849ea7f163a1760de989756206c01dd758 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 4 Oct 2021 19:44:06 +0200
Subject: [PATCH] sd-event: introduce callback invoked when event source
ratelimit expires
(cherry picked from commit fd69f2247520b0be3190ded96d646a415edc97b7)
Related: #2036608
---
src/libsystemd/libsystemd.sym | 5 +++
src/libsystemd/sd-event/sd-event.c | 61 +++++++++++++++++++++++-----
src/libsystemd/sd-event/test-event.c | 12 ++++++
src/systemd/sd-event.h | 1 +
4 files changed, 68 insertions(+), 11 deletions(-)
diff --git a/src/libsystemd/libsystemd.sym b/src/libsystemd/libsystemd.sym
index 149d2e7b82..f4a1426248 100644
--- a/src/libsystemd/libsystemd.sym
+++ b/src/libsystemd/libsystemd.sym
@@ -579,3 +579,8 @@ global:
sd_event_source_get_ratelimit;
sd_event_source_is_ratelimited;
} LIBSYSTEMD_239;
+
+LIBSYSTEMD_250 {
+global:
+ sd_event_source_set_ratelimit_expire_callback;
+} LIBSYSTEMD_248;
diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
index 47cf93b3f4..0adfdd9e1a 100644
--- a/src/libsystemd/sd-event/sd-event.c
+++ b/src/libsystemd/sd-event/sd-event.c
@@ -125,6 +125,7 @@ struct sd_event_source {
uint64_t prepare_iteration;
sd_event_destroy_t destroy_callback;
+ sd_event_handler_t ratelimit_expire_callback;
LIST_FIELDS(sd_event_source, sources);
@@ -2734,7 +2735,7 @@ fail:
return r;
}
-static int event_source_leave_ratelimit(sd_event_source *s) {
+static int event_source_leave_ratelimit(sd_event_source *s, bool run_callback) {
int r;
assert(s);
@@ -2766,6 +2767,23 @@ static int event_source_leave_ratelimit(sd_event_source *s) {
ratelimit_reset(&s->rate_limit);
log_debug("Event source %p (%s) left rate limit state.", s, strna(s->description));
+
+ if (run_callback && s->ratelimit_expire_callback) {
+ s->dispatching = true;
+ r = s->ratelimit_expire_callback(s, s->userdata);
+ s->dispatching = false;
+
+ if (r < 0) {
+ log_debug_errno(r, "Ratelimit expiry callback of event source %s (type %s) returned error, disabling: %m",
+ strna(s->description),
+ event_source_type_to_string(s->type));
+
+ sd_event_source_set_enabled(s, SD_EVENT_OFF);
+ }
+
+ return 1;
+ }
+
return 0;
fail:
@@ -2966,6 +2984,7 @@ static int process_timer(
struct clock_data *d) {
sd_event_source *s;
+ bool callback_invoked = false;
int r;
assert(e);
@@ -2981,9 +3000,11 @@ static int process_timer(
* again. */
assert(s->ratelimited);
- r = event_source_leave_ratelimit(s);
+ r = event_source_leave_ratelimit(s, /* run_callback */ true);
if (r < 0)
return r;
+ else if (r == 1)
+ callback_invoked = true;
continue;
}
@@ -2998,7 +3019,7 @@ static int process_timer(
event_source_time_prioq_reshuffle(s);
}
- return 0;
+ return callback_invoked;
}
static int process_child(sd_event *e) {
@@ -3698,15 +3719,15 @@ _public_ int sd_event_wait(sd_event *e, uint64_t timeout) {
if (r < 0)
goto finish;
- r = process_timer(e, e->timestamp.realtime, &e->realtime);
+ r = process_inotify(e);
if (r < 0)
goto finish;
- r = process_timer(e, e->timestamp.boottime, &e->boottime);
+ r = process_timer(e, e->timestamp.realtime, &e->realtime);
if (r < 0)
goto finish;
- r = process_timer(e, e->timestamp.monotonic, &e->monotonic);
+ r = process_timer(e, e->timestamp.boottime, &e->boottime);
if (r < 0)
goto finish;
@@ -3718,16 +3739,27 @@ _public_ int sd_event_wait(sd_event *e, uint64_t timeout) {
if (r < 0)
goto finish;
+ r = process_timer(e, e->timestamp.monotonic, &e->monotonic);
+ if (r < 0)
+ goto finish;
+ else if (r == 1) {
+ /* Ratelimit expiry callback was called. Let's postpone processing pending sources and
+ * put loop in the initial state in order to evaluate (in the next iteration) also sources
+ * there were potentially re-enabled by the callback.
+ *
+ * Wondering why we treat only this invocation of process_timer() differently? Once event
+ * source is ratelimited we essentially transform it into CLOCK_MONOTONIC timer hence
+ * ratelimit expiry callback is never called for any other timer type. */
+ r = 0;
+ goto finish;
+ }
+
if (e->need_process_child) {
r = process_child(e);
if (r < 0)
goto finish;
}
- r = process_inotify(e);
- if (r < 0)
- goto finish;
-
if (event_next_pending(e)) {
e->state = SD_EVENT_PENDING;
@@ -4054,7 +4086,7 @@ _public_ int sd_event_source_set_ratelimit(sd_event_source *s, uint64_t interval
/* When ratelimiting is configured we'll always reset the rate limit state first and start fresh,
* non-ratelimited. */
- r = event_source_leave_ratelimit(s);
+ r = event_source_leave_ratelimit(s, /* run_callback */ false);
if (r < 0)
return r;
@@ -4062,6 +4094,13 @@ _public_ int sd_event_source_set_ratelimit(sd_event_source *s, uint64_t interval
return 0;
}
+_public_ int sd_event_source_set_ratelimit_expire_callback(sd_event_source *s, sd_event_handler_t callback) {
+ assert_return(s, -EINVAL);
+
+ s->ratelimit_expire_callback = callback;
+ return 0;
+}
+
_public_ int sd_event_source_get_ratelimit(sd_event_source *s, uint64_t *ret_interval, unsigned *ret_burst) {
assert_return(s, -EINVAL);
diff --git a/src/libsystemd/sd-event/test-event.c b/src/libsystemd/sd-event/test-event.c
index e3ee4cd5c3..9135b22839 100644
--- a/src/libsystemd/sd-event/test-event.c
+++ b/src/libsystemd/sd-event/test-event.c
@@ -506,6 +506,11 @@ static int ratelimit_time_handler(sd_event_source *s, uint64_t usec, void *userd
return 0;
}
+static int expired = -1;
+static int ratelimit_expired(sd_event_source *s, void *userdata) {
+ return ++expired;
+}
+
static void test_ratelimit(void) {
_cleanup_close_pair_ int p[2] = {-1, -1};
_cleanup_(sd_event_unrefp) sd_event *e = NULL;
@@ -568,12 +573,19 @@ static void test_ratelimit(void) {
assert_se(sd_event_source_set_ratelimit(s, 1 * USEC_PER_SEC, 10) >= 0);
+ /* Set callback that will be invoked when we leave rate limited state. */
+ assert_se(sd_event_source_set_ratelimit_expire_callback(s, ratelimit_expired) >= 0);
+
do {
assert_se(sd_event_run(e, UINT64_MAX) >= 0);
} while (!sd_event_source_is_ratelimited(s));
log_info("ratelimit_time_handler: called 10 more times, event source got ratelimited");
assert_se(count == 20);
+
+ /* Dispatch the event loop once more and check that ratelimit expiration callback got called */
+ assert_se(sd_event_run(e, UINT64_MAX) >= 0);
+ assert_se(expired == 0);
}
int main(int argc, char *argv[]) {
diff --git a/src/systemd/sd-event.h b/src/systemd/sd-event.h
index a17a9b3488..c2e9c9614d 100644
--- a/src/systemd/sd-event.h
+++ b/src/systemd/sd-event.h
@@ -147,6 +147,7 @@ int sd_event_source_get_destroy_callback(sd_event_source *s, sd_event_destroy_t
int sd_event_source_set_ratelimit(sd_event_source *s, uint64_t interval_usec, unsigned burst);
int sd_event_source_get_ratelimit(sd_event_source *s, uint64_t *ret_interval_usec, unsigned *ret_burst);
int sd_event_source_is_ratelimited(sd_event_source *s);
+int sd_event_source_set_ratelimit_expire_callback(sd_event_source *s, sd_event_handler_t callback);
/* Define helpers so that __attribute__((cleanup(sd_event_unrefp))) and similar may be used. */
_SD_DEFINE_POINTER_CLEANUP_FUNC(sd_event, sd_event_unref);

263
SOURCES/0694-core-rename-generalize-UNIT-u-test_start_limit-hook.patch Normal file
View File

@ -0,0 +1,263 @@
From 3674514b7220a136dcfd464c205d41609f0c99a7 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 4 Oct 2021 17:51:52 +0200
Subject: [PATCH] core: rename/generalize UNIT(u)->test_start_limit() hook
Up until now the main reason why we didn't proceed with starting the
unit was exceed start limit burst. However, for unit types like mounts
the other reason could be effective ratelimit on /proc/self/mountinfo
event source. That means our mount unit state may not reflect current
kernel state. Hence, we need to attempt to re-run the start job again
after ratelimit on event source expires.
As we will be introducing another reason than start limit let's rename
the virtual function that implements the check.
(cherry picked from commit 705578c3b9d794097233aa66010cf67b2a444716)
Related: #2036608
---
src/core/automount.c | 6 +++---
src/core/mount.c | 6 +++---
src/core/path.c | 6 +++---
src/core/service.c | 6 +++---
src/core/socket.c | 6 +++---
src/core/swap.c | 6 +++---
src/core/timer.c | 6 +++---
src/core/unit.c | 6 +++---
src/core/unit.h | 2 +-
9 files changed, 25 insertions(+), 25 deletions(-)
diff --git a/src/core/automount.c b/src/core/automount.c
index 5e16adabb5..f212620c8f 100644
--- a/src/core/automount.c
+++ b/src/core/automount.c
@@ -1071,7 +1071,7 @@ static bool automount_supported(void) {
return supported;
}
-static int automount_test_start_limit(Unit *u) {
+static int automount_can_start(Unit *u) {
Automount *a = AUTOMOUNT(u);
int r;
@@ -1083,7 +1083,7 @@ static int automount_test_start_limit(Unit *u) {
return r;
}
- return 0;
+ return 1;
}
static const char* const automount_result_table[_AUTOMOUNT_RESULT_MAX] = {
@@ -1145,5 +1145,5 @@ const UnitVTable automount_vtable = {
},
},
- .test_start_limit = automount_test_start_limit,
+ .can_start = automount_can_start,
};
diff --git a/src/core/mount.c b/src/core/mount.c
index 22848847e5..032a2ca156 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -1951,7 +1951,7 @@ static int mount_control_pid(Unit *u) {
return m->control_pid;
}
-static int mount_test_start_limit(Unit *u) {
+static int mount_can_start(Unit *u) {
Mount *m = MOUNT(u);
int r;
@@ -1963,7 +1963,7 @@ static int mount_test_start_limit(Unit *u) {
return r;
}
- return 0;
+ return 1;
}
static const char* const mount_exec_command_table[_MOUNT_EXEC_COMMAND_MAX] = {
@@ -2058,5 +2058,5 @@ const UnitVTable mount_vtable = {
},
},
- .test_start_limit = mount_test_start_limit,
+ .can_start = mount_can_start,
};
diff --git a/src/core/path.c b/src/core/path.c
index 1e69a1f05f..58f490589d 100644
--- a/src/core/path.c
+++ b/src/core/path.c
@@ -724,7 +724,7 @@ static void path_reset_failed(Unit *u) {
p->result = PATH_SUCCESS;
}
-static int path_test_start_limit(Unit *u) {
+static int path_can_start(Unit *u) {
Path *p = PATH(u);
int r;
@@ -736,7 +736,7 @@ static int path_test_start_limit(Unit *u) {
return r;
}
- return 0;
+ return 1;
}
static const char* const path_type_table[_PATH_TYPE_MAX] = {
@@ -792,5 +792,5 @@ const UnitVTable path_vtable = {
.bus_vtable = bus_path_vtable,
.bus_set_property = bus_path_set_property,
- .test_start_limit = path_test_start_limit,
+ .can_start = path_can_start,
};
diff --git a/src/core/service.c b/src/core/service.c
index c5f408d817..e8ae1a5772 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -4074,7 +4074,7 @@ static bool service_needs_console(Unit *u) {
SERVICE_FINAL_SIGKILL);
}
-static int service_test_start_limit(Unit *u) {
+static int service_can_start(Unit *u) {
Service *s = SERVICE(u);
int r;
@@ -4087,7 +4087,7 @@ static int service_test_start_limit(Unit *u) {
return r;
}
- return 0;
+ return 1;
}
static const char* const service_restart_table[_SERVICE_RESTART_MAX] = {
@@ -4232,5 +4232,5 @@ const UnitVTable service_vtable = {
},
},
- .test_start_limit = service_test_start_limit,
+ .can_start = service_can_start,
};
diff --git a/src/core/socket.c b/src/core/socket.c
index 36d2e4f823..3589300e68 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -3261,7 +3261,7 @@ static int socket_control_pid(Unit *u) {
return s->control_pid;
}
-static int socket_test_start_limit(Unit *u) {
+static int socket_can_start(Unit *u) {
Socket *s = SOCKET(u);
int r;
@@ -3273,7 +3273,7 @@ static int socket_test_start_limit(Unit *u) {
return r;
}
- return 0;
+ return 1;
}
static const char* const socket_exec_command_table[_SOCKET_EXEC_COMMAND_MAX] = {
@@ -3369,5 +3369,5 @@ const UnitVTable socket_vtable = {
},
},
- .test_start_limit = socket_test_start_limit,
+ .can_start = socket_can_start,
};
diff --git a/src/core/swap.c b/src/core/swap.c
index 90fcd69300..498c5a6d69 100644
--- a/src/core/swap.c
+++ b/src/core/swap.c
@@ -1452,7 +1452,7 @@ static int swap_control_pid(Unit *u) {
return s->control_pid;
}
-static int swap_test_start_limit(Unit *u) {
+static int swap_can_start(Unit *u) {
Swap *s = SWAP(u);
int r;
@@ -1464,7 +1464,7 @@ static int swap_test_start_limit(Unit *u) {
return r;
}
- return 0;
+ return 1;
}
static const char* const swap_exec_command_table[_SWAP_EXEC_COMMAND_MAX] = {
@@ -1557,5 +1557,5 @@ const UnitVTable swap_vtable = {
},
},
- .test_start_limit = swap_test_start_limit,
+ .can_start = swap_can_start,
};
diff --git a/src/core/timer.c b/src/core/timer.c
index fb9ae17990..684180bf99 100644
--- a/src/core/timer.c
+++ b/src/core/timer.c
@@ -823,7 +823,7 @@ static void timer_timezone_change(Unit *u) {
timer_enter_waiting(t, false);
}
-static int timer_test_start_limit(Unit *u) {
+static int timer_can_start(Unit *u) {
Timer *t = TIMER(u);
int r;
@@ -835,7 +835,7 @@ static int timer_test_start_limit(Unit *u) {
return r;
}
- return 0;
+ return 1;
}
static const char* const timer_base_table[_TIMER_BASE_MAX] = {
@@ -893,5 +893,5 @@ const UnitVTable timer_vtable = {
.bus_set_property = bus_timer_set_property,
.can_transient = true,
- .test_start_limit = timer_test_start_limit,
+ .can_start = timer_can_start,
};
diff --git a/src/core/unit.c b/src/core/unit.c
index f0df7452fa..4de218feac 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1728,9 +1728,9 @@ int unit_start(Unit *u) {
assert(u);
- /* Check start rate limiting early so that failure conditions don't cause us to enter a busy loop. */
- if (UNIT_VTABLE(u)->test_start_limit) {
- int r = UNIT_VTABLE(u)->test_start_limit(u);
+ /* Check our ability to start early so that failure conditions don't cause us to enter a busy loop. */
+ if (UNIT_VTABLE(u)->can_start) {
+ int r = UNIT_VTABLE(u)->can_start(u);
if (r < 0)
return r;
}
diff --git a/src/core/unit.h b/src/core/unit.h
index 9e6f1bcf81..0cd259411f 100644
--- a/src/core/unit.h
+++ b/src/core/unit.h
@@ -569,7 +569,7 @@ typedef struct UnitVTable {
/* If this function is set, it's invoked first as part of starting a unit to allow start rate
* limiting checks to occur before we do anything else. */
- int (*test_start_limit)(Unit *u);
+ int (*can_start)(Unit *u);
/* The strings to print in status messages */
UnitStatusMessageFormats status_message_formats;

27
SOURCES/0695-mount-make-mount-units-start-jobs-not-runnable-if-p-.patch Normal file
View File

@ -0,0 +1,27 @@
From cb519c7d769851ee5e24c797fc04eaa13383c674 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 4 Oct 2021 19:41:34 +0200
Subject: [PATCH] mount: make mount units start jobs not runnable if
/p/s/mountinfo ratelimit is in effect
(cherry picked from commit a7c93dfe91e88a5a561341c523a45c7f8d71a588)
Related: #2036608
---
src/core/mount.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/core/mount.c b/src/core/mount.c
index 032a2ca156..ab09e6fbb0 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -1957,6 +1957,9 @@ static int mount_can_start(Unit *u) {
assert(m);
+ if (sd_event_source_is_ratelimited(u->manager->mount_event_source))
+ return -EAGAIN;
+
r = unit_test_start_limit(u);
if (r < 0) {
mount_enter_dead(m, MOUNT_FAILURE_START_LIMIT_HIT);

54
SOURCES/0696-mount-retrigger-run-queue-after-ratelimit-expired-to.patch Normal file
View File

@ -0,0 +1,54 @@
From b0c226e9fd3e6bfa5388832cc2745d9ec935f3ec Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 4 Oct 2021 20:31:49 +0200
Subject: [PATCH] mount: retrigger run queue after ratelimit expired to run
delayed mount start jobs
Fixes #20329
(cherry picked from commit edc027b4f1cfaa49e8ecdde763eb8c623402d464)
Related: #2036608
---
src/core/mount.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/src/core/mount.c b/src/core/mount.c
index ab09e6fbb0..bdba9e6884 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -1710,6 +1710,21 @@ static bool mount_is_mounted(Mount *m) {
return UNIT(m)->perpetual || m->is_mounted;
}
+static int mount_on_ratelimit_expire(sd_event_source *s, void *userdata) {
+ Manager *m = userdata;
+ int r;
+
+ assert(m);
+
+ /* By entering ratelimited state we made all mount start jobs not runnable, now rate limit is over so let's
+ * make sure we dispatch them in the next iteration. */
+ r = sd_event_source_set_enabled(m->run_queue_event_source, SD_EVENT_ONESHOT);
+ if (r < 0)
+ log_debug_errno(r, "Failed to enable run queue event source, ignoring: %m");
+
+ return 0;
+}
+
static void mount_enumerate(Manager *m) {
int r;
@@ -1763,6 +1778,12 @@ static void mount_enumerate(Manager *m) {
goto fail;
}
+ r = sd_event_source_set_ratelimit_expire_callback(m->mount_event_source, mount_on_ratelimit_expire);
+ if (r < 0) {
+ log_error_errno(r, "Failed to enable rate limit for mount events: %m");
+ goto fail;
+ }
+
(void) sd_event_source_set_description(m->mount_event_source, "mount-monitor-dispatch");
}

98
SOURCES/0697-pid1-add-a-manager_trigger_run_queue-helper.patch Normal file
View File

@ -0,0 +1,98 @@
From 5a218b6820be7ffaf21cd42cd4c96b47d18442ee Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 12 Nov 2021 09:43:07 +0100
Subject: [PATCH] pid1: add a manager_trigger_run_queue() helper
We have two different places where we re-trigger the run queue now.
let's unify it under a common function, that is part of the Manager
code.
Follow-up for #20953
(cherry picked from commit b0c4b2824693fe6a27ea9439ec7a6328a0e23704)
Related: #2036608
---
src/core/job.c | 5 ++---
src/core/manager.c | 12 ++++++++++++
src/core/manager.h | 2 ++
src/core/mount.c | 9 +++------
4 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/src/core/job.c b/src/core/job.c
index 43ab55ed18..55f36b928f 100644
--- a/src/core/job.c
+++ b/src/core/job.c
@@ -1139,11 +1139,10 @@ void job_add_to_run_queue(Job *j) {
if (j->in_run_queue)
return;
- if (!j->manager->run_queue)
- sd_event_source_set_enabled(j->manager->run_queue_event_source, SD_EVENT_ONESHOT);
-
LIST_PREPEND(run_queue, j->manager->run_queue, j);
j->in_run_queue = true;
+
+ manager_trigger_run_queue(j->manager);
}
void job_add_to_dbus_queue(Job *j) {
diff --git a/src/core/manager.c b/src/core/manager.c
index ee976f70b3..845c26f498 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -2120,6 +2120,18 @@ static int manager_dispatch_run_queue(sd_event_source *source, void *userdata) {
return 1;
}
+void manager_trigger_run_queue(Manager *m) {
+ int r;
+
+ assert(m);
+
+ r = sd_event_source_set_enabled(
+ m->run_queue_event_source,
+ m->run_queue ? SD_EVENT_ONESHOT: SD_EVENT_OFF);
+ if (r < 0)
+ log_warning_errno(r, "Failed to enable job run queue event source, ignoring: %m");
+}
+
static unsigned manager_dispatch_dbus_queue(Manager *m) {
unsigned n = 0, budget;
Unit *u;
diff --git a/src/core/manager.h b/src/core/manager.h
index c4b8e80093..7b572c8dfd 100644
--- a/src/core/manager.h
+++ b/src/core/manager.h
@@ -416,6 +416,8 @@ unsigned manager_dispatch_load_queue(Manager *m);
int manager_environment_add(Manager *m, char **minus, char **plus);
int manager_set_default_rlimits(Manager *m, struct rlimit **default_rlimit);
+void manager_trigger_run_queue(Manager *m);
+
int manager_loop(Manager *m);
int manager_open_serialization(Manager *m, FILE **_f);
diff --git a/src/core/mount.c b/src/core/mount.c
index bdba9e6884..c17154cde1 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -1712,15 +1712,12 @@ static bool mount_is_mounted(Mount *m) {
static int mount_on_ratelimit_expire(sd_event_source *s, void *userdata) {
Manager *m = userdata;
- int r;
assert(m);
- /* By entering ratelimited state we made all mount start jobs not runnable, now rate limit is over so let's
- * make sure we dispatch them in the next iteration. */
- r = sd_event_source_set_enabled(m->run_queue_event_source, SD_EVENT_ONESHOT);
- if (r < 0)
- log_debug_errno(r, "Failed to enable run queue event source, ignoring: %m");
+ /* By entering ratelimited state we made all mount start jobs not runnable, now rate limit is over so
+ * let's make sure we dispatch them in the next iteration. */
+ manager_trigger_run_queue(m);
return 0;
}

46
SOURCES/0698-unit-add-jobs-that-were-skipped-because-of-ratelimit.patch Normal file
View File

@ -0,0 +1,46 @@
From dd662fc39a28655b89619a828a15e5e457bf6f4c Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Thu, 25 Nov 2021 18:28:25 +0100
Subject: [PATCH] unit: add jobs that were skipped because of ratelimit back to
run_queue
Assumption in edc027b was that job we first skipped because of active
ratelimit is still in run_queue. Hence we trigger the queue and dispatch
it in the next iteration. Actually we remove jobs from run_queue in
job_run_and_invalidate() before we call unit_start(). Hence if we want
to attempt to run the job again in the future we need to add it back
to run_queue.
Fixes #21458
(cherry picked from commit c29e6a9530316823b0455cd83eb6d0bb8dd664f4)
Related: #2036608
---
src/core/mount.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/core/mount.c b/src/core/mount.c
index c17154cde1..691b23ca74 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -1712,9 +1712,19 @@ static bool mount_is_mounted(Mount *m) {
static int mount_on_ratelimit_expire(sd_event_source *s, void *userdata) {
Manager *m = userdata;
+ Job *j;
+ Iterator i;
assert(m);
+ /* Let's enqueue all start jobs that were previously skipped because of active ratelimit. */
+ HASHMAP_FOREACH(j, m->jobs, i) {
+ if (j->unit->type != UNIT_MOUNT)
+ continue;
+
+ job_add_to_run_queue(j);
+ }
+
/* By entering ratelimited state we made all mount start jobs not runnable, now rate limit is over so
* let's make sure we dispatch them in the next iteration. */
manager_trigger_run_queue(m);

37
SOURCES/0699-Revert-Revert-sysctl-Enable-ping-8-inside-rootless-P.patch Normal file
View File

@ -0,0 +1,37 @@
From 54faef034bb2062ed8afa72e2c1be40ef7cc41c5 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 26 Jul 2019 09:25:09 +0200
Subject: [PATCH] Revert "Revert "sysctl: Enable ping(8) inside rootless Podman
containers""
This reverts commit be74f51605b4c7cb74fec3a50cd13b67598a8ac1.
Let's add this again. With the new sysctl "-" thing we can make this
work.
Resolves: #2037807
(cherry picked from commit 0338934f4bcda6a96a5342449ae96b003de3378d)
---
sysctl.d/50-default.conf | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf
index e0afc9c702..21ae1df13d 100644
--- a/sysctl.d/50-default.conf
+++ b/sysctl.d/50-default.conf
@@ -33,6 +33,14 @@ net.ipv4.conf.all.accept_source_route = 0
# Promote secondary addresses when the primary address is removed
net.ipv4.conf.all.promote_secondaries = 1
+# ping(8) without CAP_NET_ADMIN and CAP_NET_RAW
+# The upper limit is set to 2^31-1. Values greater than that get rejected by
+# the kernel because of this definition in linux/include/net/ping.h:
+# #define GID_T_MAX (((gid_t)~0U) >> 1)
+# That's not so bad because values between 2^31 and 2^32-1 are reserved on
+# systemd-based systems anyway: https://systemd.io/UIDS-GIDS.html#summary
+net.ipv4.ping_group_range = 0 2147483647
+
# Fair Queue CoDel packet scheduler to fight bufferbloat
net.core.default_qdisc = fq_codel

27
SOURCES/0700-sysctl-prefix-ping-port-range-setting-with-a-dash.patch Normal file
View File

@ -0,0 +1,27 @@
From 41a32aeaf5d33f253f48bfbe8d00de9d160985f7 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 26 Jul 2019 09:26:07 +0200
Subject: [PATCH] sysctl: prefix ping port range setting with a dash
Fixes: #13177
Resolves: #2037807
(cherry picked from commit 000500c9d6347e0e2cdb92ec48fa10c0bb3ceca8)
---
sysctl.d/50-default.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf
index 21ae1df13d..5156d55ca9 100644
--- a/sysctl.d/50-default.conf
+++ b/sysctl.d/50-default.conf
@@ -39,7 +39,7 @@ net.ipv4.conf.all.promote_secondaries = 1
# #define GID_T_MAX (((gid_t)~0U) >> 1)
# That's not so bad because values between 2^31 and 2^32-1 are reserved on
# systemd-based systems anyway: https://systemd.io/UIDS-GIDS.html#summary
-net.ipv4.ping_group_range = 0 2147483647
+-net.ipv4.ping_group_range = 0 2147483647
# Fair Queue CoDel packet scheduler to fight bufferbloat
net.core.default_qdisc = fq_codel

56
SOURCES/0701-mount-don-t-propagate-errors-from-mount_setup_unit-f.patch Normal file
View File

@ -0,0 +1,56 @@
From c236734f95550747c4979fe318e3a890adaa0a94 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 28 Nov 2018 12:41:44 +0100
Subject: [PATCH] mount: don't propagate errors from mount_setup_unit() further
up
If we can't process a specific line in /proc/self/mountinfo we should
log about it (which we do), but this should not affect other lines, nor
further processing of mount units. Let's keep these failures local.
Fixes: #10874
Cherry picked from commit ba0d56f55f2073164799be714b5bd1aad94d059a.
Trivial conflict in src/core/mount.c, function mount_load_proc_self_mountinfo,
due to local commit ca634baa10e. Also, due to the same commit, int k
is no longer used and is thus removed.
Resolves: #2036853
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
---
src/core/mount.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/src/core/mount.c b/src/core/mount.c
index 691b23ca74..4e0a4f238a 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -1615,12 +1615,10 @@ static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) {
if (r < 0)
return log_error_errno(r, "Failed to parse /proc/self/mountinfo: %m");
- r = 0;
for (;;) {
struct libmnt_fs *fs;
const char *device, *path, *options, *fstype;
_cleanup_free_ char *d = NULL, *p = NULL;
- int k;
r = mnt_table_next_fs(table, iter, &fs);
if (r == 1)
@@ -1644,12 +1642,10 @@ static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) {
device_found_node(m, d, DEVICE_FOUND_MOUNT, DEVICE_FOUND_MOUNT);
- k = mount_setup_unit(m, d, p, options, fstype, set_flags);
- if (r == 0 && k < 0)
- r = k;
+ (void) mount_setup_unit(m, d, p, options, fstype, set_flags);
}
- return r;
+ return 0;
}
static void mount_shutdown(Manager *m) {

50
SOURCES/0702-udev-net_id-introduce-naming-scheme-for-RHEL-8.5.patch Normal file
View File

@ -0,0 +1,50 @@
From d45e0cc7a64648dc3ad082b512ff488537d3ebef Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 12 Jan 2022 15:35:19 +0100
Subject: [PATCH] udev/net_id: introduce naming scheme for RHEL-8.5
RHEL-only
Related: #2039797
---
man/systemd.net-naming-scheme.xml | 6 ++++++
src/udev/udev-builtin-net_id.c | 2 ++
2 files changed, 8 insertions(+)
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
index 10e71dcb15..be969bc8d0 100644
--- a/man/systemd.net-naming-scheme.xml
+++ b/man/systemd.net-naming-scheme.xml
@@ -301,6 +301,12 @@
avoid possible naming conflict.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><constant>rhel-8.5</constant></term>
+
+ <para>Same as naming scheme <constant>rhel-8.4</constant>.</para>
+ </varlistentry>
+
<para>Note that <constant>latest</constant> may be used to denote the latest scheme known (to this
particular version of systemd.</para>
</variablelist>
diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
index 7c153f0aef..81139e666b 100644
--- a/src/udev/udev-builtin-net_id.c
+++ b/src/udev/udev-builtin-net_id.c
@@ -134,6 +134,7 @@ typedef enum NamingSchemeFlags {
NAMING_RHEL_8_2 = NAMING_V239,
NAMING_RHEL_8_3 = NAMING_V239,
NAMING_RHEL_8_4 = NAMING_V239|NAMING_BRIDGE_NO_SLOT,
+ NAMING_RHEL_8_5 = NAMING_RHEL_8_4,
_NAMING_SCHEME_FLAGS_INVALID = -1,
} NamingSchemeFlags;
@@ -151,6 +152,7 @@ static const NamingScheme naming_schemes[] = {
{ "rhel-8.2", NAMING_RHEL_8_2 },
{ "rhel-8.3", NAMING_RHEL_8_3 },
{ "rhel-8.4", NAMING_RHEL_8_4 },
+ { "rhel-8.5", NAMING_RHEL_8_5 },
/* … add more schemes here, as the logic to name devices is updated … */
};

25
SOURCES/0703-udev-net_id-remove-extraneous-bracket.patch Normal file
View File

@ -0,0 +1,25 @@
From a967622c58e1ae76bb7e22e83389295c77d560df Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 12 Jan 2022 15:35:54 +0100
Subject: [PATCH] udev/net_id: remove extraneous bracket
RHEL-only
Related: #2039797
---
man/systemd.net-naming-scheme.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
index be969bc8d0..a65da5c6c1 100644
--- a/man/systemd.net-naming-scheme.xml
+++ b/man/systemd.net-naming-scheme.xml
@@ -307,7 +307,7 @@
<para>Same as naming scheme <constant>rhel-8.4</constant>.</para>
</varlistentry>
- <para>Note that <constant>latest</constant> may be used to denote the latest scheme known (to this
+ <para>Note that <constant>latest</constant> may be used to denote the latest scheme known to this
particular version of systemd.</para>
</variablelist>
</refsect1>

50
SOURCES/0704-udev-net_id-introduce-naming-scheme-for-RHEL-8.6.patch Normal file
View File

@ -0,0 +1,50 @@
From 7ee6542c64103205d6520c1165894b3b6a40f2c9 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 12 Jan 2022 15:38:38 +0100
Subject: [PATCH] udev/net_id: introduce naming scheme for RHEL-8.6
RHEL-only
Related: #2039797
---
man/systemd.net-naming-scheme.xml | 6 ++++++
src/udev/udev-builtin-net_id.c | 2 ++
2 files changed, 8 insertions(+)
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
index a65da5c6c1..fe1aa4b654 100644
--- a/man/systemd.net-naming-scheme.xml
+++ b/man/systemd.net-naming-scheme.xml
@@ -307,6 +307,12 @@
<para>Same as naming scheme <constant>rhel-8.4</constant>.</para>
</varlistentry>
+ <varlistentry>
+ <term><constant>rhel-8.6</constant></term>
+
+ <para>Same as naming scheme <constant>rhel-8.4</constant>.</para>
+ </varlistentry>
+
<para>Note that <constant>latest</constant> may be used to denote the latest scheme known to this
particular version of systemd.</para>
</variablelist>
diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
index 81139e666b..eafcbb64c5 100644
--- a/src/udev/udev-builtin-net_id.c
+++ b/src/udev/udev-builtin-net_id.c
@@ -135,6 +135,7 @@ typedef enum NamingSchemeFlags {
NAMING_RHEL_8_3 = NAMING_V239,
NAMING_RHEL_8_4 = NAMING_V239|NAMING_BRIDGE_NO_SLOT,
NAMING_RHEL_8_5 = NAMING_RHEL_8_4,
+ NAMING_RHEL_8_6 = NAMING_RHEL_8_4,
_NAMING_SCHEME_FLAGS_INVALID = -1,
} NamingSchemeFlags;
@@ -153,6 +154,7 @@ static const NamingScheme naming_schemes[] = {
{ "rhel-8.3", NAMING_RHEL_8_3 },
{ "rhel-8.4", NAMING_RHEL_8_4 },
{ "rhel-8.5", NAMING_RHEL_8_5 },
+ { "rhel-8.6", NAMING_RHEL_8_6 },
/* … add more schemes here, as the logic to name devices is updated … */
};

60
SOURCES/0705-define-newly-needed-constants.patch Normal file
View File

@ -0,0 +1,60 @@
From 08c1e6e304108e8bc8beca126f50888be7575bd0 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 26 Nov 2020 16:29:10 +0100
Subject: [PATCH] define newly needed constants
Related: #2005008
---
src/basic/missing.h | 23 +++++++++++++++++++++--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/src/basic/missing.h b/src/basic/missing.h
index 14ad3d4914..b9376617fc 100644
--- a/src/basic/missing.h
+++ b/src/basic/missing.h
@@ -747,10 +747,13 @@ struct input_mask {
#define IFLA_NUM_RX_QUEUES 32
#define IFLA_CARRIER 33
#define IFLA_PHYS_PORT_ID 34
-#define __IFLA_MAX 35
+#endif
+
+#define IFLA_PROP_LIST 52
+#define IFLA_ALT_IFNAME 53
+#define __IFLA_MAX 53
#define IFLA_MAX (__IFLA_MAX - 1)
-#endif
#if !HAVE_IFLA_BOND_AD_INFO
#define IFLA_BOND_UNSPEC 0
@@ -1045,6 +1048,18 @@ struct input_mask {
#define RTA_EXPIRES 23
#endif
+#ifndef RTM_NEWLINKPROP
+#define RTM_NEWLINKPROP 108
+#endif
+
+#ifndef RTM_DELLINKPROP
+#define RTM_DELLINKPROP 109
+#endif
+
+#ifndef RTM_GETLINKPROP
+#define RTM_GETLINKPROP 110
+#endif
+
#ifndef IPV6_UNICAST_IF
#define IPV6_UNICAST_IF 76
#endif
@@ -1057,6 +1072,10 @@ struct input_mask {
#define IPV4_MIN_MTU 68
#endif
+#ifndef ALTIFNAMSIZ
+#define ALTIFNAMSIZ 128
+#endif
+
#ifndef IFF_MULTI_QUEUE
#define IFF_MULTI_QUEUE 0x100
#endif

95
SOURCES/0706-sd-netlink-support-IFLA_PROP_LIST-and-IFLA_ALT_IFNAM.patch Normal file
View File

@ -0,0 +1,95 @@
From 32e39fd249737c77248c32d064021426a2ec7a52 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 15 Dec 2019 20:57:51 +0900
Subject: [PATCH] sd-netlink: support IFLA_PROP_LIST and IFLA_ALT_IFNAME
attributes
(cherry picked from commit ffeb16f5d832b1c65b8c8a1dd9bdd028bd76fc72)
Related: #2005008
---
src/libsystemd/sd-netlink/netlink-message.c | 2 +-
src/libsystemd/sd-netlink/netlink-types.c | 13 +++++++++++++
src/libsystemd/sd-netlink/netlink-util.h | 4 +++-
src/libsystemd/sd-netlink/rtnl-message.c | 2 ++
4 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/src/libsystemd/sd-netlink/netlink-message.c b/src/libsystemd/sd-netlink/netlink-message.c
index 23907c8224..db9101c163 100644
--- a/src/libsystemd/sd-netlink/netlink-message.c
+++ b/src/libsystemd/sd-netlink/netlink-message.c
@@ -89,7 +89,7 @@ int sd_netlink_message_request_dump(sd_netlink_message *m, int dump) {
assert_return(m, -EINVAL);
assert_return(m->hdr, -EINVAL);
- assert_return(IN_SET(m->hdr->nlmsg_type, RTM_GETLINK, RTM_GETADDR, RTM_GETROUTE, RTM_GETNEIGH, RTM_GETRULE, RTM_GETADDRLABEL), -EINVAL);
+ assert_return(IN_SET(m->hdr->nlmsg_type, RTM_GETLINK, RTM_GETLINKPROP, RTM_GETADDR, RTM_GETROUTE, RTM_GETNEIGH, RTM_GETRULE, RTM_GETADDRLABEL), -EINVAL);
SET_FLAG(m->hdr->nlmsg_flags, NLM_F_DUMP, dump);
diff --git a/src/libsystemd/sd-netlink/netlink-types.c b/src/libsystemd/sd-netlink/netlink-types.c
index c93fe9cb4c..47d9c7f1c4 100644
--- a/src/libsystemd/sd-netlink/netlink-types.c
+++ b/src/libsystemd/sd-netlink/netlink-types.c
@@ -451,6 +451,15 @@ static const NLTypeSystem rtnl_af_spec_type_system = {
.types = rtnl_af_spec_types,
};
+static const NLType rtnl_prop_list_types[] = {
+ [IFLA_ALT_IFNAME] = { .type = NETLINK_TYPE_STRING, .size = ALTIFNAMSIZ - 1 },
+};
+
+static const NLTypeSystem rtnl_prop_list_type_system = {
+ .count = ELEMENTSOF(rtnl_prop_list_types),
+ .types = rtnl_prop_list_types,
+};
+
static const NLType rtnl_link_types[] = {
[IFLA_ADDRESS] = { .type = NETLINK_TYPE_ETHER_ADDR },
[IFLA_BROADCAST] = { .type = NETLINK_TYPE_ETHER_ADDR },
@@ -501,6 +510,7 @@ static const NLType rtnl_link_types[] = {
/*
[IFLA_PHYS_PORT_ID] = { .type = NETLINK_TYPE_BINARY, .len = MAX_PHYS_PORT_ID_LEN },
*/
+ [IFLA_PROP_LIST] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_prop_list_type_system },
};
static const NLTypeSystem rtnl_link_type_system = {
@@ -643,6 +653,9 @@ static const NLType rtnl_types[] = {
[RTM_DELLINK] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_link_type_system, .size = sizeof(struct ifinfomsg) },
[RTM_GETLINK] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_link_type_system, .size = sizeof(struct ifinfomsg) },
[RTM_SETLINK] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_link_type_system, .size = sizeof(struct ifinfomsg) },
+ [RTM_NEWLINKPROP] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_link_type_system, .size = sizeof(struct ifinfomsg) },
+ [RTM_DELLINKPROP] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_link_type_system, .size = sizeof(struct ifinfomsg) },
+ [RTM_GETLINKPROP] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_link_type_system, .size = sizeof(struct ifinfomsg) },
[RTM_NEWADDR] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_address_type_system, .size = sizeof(struct ifaddrmsg) },
[RTM_DELADDR] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_address_type_system, .size = sizeof(struct ifaddrmsg) },
[RTM_GETADDR] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_address_type_system, .size = sizeof(struct ifaddrmsg) },
diff --git a/src/libsystemd/sd-netlink/netlink-util.h b/src/libsystemd/sd-netlink/netlink-util.h
index 7c35a2cfa7..882a616310 100644
--- a/src/libsystemd/sd-netlink/netlink-util.h
+++ b/src/libsystemd/sd-netlink/netlink-util.h
@@ -19,7 +19,9 @@ static inline bool rtnl_message_type_is_route(uint16_t type) {
}
static inline bool rtnl_message_type_is_link(uint16_t type) {
- return IN_SET(type, RTM_NEWLINK, RTM_SETLINK, RTM_GETLINK, RTM_DELLINK);
+ return IN_SET(type,
+ RTM_NEWLINK, RTM_SETLINK, RTM_GETLINK, RTM_DELLINK,
+ RTM_NEWLINKPROP, RTM_DELLINKPROP, RTM_GETLINKPROP);
}
static inline bool rtnl_message_type_is_addr(uint16_t type) {
diff --git a/src/libsystemd/sd-netlink/rtnl-message.c b/src/libsystemd/sd-netlink/rtnl-message.c
index 4416e1720c..369c402986 100644
--- a/src/libsystemd/sd-netlink/rtnl-message.c
+++ b/src/libsystemd/sd-netlink/rtnl-message.c
@@ -449,6 +449,8 @@ int sd_rtnl_message_new_link(sd_netlink *rtnl, sd_netlink_message **ret,
if (nlmsg_type == RTM_NEWLINK)
(*ret)->hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_EXCL;
+ else if (nlmsg_type == RTM_NEWLINK)
+ (*ret)->hdr->nlmsg_flags |= NLM_F_EXCL | NLM_F_CREATE | NLM_F_APPEND;
ifi = NLMSG_DATA((*ret)->hdr);

106
SOURCES/0707-sd-netlink-introduce-sd_netlink_message_read_strv.patch Normal file
View File

@ -0,0 +1,106 @@
From cd3b4c5345a3500f190941454fff03fc143c6f2e Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 15 Dec 2019 21:32:25 +0900
Subject: [PATCH] sd-netlink: introduce sd_netlink_message_read_strv()
The combination of sd_netlink_message_enter_container() and
sd_netlink_message_read_string() only reads the last element if the attribute is
duplicated, such a situation easily happens for IFLA_ALT_IFNAME.
The function introduced here reads all matched attributes.
(cherry picked from commit 8f3c1859669230c2c8458675f41de13e369b47e7)
Related: #2005008
---
src/libsystemd/sd-netlink/netlink-message.c | 58 +++++++++++++++++++++
src/systemd/sd-netlink.h | 1 +
2 files changed, 59 insertions(+)
diff --git a/src/libsystemd/sd-netlink/netlink-message.c b/src/libsystemd/sd-netlink/netlink-message.c
index db9101c163..5723e1d21c 100644
--- a/src/libsystemd/sd-netlink/netlink-message.c
+++ b/src/libsystemd/sd-netlink/netlink-message.c
@@ -14,6 +14,7 @@
#include "netlink-util.h"
#include "refcnt.h"
#include "socket-util.h"
+#include "strv.h"
#include "util.h"
#define GET_CONTAINER(m, i) ((i) < (m)->n_containers ? (struct rtattr*)((uint8_t*)(m)->hdr + (m)->containers[i].offset) : NULL)
@@ -754,6 +755,63 @@ int sd_netlink_message_read_in6_addr(sd_netlink_message *m, unsigned short type,
return 0;
}
+int sd_netlink_message_read_strv(sd_netlink_message *m, unsigned short container_type, unsigned short type_id, char ***ret) {
+ _cleanup_strv_free_ char **s = NULL;
+ const NLTypeSystem *type_system;
+ const NLType *nl_type;
+ struct rtattr *rta;
+ void *container;
+ unsigned short rt_len;
+ int r;
+
+ assert_return(m, -EINVAL);
+ assert_return(m->n_containers < RTNL_CONTAINER_DEPTH, -EINVAL);
+
+ r = type_system_get_type(m->containers[m->n_containers].type_system,
+ &nl_type,
+ container_type);
+ if (r < 0)
+ return r;
+
+ if (type_get_type(nl_type) != NETLINK_TYPE_NESTED)
+ return -EINVAL;
+
+ r = type_system_get_type_system(m->containers[m->n_containers].type_system,
+ &type_system,
+ container_type);
+ if (r < 0)
+ return r;
+
+ r = type_system_get_type(type_system, &nl_type, type_id);
+ if (r < 0)
+ return r;
+
+ if (type_get_type(nl_type) != NETLINK_TYPE_STRING)
+ return -EINVAL;
+
+ r = netlink_message_read_internal(m, container_type, &container, NULL);
+ if (r < 0)
+ return r;
+
+ rt_len = (unsigned short) r;
+ rta = container;
+
+ for (; RTA_OK(rta, rt_len); rta = RTA_NEXT(rta, rt_len)) {
+ unsigned short type;
+
+ type = RTA_TYPE(rta);
+ if (type != type_id)
+ continue;
+
+ r = strv_extend(&s, RTA_DATA(rta));
+ if (r < 0)
+ return r;
+ }
+
+ *ret = TAKE_PTR(s);
+ return 0;
+}
+
static int netlink_container_parse(sd_netlink_message *m,
struct netlink_container *container,
int count,
diff --git a/src/systemd/sd-netlink.h b/src/systemd/sd-netlink.h
index 51f0fa16b4..1f5c093f11 100644
--- a/src/systemd/sd-netlink.h
+++ b/src/systemd/sd-netlink.h
@@ -82,6 +82,7 @@ int sd_netlink_message_open_container_union(sd_netlink_message *m, unsigned shor
int sd_netlink_message_close_container(sd_netlink_message *m);
int sd_netlink_message_read_string(sd_netlink_message *m, unsigned short type, const char **data);
+int sd_netlink_message_read_strv(sd_netlink_message *m, unsigned short container_type, unsigned short type_id, char ***ret);
int sd_netlink_message_read_u8(sd_netlink_message *m, unsigned short type, uint8_t *data);
int sd_netlink_message_read_u16(sd_netlink_message *m, unsigned short type, uint16_t *data);
int sd_netlink_message_read_u32(sd_netlink_message *m, unsigned short type, uint32_t *data);

65
SOURCES/0708-sd-netlink-introduce-sd_netlink_message_append_strv.patch Normal file
View File

@ -0,0 +1,65 @@
From bbfebb42c9023e36fb66f0e3b0bad132ab2fba55 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 15 Dec 2019 21:47:21 +0900
Subject: [PATCH] sd-netlink: introduce sd_netlink_message_append_strv()
(cherry picked from commit 6d725977c4f98a8f5effc33f44aa646cc2b6a0b7)
Related: #2005008
---
src/libsystemd/sd-netlink/netlink-message.c | 29 +++++++++++++++++++++
src/systemd/sd-netlink.h | 1 +
2 files changed, 30 insertions(+)
diff --git a/src/libsystemd/sd-netlink/netlink-message.c b/src/libsystemd/sd-netlink/netlink-message.c
index 5723e1d21c..55d6510b63 100644
--- a/src/libsystemd/sd-netlink/netlink-message.c
+++ b/src/libsystemd/sd-netlink/netlink-message.c
@@ -259,6 +259,35 @@ int sd_netlink_message_append_string(sd_netlink_message *m, unsigned short type,
return 0;
}
+int sd_netlink_message_append_strv(sd_netlink_message *m, unsigned short type, char * const *data) {
+ size_t length, size;
+ char * const *p;
+ int r;
+
+ assert_return(m, -EINVAL);
+ assert_return(!m->sealed, -EPERM);
+ assert_return(data, -EINVAL);
+
+ r = message_attribute_has_type(m, &size, type, NETLINK_TYPE_STRING);
+ if (r < 0)
+ return r;
+
+ STRV_FOREACH(p, data) {
+ if (size) {
+ length = strnlen(*p, size+1);
+ if (length > size)
+ return -EINVAL;
+ } else
+ length = strlen(*p);
+
+ r = add_rtattr(m, type, *p, length + 1);
+ if (r < 0)
+ return r;
+ }
+
+ return 0;
+}
+
int sd_netlink_message_append_flag(sd_netlink_message *m, unsigned short type) {
size_t size;
int r;
diff --git a/src/systemd/sd-netlink.h b/src/systemd/sd-netlink.h
index 1f5c093f11..5a05cd4485 100644
--- a/src/systemd/sd-netlink.h
+++ b/src/systemd/sd-netlink.h
@@ -67,6 +67,7 @@ int sd_netlink_attach_event(sd_netlink *nl, sd_event *e, int64_t priority);
int sd_netlink_detach_event(sd_netlink *nl);
int sd_netlink_message_append_string(sd_netlink_message *m, unsigned short type, const char *data);
+int sd_netlink_message_append_strv(sd_netlink_message *m, unsigned short type, char * const *data);
int sd_netlink_message_append_flag(sd_netlink_message *m, unsigned short type);
int sd_netlink_message_append_u8(sd_netlink_message *m, unsigned short type, uint8_t data);
int sd_netlink_message_append_u16(sd_netlink_message *m, unsigned short type, uint16_t data);

71
SOURCES/0709-test-add-a-test-for-sd_netlink_message_-append-read-.patch Normal file
View File

@ -0,0 +1,71 @@
From 58d0d77ddda4c02943d1f03e4c142aec9c4930f5 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 15 Dec 2019 21:48:12 +0900
Subject: [PATCH] test: add a test for sd_netlink_message_{append,read}_strv()
(cherry picked from commit d08d92d5ee508a80e35d6b95b962bd09527fb5f2)
Related: #2005008
---
src/libsystemd/sd-netlink/test-netlink.c | 33 ++++++++++++++++++++++++
1 file changed, 33 insertions(+)
diff --git a/src/libsystemd/sd-netlink/test-netlink.c b/src/libsystemd/sd-netlink/test-netlink.c
index 03773fb936..8ee6551385 100644
--- a/src/libsystemd/sd-netlink/test-netlink.c
+++ b/src/libsystemd/sd-netlink/test-netlink.c
@@ -10,7 +10,9 @@
#include "missing.h"
#include "netlink-util.h"
#include "socket-util.h"
+#include "stdio-util.h"
#include "string-util.h"
+#include "strv.h"
#include "util.h"
static void test_message_link_bridge(sd_netlink *rtnl) {
@@ -357,6 +359,36 @@ static void test_message(sd_netlink *rtnl) {
assert_se(sd_netlink_message_get_errno(m) == -ETIMEDOUT);
}
+static void test_strv(sd_netlink *rtnl) {
+ _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
+ _cleanup_strv_free_ char **names_in = NULL, **names_out;
+ const char *p;
+
+ assert_se(sd_rtnl_message_new_link(rtnl, &m, RTM_NEWLINKPROP, 1) >= 0);
+
+ for (unsigned i = 0; i < 10; i++) {
+ char name[STRLEN("hoge") + DECIMAL_STR_MAX(uint32_t)];
+
+ xsprintf(name, "hoge%" PRIu32, i + 1000);
+ assert_se(strv_extend(&names_in, name) >= 0);
+ }
+
+ assert_se(sd_netlink_message_open_container(m, IFLA_PROP_LIST) >= 0);
+ assert_se(sd_netlink_message_append_strv(m, IFLA_ALT_IFNAME, names_in) >= 0);
+ assert_se(sd_netlink_message_close_container(m) >= 0);
+
+ rtnl_message_seal(m);
+ assert_se(sd_netlink_message_rewind(m) >= 0);
+
+ assert_se(sd_netlink_message_read_strv(m, IFLA_PROP_LIST, IFLA_ALT_IFNAME, &names_out) >= 0);
+ assert_se(strv_equal(names_in, names_out));
+
+ assert_se(sd_netlink_message_enter_container(m, IFLA_PROP_LIST) >= 0);
+ assert_se(sd_netlink_message_read_string(m, IFLA_ALT_IFNAME, &p) >= 0);
+ assert_se(streq(p, "hoge1009"));
+ assert_se(sd_netlink_message_exit_container(m) >= 0);
+}
+
int main(void) {
sd_netlink *rtnl;
sd_netlink_message *m;
@@ -377,6 +409,7 @@ int main(void) {
test_message(rtnl);
test_container(rtnl);
+ test_strv(rtnl);
if_loopback = (int) if_nametoindex("lo");
assert_se(if_loopback > 0);

79
SOURCES/0710-util-introduce-ifname_valid_full.patch Normal file
View File

@ -0,0 +1,79 @@
From 1b12b8e9c0f6f230e12ca13bd70f27ef0a2fcfdd Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 15 Dec 2019 23:01:54 +0900
Subject: [PATCH] util: introduce ifname_valid_full()
(cherry picked from commit 4252696aec9ec038ff312a164e25f039da25126f)
Related: #2005008
---
src/basic/socket-util.c | 12 +++++++++---
src/basic/socket-util.h | 5 ++++-
src/test/test-socket-util.c | 1 +
3 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/src/basic/socket-util.c b/src/basic/socket-util.c
index 053bcba670..7f8066123b 100644
--- a/src/basic/socket-util.c
+++ b/src/basic/socket-util.c
@@ -13,6 +13,7 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <linux/if.h>
#include "alloc-util.h"
#include "fd-util.h"
@@ -868,7 +869,7 @@ static const char* const ip_tos_table[] = {
DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(ip_tos, int, 0xff);
-bool ifname_valid(const char *p) {
+bool ifname_valid_full(const char *p, bool alternative) {
bool numeric = true;
/* Checks whether a network interface name is valid. This is inspired by dev_valid_name() in the kernel sources
@@ -878,8 +879,13 @@ bool ifname_valid(const char *p) {
if (isempty(p))
return false;
- if (strlen(p) >= IFNAMSIZ)
- return false;
+ if (alternative) {
+ if (strlen(p) >= ALTIFNAMSIZ)
+ return false;
+ } else {
+ if (strlen(p) >= IFNAMSIZ)
+ return false;
+ }
if (dot_or_dot_dot(p))
return false;
diff --git a/src/basic/socket-util.h b/src/basic/socket-util.h
index c7c9ad34d6..30baba6c03 100644
--- a/src/basic/socket-util.h
+++ b/src/basic/socket-util.h
@@ -123,7 +123,10 @@ int fd_inc_rcvbuf(int fd, size_t n);
int ip_tos_to_string_alloc(int i, char **s);
int ip_tos_from_string(const char *s);
-bool ifname_valid(const char *p);
+bool ifname_valid_full(const char *p, bool alternative);
+static inline bool ifname_valid(const char *p) {
+ return ifname_valid_full(p, false);
+}
bool address_label_valid(const char *p);
int getpeercred(int fd, struct ucred *ucred);
diff --git a/src/test/test-socket-util.c b/src/test/test-socket-util.c
index 19c5395b92..c545622c09 100644
--- a/src/test/test-socket-util.c
+++ b/src/test/test-socket-util.c
@@ -39,6 +39,7 @@ static void test_ifname_valid(void) {
assert(ifname_valid("xxxxxxxxxxxxxxx"));
assert(!ifname_valid("xxxxxxxxxxxxxxxx"));
+ assert(ifname_valid_full("xxxxxxxxxxxxxxxx", true));
}
static void test_socket_address_parse(void) {

69
SOURCES/0711-rename-function.patch Normal file
View File

@ -0,0 +1,69 @@
From 3275093305c1305d163f26cb4e4d614a87f8ff43 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Fri, 27 Nov 2020 10:25:12 +0100
Subject: [PATCH] rename function
This happened upstream in commit
54a8423788ec3cc6240959ab9f5cdac40baf047a, but I don't want to backport
the whole commit...
Related: #2005008
---
src/libsystemd-network/network-internal.c | 2 +-
src/libsystemd-network/network-internal.h | 2 +-
src/network/networkd-network-gperf.gperf | 2 +-
src/udev/net/link-config-gperf.gperf | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/libsystemd-network/network-internal.c b/src/libsystemd-network/network-internal.c
index 0849b44ee2..629e858def 100644
--- a/src/libsystemd-network/network-internal.c
+++ b/src/libsystemd-network/network-internal.c
@@ -183,7 +183,7 @@ int config_parse_net_condition(const char *unit,
return 0;
}
-int config_parse_ifnames(
+int config_parse_match_ifnames(
const char *unit,
const char *filename,
unsigned line,
diff --git a/src/libsystemd-network/network-internal.h b/src/libsystemd-network/network-internal.h
index 883f34b95c..9074758bbb 100644
--- a/src/libsystemd-network/network-internal.h
+++ b/src/libsystemd-network/network-internal.h
@@ -34,7 +34,7 @@ bool net_match_config(Set *match_mac,
CONFIG_PARSER_PROTOTYPE(config_parse_net_condition);
CONFIG_PARSER_PROTOTYPE(config_parse_hwaddr);
CONFIG_PARSER_PROTOTYPE(config_parse_hwaddrs);
-CONFIG_PARSER_PROTOTYPE(config_parse_ifnames);
+CONFIG_PARSER_PROTOTYPE(config_parse_match_ifnames);
CONFIG_PARSER_PROTOTYPE(config_parse_ifalias);
CONFIG_PARSER_PROTOTYPE(config_parse_iaid);
CONFIG_PARSER_PROTOTYPE(config_parse_bridge_port_priority);
diff --git a/src/network/networkd-network-gperf.gperf b/src/network/networkd-network-gperf.gperf
index 6ad5257f79..c4a2eccdc2 100644
--- a/src/network/networkd-network-gperf.gperf
+++ b/src/network/networkd-network-gperf.gperf
@@ -24,7 +24,7 @@ Match.MACAddress, config_parse_hwaddrs,
Match.Path, config_parse_strv, 0, offsetof(Network, match_path)
Match.Driver, config_parse_strv, 0, offsetof(Network, match_driver)
Match.Type, config_parse_strv, 0, offsetof(Network, match_type)
-Match.Name, config_parse_ifnames, 0, offsetof(Network, match_name)
+Match.Name, config_parse_match_ifnames, 0, offsetof(Network, match_name)
Match.Host, config_parse_net_condition, CONDITION_HOST, offsetof(Network, match_host)
Match.Virtualization, config_parse_net_condition, CONDITION_VIRTUALIZATION, offsetof(Network, match_virt)
Match.KernelCommandLine, config_parse_net_condition, CONDITION_KERNEL_COMMAND_LINE, offsetof(Network, match_kernel_cmdline)
diff --git a/src/udev/net/link-config-gperf.gperf b/src/udev/net/link-config-gperf.gperf
index 5640fa0513..b37836d852 100644
--- a/src/udev/net/link-config-gperf.gperf
+++ b/src/udev/net/link-config-gperf.gperf
@@ -20,7 +20,7 @@ struct ConfigPerfItem;
%includes
%%
Match.MACAddress, config_parse_hwaddrs, 0, offsetof(link_config, match_mac)
-Match.OriginalName, config_parse_ifnames, 0, offsetof(link_config, match_name)
+Match.OriginalName, config_parse_match_ifnames, 0, offsetof(link_config, match_name)
Match.Path, config_parse_strv, 0, offsetof(link_config, match_path)
Match.Driver, config_parse_strv, 0, offsetof(link_config, match_driver)
Match.Type, config_parse_strv, 0, offsetof(link_config, match_type)

238
SOURCES/0712-udev-support-AlternativeName-setting-in-.link-file.patch Normal file
View File

@ -0,0 +1,238 @@
From a29790ac578540ccb4264367603aba9bc41d1bf7 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 15 Dec 2019 23:21:18 +0900
Subject: [PATCH] udev: support AlternativeName= setting in .link file
(cherry picked from commit a5053a158b43c5ddee90f4915b9fc603e0191d6d)
Related: #2005008
---
man/systemd.link.xml | 8 ++++
src/libsystemd/sd-netlink/netlink-util.c | 40 ++++++++++++++++
src/libsystemd/sd-netlink/netlink-util.h | 1 +
src/shared/conf-parser.c | 60 ++++++++++++++++++++++++
src/shared/conf-parser.h | 1 +
src/udev/net/link-config-gperf.gperf | 1 +
src/udev/net/link-config.c | 5 ++
src/udev/net/link-config.h | 1 +
8 files changed, 117 insertions(+)
diff --git a/man/systemd.link.xml b/man/systemd.link.xml
index 32657308d0..0b0d83349d 100644
--- a/man/systemd.link.xml
+++ b/man/systemd.link.xml
@@ -343,6 +343,14 @@
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>AlternativeName=</varname></term>
+ <listitem>
+ <para>The alternative interface name to use. This option can be specified multiple times.
+ If the empty string is assigned to this option, the list is reset, and all prior assignments
+ have no effect.</para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term><varname>MTUBytes=</varname></term>
<listitem>
diff --git a/src/libsystemd/sd-netlink/netlink-util.c b/src/libsystemd/sd-netlink/netlink-util.c
index 3928dfbabf..c1c306f121 100644
--- a/src/libsystemd/sd-netlink/netlink-util.c
+++ b/src/libsystemd/sd-netlink/netlink-util.c
@@ -4,6 +4,7 @@
#include "netlink-internal.h"
#include "netlink-util.h"
+#include "strv.h"
int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL;
@@ -80,6 +81,45 @@ int rtnl_set_link_properties(sd_netlink **rtnl, int ifindex, const char *alias,
return 0;
}
+int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const *alternative_names) {
+ _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL;
+ int r;
+
+ assert(rtnl);
+ assert(ifindex > 0);
+
+ if (strv_isempty(alternative_names))
+ return 0;
+
+ if (!*rtnl) {
+ r = sd_netlink_open(rtnl);
+ if (r < 0)
+ return r;
+ }
+
+ r = sd_rtnl_message_new_link(*rtnl, &message, RTM_NEWLINKPROP, ifindex);
+ if (r < 0)
+ return r;
+
+ r = sd_netlink_message_open_container(message, IFLA_PROP_LIST);
+ if (r < 0)
+ return r;
+
+ r = sd_netlink_message_append_strv(message, IFLA_ALT_IFNAME, alternative_names);
+ if (r < 0)
+ return r;
+
+ r = sd_netlink_message_close_container(message);
+ if (r < 0)
+ return r;
+
+ r = sd_netlink_call(*rtnl, message, 0, NULL);
+ if (r < 0)
+ return r;
+
+ return 0;
+}
+
int rtnl_message_new_synthetic_error(sd_netlink *rtnl, int error, uint32_t serial, sd_netlink_message **ret) {
struct nlmsgerr *err;
int r;
diff --git a/src/libsystemd/sd-netlink/netlink-util.h b/src/libsystemd/sd-netlink/netlink-util.h
index 882a616310..92de19c092 100644
--- a/src/libsystemd/sd-netlink/netlink-util.h
+++ b/src/libsystemd/sd-netlink/netlink-util.h
@@ -38,6 +38,7 @@ static inline bool rtnl_message_type_is_routing_policy_rule(uint16_t type) {
int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name);
int rtnl_set_link_properties(sd_netlink **rtnl, int ifindex, const char *alias, const struct ether_addr *mac, uint32_t mtu);
+int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const *alternative_names);
int rtnl_log_parse_error(int r);
int rtnl_log_create_error(int r);
diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c
index 246b7431e4..1f40f00c72 100644
--- a/src/shared/conf-parser.c
+++ b/src/shared/conf-parser.c
@@ -970,6 +970,66 @@ int config_parse_ifname(
return 0;
}
+int config_parse_ifnames(
+ const char *unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ _cleanup_strv_free_ char **names = NULL;
+ char ***s = data;
+ const char *p;
+ int r;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ if (isempty(rvalue)) {
+ *s = strv_free(*s);
+ return 0;
+ }
+
+ p = rvalue;
+ for (;;) {
+ _cleanup_free_ char *word = NULL;
+
+ r = extract_first_word(&p, &word, NULL, 0);
+ if (r < 0) {
+ log_syntax(unit, LOG_ERR, filename, line, r,
+ "Failed to extract interface name, ignoring assignment: %s",
+ rvalue);
+ return 0;
+ }
+ if (r == 0)
+ break;
+
+ if (!ifname_valid_full(word, ltype)) {
+ log_syntax(unit, LOG_ERR, filename, line, 0,
+ "Interface name is not valid or too long, ignoring assignment: %s",
+ word);
+ continue;
+ }
+
+ r = strv_consume(&names, TAKE_PTR(word));
+ if (r < 0)
+ return log_oom();
+ }
+
+ r = strv_extend_strv(s, names, true);
+ if (r < 0)
+ return log_oom();
+
+ return 0;
+}
+
int config_parse_ip_port(
const char *unit,
const char *filename,
diff --git a/src/shared/conf-parser.h b/src/shared/conf-parser.h
index a0a5c89c27..375b2e5a74 100644
--- a/src/shared/conf-parser.h
+++ b/src/shared/conf-parser.h
@@ -137,6 +137,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_signal);
CONFIG_PARSER_PROTOTYPE(config_parse_personality);
CONFIG_PARSER_PROTOTYPE(config_parse_permille);
CONFIG_PARSER_PROTOTYPE(config_parse_ifname);
+CONFIG_PARSER_PROTOTYPE(config_parse_ifnames);
CONFIG_PARSER_PROTOTYPE(config_parse_ip_port);
CONFIG_PARSER_PROTOTYPE(config_parse_join_controllers);
CONFIG_PARSER_PROTOTYPE(config_parse_mtu);
diff --git a/src/udev/net/link-config-gperf.gperf b/src/udev/net/link-config-gperf.gperf
index b37836d852..913c754145 100644
--- a/src/udev/net/link-config-gperf.gperf
+++ b/src/udev/net/link-config-gperf.gperf
@@ -34,6 +34,7 @@ Link.MACAddressPolicy, config_parse_mac_policy, 0,
Link.MACAddress, config_parse_hwaddr, 0, offsetof(link_config, mac)
Link.NamePolicy, config_parse_name_policy, 0, offsetof(link_config, name_policy)
Link.Name, config_parse_ifname, 0, offsetof(link_config, name)
+Link.AlternativeName, config_parse_ifnames, 1, offsetof(link_config, alternative_names)
Link.Alias, config_parse_ifalias, 0, offsetof(link_config, alias)
Link.MTUBytes, config_parse_mtu, AF_UNSPEC, offsetof(link_config, mtu)
Link.BitsPerSecond, config_parse_si_size, 0, offsetof(link_config, speed)
diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c
index 5113586457..d07a1a1874 100644
--- a/src/udev/net/link-config.c
+++ b/src/udev/net/link-config.c
@@ -67,6 +67,7 @@ static void link_config_free(link_config *link) {
free(link->mac);
free(link->name_policy);
free(link->name);
+ strv_free(link->alternative_names);
free(link->alias);
free(link);
@@ -468,6 +469,10 @@ int link_config_apply(link_config_ctx *ctx, link_config *config,
if (r < 0)
return log_warning_errno(r, "Could not set Alias=, MACAddress= or MTU= on %s: %m", old_name);
+ r = rtnl_set_link_alternative_names(&ctx->rtnl, ifindex, config->alternative_names);
+ if (r < 0)
+ return log_warning_errno(r, "Could not set AlternativeName= on %s: %m", old_name);
+
*name = new_name;
return 0;
diff --git a/src/udev/net/link-config.h b/src/udev/net/link-config.h
index 4798bb101c..93d5fdce59 100644
--- a/src/udev/net/link-config.h
+++ b/src/udev/net/link-config.h
@@ -50,6 +50,7 @@ struct link_config {
MACPolicy mac_policy;
NamePolicy *name_policy;
char *name;
+ char **alternative_names;
char *alias;
uint32_t mtu;
size_t speed;

143
SOURCES/0713-network-make-Name-in-Match-support-alternative-names.patch Normal file
View File

@ -0,0 +1,143 @@
From 0c178bf442aebcd2b42f10a0e4d2382a15505bb6 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 15 Dec 2019 22:46:19 +0900
Subject: [PATCH] network: make Name= in [Match] support alternative names of
interfaces
(cherry picked from commit 572b21d96cabd5860b0670e98440b6cb99a4b749
src/network bits have been left out.)
Related: #2005008
---
man/systemd.network.xml | 7 +++----
src/libsystemd-network/network-internal.c | 20 ++++++++++++++++++--
src/libsystemd-network/network-internal.h | 3 ++-
src/network/netdev/netdev.c | 2 +-
src/network/networkd-network.c | 2 +-
src/udev/net/link-config.c | 3 ++-
6 files changed, 27 insertions(+), 10 deletions(-)
diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index fc8e0aea68..8300540096 100644
--- a/man/systemd.network.xml
+++ b/man/systemd.network.xml
@@ -133,10 +133,9 @@
<varlistentry>
<term><varname>Name=</varname></term>
<listitem>
- <para>A whitespace-separated list of shell-style globs
- matching the device name, as exposed by the udev property
- <literal>INTERFACE</literal>. If the list is prefixed
- with a "!", the test is inverted.</para>
+ <para>A whitespace-separated list of shell-style globs matching the device name, as exposed
+ by the udev property <literal>INTERFACE</literal>, or device's alternative names. If the
+ list is prefixed with a "!", the test is inverted.</para>
</listitem>
</varlistentry>
<varlistentry>
diff --git a/src/libsystemd-network/network-internal.c b/src/libsystemd-network/network-internal.c
index 629e858def..a935709cd0 100644
--- a/src/libsystemd-network/network-internal.c
+++ b/src/libsystemd-network/network-internal.c
@@ -92,6 +92,18 @@ static bool net_condition_test_strv(char * const *raw_patterns,
return string && strv_fnmatch(raw_patterns, string, 0);
}
+static bool net_condition_test_ifname(char * const *patterns, const char *ifname, char * const *alternative_names) {
+ if (net_condition_test_strv(patterns, ifname))
+ return true;
+
+ char * const *p;
+ STRV_FOREACH(p, alternative_names)
+ if (net_condition_test_strv(patterns, *p))
+ return true;
+
+ return false;
+}
+
bool net_match_config(Set *match_mac,
char * const *match_paths,
char * const *match_drivers,
@@ -107,7 +119,8 @@ bool net_match_config(Set *match_mac,
const char *dev_parent_driver,
const char *dev_driver,
const char *dev_type,
- const char *dev_name) {
+ const char *dev_name,
+ char * const *alternative_names) {
if (match_host && condition_test(match_host) <= 0)
return false;
@@ -124,6 +137,9 @@ bool net_match_config(Set *match_mac,
if (match_arch && condition_test(match_arch) <= 0)
return false;
+ if (!net_condition_test_ifname(match_names, dev_name, alternative_names))
+ return false;
+
if (match_mac && dev_mac && !set_contains(match_mac, dev_mac))
return false;
@@ -214,7 +230,7 @@ int config_parse_match_ifnames(
if (r == 0)
break;
- if (!ifname_valid(word)) {
+ if (!ifname_valid_full(word, ltype)) {
log_syntax(unit, LOG_ERR, filename, line, 0, "Interface name is not valid or too long, ignoring assignment: %s", rvalue);
return 0;
}
diff --git a/src/libsystemd-network/network-internal.h b/src/libsystemd-network/network-internal.h
index 9074758bbb..e1d098f3fe 100644
--- a/src/libsystemd-network/network-internal.h
+++ b/src/libsystemd-network/network-internal.h
@@ -29,7 +29,8 @@ bool net_match_config(Set *match_mac,
const char *dev_parent_driver,
const char *dev_driver,
const char *dev_type,
- const char *dev_name);
+ const char *dev_name,
+ char * const *alternative_names);
CONFIG_PARSER_PROTOTYPE(config_parse_net_condition);
CONFIG_PARSER_PROTOTYPE(config_parse_hwaddr);
diff --git a/src/network/netdev/netdev.c b/src/network/netdev/netdev.c
index 82ce88402f..e97cc07028 100644
--- a/src/network/netdev/netdev.c
+++ b/src/network/netdev/netdev.c
@@ -640,7 +640,7 @@ static int netdev_load_one(Manager *manager, const char *filename) {
netdev_raw->match_host, netdev_raw->match_virt,
netdev_raw->match_kernel_cmdline, netdev_raw->match_kernel_version,
netdev_raw->match_arch,
- NULL, NULL, NULL, NULL, NULL, NULL) <= 0)
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL) <= 0)
return 0;
if (netdev_raw->kind == _NETDEV_KIND_INVALID) {
diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
index 429aac5e6c..7637d135a4 100644
--- a/src/network/networkd-network.c
+++ b/src/network/networkd-network.c
@@ -479,7 +479,7 @@ int network_get(Manager *manager, struct udev_device *device,
network->match_virt, network->match_kernel_cmdline,
network->match_kernel_version, network->match_arch,
address, path, parent_driver, driver,
- devtype, ifname)) {
+ devtype, ifname, NULL)) {
if (network->match_name && device) {
const char *attr;
uint8_t name_assign_type = NET_NAME_UNKNOWN;
diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c
index d07a1a1874..e5052f8f29 100644
--- a/src/udev/net/link-config.c
+++ b/src/udev/net/link-config.c
@@ -238,7 +238,8 @@ int link_config_get(link_config_ctx *ctx, struct udev_device *device,
udev_device_get_driver(udev_device_get_parent(device)),
udev_device_get_property_value(device, "ID_NET_DRIVER"),
udev_device_get_devtype(device),
- udev_device_get_sysname(device))) {
+ udev_device_get_sysname(device),
+ NULL)) {
if (link->match_name) {
unsigned char name_assign_type = NET_NAME_UNKNOWN;

170
SOURCES/0714-udev-extend-the-length-of-ID_NET_NAME_XXX-to-ALTIFNA.patch Normal file
View File

@ -0,0 +1,170 @@
From 9f59dca3868b1e934a2aac2d811c55ab33cca0eb Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 17 Dec 2019 11:01:35 +0900
Subject: [PATCH] udev: extend the length of ID_NET_NAME_XXX= to ALTIFNAMSIZ
(cherry picked from commit 78f8849f84ca0939796edb840e878a9d2e124a4d)
Related: #2005008
---
src/udev/net/link-config.c | 5 ++++-
src/udev/udev-builtin-net_id.c | 33 +++++++++++++++++----------------
src/udev/udev-event.c | 4 ++--
3 files changed, 23 insertions(+), 19 deletions(-)
diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c
index e5052f8f29..4de8ee7d7e 100644
--- a/src/udev/net/link-config.c
+++ b/src/udev/net/link-config.c
@@ -19,6 +19,7 @@
#include "path-util.h"
#include "proc-cmdline.h"
#include "random-util.h"
+#include "socket-util.h"
#include "stat-util.h"
#include "string-table.h"
#include "string-util.h"
@@ -405,7 +406,7 @@ int link_config_apply(link_config_ctx *ctx, link_config *config,
NamePolicy *policy;
for (policy = config->name_policy;
- !new_name && *policy != _NAMEPOLICY_INVALID; policy++) {
+ *policy != _NAMEPOLICY_INVALID; policy++) {
switch (*policy) {
case NAMEPOLICY_KERNEL:
respect_predictable = true;
@@ -428,6 +429,8 @@ int link_config_apply(link_config_ctx *ctx, link_config *config,
default:
break;
}
+ if (ifname_valid(new_name))
+ break;
}
}
diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
index eafcbb64c5..386d74ca5e 100644
--- a/src/udev/udev-builtin-net_id.c
+++ b/src/udev/udev-builtin-net_id.c
@@ -90,6 +90,7 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <linux/if.h>
#include <linux/pci_regs.h>
#include "dirent-util.h"
@@ -176,21 +177,21 @@ struct netnames {
bool mac_valid;
struct udev_device *pcidev;
- char pci_slot[IFNAMSIZ];
- char pci_path[IFNAMSIZ];
- char pci_onboard[IFNAMSIZ];
+ char pci_slot[ALTIFNAMSIZ];
+ char pci_path[ALTIFNAMSIZ];
+ char pci_onboard[ALTIFNAMSIZ];
const char *pci_onboard_label;
- char usb_ports[IFNAMSIZ];
- char bcma_core[IFNAMSIZ];
- char ccw_busid[IFNAMSIZ];
- char vio_slot[IFNAMSIZ];
- char platform_path[IFNAMSIZ];
+ char usb_ports[ALTIFNAMSIZ];
+ char bcma_core[ALTIFNAMSIZ];
+ char ccw_busid[ALTIFNAMSIZ];
+ char vio_slot[ALTIFNAMSIZ];
+ char platform_path[ALTIFNAMSIZ];
};
struct virtfn_info {
struct udev_device *physfn_pcidev;
- char suffix[IFNAMSIZ];
+ char suffix[ALTIFNAMSIZ];
};
static const NamingScheme* naming_scheme_from_name(const char *name) {
@@ -887,7 +888,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
err = names_mac(dev, &names);
if (err >= 0 && names.mac_valid) {
- char str[IFNAMSIZ];
+ char str[ALTIFNAMSIZ];
xsprintf(str, "%sx%02x%02x%02x%02x%02x%02x", prefix,
names.mac[0], names.mac[1], names.mac[2],
@@ -900,7 +901,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
/* get path names for Linux on System z network devices */
err = names_ccw(dev, &names);
if (err >= 0 && names.type == NET_CCW) {
- char str[IFNAMSIZ];
+ char str[ALTIFNAMSIZ];
if (snprintf_ok(str, sizeof str, "%s%s", prefix, names.ccw_busid))
udev_builtin_add_property(dev, test, "ID_NET_NAME_PATH", str);
@@ -910,7 +911,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
/* get ibmveth/ibmvnic slot-based names. */
err = names_vio(dev, &names);
if (err >= 0 && names.type == NET_VIO) {
- char str[IFNAMSIZ];
+ char str[ALTIFNAMSIZ];
if (snprintf_ok(str, sizeof str, "%s%s", prefix, names.vio_slot))
udev_builtin_add_property(dev, test, "ID_NET_NAME_SLOT", str);
@@ -920,7 +921,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
/* get ACPI path names for ARM64 platform devices */
err = names_platform(dev, &names, test);
if (err >= 0 && names.type == NET_PLATFORM) {
- char str[IFNAMSIZ];
+ char str[ALTIFNAMSIZ];
if (snprintf_ok(str, sizeof str, "%s%s", prefix, names.platform_path))
udev_builtin_add_property(dev, test, "ID_NET_NAME_PATH", str);
@@ -934,7 +935,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
/* plain PCI device */
if (names.type == NET_PCI) {
- char str[IFNAMSIZ];
+ char str[ALTIFNAMSIZ];
if (names.pci_onboard[0] &&
snprintf_ok(str, sizeof str, "%s%s", prefix, names.pci_onboard))
@@ -957,7 +958,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
/* USB device */
err = names_usb(dev, &names);
if (err >= 0 && names.type == NET_USB) {
- char str[IFNAMSIZ];
+ char str[ALTIFNAMSIZ];
if (names.pci_path[0] &&
snprintf_ok(str, sizeof str, "%s%s%s", prefix, names.pci_path, names.usb_ports))
@@ -972,7 +973,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
/* Broadcom bus */
err = names_bcma(dev, &names);
if (err >= 0 && names.type == NET_BCMA) {
- char str[IFNAMSIZ];
+ char str[ALTIFNAMSIZ];
if (names.pci_path[0] &&
snprintf_ok(str, sizeof str, "%s%s%s", prefix, names.pci_path, names.bcma_core))
diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c
index fd8406d959..19b100d4f8 100644
--- a/src/udev/udev-event.c
+++ b/src/udev/udev-event.c
@@ -816,13 +816,13 @@ out:
static int rename_netif(struct udev_event *event) {
struct udev_device *dev = event->dev;
- char name[IFNAMSIZ];
+ char name[ALTIFNAMSIZ];
const char *oldname;
int r;
oldname = udev_device_get_sysname(dev);
- strscpy(name, IFNAMSIZ, event->name);
+ strscpy(name, ALTIFNAMSIZ, event->name);
r = rtnl_set_link_name(&event->rtnl, udev_device_get_ifindex(dev), name);
if (r < 0)

43
SOURCES/0715-udev-do-not-fail-if-kernel-does-not-support-alternat.patch Normal file
View File

@ -0,0 +1,43 @@
From f0b11f5042489c85d5016eceff06647bb49d486a Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 17 Dec 2019 15:32:22 +0900
Subject: [PATCH] udev: do not fail if kernel does not support alternative
names
(cherry picked from commit bb181dd4a664ca8e82a8f7194261fd6531e861d8)
Related: #2005008
---
man/systemd.link.xml | 3 ++-
src/udev/net/link-config.c | 4 +++-
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/man/systemd.link.xml b/man/systemd.link.xml
index 0b0d83349d..c8ebb751ee 100644
--- a/man/systemd.link.xml
+++ b/man/systemd.link.xml
@@ -348,7 +348,8 @@
<listitem>
<para>The alternative interface name to use. This option can be specified multiple times.
If the empty string is assigned to this option, the list is reset, and all prior assignments
- have no effect.</para>
+ have no effect. If the kernel does not support the alternative names, then this setting will
+ be ignored.</para>
</listitem>
</varlistentry>
<varlistentry>
diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c
index 4de8ee7d7e..8e88c8e5c4 100644
--- a/src/udev/net/link-config.c
+++ b/src/udev/net/link-config.c
@@ -474,7 +474,9 @@ int link_config_apply(link_config_ctx *ctx, link_config *config,
return log_warning_errno(r, "Could not set Alias=, MACAddress= or MTU= on %s: %m", old_name);
r = rtnl_set_link_alternative_names(&ctx->rtnl, ifindex, config->alternative_names);
- if (r < 0)
+ if (r == -EOPNOTSUPP)
+ log_debug_errno(r, "Could not set AlternativeName= on %s, ignoring: %m", old_name);
+ else if (r < 0)
return log_warning_errno(r, "Could not set AlternativeName= on %s: %m", old_name);
*name = new_name;

169
SOURCES/0716-udev-introduce-AlternativeNamesPolicy-setting.patch Normal file
View File

@ -0,0 +1,169 @@
From 2faf160d0b8122e0dca603a441db68dc38c1bab6 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 16 Dec 2019 23:44:42 +0900
Subject: [PATCH] udev: introduce AlternativeNamesPolicy= setting
(cherry picked from commit ef1d2c07f9567dfea8a4e012d8779a4ded2d9ae6)
Related: #2005008
---
man/systemd.link.xml | 11 +++++
src/udev/net/link-config-gperf.gperf | 1 +
src/udev/net/link-config.c | 62 ++++++++++++++++++++++++++--
src/udev/net/link-config.h | 5 +++
4 files changed, 76 insertions(+), 3 deletions(-)
diff --git a/man/systemd.link.xml b/man/systemd.link.xml
index c8ebb751ee..13dcce0879 100644
--- a/man/systemd.link.xml
+++ b/man/systemd.link.xml
@@ -343,6 +343,17 @@
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>AlternativeNamesPolicy=</varname></term>
+ <listitem>
+ <para>A space-separated list of policies by which the interface's alternative names
+ should be set. Each of the policies may fail, and all successful policies are used. The
+ available policies are <literal>database</literal>, <literal>onboard</literal>,
+ <literal>slot</literal>, <literal>path</literal>, and <literal>mac</literal>. If the
+ kernel does not support the alternative names, then this setting will be ignored.
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term><varname>AlternativeName=</varname></term>
<listitem>
diff --git a/src/udev/net/link-config-gperf.gperf b/src/udev/net/link-config-gperf.gperf
index 913c754145..df8404e7b8 100644
--- a/src/udev/net/link-config-gperf.gperf
+++ b/src/udev/net/link-config-gperf.gperf
@@ -35,6 +35,7 @@ Link.MACAddress, config_parse_hwaddr, 0,
Link.NamePolicy, config_parse_name_policy, 0, offsetof(link_config, name_policy)
Link.Name, config_parse_ifname, 0, offsetof(link_config, name)
Link.AlternativeName, config_parse_ifnames, 1, offsetof(link_config, alternative_names)
+Link.AlternativeNamesPolicy, config_parse_alternative_names_policy, 0, offsetof(link_config, alternative_names_policy)
Link.Alias, config_parse_ifalias, 0, offsetof(link_config, alias)
Link.MTUBytes, config_parse_mtu, AF_UNSPEC, offsetof(link_config, mtu)
Link.BitsPerSecond, config_parse_si_size, 0, offsetof(link_config, speed)
diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c
index 8e88c8e5c4..6ceb4c698e 100644
--- a/src/udev/net/link-config.c
+++ b/src/udev/net/link-config.c
@@ -69,6 +69,7 @@ static void link_config_free(link_config *link) {
free(link->name_policy);
free(link->name);
strv_free(link->alternative_names);
+ free(link->alternative_names_policy);
free(link->alias);
free(link);
@@ -349,6 +350,7 @@ static int get_mac(struct udev_device *device, bool want_random,
int link_config_apply(link_config_ctx *ctx, link_config *config,
struct udev_device *device, const char **name) {
+ _cleanup_strv_free_ char **altnames = NULL;
bool respect_predictable = false;
struct ether_addr generated_mac;
struct ether_addr *mac = NULL;
@@ -473,11 +475,52 @@ int link_config_apply(link_config_ctx *ctx, link_config *config,
if (r < 0)
return log_warning_errno(r, "Could not set Alias=, MACAddress= or MTU= on %s: %m", old_name);
- r = rtnl_set_link_alternative_names(&ctx->rtnl, ifindex, config->alternative_names);
+ if (config->alternative_names) {
+ altnames = strv_copy(config->alternative_names);
+ if (!altnames)
+ return log_oom();
+ }
+
+ if (config->alternative_names_policy)
+ for (NamePolicy *p = config->alternative_names_policy; *p != _NAMEPOLICY_INVALID; p++) {
+ const char *n;
+
+ switch (*p) {
+ case NAMEPOLICY_DATABASE:
+ n = udev_device_get_property_value(device, "ID_NET_NAME_FROM_DATABASE");
+ break;
+ case NAMEPOLICY_ONBOARD:
+ n = udev_device_get_property_value(device, "ID_NET_NAME_ONBOARD");
+ break;
+ case NAMEPOLICY_SLOT:
+ n = udev_device_get_property_value(device, "ID_NET_NAME_SLOT");
+ break;
+ case NAMEPOLICY_PATH:
+ n = udev_device_get_property_value(device, "ID_NET_NAME_PATH");
+ break;
+ case NAMEPOLICY_MAC:
+ n = udev_device_get_property_value(device, "ID_NET_NAME_MAC");
+ break;
+ default:
+ assert_not_reached("invalid policy");
+ }
+ if (!isempty(n)) {
+ r = strv_extend(&altnames, n);
+ if (r < 0)
+ return log_oom();
+ }
+ }
+
+ if (new_name)
+ strv_remove(altnames, new_name);
+ strv_remove(altnames, old_name);
+ strv_uniq(altnames);
+
+ r = rtnl_set_link_alternative_names(&ctx->rtnl, ifindex, altnames);
if (r == -EOPNOTSUPP)
- log_debug_errno(r, "Could not set AlternativeName= on %s, ignoring: %m", old_name);
+ log_debug_errno(r, "Could not set AlternativeName= or apply AlternativeNamesPolicy= on %s, ignoring: %m", old_name);
else if (r < 0)
- return log_warning_errno(r, "Could not set AlternativeName= on %s: %m", old_name);
+ return log_warning_errno(r, "Could not set AlternativeName= or apply AlternativeNamesPolicy= on %s: %m", old_name);
*name = new_name;
@@ -524,3 +567,16 @@ DEFINE_STRING_TABLE_LOOKUP(name_policy, NamePolicy);
DEFINE_CONFIG_PARSE_ENUMV(config_parse_name_policy, name_policy, NamePolicy,
_NAMEPOLICY_INVALID,
"Failed to parse interface name policy");
+
+static const char* const alternative_names_policy_table[_NAMEPOLICY_MAX] = {
+ [NAMEPOLICY_DATABASE] = "database",
+ [NAMEPOLICY_ONBOARD] = "onboard",
+ [NAMEPOLICY_SLOT] = "slot",
+ [NAMEPOLICY_PATH] = "path",
+ [NAMEPOLICY_MAC] = "mac",
+};
+
+DEFINE_STRING_TABLE_LOOKUP(alternative_names_policy, NamePolicy);
+DEFINE_CONFIG_PARSE_ENUMV(config_parse_alternative_names_policy, alternative_names_policy, NamePolicy,
+ _NAMEPOLICY_INVALID,
+ "Failed to parse alternative names policy");
diff --git a/src/udev/net/link-config.h b/src/udev/net/link-config.h
index 93d5fdce59..634bd2ec54 100644
--- a/src/udev/net/link-config.h
+++ b/src/udev/net/link-config.h
@@ -49,6 +49,7 @@ struct link_config {
struct ether_addr *mac;
MACPolicy mac_policy;
NamePolicy *name_policy;
+ NamePolicy *alternative_names_policy;
char *name;
char **alternative_names;
char *alias;
@@ -78,6 +79,9 @@ int link_get_driver(link_config_ctx *ctx, struct udev_device *device, char **ret
const char *name_policy_to_string(NamePolicy p) _const_;
NamePolicy name_policy_from_string(const char *p) _pure_;
+const char *alternative_names_policy_to_string(NamePolicy p) _const_;
+NamePolicy alternative_names_policy_from_string(const char *p) _pure_;
+
const char *mac_policy_to_string(MACPolicy p) _const_;
MACPolicy mac_policy_from_string(const char *p) _pure_;
@@ -86,3 +90,4 @@ const struct ConfigPerfItem* link_config_gperf_lookup(const char *key, GPERF_LEN
int config_parse_mac_policy(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_name_policy(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
+int config_parse_alternative_names_policy(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);

22
SOURCES/0717-network-set-AlternativeNamesPolicy-in-99-default.lin.patch Normal file
View File

@ -0,0 +1,22 @@
From 9a224b9480d218b782ac7bbacb3732672d0dad3f Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 17 Dec 2019 00:30:38 +0900
Subject: [PATCH] network: set AlternativeNamesPolicy= in 99-default.link
(cherry picked from commit 49f5cbe92484a6661bccc0ae6c547bc5767c83bf)
Related: #2005008
---
network/99-default.link | 1 +
1 file changed, 1 insertion(+)
diff --git a/network/99-default.link b/network/99-default.link
index 561bf329e4..58c0b74a7c 100644
--- a/network/99-default.link
+++ b/network/99-default.link
@@ -9,4 +9,5 @@
[Link]
NamePolicy=kernel database onboard slot path
+AlternativeNamesPolicy=database onboard slot path
MACAddressPolicy=persistent

59
SOURCES/0718-random-util-call-initialize_srand-after-fork.patch Normal file
View File

@ -0,0 +1,59 @@
From 58cdc09af08e065c85b2f8834ee9848c010f5afe Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 16 Dec 2019 19:47:48 +0900
Subject: [PATCH] random-util: call initialize_srand() after fork()
(cherry picked from commit a0f11d1d11a546f791855ec9c47c2ff830e6a5aa)
Related: #2005008
---
src/basic/random-util.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/basic/random-util.c b/src/basic/random-util.c
index 91481559db..801f6ad131 100644
--- a/src/basic/random-util.c
+++ b/src/basic/random-util.c
@@ -4,6 +4,7 @@
#include <errno.h>
#include <fcntl.h>
#include <linux/random.h>
+#include <pthread.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdlib.h>
@@ -26,6 +27,8 @@
#include "random-util.h"
#include "time-util.h"
+static bool srand_called = false;
+
int acquire_random_bytes(void *p, size_t n, bool high_quality_required) {
static int have_syscall = -1;
@@ -81,8 +84,12 @@ int acquire_random_bytes(void *p, size_t n, bool high_quality_required) {
return loop_read_exact(fd, (uint8_t*) p + already_done, n - already_done, true);
}
+static void clear_srand_initialization(void) {
+ srand_called = false;
+}
+
void initialize_srand(void) {
- static bool srand_called = false;
+ static bool pthread_atfork_registered = false;
unsigned x;
#if HAVE_SYS_AUXV_H
void *auxv;
@@ -109,6 +116,11 @@ void initialize_srand(void) {
srand(x);
srand_called = true;
+
+ if (!pthread_atfork_registered) {
+ (void) pthread_atfork(NULL, NULL, clear_srand_initialization);
+ pthread_atfork_registered = true;
+ }
}
/* INT_MAX gives us only 31 bits, so use 24 out of that. */

78
SOURCES/0719-sd-netlink-introduce-rtnl_resolve_link_alternative_n.patch Normal file
View File

@ -0,0 +1,78 @@
From bb7c49cc95e9de877fafc5c2be06932bc21aa762 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 17 Dec 2019 18:28:36 +0900
Subject: [PATCH] sd-netlink: introduce rtnl_resolve_link_alternative_names()
(cherry picked from commit b04c5e51da7a61d41d564e73a1e92bd8b29b0223)
Related: #2005008
---
src/libsystemd/sd-netlink/netlink-types.c | 1 +
src/libsystemd/sd-netlink/netlink-util.c | 29 +++++++++++++++++++++++
src/libsystemd/sd-netlink/netlink-util.h | 1 +
3 files changed, 31 insertions(+)
diff --git a/src/libsystemd/sd-netlink/netlink-types.c b/src/libsystemd/sd-netlink/netlink-types.c
index 47d9c7f1c4..e118a0aa30 100644
--- a/src/libsystemd/sd-netlink/netlink-types.c
+++ b/src/libsystemd/sd-netlink/netlink-types.c
@@ -511,6 +511,7 @@ static const NLType rtnl_link_types[] = {
[IFLA_PHYS_PORT_ID] = { .type = NETLINK_TYPE_BINARY, .len = MAX_PHYS_PORT_ID_LEN },
*/
[IFLA_PROP_LIST] = { .type = NETLINK_TYPE_NESTED, .type_system = &rtnl_prop_list_type_system },
+ [IFLA_ALT_IFNAME] = { .type = NETLINK_TYPE_STRING, .size = ALTIFNAMSIZ - 1 },
};
static const NLTypeSystem rtnl_link_type_system = {
diff --git a/src/libsystemd/sd-netlink/netlink-util.c b/src/libsystemd/sd-netlink/netlink-util.c
index c1c306f121..62fc71a3d8 100644
--- a/src/libsystemd/sd-netlink/netlink-util.c
+++ b/src/libsystemd/sd-netlink/netlink-util.c
@@ -120,6 +120,35 @@ int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const
return 0;
}
+int rtnl_resolve_link_alternative_name(sd_netlink **rtnl, const char *name, int *ret) {
+ _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL, *reply = NULL;
+ int r;
+
+ assert(rtnl);
+ assert(name);
+ assert(ret);
+
+ if (!*rtnl) {
+ r = sd_netlink_open(rtnl);
+ if (r < 0)
+ return r;
+ }
+
+ r = sd_rtnl_message_new_link(*rtnl, &message, RTM_GETLINK, 0);
+ if (r < 0)
+ return r;
+
+ r = sd_netlink_message_append_string(message, IFLA_ALT_IFNAME, name);
+ if (r < 0)
+ return r;
+
+ r = sd_netlink_call(*rtnl, message, 0, &reply);
+ if (r < 0)
+ return r;
+
+ return sd_rtnl_message_link_get_ifindex(reply, ret);
+}
+
int rtnl_message_new_synthetic_error(sd_netlink *rtnl, int error, uint32_t serial, sd_netlink_message **ret) {
struct nlmsgerr *err;
int r;
diff --git a/src/libsystemd/sd-netlink/netlink-util.h b/src/libsystemd/sd-netlink/netlink-util.h
index 92de19c092..ea98439fad 100644
--- a/src/libsystemd/sd-netlink/netlink-util.h
+++ b/src/libsystemd/sd-netlink/netlink-util.h
@@ -39,6 +39,7 @@ static inline bool rtnl_message_type_is_routing_policy_rule(uint16_t type) {
int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name);
int rtnl_set_link_properties(sd_netlink **rtnl, int ifindex, const char *alias, const struct ether_addr *mac, uint32_t mtu);
int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const *alternative_names);
+int rtnl_resolve_link_alternative_name(sd_netlink **rtnl, const char *name, int *ret);
int rtnl_log_parse_error(int r);
int rtnl_log_create_error(int r);

27
SOURCES/0720-udev-sort-alternative-names.patch Normal file
View File

@ -0,0 +1,27 @@
From f5d149095f95704fe7660069a493c0329ddbb5aa Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 17 Dec 2019 20:41:21 +0900
Subject: [PATCH] udev: sort alternative names
Kernel preserves the order of alternative names. So, for user
visibility, let's sort the alternative names.
(cherry picked from commit 4d016e965b13883cccc963a34a1299a0c4f900ca)
Related: #2005008
---
src/udev/net/link-config.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c
index 6ceb4c698e..8bd374d352 100644
--- a/src/udev/net/link-config.c
+++ b/src/udev/net/link-config.c
@@ -515,6 +515,7 @@ int link_config_apply(link_config_ctx *ctx, link_config *config,
strv_remove(altnames, new_name);
strv_remove(altnames, old_name);
strv_uniq(altnames);
+ strv_sort(altnames);
r = rtnl_set_link_alternative_names(&ctx->rtnl, ifindex, altnames);
if (r == -EOPNOTSUPP)

102
SOURCES/0721-netlink-introduce-rtnl_get-delete_link_alternative_n.patch Normal file
View File

@ -0,0 +1,102 @@
From c6b2c2fb577d20879b5b4c610c4c29bac259beab Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 17 Jul 2020 21:29:13 +0900
Subject: [PATCH] netlink: introduce rtnl_get/delete_link_alternative_names()
(cherry picked from commit 14982526145de84201c7e3b4fc6be6aa5e9a08f7)
Related: #2005008
---
src/libsystemd/sd-netlink/netlink-util.c | 45 ++++++++++++++++++++++--
src/libsystemd/sd-netlink/netlink-util.h | 2 ++
2 files changed, 45 insertions(+), 2 deletions(-)
diff --git a/src/libsystemd/sd-netlink/netlink-util.c b/src/libsystemd/sd-netlink/netlink-util.c
index 62fc71a3d8..7f09261981 100644
--- a/src/libsystemd/sd-netlink/netlink-util.c
+++ b/src/libsystemd/sd-netlink/netlink-util.c
@@ -81,12 +81,45 @@ int rtnl_set_link_properties(sd_netlink **rtnl, int ifindex, const char *alias,
return 0;
}
-int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const *alternative_names) {
+int rtnl_get_link_alternative_names(sd_netlink **rtnl, int ifindex, char ***ret) {
+ _cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL, *reply = NULL;
+ _cleanup_strv_free_ char **names = NULL;
+ int r;
+
+ assert(rtnl);
+ assert(ifindex > 0);
+ assert(ret);
+
+ if (!*rtnl) {
+ r = sd_netlink_open(rtnl);
+ if (r < 0)
+ return r;
+ }
+
+ r = sd_rtnl_message_new_link(*rtnl, &message, RTM_GETLINK, ifindex);
+ if (r < 0)
+ return r;
+
+ r = sd_netlink_call(*rtnl, message, 0, &reply);
+ if (r < 0)
+ return r;
+
+ r = sd_netlink_message_read_strv(reply, IFLA_PROP_LIST, IFLA_ALT_IFNAME, &names);
+ if (r < 0 && r != -ENODATA)
+ return r;
+
+ *ret = TAKE_PTR(names);
+
+ return 0;
+}
+
+static int rtnl_update_link_alternative_names(sd_netlink **rtnl, uint16_t nlmsg_type, int ifindex, char * const *alternative_names) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL;
int r;
assert(rtnl);
assert(ifindex > 0);
+ assert(IN_SET(nlmsg_type, RTM_NEWLINKPROP, RTM_DELLINKPROP));
if (strv_isempty(alternative_names))
return 0;
@@ -97,7 +130,7 @@ int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const
return r;
}
- r = sd_rtnl_message_new_link(*rtnl, &message, RTM_NEWLINKPROP, ifindex);
+ r = sd_rtnl_message_new_link(*rtnl, &message, nlmsg_type, ifindex);
if (r < 0)
return r;
@@ -120,6 +153,14 @@ int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const
return 0;
}
+int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const *alternative_names) {
+ return rtnl_update_link_alternative_names(rtnl, RTM_NEWLINKPROP, ifindex, alternative_names);
+}
+
+int rtnl_delete_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const *alternative_names) {
+ return rtnl_update_link_alternative_names(rtnl, RTM_DELLINKPROP, ifindex, alternative_names);
+}
+
int rtnl_resolve_link_alternative_name(sd_netlink **rtnl, const char *name, int *ret) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL, *reply = NULL;
int r;
diff --git a/src/libsystemd/sd-netlink/netlink-util.h b/src/libsystemd/sd-netlink/netlink-util.h
index ea98439fad..4fc31aa274 100644
--- a/src/libsystemd/sd-netlink/netlink-util.h
+++ b/src/libsystemd/sd-netlink/netlink-util.h
@@ -38,7 +38,9 @@ static inline bool rtnl_message_type_is_routing_policy_rule(uint16_t type) {
int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name);
int rtnl_set_link_properties(sd_netlink **rtnl, int ifindex, const char *alias, const struct ether_addr *mac, uint32_t mtu);
+int rtnl_get_link_alternative_names(sd_netlink **rtnl, int ifindex, char ***ret);
int rtnl_set_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const *alternative_names);
+int rtnl_delete_link_alternative_names(sd_netlink **rtnl, int ifindex, char * const *alternative_names);
int rtnl_resolve_link_alternative_name(sd_netlink **rtnl, const char *name, int *ret);
int rtnl_log_parse_error(int r);

81
SOURCES/0722-netlink-do-not-fail-when-new-interface-name-is-alrea.patch Normal file
View File

@ -0,0 +1,81 @@
From 73ff88cdb6bd1991d75323c6c364bcc9bce7efda Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 17 Jul 2020 21:31:24 +0900
Subject: [PATCH] netlink: do not fail when new interface name is already used
as an alternative name
When renaming a network interface, the new name may be used as an
alternative name. In that case, let's swap the current name and the
alternative name. That is, first drop the new name from the list of
alternative names, then rename the interface, finally set the old name
as an alternative name.
(cherry picked from commit 434a34838034347f45fb9a47df55b1a36e5addfd)
Related: #2005008
---
src/libsystemd/sd-netlink/netlink-util.c | 30 +++++++++++++++++++++---
1 file changed, 27 insertions(+), 3 deletions(-)
diff --git a/src/libsystemd/sd-netlink/netlink-util.c b/src/libsystemd/sd-netlink/netlink-util.c
index 7f09261981..4e42ef9e26 100644
--- a/src/libsystemd/sd-netlink/netlink-util.c
+++ b/src/libsystemd/sd-netlink/netlink-util.c
@@ -1,23 +1,40 @@
/* SPDX-License-Identifier: LGPL-2.1+ */
+#include <net/if.h>
+
#include "sd-netlink.h"
#include "netlink-internal.h"
#include "netlink-util.h"
+#include "socket-util.h"
+#include "string-util.h"
#include "strv.h"
int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *message = NULL;
+ _cleanup_strv_free_ char **alternative_names = NULL;
+ char old_name[IF_NAMESIZE + 1] = {};
int r;
assert(rtnl);
assert(ifindex > 0);
assert(name);
- if (!*rtnl) {
- r = sd_netlink_open(rtnl);
+ if (!ifname_valid(name))
+ return -EINVAL;
+
+ r = rtnl_get_link_alternative_names(rtnl, ifindex, &alternative_names);
+ if (r < 0)
+ log_debug_errno(r, "Failed to get alternative names on network interface %i, ignoring: %m",
+ ifindex);
+
+ if (strv_contains(alternative_names, name)) {
+ r = rtnl_delete_link_alternative_names(rtnl, ifindex, STRV_MAKE(name));
if (r < 0)
- return r;
+ return log_debug_errno(r, "Failed to remove '%s' from alternative names on network interface %i: %m",
+ name, ifindex);
+
+ if_indextoname(ifindex, old_name);
}
r = sd_rtnl_message_new_link(*rtnl, &message, RTM_SETLINK, ifindex);
@@ -32,6 +49,13 @@ int rtnl_set_link_name(sd_netlink **rtnl, int ifindex, const char *name) {
if (r < 0)
return r;
+ if (!isempty(old_name)) {
+ r = rtnl_set_link_alternative_names(rtnl, ifindex, STRV_MAKE(old_name));
+ if (r < 0)
+ log_debug_errno(r, "Failed to set '%s' as an alternative name on network interface %i, ignoring: %m",
+ old_name, ifindex);
+ }
+
return 0;
}

46
SOURCES/0723-udev-do-not-try-to-reassign-alternative-names.patch Normal file
View File

@ -0,0 +1,46 @@
From aec8473f69877c353b9e788b2a7329e290ae14f9 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 17 Jul 2020 21:36:05 +0900
Subject: [PATCH] udev: do not try to reassign alternative names
Setting alternative names may fail if some of them are already assigned.
(cherry picked from commit 97fdae33dfe8e7e0a4e5230564f6cdebc4450eec)
Related: #2005008
---
src/udev/net/link-config.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c
index 8bd374d352..5220f247f0 100644
--- a/src/udev/net/link-config.c
+++ b/src/udev/net/link-config.c
@@ -350,7 +350,7 @@ static int get_mac(struct udev_device *device, bool want_random,
int link_config_apply(link_config_ctx *ctx, link_config *config,
struct udev_device *device, const char **name) {
- _cleanup_strv_free_ char **altnames = NULL;
+ _cleanup_strv_free_ char **altnames = NULL, **current_altnames = NULL;
bool respect_predictable = false;
struct ether_addr generated_mac;
struct ether_addr *mac = NULL;
@@ -514,9 +514,17 @@ int link_config_apply(link_config_ctx *ctx, link_config *config,
if (new_name)
strv_remove(altnames, new_name);
strv_remove(altnames, old_name);
+
+ r = rtnl_get_link_alternative_names(&ctx->rtnl, ifindex, &current_altnames);
+ if (r < 0)
+ log_debug_errno(r, "Failed to get alternative names on %s, ignoring: %m", old_name);
+
+ char **p;
+ STRV_FOREACH(p, current_altnames)
+ strv_remove(altnames, *p);
+
strv_uniq(altnames);
strv_sort(altnames);
-
r = rtnl_set_link_alternative_names(&ctx->rtnl, ifindex, altnames);
if (r == -EOPNOTSUPP)
log_debug_errno(r, "Could not set AlternativeName= or apply AlternativeNamesPolicy= on %s, ignoring: %m", old_name);

27
SOURCES/0724-Do-not-fail-if-the-same-alt.-name-is-set-again.patch Normal file
View File

@ -0,0 +1,27 @@
From 270e3f46d1fe474eb3b4cd6789520b36a740ef32 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Wed, 8 Dec 2021 09:49:24 +0100
Subject: [PATCH] Do not fail if the same alt. name is set again
This is a workaround for a kernel bug.
RHEL-only
Related: #2005008
---
src/udev/net/link-config.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c
index 5220f247f0..9046c5bd2a 100644
--- a/src/udev/net/link-config.c
+++ b/src/udev/net/link-config.c
@@ -526,7 +526,7 @@ int link_config_apply(link_config_ctx *ctx, link_config *config,
strv_uniq(altnames);
strv_sort(altnames);
r = rtnl_set_link_alternative_names(&ctx->rtnl, ifindex, altnames);
- if (r == -EOPNOTSUPP)
+ if (IN_SET(r, -EOPNOTSUPP, -EEXIST))
log_debug_errno(r, "Could not set AlternativeName= or apply AlternativeNamesPolicy= on %s, ignoring: %m", old_name);
else if (r < 0)
return log_warning_errno(r, "Could not set AlternativeName= or apply AlternativeNamesPolicy= on %s: %m", old_name);

87
SOURCES/0725-mount-do-not-update-exec-deps-on-mountinfo-changes.patch Normal file
View File

@ -0,0 +1,87 @@
From 21e4d155ac04bf3b999834cd42e4773ae01bf3b3 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 15 Nov 2019 14:00:54 +0100
Subject: [PATCH] mount: do not update exec deps on mountinfo changes
Fixes: #13978
(cherry picked from commit bf7eedbf8f8c83d9e775c80275f98f506ec963c6)
Related: #2008825
---
src/core/mount.c | 42 ++++++++++++++++++++++++++++--------------
1 file changed, 28 insertions(+), 14 deletions(-)
diff --git a/src/core/mount.c b/src/core/mount.c
index 4e0a4f238a..73c0531158 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -535,6 +535,32 @@ static int mount_verify(Mount *m) {
return 0;
}
+static int mount_add_non_exec_dependencies(Mount *m) {
+ int r;
+ assert(m);
+
+ /* Adds in all dependencies directly responsible for ordering the mount, as opposed to dependencies
+ * resulting from the ExecContext and such. */
+
+ r = mount_add_device_dependencies(m);
+ if (r < 0)
+ return r;
+
+ r = mount_add_mount_dependencies(m);
+ if (r < 0)
+ return r;
+
+ r = mount_add_quota_dependencies(m);
+ if (r < 0)
+ return r;
+
+ r = mount_add_default_dependencies(m);
+ if (r < 0)
+ return r;
+
+ return 0;
+}
+
static int mount_add_extras(Mount *m) {
Unit *u = UNIT(m);
int r;
@@ -558,18 +584,6 @@ static int mount_add_extras(Mount *m) {
return r;
}
- r = mount_add_device_dependencies(m);
- if (r < 0)
- return r;
-
- r = mount_add_mount_dependencies(m);
- if (r < 0)
- return r;
-
- r = mount_add_quota_dependencies(m);
- if (r < 0)
- return r;
-
r = unit_patch_contexts(u);
if (r < 0)
return r;
@@ -582,7 +596,7 @@ static int mount_add_extras(Mount *m) {
if (r < 0)
return r;
- r = mount_add_default_dependencies(m);
+ r = mount_add_non_exec_dependencies(m);
if (r < 0)
return r;
@@ -1526,7 +1540,7 @@ static int mount_setup_existing_unit(
}
if (load_extras)
- return mount_add_extras(MOUNT(u));
+ return mount_add_non_exec_dependencies(MOUNT(u));
return 0;
}

46
SOURCES/0726-core-mount-add-implicit-unit-dependencies-even-if-wh.patch Normal file
View File

@ -0,0 +1,46 @@
From 1fb992c50f7fc6a5c399e302ba79097d36a0cedf Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 29 Aug 2021 21:20:43 +0900
Subject: [PATCH] core/mount: add implicit unit dependencies even if when mount
unit is generated from /proc/self/mountinfo
Hopefully fixes #20566.
(cherry picked from commit aebff2e7ce209fc2d75b894a3ae8b80f6f36ec11)
Resolves: #2008825
---
src/core/mount.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/core/mount.c b/src/core/mount.c
index 73c0531158..9547cb9b29 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -1437,6 +1437,7 @@ static int mount_setup_new_unit(
MountSetupFlags *flags) {
MountParameters *p;
+ int r;
assert(u);
assert(flags);
@@ -1458,7 +1459,6 @@ static int mount_setup_new_unit(
if (!mount_is_extrinsic(MOUNT(u))) {
const char *target;
- int r;
target = mount_is_network(p) ? SPECIAL_REMOTE_FS_TARGET : SPECIAL_LOCAL_FS_TARGET;
r = unit_add_dependency_by_name(u, UNIT_BEFORE, target, NULL, true, UNIT_DEPENDENCY_MOUNTINFO_IMPLICIT);
@@ -1470,6 +1470,10 @@ static int mount_setup_new_unit(
return r;
}
+ r = mount_add_non_exec_dependencies(MOUNT(u));
+ if (r < 0)
+ return r;
+
unit_add_to_load_queue(u);
flags->is_mounted = true;
flags->just_mounted = true;

27
SOURCES/0727-core-fix-unfortunate-typo-in-unit_is_unneeded.patch Normal file
View File

@ -0,0 +1,27 @@
From 7b9b641a7721f013fb12ab4e2a03423b5ede08c6 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 9 Oct 2018 22:23:14 +0200
Subject: [PATCH] core: fix unfortunate typo in unit_is_unneeded()
Follow-up for a3c1168ac293f16d9343d248795bb4c246aaff4a.
(cherry picked from commit 93d4cb09d56e670b0c203dd6ec6939e391a0df59)
Resolves: #2040147
---
src/core/unit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/unit.c b/src/core/unit.c
index 4de218feac..e2c61ce866 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1956,7 +1956,7 @@ bool unit_is_unneeded(Unit *u) {
* restart, then don't clean this one up. */
HASHMAP_FOREACH_KEY(v, other, u->dependencies[deps[j]], i) {
- if (u->job)
+ if (other->job)
return false;
if (!UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other)))

27
SOURCES/0728-core-make-destructive-transaction-error-a-bit-more-u.patch Normal file
View File

@ -0,0 +1,27 @@
From 8cb38e1557b81740f49dff43a297aef7bd676424 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 9 Oct 2018 22:22:52 +0200
Subject: [PATCH] core: make destructive transaction error a bit more useful
(cherry picked from commit cf99f8eacf1c864b19a6a02edea78c43f3185cb7)
Related: #2040147
---
src/core/transaction.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/core/transaction.c b/src/core/transaction.c
index cdaaff4f55..ee5b39fef4 100644
--- a/src/core/transaction.c
+++ b/src/core/transaction.c
@@ -526,7 +526,9 @@ static int transaction_is_destructive(Transaction *tr, JobMode mode, sd_bus_erro
if (j->unit->job && (mode == JOB_FAIL || j->unit->job->irreversible) &&
job_type_is_conflicting(j->unit->job->type, j->type))
return sd_bus_error_setf(e, BUS_ERROR_TRANSACTION_IS_DESTRUCTIVE,
- "Transaction is destructive.");
+ "Transaction for %s/%s is destructive (%s has '%s' job queued, but '%s' is included in transaction).",
+ tr->anchor_job->unit->id, job_type_to_string(tr->anchor_job->type),
+ j->unit->id, job_type_to_string(j->unit->job->type), job_type_to_string(j->type));
}
return 0;

89
SOURCES/0729-tmpfiles-use-a-entry-in-hashmap-as-ItemArray-in-read.patch Normal file
View File

@ -0,0 +1,89 @@
From 81b967279f6e23474b1e7a0ea9b4ecf9405f87bb Mon Sep 17 00:00:00 2001
From: Masahiro Matsuya <mmatsuya@redhat.com>
Date: Wed, 31 Mar 2021 11:44:24 +0900
Subject: [PATCH] tmpfiles: use a entry in hashmap as ItemArray in
read_config_file()
[zjs: squash commits and use size_t as appropriate.
Bug seems to have been introduced in 811a15877825da9e53f9a2a8603da34589af6bbb.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1944468.]
(cherry picked from commit bec890e3cd6dac249cb12ce9430fdb78b6cf546b)
Resolves: #1944468
---
src/tmpfiles/tmpfiles.c | 47 +++++++++++++++++++++++------------------
1 file changed, 26 insertions(+), 21 deletions(-)
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 927de35f32..1aeeed0d2e 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -2646,7 +2646,7 @@ static int read_config_file(char **config_dirs, const char *fn, bool ignore_enoe
char line[LINE_MAX];
Iterator iterator;
unsigned v = 0;
- Item *i;
+ ItemArray *ia;
int r = 0;
assert(fn);
@@ -2692,32 +2692,37 @@ static int read_config_file(char **config_dirs, const char *fn, bool ignore_enoe
}
/* we have to determine age parameter for each entry of type X */
- ORDERED_HASHMAP_FOREACH(i, globs, iterator) {
- Iterator iter;
- Item *j, *candidate_item = NULL;
+ ORDERED_HASHMAP_FOREACH(ia, globs, iterator)
+ for (size_t ni = 0; ni < ia->count; ni++) {
+ Iterator iter;
+ ItemArray *ja;
+ Item *i = ia->items + ni, *candidate_item = NULL;
- if (i->type != IGNORE_DIRECTORY_PATH)
- continue;
-
- ORDERED_HASHMAP_FOREACH(j, items, iter) {
- if (!IN_SET(j->type, CREATE_DIRECTORY, TRUNCATE_DIRECTORY, CREATE_SUBVOLUME, CREATE_SUBVOLUME_INHERIT_QUOTA, CREATE_SUBVOLUME_NEW_QUOTA))
+ if (i->type != IGNORE_DIRECTORY_PATH)
continue;
- if (path_equal(j->path, i->path)) {
- candidate_item = j;
- break;
- }
+ ORDERED_HASHMAP_FOREACH(ja, items, iter)
+ for (size_t nj = 0; nj < ja->count; nj++) {
+ Item *j = ja->items + nj;
- if ((!candidate_item && path_startswith(i->path, j->path)) ||
- (candidate_item && path_startswith(j->path, candidate_item->path) && (fnmatch(i->path, j->path, FNM_PATHNAME | FNM_PERIOD) == 0)))
- candidate_item = j;
- }
+ if (!IN_SET(j->type, CREATE_DIRECTORY, TRUNCATE_DIRECTORY, CREATE_SUBVOLUME, CREATE_SUBVOLUME_INHERIT_QUOTA, CREATE_SUBVOLUME_NEW_QUOTA))
+ continue;
- if (candidate_item && candidate_item->age_set) {
- i->age = candidate_item->age;
- i->age_set = true;
+ if (path_equal(j->path, i->path)) {
+ candidate_item = j;
+ break;
+ }
+
+ if ((!candidate_item && path_startswith(i->path, j->path)) ||
+ (candidate_item && path_startswith(j->path, candidate_item->path) && (fnmatch(i->path, j->path, FNM_PATHNAME | FNM_PERIOD) == 0)))
+ candidate_item = j;
+ }
+
+ if (candidate_item && candidate_item->age_set) {
+ i->age = candidate_item->age;
+ i->age_set = true;
+ }
}
- }
if (ferror(f)) {
log_error_errno(errno, "Failed to read from file %s: %m", fn);

45
SOURCES/0730-tmpfiles-rework-condition-check.patch Normal file
View File

@ -0,0 +1,45 @@
From 520ff5394187a0d6cb0cb40251f6e8e997ccdd0e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 7 Apr 2021 17:54:49 +0200
Subject: [PATCH] tmpfiles: rework condition check
(!a && b) || (a && c) is replaced by (a ? c : b).
path_startswith() != NULL is need to avoid type warning.
(cherry picked from commit 875e7b25d84a111755dab79241c9e64e44836910)
Related: #1944468
---
src/tmpfiles/tmpfiles.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 1aeeed0d2e..50fada99dd 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -2705,7 +2705,11 @@ static int read_config_file(char **config_dirs, const char *fn, bool ignore_enoe
for (size_t nj = 0; nj < ja->count; nj++) {
Item *j = ja->items + nj;
- if (!IN_SET(j->type, CREATE_DIRECTORY, TRUNCATE_DIRECTORY, CREATE_SUBVOLUME, CREATE_SUBVOLUME_INHERIT_QUOTA, CREATE_SUBVOLUME_NEW_QUOTA))
+ if (!IN_SET(j->type, CREATE_DIRECTORY,
+ TRUNCATE_DIRECTORY,
+ CREATE_SUBVOLUME,
+ CREATE_SUBVOLUME_INHERIT_QUOTA,
+ CREATE_SUBVOLUME_NEW_QUOTA))
continue;
if (path_equal(j->path, i->path)) {
@@ -2713,8 +2717,9 @@ static int read_config_file(char **config_dirs, const char *fn, bool ignore_enoe
break;
}
- if ((!candidate_item && path_startswith(i->path, j->path)) ||
- (candidate_item && path_startswith(j->path, candidate_item->path) && (fnmatch(i->path, j->path, FNM_PATHNAME | FNM_PERIOD) == 0)))
+ if (candidate_item
+ ? (path_startswith(j->path, candidate_item->path) && fnmatch(i->path, j->path, FNM_PATHNAME | FNM_PERIOD) == 0)
+ : path_startswith(i->path, j->path) != NULL)
candidate_item = j;
}

160
SOURCES/0731-TEST-22-TMPFILES-add-reproducer-for-bug-with-X.patch Normal file
View File

@ -0,0 +1,160 @@
From 4871d0807e4add56258633d3c3452b0ee5cc8f99 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 7 Apr 2021 22:35:19 +0200
Subject: [PATCH] TEST-22-TMPFILES: add reproducer for bug with X
(cherry picked from commit 1672be86021b5ae8e80d095409a4fffcba7cbb75)
Related: #1944468
---
test/TEST-22-TMPFILES/test-11.sh | 141 +++++++++++++++++++++++++++++++
1 file changed, 141 insertions(+)
create mode 100755 test/TEST-22-TMPFILES/test-11.sh
diff --git a/test/TEST-22-TMPFILES/test-11.sh b/test/TEST-22-TMPFILES/test-11.sh
new file mode 100755
index 0000000000..21ef210cd1
--- /dev/null
+++ b/test/TEST-22-TMPFILES/test-11.sh
@@ -0,0 +1,141 @@
+#! /bin/bash
+
+set -e
+set -x
+
+rm -fr /tmp/x
+mkdir /tmp/x
+
+#
+# 'x'
+#
+mkdir -p /tmp/x/{1,2}
+touch /tmp/x/1/{x1,x2} /tmp/x/2/{y1,y2} /tmp/x/{z1,z2}
+
+systemd-tmpfiles --clean - <<EOF
+d /tmp/x - - - 0
+x /tmp/x/1
+EOF
+
+find /tmp/x | sort
+test -d /tmp/x/1
+test -f /tmp/x/1/x1
+test -f /tmp/x/1/x2
+test ! -d /tmp/x/2
+test ! -f /tmp/x/2/x1
+test ! -f /tmp/x/2/x2
+test ! -f /tmp/x/z1
+test ! -f /tmp/x/z2
+
+#
+# 'X'
+#
+
+mkdir -p /tmp/x/{1,2}
+touch /tmp/x/1/{x1,x2} /tmp/x/2/{y1,y2} /tmp/x/{z1,z2}
+
+systemd-tmpfiles --clean - <<EOF
+d /tmp/x - - - 0
+X /tmp/x/1
+EOF
+
+find /tmp/x | sort
+test -d /tmp/x/1
+test ! -f /tmp/x/1/x1
+test ! -f /tmp/x/1/x2
+test ! -d /tmp/x/2
+test ! -f /tmp/x/2/x1
+test ! -f /tmp/x/2/x2
+test ! -f /tmp/x/z1
+test ! -f /tmp/x/z2
+
+#
+# 'x' with glob
+#
+
+mkdir -p /tmp/x/{1,2}
+touch /tmp/x/1/{x1,x2} /tmp/x/2/{y1,y2} /tmp/x/{z1,z2}
+
+systemd-tmpfiles --clean - <<EOF
+d /tmp/x - - - 0
+x /tmp/x/[1345]
+x /tmp/x/z*
+EOF
+
+find /tmp/x | sort
+test -d /tmp/x/1
+test -f /tmp/x/1/x1
+test -f /tmp/x/1/x2
+test ! -d /tmp/x/2
+test ! -f /tmp/x/2/x1
+test ! -f /tmp/x/2/x2
+test -f /tmp/x/z1
+test -f /tmp/x/z2
+
+#
+# 'X' with glob
+#
+
+mkdir -p /tmp/x/{1,2}
+touch /tmp/x/1/{x1,x2} /tmp/x/2/{y1,y2} /tmp/x/{z1,z2}
+
+systemd-tmpfiles --clean - <<EOF
+d /tmp/x - - - 0
+X /tmp/x/[1345]
+X /tmp/x/?[12]
+EOF
+
+find /tmp/x | sort
+test -d /tmp/x/1
+test ! -f /tmp/x/1/x1
+test ! -f /tmp/x/1/x2
+test ! -d /tmp/x/2
+test ! -f /tmp/x/2/x1
+test ! -f /tmp/x/2/x2
+test -f /tmp/x/z1
+test -f /tmp/x/z2
+
+#
+# 'x' with 'r'
+#
+
+mkdir -p /tmp/x/{1,2}/a
+touch /tmp/x/1/a/{x1,x2} /tmp/x/2/a/{y1,y2}
+
+systemd-tmpfiles --clean - <<EOF
+# x/X is not supposed to influence r
+x /tmp/x/1/a
+X /tmp/x/2/a
+r /tmp/x/1
+r /tmp/x/2
+EOF
+
+find /tmp/x | sort
+test -d /tmp/x/1
+test -d /tmp/x/1/a
+test -f /tmp/x/1/a/x1
+test -f /tmp/x/1/a/x2
+test -f /tmp/x/2/a/y1
+test -f /tmp/x/2/a/y2
+
+#
+# 'x' with 'R'
+#
+
+mkdir -p /tmp/x/{1,2}/a
+touch /tmp/x/1/a/{x1,x2} /tmp/x/2/a/{y1,y2}
+
+systemd-tmpfiles --remove - <<EOF
+# X is not supposed to influence R
+X /tmp/x/1/a
+X /tmp/x/2/a
+R /tmp/x/1
+EOF
+
+find /tmp/x | sort
+test ! -d /tmp/x/1
+test ! -d /tmp/x/1/a
+test ! -f /tmp/x/1/a/x1
+test ! -f /tmp/x/1/a/x2
+test -f /tmp/x/2/a/y1
+test -f /tmp/x/2/a/y2

36
SOURCES/0732-core-make-sure-we-don-t-get-confused-when-setting-TE.patch Normal file
View File

@ -0,0 +1,36 @@
From 858519383fec2b3fadc1b8423214f703d69d6a6c Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 22 Apr 2020 21:52:22 +0200
Subject: [PATCH] core: make sure we don't get confused when setting TERM for a
tty fd
Fixes: #15344
(cherry picked from commit e8cf09b2a2ad0d48e5493050d54251d5f512d9b6)
Resolves: #2045307
---
src/core/execute.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/src/core/execute.c b/src/core/execute.c
index d528d08830..a104294966 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1709,12 +1709,13 @@ static int build_environment(
tty_path = exec_context_tty_path(c);
- /* If we are forked off PID 1 and we are supposed to operate on /dev/console, then let's try to inherit
- * the $TERM set for PID 1. This is useful for containers so that the $TERM the container manager
- * passes to PID 1 ends up all the way in the console login shown. */
+ /* If we are forked off PID 1 and we are supposed to operate on /dev/console, then let's try
+ * to inherit the $TERM set for PID 1. This is useful for containers so that the $TERM the
+ * container manager passes to PID 1 ends up all the way in the console login shown. */
- if (path_equal(tty_path, "/dev/console") && getppid() == 1)
+ if (path_equal_ptr(tty_path, "/dev/console") && getppid() == 1)
term = getenv("TERM");
+
if (!term)
term = default_term_for_tty(tty_path);

37
SOURCES/0733-hash-funcs-introduce-macro-to-create-typesafe-hash_o.patch Normal file
View File

@ -0,0 +1,37 @@
From cfa7b3d0a1900b725e5489dfec2c39abb8569c29 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 28 Nov 2018 14:10:04 +0900
Subject: [PATCH] hash-funcs: introduce macro to create typesafe hash_ops
(cherry picked from commit d1005d1c0050d3dc3a24c054bac4c4916073cbba)
Resolves: #2037807
---
src/basic/hash-funcs.h | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/src/basic/hash-funcs.h b/src/basic/hash-funcs.h
index 5e5989f021..2ff687e5f9 100644
--- a/src/basic/hash-funcs.h
+++ b/src/basic/hash-funcs.h
@@ -13,6 +13,20 @@ struct hash_ops {
compare_func_t compare;
};
+#define _DEFINE_HASH_OPS(uq, name, type, hash_func, compare_func, scope) \
+ _unused_ static void (* UNIQ_T(static_hash_wrapper, uq))(const type *, struct siphash *) = hash_func; \
+ _unused_ static int (* UNIQ_T(static_compare_wrapper, uq))(const type *, const type *) = compare_func; \
+ scope const struct hash_ops name = { \
+ .hash = (hash_func_t) hash_func, \
+ .compare = (compare_func_t) compare_func, \
+ }
+
+#define DEFINE_HASH_OPS(name, type, hash_func, compare_func) \
+ _DEFINE_HASH_OPS(UNIQ, name, type, hash_func, compare_func,)
+
+#define DEFINE_PRIVATE_HASH_OPS(name, type, hash_func, compare_func) \
+ _DEFINE_HASH_OPS(UNIQ, name, type, hash_func, compare_func, static)
+
void string_hash_func(const void *p, struct siphash *state);
int string_compare_func(const void *a, const void *b) _pure_;
extern const struct hash_ops string_hash_ops;

369
SOURCES/0734-hash-func-add-destructors-for-key-and-value.patch Normal file
View File

@ -0,0 +1,369 @@
From 3bee193141bdf3106732a2c925ffaf5ce48f0ecb Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 27 Nov 2018 22:25:40 +0900
Subject: [PATCH] hash-func: add destructors for key and value
If they are set, then they are called in hashmap_clear() or
hashmap_free().
(cherry picked from commit 59a5cda7b904cd7ef9853bda15b498bbc0577524)
Resolves: #2037807
---
src/basic/hash-funcs.h | 54 ++++++++++++++++++++++++++---
src/basic/hashmap.c | 76 +++++++++++------------------------------
src/basic/hashmap.h | 50 ++++++++++++++++++---------
src/basic/ordered-set.h | 6 ++--
src/basic/set.h | 10 +++---
5 files changed, 109 insertions(+), 87 deletions(-)
diff --git a/src/basic/hash-funcs.h b/src/basic/hash-funcs.h
index 2ff687e5f9..2d3125d0f9 100644
--- a/src/basic/hash-funcs.h
+++ b/src/basic/hash-funcs.h
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: LGPL-2.1+ */
#pragma once
-
+#include "alloc-util.h"
#include "macro.h"
#include "siphash24.h"
@@ -11,21 +11,67 @@ typedef int (*compare_func_t)(const void *a, const void *b);
struct hash_ops {
hash_func_t hash;
compare_func_t compare;
+ free_func_t free_key;
+ free_func_t free_value;
};
-#define _DEFINE_HASH_OPS(uq, name, type, hash_func, compare_func, scope) \
+#define _DEFINE_HASH_OPS(uq, name, type, hash_func, compare_func, free_key_func, free_value_func, scope) \
_unused_ static void (* UNIQ_T(static_hash_wrapper, uq))(const type *, struct siphash *) = hash_func; \
_unused_ static int (* UNIQ_T(static_compare_wrapper, uq))(const type *, const type *) = compare_func; \
scope const struct hash_ops name = { \
.hash = (hash_func_t) hash_func, \
.compare = (compare_func_t) compare_func, \
+ .free_key = free_key_func, \
+ .free_value = free_value_func, \
+ }
+
+#define _DEFINE_FREE_FUNC(uq, type, wrapper_name, func) \
+ /* Type-safe free function */ \
+ static void UNIQ_T(wrapper_name, uq)(void *a) { \
+ type *_a = a; \
+ func(_a); \
}
+#define _DEFINE_HASH_OPS_WITH_KEY_DESTRUCTOR(uq, name, type, hash_func, compare_func, free_func, scope) \
+ _DEFINE_FREE_FUNC(uq, type, static_free_wrapper, free_func); \
+ _DEFINE_HASH_OPS(uq, name, type, hash_func, compare_func, \
+ UNIQ_T(static_free_wrapper, uq), NULL, scope)
+
+#define _DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(uq, name, type, hash_func, compare_func, type_value, free_func, scope) \
+ _DEFINE_FREE_FUNC(uq, type_value, static_free_wrapper, free_func); \
+ _DEFINE_HASH_OPS(uq, name, type, hash_func, compare_func, \
+ NULL, UNIQ_T(static_free_wrapper, uq), scope)
+
+#define _DEFINE_HASH_OPS_FULL(uq, name, type, hash_func, compare_func, free_key_func, type_value, free_value_func, scope) \
+ _DEFINE_FREE_FUNC(uq, type, static_free_key_wrapper, free_key_func); \
+ _DEFINE_FREE_FUNC(uq, type_value, static_free_value_wrapper, free_value_func); \
+ _DEFINE_HASH_OPS(uq, name, type, hash_func, compare_func, \
+ UNIQ_T(static_free_key_wrapper, uq), \
+ UNIQ_T(static_free_value_wrapper, uq), scope)
+
#define DEFINE_HASH_OPS(name, type, hash_func, compare_func) \
- _DEFINE_HASH_OPS(UNIQ, name, type, hash_func, compare_func,)
+ _DEFINE_HASH_OPS(UNIQ, name, type, hash_func, compare_func, NULL, NULL,)
#define DEFINE_PRIVATE_HASH_OPS(name, type, hash_func, compare_func) \
- _DEFINE_HASH_OPS(UNIQ, name, type, hash_func, compare_func, static)
+ _DEFINE_HASH_OPS(UNIQ, name, type, hash_func, compare_func, NULL, NULL, static)
+
+#define DEFINE_HASH_OPS_WITH_KEY_DESTRUCTOR(name, type, hash_func, compare_func, free_func) \
+ _DEFINE_HASH_OPS_WITH_KEY_DESTRUCTOR(UNIQ, name, type, hash_func, compare_func, free_func,)
+
+#define DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(name, type, hash_func, compare_func, free_func) \
+ _DEFINE_HASH_OPS_WITH_KEY_DESTRUCTOR(UNIQ, name, type, hash_func, compare_func, free_func, static)
+
+#define DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(name, type, hash_func, compare_func, value_type, free_func) \
+ _DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(UNIQ, name, type, hash_func, compare_func, value_type, free_func,)
+
+#define DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(name, type, hash_func, compare_func, value_type, free_func) \
+ _DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(UNIQ, name, type, hash_func, compare_func, value_type, free_func, static)
+
+#define DEFINE_HASH_OPS_FULL(name, type, hash_func, compare_func, free_key_func, value_type, free_value_func) \
+ _DEFINE_HASH_OPS_FULL(UNIQ, name, type, hash_func, compare_func, free_key_func, value_type, free_value_func,)
+
+#define DEFINE_PRIVATE_HASH_OPS_FULL(name, type, hash_func, compare_func, free_key_func, value_type, free_value_func) \
+ _DEFINE_HASH_OPS_FULL(UNIQ, name, type, hash_func, compare_func, free_key_func, value_type, free_value_func, static)
void string_hash_func(const void *p, struct siphash *state);
int string_compare_func(const void *a, const void *b) _pure_;
diff --git a/src/basic/hashmap.c b/src/basic/hashmap.c
index 69a7d70b04..7c508086f0 100644
--- a/src/basic/hashmap.c
+++ b/src/basic/hashmap.c
@@ -863,47 +863,38 @@ static void hashmap_free_no_clear(HashmapBase *h) {
free(h);
}
-HashmapBase *internal_hashmap_free(HashmapBase *h) {
-
- /* Free the hashmap, but nothing in it */
-
+HashmapBase *internal_hashmap_free(HashmapBase *h, free_func_t default_free_key, free_func_t default_free_value) {
if (h) {
- internal_hashmap_clear(h);
+ internal_hashmap_clear(h, default_free_key, default_free_value);
hashmap_free_no_clear(h);
}
return NULL;
}
-HashmapBase *internal_hashmap_free_free(HashmapBase *h) {
+void internal_hashmap_clear(HashmapBase *h, free_func_t default_free_key, free_func_t default_free_value) {
+ free_func_t free_key, free_value;
+ if (!h)
+ return;
- /* Free the hashmap and all data objects in it, but not the
- * keys */
+ free_key = h->hash_ops->free_key ?: default_free_key;
+ free_value = h->hash_ops->free_value ?: default_free_value;
- if (h) {
- internal_hashmap_clear_free(h);
- hashmap_free_no_clear(h);
- }
-
- return NULL;
-}
+ if (free_key || free_value) {
+ unsigned idx;
-Hashmap *hashmap_free_free_free(Hashmap *h) {
+ for (idx = skip_free_buckets(h, 0); idx != IDX_NIL;
+ idx = skip_free_buckets(h, idx + 1)) {
+ struct hashmap_base_entry *e = bucket_at(h, idx);
- /* Free the hashmap and all data and key objects in it */
+ if (free_key)
+ free_key((void *) e->key);
- if (h) {
- hashmap_clear_free_free(h);
- hashmap_free_no_clear(HASHMAP_BASE(h));
+ if (free_value)
+ free_value(entry_value(h, e));
+ }
}
- return NULL;
-}
-
-void internal_hashmap_clear(HashmapBase *h) {
- if (!h)
- return;
-
if (h->has_indirect) {
free(h->indirect.storage);
h->has_indirect = false;
@@ -920,35 +911,6 @@ void internal_hashmap_clear(HashmapBase *h) {
base_set_dirty(h);
}
-void internal_hashmap_clear_free(HashmapBase *h) {
- unsigned idx;
-
- if (!h)
- return;
-
- for (idx = skip_free_buckets(h, 0); idx != IDX_NIL;
- idx = skip_free_buckets(h, idx + 1))
- free(entry_value(h, bucket_at(h, idx)));
-
- internal_hashmap_clear(h);
-}
-
-void hashmap_clear_free_free(Hashmap *h) {
- unsigned idx;
-
- if (!h)
- return;
-
- for (idx = skip_free_buckets(HASHMAP_BASE(h), 0); idx != IDX_NIL;
- idx = skip_free_buckets(HASHMAP_BASE(h), idx + 1)) {
- struct plain_hashmap_entry *e = plain_bucket_at(h, idx);
- free((void*)e->b.key);
- free(e->value);
- }
-
- internal_hashmap_clear(HASHMAP_BASE(h));
-}
-
static int resize_buckets(HashmapBase *h, unsigned entries_add);
/*
@@ -1771,7 +1733,7 @@ HashmapBase *internal_hashmap_copy(HashmapBase *h) {
}
if (r < 0) {
- internal_hashmap_free(copy);
+ internal_hashmap_free(copy, false, false);
return NULL;
}
diff --git a/src/basic/hashmap.h b/src/basic/hashmap.h
index 5c70c102d7..9e4772b497 100644
--- a/src/basic/hashmap.h
+++ b/src/basic/hashmap.h
@@ -23,6 +23,8 @@
#define HASH_KEY_SIZE 16
+typedef void* (*hashmap_destroy_t)(void *p);
+
/* The base type for all hashmap and set types. Many functions in the
* implementation take (HashmapBase*) parameters and are run-time polymorphic,
* though the API is not meant to be polymorphic (do not call functions
@@ -88,25 +90,33 @@ OrderedHashmap *internal_ordered_hashmap_new(const struct hash_ops *hash_ops HA
#define hashmap_new(ops) internal_hashmap_new(ops HASHMAP_DEBUG_SRC_ARGS)
#define ordered_hashmap_new(ops) internal_ordered_hashmap_new(ops HASHMAP_DEBUG_SRC_ARGS)
-HashmapBase *internal_hashmap_free(HashmapBase *h);
+HashmapBase *internal_hashmap_free(HashmapBase *h, free_func_t default_free_key, free_func_t default_free_value);
static inline Hashmap *hashmap_free(Hashmap *h) {
- return (void*)internal_hashmap_free(HASHMAP_BASE(h));
+ return (void*) internal_hashmap_free(HASHMAP_BASE(h), NULL, NULL);
}
static inline OrderedHashmap *ordered_hashmap_free(OrderedHashmap *h) {
- return (void*)internal_hashmap_free(HASHMAP_BASE(h));
+ return (void*) internal_hashmap_free(HASHMAP_BASE(h), NULL, NULL);
}
-HashmapBase *internal_hashmap_free_free(HashmapBase *h);
static inline Hashmap *hashmap_free_free(Hashmap *h) {
- return (void*)internal_hashmap_free_free(HASHMAP_BASE(h));
+ return (void*) internal_hashmap_free(HASHMAP_BASE(h), NULL, free);
}
static inline OrderedHashmap *ordered_hashmap_free_free(OrderedHashmap *h) {
- return (void*)internal_hashmap_free_free(HASHMAP_BASE(h));
+ return (void*) internal_hashmap_free(HASHMAP_BASE(h), NULL, free);
}
-Hashmap *hashmap_free_free_free(Hashmap *h);
+static inline Hashmap *hashmap_free_free_key(Hashmap *h) {
+ return (void*) internal_hashmap_free(HASHMAP_BASE(h), free, NULL);
+}
+static inline OrderedHashmap *ordered_hashmap_free_free_key(OrderedHashmap *h) {
+ return (void*) internal_hashmap_free(HASHMAP_BASE(h), free, NULL);
+}
+
+static inline Hashmap *hashmap_free_free_free(Hashmap *h) {
+ return (void*) internal_hashmap_free(HASHMAP_BASE(h), free, free);
+}
static inline OrderedHashmap *ordered_hashmap_free_free_free(OrderedHashmap *h) {
- return (void*)hashmap_free_free_free(PLAIN_HASHMAP(h));
+ return (void*) internal_hashmap_free(HASHMAP_BASE(h), free, free);
}
IteratedCache *iterated_cache_free(IteratedCache *cache);
@@ -259,25 +269,33 @@ static inline bool ordered_hashmap_iterate(OrderedHashmap *h, Iterator *i, void
return internal_hashmap_iterate(HASHMAP_BASE(h), i, value, key);
}
-void internal_hashmap_clear(HashmapBase *h);
+void internal_hashmap_clear(HashmapBase *h, free_func_t default_free_key, free_func_t default_free_value);
static inline void hashmap_clear(Hashmap *h) {
- internal_hashmap_clear(HASHMAP_BASE(h));
+ internal_hashmap_clear(HASHMAP_BASE(h), NULL, NULL);
}
static inline void ordered_hashmap_clear(OrderedHashmap *h) {
- internal_hashmap_clear(HASHMAP_BASE(h));
+ internal_hashmap_clear(HASHMAP_BASE(h), NULL, NULL);
}
-void internal_hashmap_clear_free(HashmapBase *h);
static inline void hashmap_clear_free(Hashmap *h) {
- internal_hashmap_clear_free(HASHMAP_BASE(h));
+ internal_hashmap_clear(HASHMAP_BASE(h), NULL, free);
}
static inline void ordered_hashmap_clear_free(OrderedHashmap *h) {
- internal_hashmap_clear_free(HASHMAP_BASE(h));
+ internal_hashmap_clear(HASHMAP_BASE(h), NULL, free);
}
-void hashmap_clear_free_free(Hashmap *h);
+static inline void hashmap_clear_free_key(Hashmap *h) {
+ internal_hashmap_clear(HASHMAP_BASE(h), free, NULL);
+}
+static inline void ordered_hashmap_clear_free_key(OrderedHashmap *h) {
+ internal_hashmap_clear(HASHMAP_BASE(h), free, NULL);
+}
+
+static inline void hashmap_clear_free_free(Hashmap *h) {
+ internal_hashmap_clear(HASHMAP_BASE(h), free, free);
+}
static inline void ordered_hashmap_clear_free_free(OrderedHashmap *h) {
- hashmap_clear_free_free(PLAIN_HASHMAP(h));
+ internal_hashmap_clear(HASHMAP_BASE(h), free, free);
}
/*
diff --git a/src/basic/ordered-set.h b/src/basic/ordered-set.h
index e7c054d8e4..7cbb71819b 100644
--- a/src/basic/ordered-set.h
+++ b/src/basic/ordered-set.h
@@ -21,13 +21,11 @@ static inline int ordered_set_ensure_allocated(OrderedSet **s, const struct hash
}
static inline OrderedSet* ordered_set_free(OrderedSet *s) {
- ordered_hashmap_free((OrderedHashmap*) s);
- return NULL;
+ return (OrderedSet*) ordered_hashmap_free((OrderedHashmap*) s);
}
static inline OrderedSet* ordered_set_free_free(OrderedSet *s) {
- ordered_hashmap_free_free((OrderedHashmap*) s);
- return NULL;
+ return (OrderedSet*) ordered_hashmap_free_free((OrderedHashmap*) s);
}
static inline int ordered_set_put(OrderedSet *s, void *p) {
diff --git a/src/basic/set.h b/src/basic/set.h
index 664713810d..8e12670a6e 100644
--- a/src/basic/set.h
+++ b/src/basic/set.h
@@ -9,13 +9,11 @@ Set *internal_set_new(const struct hash_ops *hash_ops HASHMAP_DEBUG_PARAMS);
#define set_new(ops) internal_set_new(ops HASHMAP_DEBUG_SRC_ARGS)
static inline Set *set_free(Set *s) {
- internal_hashmap_free(HASHMAP_BASE(s));
- return NULL;
+ return (Set*) internal_hashmap_free(HASHMAP_BASE(s), NULL, NULL);
}
static inline Set *set_free_free(Set *s) {
- internal_hashmap_free_free(HASHMAP_BASE(s));
- return NULL;
+ return (Set*) internal_hashmap_free(HASHMAP_BASE(s), free, NULL);
}
/* no set_free_free_free */
@@ -76,11 +74,11 @@ static inline unsigned set_buckets(Set *s) {
bool set_iterate(Set *s, Iterator *i, void **value);
static inline void set_clear(Set *s) {
- internal_hashmap_clear(HASHMAP_BASE(s));
+ internal_hashmap_clear(HASHMAP_BASE(s), NULL, NULL);
}
static inline void set_clear_free(Set *s) {
- internal_hashmap_clear_free(HASHMAP_BASE(s));
+ internal_hashmap_clear(HASHMAP_BASE(s), free, NULL);
}
/* no set_clear_free_free */

25
SOURCES/0735-util-define-free_func_t.patch Normal file
View File

@ -0,0 +1,25 @@
From 8d596fa931a32e517323379dde6a73ee2a72506c Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 27 Nov 2018 16:33:28 +0900
Subject: [PATCH] util: define free_func_t
(cherry picked from commit e30f9c972b789152d67ff34fd3bda294d20d1f51)
Resolves: #2037807
---
src/basic/alloc-util.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/basic/alloc-util.h b/src/basic/alloc-util.h
index ebe42889ea..f8294da68f 100644
--- a/src/basic/alloc-util.h
+++ b/src/basic/alloc-util.h
@@ -8,6 +8,8 @@
#include "macro.h"
+typedef void (*free_func_t)(void *p);
+
#define new(t, n) ((t*) malloc_multiply(sizeof(t), (n)))
#define new0(t, n) ((t*) calloc((n), sizeof(t)))

145
SOURCES/0736-hash-funcs-make-basic-hash_ops-typesafe.patch Normal file
View File

@ -0,0 +1,145 @@
From 9d8948b3f8d37c4667a50f57ab2e357b1aeb4019 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 2 Dec 2018 07:46:33 +0100
Subject: [PATCH] hash-funcs: make basic hash_ops typesafe
(cherry picked from commit 25073e5012cdb4de13d815197815c33194ff7dc9)
Resolves: #2037807
---
src/basic/hash-funcs.c | 49 +++++++++++-------------------------------
src/basic/hash-funcs.h | 16 +++++++-------
2 files changed, 21 insertions(+), 44 deletions(-)
diff --git a/src/basic/hash-funcs.c b/src/basic/hash-funcs.c
index db48437be7..0617536ea5 100644
--- a/src/basic/hash-funcs.c
+++ b/src/basic/hash-funcs.c
@@ -5,21 +5,13 @@
#include "hash-funcs.h"
#include "path-util.h"
-void string_hash_func(const void *p, struct siphash *state) {
+void string_hash_func(const char *p, struct siphash *state) {
siphash24_compress(p, strlen(p) + 1, state);
}
-int string_compare_func(const void *a, const void *b) {
- return strcmp(a, b);
-}
-
-const struct hash_ops string_hash_ops = {
- .hash = string_hash_func,
- .compare = string_compare_func
-};
+DEFINE_HASH_OPS(string_hash_ops, char, string_hash_func, string_compare_func);
-void path_hash_func(const void *p, struct siphash *state) {
- const char *q = p;
+void path_hash_func(const char *q, struct siphash *state) {
size_t n;
assert(q);
@@ -57,14 +49,11 @@ void path_hash_func(const void *p, struct siphash *state) {
}
}
-int path_compare_func(const void *a, const void *b) {
+int path_compare_func(const char *a, const char *b) {
return path_compare(a, b);
}
-const struct hash_ops path_hash_ops = {
- .hash = path_hash_func,
- .compare = path_compare_func
-};
+DEFINE_HASH_OPS(path_hash_ops, char, path_hash_func, path_compare_func);
void trivial_hash_func(const void *p, struct siphash *state) {
siphash24_compress(&p, sizeof(p), state);
@@ -79,36 +68,24 @@ const struct hash_ops trivial_hash_ops = {
.compare = trivial_compare_func
};
-void uint64_hash_func(const void *p, struct siphash *state) {
+void uint64_hash_func(const uint64_t *p, struct siphash *state) {
siphash24_compress(p, sizeof(uint64_t), state);
}
-int uint64_compare_func(const void *_a, const void *_b) {
- uint64_t a, b;
- a = *(const uint64_t*) _a;
- b = *(const uint64_t*) _b;
- return a < b ? -1 : (a > b ? 1 : 0);
+int uint64_compare_func(const uint64_t *a, const uint64_t *b) {
+ return CMP(*a, *b);
}
-const struct hash_ops uint64_hash_ops = {
- .hash = uint64_hash_func,
- .compare = uint64_compare_func
-};
+DEFINE_HASH_OPS(uint64_hash_ops, uint64_t, uint64_hash_func, uint64_compare_func);
#if SIZEOF_DEV_T != 8
-void devt_hash_func(const void *p, struct siphash *state) {
+void devt_hash_func(const dev_t *p, struct siphash *state) {
siphash24_compress(p, sizeof(dev_t), state);
}
-int devt_compare_func(const void *_a, const void *_b) {
- dev_t a, b;
- a = *(const dev_t*) _a;
- b = *(const dev_t*) _b;
- return a < b ? -1 : (a > b ? 1 : 0);
+int devt_compare_func(const dev_t *a, const dev_t *b) {
+ return CMP(*a, *b);
}
-const struct hash_ops devt_hash_ops = {
- .hash = devt_hash_func,
- .compare = devt_compare_func
-};
+DEFINE_HASH_OPS(devt_hash_ops, dev_t, devt_hash_func, devt_compare_func);
#endif
diff --git a/src/basic/hash-funcs.h b/src/basic/hash-funcs.h
index 2d3125d0f9..3d2ae4b55e 100644
--- a/src/basic/hash-funcs.h
+++ b/src/basic/hash-funcs.h
@@ -73,12 +73,12 @@ struct hash_ops {
#define DEFINE_PRIVATE_HASH_OPS_FULL(name, type, hash_func, compare_func, free_key_func, value_type, free_value_func) \
_DEFINE_HASH_OPS_FULL(UNIQ, name, type, hash_func, compare_func, free_key_func, value_type, free_value_func, static)
-void string_hash_func(const void *p, struct siphash *state);
-int string_compare_func(const void *a, const void *b) _pure_;
+void string_hash_func(const char *p, struct siphash *state);
+#define string_compare_func strcmp
extern const struct hash_ops string_hash_ops;
-void path_hash_func(const void *p, struct siphash *state);
-int path_compare_func(const void *a, const void *b) _pure_;
+void path_hash_func(const char *p, struct siphash *state);
+int path_compare_func(const char *a, const char *b) _pure_;
extern const struct hash_ops path_hash_ops;
/* This will compare the passed pointers directly, and will not dereference them. This is hence not useful for strings
@@ -89,15 +89,15 @@ extern const struct hash_ops trivial_hash_ops;
/* 32bit values we can always just embed in the pointer itself, but in order to support 32bit archs we need store 64bit
* values indirectly, since they don't fit in a pointer. */
-void uint64_hash_func(const void *p, struct siphash *state);
-int uint64_compare_func(const void *a, const void *b) _pure_;
+void uint64_hash_func(const uint64_t *p, struct siphash *state);
+int uint64_compare_func(const uint64_t *a, const uint64_t *b) _pure_;
extern const struct hash_ops uint64_hash_ops;
/* On some archs dev_t is 32bit, and on others 64bit. And sometimes it's 64bit on 32bit archs, and sometimes 32bit on
* 64bit archs. Yuck! */
#if SIZEOF_DEV_T != 8
-void devt_hash_func(const void *p, struct siphash *state) _pure_;
-int devt_compare_func(const void *a, const void *b) _pure_;
+void devt_hash_func(const dev_t *p, struct siphash *state) _pure_;
+int devt_compare_func(const dev_t *a, const dev_t *b) _pure_;
extern const struct hash_ops devt_hash_ops;
#else
#define devt_hash_func uint64_hash_func

Some files were not shown because too many files have changed in this diff Show More