Auto sync2gitlab import of systemd-239-59.el8.src.rpm

This commit is contained in:
James Antill 2022-06-29 15:14:43 -04:00
parent 762ff8eb2c
commit 9dd4df73d8
19 changed files with 1620 additions and 1 deletions

View File

@ -0,0 +1,133 @@
From a4e9cf5b5c5e4c4a6f05825cd9c159283a425ae2 Mon Sep 17 00:00:00 2001
From: Anita Zhang <the.anitazha@gmail.com>
Date: Fri, 4 Oct 2019 16:03:04 -0700
Subject: [PATCH] core: disallow using '-.service' as a service name
-.service.d will become a special top level drop in so don't let it be a
usable service name (otherwise the interaction gets complicated).
(cherry picked from commit e23d911664b4fd86eb2c24b64233cb9f23cffdd1)
Resolves: #2051520
---
src/basic/special.h | 4 ++++
src/basic/unit-name.c | 25 +++++++++++++++++++++++++
src/basic/unit-name.h | 2 ++
src/core/service.c | 5 +++++
src/test/test-unit-name.c | 19 +++++++++++++++++++
5 files changed, 55 insertions(+)
diff --git a/src/basic/special.h b/src/basic/special.h
index 379a3d7979..2915122929 100644
--- a/src/basic/special.h
+++ b/src/basic/special.h
@@ -103,3 +103,7 @@
/* The root directory. */
#define SPECIAL_ROOT_MOUNT "-.mount"
+
+/* Used to apply settings to all services through drop-ins.
+ * Should not exist as an actual service. */
+#define SPECIAL_ROOT_SERVICE "-.service"
diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c
index 614eb8649b..82a666a481 100644
--- a/src/basic/unit-name.c
+++ b/src/basic/unit-name.c
@@ -668,6 +668,31 @@ good:
return 0;
}
+bool service_unit_name_is_valid(const char *name) {
+ _cleanup_free_ char *prefix = NULL, *s = NULL;
+ const char *e, *service_name = name;
+
+ if (!unit_name_is_valid(name, UNIT_NAME_ANY))
+ return false;
+
+ e = endswith(name, ".service");
+ if (!e)
+ return false;
+
+ /* If it's a template or instance, get the prefix as a service name. */
+ if (unit_name_is_valid(name, UNIT_NAME_INSTANCE|UNIT_NAME_TEMPLATE)) {
+ assert_se(unit_name_to_prefix(name, &prefix) == 0);
+ assert_se(s = strjoin(prefix, ".service"));
+ service_name = s;
+ }
+
+ /* Reject reserved service name(s). */
+ if (streq(service_name, SPECIAL_ROOT_SERVICE))
+ return false;
+
+ return true;
+}
+
int slice_build_parent_slice(const char *slice, char **ret) {
char *s, *dash;
int r;
diff --git a/src/basic/unit-name.h b/src/basic/unit-name.h
index 61abcd585b..21729cba83 100644
--- a/src/basic/unit-name.h
+++ b/src/basic/unit-name.h
@@ -60,6 +60,8 @@ static inline int unit_name_mangle(const char *name, UnitNameMangle flags, char
return unit_name_mangle_with_suffix(name, flags, ".service", ret);
}
+bool service_unit_name_is_valid(const char *name);
+
int slice_build_parent_slice(const char *slice, char **ret);
int slice_build_subslice(const char *slice, const char*name, char **subslice);
bool slice_name_is_valid(const char *name);
diff --git a/src/core/service.c b/src/core/service.c
index e8ae1a5772..b7eb10c044 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -556,6 +556,11 @@ static int service_verify(Service *s) {
}
}
+ if (!service_unit_name_is_valid(UNIT(s)->id)) {
+ log_unit_error(UNIT(s), "Service name is invalid or reserved. Refusing.");
+ return -ENOEXEC;
+ }
+
if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]
&& UNIT(s)->success_action == EMERGENCY_ACTION_NONE) {
/* FailureAction= only makes sense if one of the start or stop commands is specified.
diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c
index 2b00ef8cb7..b629df5aea 100644
--- a/src/test/test-unit-name.c
+++ b/src/test/test-unit-name.c
@@ -347,6 +347,24 @@ static void test_unit_name_build(void) {
free(t);
}
+static void test_service_unit_name_is_valid(void) {
+ assert_se(service_unit_name_is_valid("foo.service"));
+ assert_se(service_unit_name_is_valid("foo@bar.service"));
+ assert_se(service_unit_name_is_valid("foo@bar@bar.service"));
+ assert_se(service_unit_name_is_valid("--.service"));
+ assert_se(service_unit_name_is_valid(".-.service"));
+ assert_se(service_unit_name_is_valid("-foo-bar.service"));
+ assert_se(service_unit_name_is_valid("-foo-bar-.service"));
+ assert_se(service_unit_name_is_valid("foo-bar-.service"));
+
+ assert_se(!service_unit_name_is_valid("-.service"));
+ assert_se(!service_unit_name_is_valid(""));
+ assert_se(!service_unit_name_is_valid("foo.slice"));
+ assert_se(!service_unit_name_is_valid("@.service"));
+ assert_se(!service_unit_name_is_valid("@bar.service"));
+ assert_se(!service_unit_name_is_valid("-@.service"));
+}
+
static void test_slice_name_is_valid(void) {
assert_se( slice_name_is_valid(SPECIAL_ROOT_SLICE));
assert_se( slice_name_is_valid("foo.slice"));
@@ -833,6 +851,7 @@ int main(int argc, char* argv[]) {
test_unit_prefix_is_valid();
test_unit_name_change_suffix();
test_unit_name_build();
+ test_service_unit_name_is_valid();
test_slice_name_is_valid();
test_build_subslice();
test_build_parent_slice();

View File

@ -0,0 +1,190 @@
From adc0a99b18153535ef73cf1b6ce2bc64ca501c81 Mon Sep 17 00:00:00 2001
From: Anita Zhang <the.anitazha@gmail.com>
Date: Fri, 4 Oct 2019 17:39:34 -0700
Subject: [PATCH] shared/dropin: support -.service.d/ top level drop-in for
service units
(cherry picked from commit 272467882c9c3c3d4faca5fd7a1f44c5ef2f064)
Resolves: #2051520
---
man/systemd.service.xml | 13 +++++++++++++
man/systemd.special.xml | 9 +++++++++
man/systemd.unit.xml | 4 ++++
src/basic/unit-name.c | 9 +++++++--
src/core/service.c | 2 +-
src/shared/dropin.c | 29 ++++++++++++++++++++++++++---
test/TEST-15-DROPIN/test-dropin.sh | 15 ++++++++++++++-
7 files changed, 74 insertions(+), 7 deletions(-)
diff --git a/man/systemd.service.xml b/man/systemd.service.xml
index 1e30a564df..4164402d0e 100644
--- a/man/systemd.service.xml
+++ b/man/systemd.service.xml
@@ -62,6 +62,19 @@
about the incompatibilities, see the <ulink
url="https://www.freedesktop.org/wiki/Software/systemd/Incompatibilities">Incompatibilities
with SysV</ulink> document.</para>
+
+ <para>In addition to the various drop-in behaviors described in
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ services also support a top-level drop-in with <filename>-.service.d/</filename> that allows
+ altering or adding to the settings of all services on the system.
+ The formatting and precedence of applying drop-in configurations follow what is defined in
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+ However, configurations in <filename>-.service.d/</filename> have the lowest precedence compared to settings
+ in the service specific override directories. For example, for <filename>foo-bar-baz.service</filename>,
+ drop-ins in <filename>foo-bar-baz.service.d/</filename> override the ones in
+ <filename>foo-bar-.service.d/</filename>, which override the ones <filename>foo-.service.d/</filename>,
+ which override the ones in <filename>-.service.d/</filename>.
+ </para>
</refsect1>
<refsect1>
diff --git a/man/systemd.special.xml b/man/systemd.special.xml
index fe6324a4a0..06798cd9e2 100644
--- a/man/systemd.special.xml
+++ b/man/systemd.special.xml
@@ -117,6 +117,15 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><filename>-.service</filename></term>
+ <listitem>
+ <para>This is a reserved unit name used to support top-level drop-ins for services. See
+ <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details.</para>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
<term><filename>basic.target</filename></term>
<listitem>
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index e80c760dd6..5aa3bd1699 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -190,6 +190,10 @@
over unit files wherever located. Multiple drop-in files with different names are applied in
lexicographic order, regardless of which of the directories they reside in.</para>
+ <para>Service units also support a top-level drop-in directory for modifying the settings of all service units. See
+ <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ for details.</para>
+
<!-- Note that we do not document .include here, as we consider it mostly obsolete, and want
people to use .d/ drop-ins instead. -->
diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c
index 82a666a481..078628d6e8 100644
--- a/src/basic/unit-name.c
+++ b/src/basic/unit-name.c
@@ -681,8 +681,13 @@ bool service_unit_name_is_valid(const char *name) {
/* If it's a template or instance, get the prefix as a service name. */
if (unit_name_is_valid(name, UNIT_NAME_INSTANCE|UNIT_NAME_TEMPLATE)) {
- assert_se(unit_name_to_prefix(name, &prefix) == 0);
- assert_se(s = strjoin(prefix, ".service"));
+ if (unit_name_to_prefix(name, &prefix) < 0)
+ return false;
+
+ s = strjoin(prefix, ".service");
+ if (!s)
+ return false;
+
service_name = s;
}
diff --git a/src/core/service.c b/src/core/service.c
index b7eb10c044..b3ef79228f 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -558,7 +558,7 @@ static int service_verify(Service *s) {
if (!service_unit_name_is_valid(UNIT(s)->id)) {
log_unit_error(UNIT(s), "Service name is invalid or reserved. Refusing.");
- return -ENOEXEC;
+ return -EINVAL;
}
if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]
diff --git a/src/shared/dropin.c b/src/shared/dropin.c
index 357c66d800..78ca7f4452 100644
--- a/src/shared/dropin.c
+++ b/src/shared/dropin.c
@@ -19,6 +19,7 @@
#include "mkdir.h"
#include "path-util.h"
#include "set.h"
+#include "special.h"
#include "string-util.h"
#include "strv.h"
#include "unit-name.h"
@@ -232,15 +233,37 @@ int unit_file_find_dropin_paths(
char ***ret) {
_cleanup_strv_free_ char **dirs = NULL;
- char *t, **p;
+ UnitType type = _UNIT_TYPE_INVALID;
+ char *name, **p;
Iterator i;
int r;
assert(ret);
- SET_FOREACH(t, names, i)
+ /* All the names in the unit are of the same type so just grab one. */
+ name = (char*) set_first(names);
+ if (name) {
+ type = unit_name_to_type(name);
+ if (type < 0)
+ return log_error_errno(EINVAL,
+ "Failed to to derive unit type from unit name: %s",
+ name);
+ }
+
+ /* Special drop in for -.service. Add this first as it's the most generic
+ * and should be able to be overridden by more specific drop-ins. */
+ if (type == UNIT_SERVICE)
+ STRV_FOREACH(p, lookup_path)
+ (void) unit_file_find_dirs(original_root,
+ unit_path_cache,
+ *p,
+ SPECIAL_ROOT_SERVICE,
+ dir_suffix,
+ &dirs);
+
+ SET_FOREACH(name, names, i)
STRV_FOREACH(p, lookup_path)
- (void) unit_file_find_dirs(original_root, unit_path_cache, *p, t, dir_suffix, &dirs);
+ (void) unit_file_find_dirs(original_root, unit_path_cache, *p, name, dir_suffix, &dirs);
if (strv_isempty(dirs)) {
*ret = NULL;
diff --git a/test/TEST-15-DROPIN/test-dropin.sh b/test/TEST-15-DROPIN/test-dropin.sh
index ab0a58caea..def2e03304 100755
--- a/test/TEST-15-DROPIN/test-dropin.sh
+++ b/test/TEST-15-DROPIN/test-dropin.sh
@@ -102,7 +102,20 @@ test_basic_dropins () {
check_ok b Wants c.service
systemctl stop a c
- clear_services a b c
+ echo "*** test -.service.d/ top level drop-in"
+ create_services a b
+ check_ko a ExecCondition "/bin/echo a"
+ check_ko b ExecCondition "/bin/echo b"
+ mkdir -p /usr/lib/systemd/system/-.service.d
+ cat >/usr/lib/systemd/system/-.service.d/override.conf <<EOF
+[Service]
+ExecCondition=/bin/echo %n
+EOF
+ check_ok a ExecCondition "/bin/echo a"
+ check_ok b ExecCondition "/bin/echo b"
+ rm -rf /usr/lib/systemd/system/-.service.d
+
+ clear_services a b c
}
test_template_dropins () {

View File

@ -0,0 +1,289 @@
From 07829c10b8dfff3c6d0bb8d30e77b9b3193b1f0f Mon Sep 17 00:00:00 2001
From: Anita Zhang <the.anitazha@gmail.com>
Date: Mon, 4 Nov 2019 18:29:55 -0800
Subject: [PATCH] core: change top-level drop-in from -.service.d to service.d
Discussed in #13743, the -.service semantic conflicts with the
existing root mount and slice names, making this feature not
uniformly extensible to all types. Change the name to be
<type>.d instead.
Updating to this format also extends the top-level dropin to
unit types.
(cherry picked from commit 3e1db806b0c18fd6138886ce67fac2655f09caef)
Resolves: #2051520
---
man/systemd.service.xml | 13 -------------
man/systemd.special.xml | 9 ---------
man/systemd.unit.xml | 11 ++++++++---
src/basic/special.h | 4 ----
src/basic/unit-name.c | 30 ------------------------------
src/basic/unit-name.h | 2 --
src/core/service.c | 5 -----
src/shared/dropin.c | 22 ++++++++++++----------
src/test/test-unit-name.c | 19 -------------------
test/TEST-15-DROPIN/test-dropin.sh | 8 ++++----
10 files changed, 24 insertions(+), 99 deletions(-)
diff --git a/man/systemd.service.xml b/man/systemd.service.xml
index 4164402d0e..1e30a564df 100644
--- a/man/systemd.service.xml
+++ b/man/systemd.service.xml
@@ -62,19 +62,6 @@
about the incompatibilities, see the <ulink
url="https://www.freedesktop.org/wiki/Software/systemd/Incompatibilities">Incompatibilities
with SysV</ulink> document.</para>
-
- <para>In addition to the various drop-in behaviors described in
- <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
- services also support a top-level drop-in with <filename>-.service.d/</filename> that allows
- altering or adding to the settings of all services on the system.
- The formatting and precedence of applying drop-in configurations follow what is defined in
- <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
- However, configurations in <filename>-.service.d/</filename> have the lowest precedence compared to settings
- in the service specific override directories. For example, for <filename>foo-bar-baz.service</filename>,
- drop-ins in <filename>foo-bar-baz.service.d/</filename> override the ones in
- <filename>foo-bar-.service.d/</filename>, which override the ones <filename>foo-.service.d/</filename>,
- which override the ones in <filename>-.service.d/</filename>.
- </para>
</refsect1>
<refsect1>
diff --git a/man/systemd.special.xml b/man/systemd.special.xml
index 06798cd9e2..fe6324a4a0 100644
--- a/man/systemd.special.xml
+++ b/man/systemd.special.xml
@@ -117,15 +117,6 @@
</listitem>
</varlistentry>
- <varlistentry>
- <term><filename>-.service</filename></term>
- <listitem>
- <para>This is a reserved unit name used to support top-level drop-ins for services. See
- <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- for details.</para>
- </listitem>
- </varlistentry>
-
<varlistentry>
<term><filename>basic.target</filename></term>
<listitem>
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 5aa3bd1699..6f213ccd56 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -190,9 +190,14 @@
over unit files wherever located. Multiple drop-in files with different names are applied in
lexicographic order, regardless of which of the directories they reside in.</para>
- <para>Service units also support a top-level drop-in directory for modifying the settings of all service units. See
- <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
- for details.</para>
+ <para>Units also support a top-level drop-in with <filename><replaceable>type</replaceable>.d/</filename>,
+ where <replaceable>type</replaceable> may be e.g. <literal>service</literal> or <literal>socket</literal>,
+ that allows altering or adding to the settings of all corresponding unit files on the system.
+ The formatting and precedence of applying drop-in configurations follow what is defined above.
+ Configurations in <filename><replaceable>type</replaceable>.d/</filename> have the lowest precedence
+ compared to settings in the name specific override directories. So the contents of
+ <filename>foo-.service.d/10-override.conf</filename> would override
+ <filename>service.d/10-override.conf</filename>.</para>
<!-- Note that we do not document .include here, as we consider it mostly obsolete, and want
people to use .d/ drop-ins instead. -->
diff --git a/src/basic/special.h b/src/basic/special.h
index 2915122929..379a3d7979 100644
--- a/src/basic/special.h
+++ b/src/basic/special.h
@@ -103,7 +103,3 @@
/* The root directory. */
#define SPECIAL_ROOT_MOUNT "-.mount"
-
-/* Used to apply settings to all services through drop-ins.
- * Should not exist as an actual service. */
-#define SPECIAL_ROOT_SERVICE "-.service"
diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c
index 078628d6e8..614eb8649b 100644
--- a/src/basic/unit-name.c
+++ b/src/basic/unit-name.c
@@ -668,36 +668,6 @@ good:
return 0;
}
-bool service_unit_name_is_valid(const char *name) {
- _cleanup_free_ char *prefix = NULL, *s = NULL;
- const char *e, *service_name = name;
-
- if (!unit_name_is_valid(name, UNIT_NAME_ANY))
- return false;
-
- e = endswith(name, ".service");
- if (!e)
- return false;
-
- /* If it's a template or instance, get the prefix as a service name. */
- if (unit_name_is_valid(name, UNIT_NAME_INSTANCE|UNIT_NAME_TEMPLATE)) {
- if (unit_name_to_prefix(name, &prefix) < 0)
- return false;
-
- s = strjoin(prefix, ".service");
- if (!s)
- return false;
-
- service_name = s;
- }
-
- /* Reject reserved service name(s). */
- if (streq(service_name, SPECIAL_ROOT_SERVICE))
- return false;
-
- return true;
-}
-
int slice_build_parent_slice(const char *slice, char **ret) {
char *s, *dash;
int r;
diff --git a/src/basic/unit-name.h b/src/basic/unit-name.h
index 21729cba83..61abcd585b 100644
--- a/src/basic/unit-name.h
+++ b/src/basic/unit-name.h
@@ -60,8 +60,6 @@ static inline int unit_name_mangle(const char *name, UnitNameMangle flags, char
return unit_name_mangle_with_suffix(name, flags, ".service", ret);
}
-bool service_unit_name_is_valid(const char *name);
-
int slice_build_parent_slice(const char *slice, char **ret);
int slice_build_subslice(const char *slice, const char*name, char **subslice);
bool slice_name_is_valid(const char *name);
diff --git a/src/core/service.c b/src/core/service.c
index b3ef79228f..e8ae1a5772 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -556,11 +556,6 @@ static int service_verify(Service *s) {
}
}
- if (!service_unit_name_is_valid(UNIT(s)->id)) {
- log_unit_error(UNIT(s), "Service name is invalid or reserved. Refusing.");
- return -EINVAL;
- }
-
if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]
&& UNIT(s)->success_action == EMERGENCY_ACTION_NONE) {
/* FailureAction= only makes sense if one of the start or stop commands is specified.
diff --git a/src/shared/dropin.c b/src/shared/dropin.c
index 78ca7f4452..bd2a3c0feb 100644
--- a/src/shared/dropin.c
+++ b/src/shared/dropin.c
@@ -19,7 +19,6 @@
#include "mkdir.h"
#include "path-util.h"
#include "set.h"
-#include "special.h"
#include "string-util.h"
#include "strv.h"
#include "unit-name.h"
@@ -170,6 +169,10 @@ static int unit_file_find_dirs(
return r;
}
+ /* Return early for top level drop-ins. */
+ if (unit_type_from_string(name) >= 0)
+ return 0;
+
/* Let's see if there's a "-" prefix for this unit name. If so, let's invoke ourselves for it. This will then
* recursively do the same for all our prefixes. i.e. this means given "foo-bar-waldo.service" we'll also
* search "foo-bar-.service" and "foo-.service".
@@ -250,16 +253,15 @@ int unit_file_find_dropin_paths(
name);
}
- /* Special drop in for -.service. Add this first as it's the most generic
+ /* Special top level drop in for "<unit type>.<suffix>". Add this first as it's the most generic
* and should be able to be overridden by more specific drop-ins. */
- if (type == UNIT_SERVICE)
- STRV_FOREACH(p, lookup_path)
- (void) unit_file_find_dirs(original_root,
- unit_path_cache,
- *p,
- SPECIAL_ROOT_SERVICE,
- dir_suffix,
- &dirs);
+ STRV_FOREACH(p, lookup_path)
+ (void) unit_file_find_dirs(original_root,
+ unit_path_cache,
+ *p,
+ unit_type_to_string(type),
+ dir_suffix,
+ &dirs);
SET_FOREACH(name, names, i)
STRV_FOREACH(p, lookup_path)
diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c
index b629df5aea..2b00ef8cb7 100644
--- a/src/test/test-unit-name.c
+++ b/src/test/test-unit-name.c
@@ -347,24 +347,6 @@ static void test_unit_name_build(void) {
free(t);
}
-static void test_service_unit_name_is_valid(void) {
- assert_se(service_unit_name_is_valid("foo.service"));
- assert_se(service_unit_name_is_valid("foo@bar.service"));
- assert_se(service_unit_name_is_valid("foo@bar@bar.service"));
- assert_se(service_unit_name_is_valid("--.service"));
- assert_se(service_unit_name_is_valid(".-.service"));
- assert_se(service_unit_name_is_valid("-foo-bar.service"));
- assert_se(service_unit_name_is_valid("-foo-bar-.service"));
- assert_se(service_unit_name_is_valid("foo-bar-.service"));
-
- assert_se(!service_unit_name_is_valid("-.service"));
- assert_se(!service_unit_name_is_valid(""));
- assert_se(!service_unit_name_is_valid("foo.slice"));
- assert_se(!service_unit_name_is_valid("@.service"));
- assert_se(!service_unit_name_is_valid("@bar.service"));
- assert_se(!service_unit_name_is_valid("-@.service"));
-}
-
static void test_slice_name_is_valid(void) {
assert_se( slice_name_is_valid(SPECIAL_ROOT_SLICE));
assert_se( slice_name_is_valid("foo.slice"));
@@ -851,7 +833,6 @@ int main(int argc, char* argv[]) {
test_unit_prefix_is_valid();
test_unit_name_change_suffix();
test_unit_name_build();
- test_service_unit_name_is_valid();
test_slice_name_is_valid();
test_build_subslice();
test_build_parent_slice();
diff --git a/test/TEST-15-DROPIN/test-dropin.sh b/test/TEST-15-DROPIN/test-dropin.sh
index def2e03304..7836c6535d 100755
--- a/test/TEST-15-DROPIN/test-dropin.sh
+++ b/test/TEST-15-DROPIN/test-dropin.sh
@@ -102,18 +102,18 @@ test_basic_dropins () {
check_ok b Wants c.service
systemctl stop a c
- echo "*** test -.service.d/ top level drop-in"
+ echo "*** test service.d/ top level drop-in"
create_services a b
check_ko a ExecCondition "/bin/echo a"
check_ko b ExecCondition "/bin/echo b"
- mkdir -p /usr/lib/systemd/system/-.service.d
- cat >/usr/lib/systemd/system/-.service.d/override.conf <<EOF
+ mkdir -p /usr/lib/systemd/system/service.d
+ cat >/usr/lib/systemd/system/service.d/override.conf <<EOF
[Service]
ExecCondition=/bin/echo %n
EOF
check_ok a ExecCondition "/bin/echo a"
check_ok b ExecCondition "/bin/echo b"
- rm -rf /usr/lib/systemd/system/-.service.d
+ rm -rf /usr/lib/systemd/system/service.d
clear_services a b c
}

View File

@ -0,0 +1,96 @@
From 9e1e02a83538a865dae65454214363d306e69854 Mon Sep 17 00:00:00 2001
From: Topi Miettinen <toiwoton@gmail.com>
Date: Tue, 17 Dec 2019 15:47:37 +0200
Subject: [PATCH] shared/dropin: fix assert for invalid drop-in
Don't try to show top level drop-in for non-existent units or when trying to
instantiate non-instantiated units:
$ systemctl cat nonexistent@.service
Assertion 'name' failed at src/shared/dropin.c:143, function unit_file_find_dirs(). Aborting.
$ systemctl cat systemd-journald@.service
Assertion 'name' failed at src/shared/dropin.c:143, function unit_file_find_dirs(). Aborting.
(cherry picked from commit 7a670b1dd981c645064f69faf85b04620aadbafb)
Resolves: #2051520
---
src/shared/dropin.c | 23 ++++++++++++-----------
test/TEST-15-DROPIN/test-dropin.sh | 14 ++++++++++++++
2 files changed, 26 insertions(+), 11 deletions(-)
diff --git a/src/shared/dropin.c b/src/shared/dropin.c
index bd2a3c0feb..11ed4c7184 100644
--- a/src/shared/dropin.c
+++ b/src/shared/dropin.c
@@ -236,7 +236,6 @@ int unit_file_find_dropin_paths(
char ***ret) {
_cleanup_strv_free_ char **dirs = NULL;
- UnitType type = _UNIT_TYPE_INVALID;
char *name, **p;
Iterator i;
int r;
@@ -246,22 +245,24 @@ int unit_file_find_dropin_paths(
/* All the names in the unit are of the same type so just grab one. */
name = (char*) set_first(names);
if (name) {
+ UnitType type = _UNIT_TYPE_INVALID;
+
type = unit_name_to_type(name);
if (type < 0)
return log_error_errno(EINVAL,
"Failed to to derive unit type from unit name: %s",
name);
- }
- /* Special top level drop in for "<unit type>.<suffix>". Add this first as it's the most generic
- * and should be able to be overridden by more specific drop-ins. */
- STRV_FOREACH(p, lookup_path)
- (void) unit_file_find_dirs(original_root,
- unit_path_cache,
- *p,
- unit_type_to_string(type),
- dir_suffix,
- &dirs);
+ /* Special top level drop in for "<unit type>.<suffix>". Add this first as it's the most generic
+ * and should be able to be overridden by more specific drop-ins. */
+ STRV_FOREACH(p, lookup_path)
+ (void) unit_file_find_dirs(original_root,
+ unit_path_cache,
+ *p,
+ unit_type_to_string(type),
+ dir_suffix,
+ &dirs);
+ }
SET_FOREACH(name, names, i)
STRV_FOREACH(p, lookup_path)
diff --git a/test/TEST-15-DROPIN/test-dropin.sh b/test/TEST-15-DROPIN/test-dropin.sh
index 7836c6535d..5419169f7b 100755
--- a/test/TEST-15-DROPIN/test-dropin.sh
+++ b/test/TEST-15-DROPIN/test-dropin.sh
@@ -289,9 +289,23 @@ EOF
clear_services a b
}
+test_invalid_dropins () {
+ echo "Testing invalid dropins..."
+ # Assertion failed on earlier versions, command exits unsuccessfully on later versions
+ systemctl cat nonexistent@.service || true
+ create_services a
+ systemctl daemon-reload
+ # Assertion failed on earlier versions, command exits unsuccessfully on later versions
+ systemctl cat a@.service || true
+ systemctl stop a
+ clear_services a
+ return 0
+}
+
test_basic_dropins
test_template_dropins
test_alias_dropins
test_masked_dropins
+test_invalid_dropins
touch /testok

View File

@ -0,0 +1,132 @@
From 2e7f41bd0632312d00d472a73a312218a29ce65b Mon Sep 17 00:00:00 2001
From: Viktor Mihajlovski <mihajlov@linux.ibm.com>
Date: Thu, 18 Mar 2021 11:03:34 +0100
Subject: [PATCH] udev: fix slot based network names on s390
The s390 PCI driver assigns the hotplug slot name from the
function_id attribute of the PCI device using a 8 char hexadecimal
format to match the underlying firmware/hypervisor notation.
Further, there's always a one-to-one mapping between a PCI
function and a hotplug slot, as individual functions can
hot plugged even for multi-function devices.
As the generic matching code will always try to parse the slot
name in /sys/bus/pci/slots as a positive decimal number, either
a wrong value might be produced for ID_NET_NAME_SLOT if
the slot name consists of decimal numbers only, or none at all
if a character in the range from 'a' to 'f' is encountered.
Additionally, the generic code assumes that two interfaces
share a hotplug slot, if they differ only in the function part
of the PCI address. E.g., for an interface with the PCI address
dddd:bb:aa.f, it will match the device to the first slot with
an address dddd:bb:aa. As more than one slot may have this address
for the s390 PCI driver, the wrong slot may be selected.
To resolve this we're adding a new naming schema version with the
flag NAMING_SLOT_FUNCTION_ID, which enables the correct matching
of hotplug slots if the device has an attribute named function_id.
The ID_NET_NAME_SLOT property will only be produced if there's
a file /sys/bus/pci/slots/<slotname> where <slotname> matches
the value of /sys/bus/pci/devices/.../function_id in 8 char
hex notation.
Fixes #19016
See also #19078
Related: #1939914
(cherry picked from commit a496a238e8ee66ce25ad13a3f46549b2e2e979fc)
---
man/systemd.net-naming-scheme.xml | 10 +++++++++
src/udev/udev-builtin-net_id.c | 34 +++++++++++++++++++++++++++++++
2 files changed, 44 insertions(+)
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
index fe1aa4b654..e42c93eaad 100644
--- a/man/systemd.net-naming-scheme.xml
+++ b/man/systemd.net-naming-scheme.xml
@@ -313,6 +313,16 @@
<para>Same as naming scheme <constant>rhel-8.4</constant>.</para>
</varlistentry>
+ <varlistentry>
+ <term><constant>rhel-8.7</constant></term>
+
+ <listitem><para>PCI hotplug slot names for the s390 PCI driver are a hexadecimal representation
+ of the <filename>function_id</filename> device attribute. This attribute is now used to build the
+ <varname>ID_NET_NAME_SLOT</varname>. Before that, all slot names were parsed as decimal
+ numbers, which could either result in an incorrect value of the <varname>ID_NET_NAME_SLOT</varname>
+ property or none at all.</para></listitem>
+ </varlistentry>
+
<para>Note that <constant>latest</constant> may be used to denote the latest scheme known to this
particular version of systemd.</para>
</variablelist>
diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
index 386d74ca5e..b57227a09f 100644
--- a/src/udev/udev-builtin-net_id.c
+++ b/src/udev/udev-builtin-net_id.c
@@ -126,6 +126,7 @@ typedef enum NamingSchemeFlags {
NAMING_SR_IOV_V = 1 << 0, /* Use "v" suffix for SR-IOV, see 609948c7043a40008b8299529c978ed8e11de8f6*/
NAMING_NPAR_ARI = 1 << 1, /* Use NPAR "ARI", see 6bc04997b6eab35d1cb9fa73889892702c27be09 */
NAMING_BRIDGE_NO_SLOT = 1 << 9, /* Don't use PCI hotplug slot information if the corresponding device is a PCI bridge */
+ NAMING_SLOT_FUNCTION_ID = 1 << 10, /* Use function_id if present to identify PCI hotplug slots */
/* And now the masks that combine the features above */
NAMING_V238 = 0,
@@ -137,6 +138,7 @@ typedef enum NamingSchemeFlags {
NAMING_RHEL_8_4 = NAMING_V239|NAMING_BRIDGE_NO_SLOT,
NAMING_RHEL_8_5 = NAMING_RHEL_8_4,
NAMING_RHEL_8_6 = NAMING_RHEL_8_4,
+ NAMING_RHEL_8_7 = NAMING_RHEL_8_4|NAMING_SLOT_FUNCTION_ID,
_NAMING_SCHEME_FLAGS_INVALID = -1,
} NamingSchemeFlags;
@@ -156,6 +158,7 @@ static const NamingScheme naming_schemes[] = {
{ "rhel-8.4", NAMING_RHEL_8_4 },
{ "rhel-8.5", NAMING_RHEL_8_5 },
{ "rhel-8.6", NAMING_RHEL_8_6 },
+ { "rhel-8.7", NAMING_RHEL_8_7 },
/* … add more schemes here, as the logic to name devices is updated … */
};
@@ -477,6 +480,37 @@ static int dev_pci_slot(struct udev_device *dev, struct netnames *names) {
hotplug_slot_dev = names->pcidev;
while (hotplug_slot_dev) {
+ if (!udev_device_get_sysname(hotplug_slot_dev))
+ continue;
+
+ /* The <sysname>/function_id attribute is unique to the s390 PCI driver.
+ If present, we know that the slot's directory name for this device is
+ /sys/bus/pci/XXXXXXXX/ where XXXXXXXX is the fixed length 8 hexadecimal
+ character string representation of function_id.
+ Therefore we can short cut here and just check for the existence of
+ the slot directory. As this directory has to exist, we're emitting a
+ debug message for the unlikely case it's not found.
+ Note that the domain part of doesn't belong to the slot name here
+ because there's a 1-to-1 relationship between PCI function and its hotplug
+ slot.
+ */
+ if (naming_scheme_has(NAMING_SLOT_FUNCTION_ID)) {
+ attr = udev_device_get_sysattr_value(hotplug_slot_dev, "function_id");
+ if (attr) {
+ int function_id;
+ _cleanup_free_ char *str;
+
+ if (safe_atoi(attr, &function_id) >= 0 &&
+ asprintf(&str, "%s/%08x/", slots, function_id) >= 0 &&
+ access(str, R_OK) == 0) {
+ hotplug_slot = function_id;
+ domain = 0;
+ } else
+ log_debug("No matching slot for function_id (%s).", attr);
+ break;
+ }
+ }
+
FOREACH_DIRENT_ALL(dent, dir, break) {
int i, r;
char str[PATH_MAX];

View File

@ -0,0 +1,26 @@
From e6def2e6be6a1cb87874cf8589ccdcb6ee3eec1e Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 7 Apr 2021 19:09:50 +0900
Subject: [PATCH] udev: add missing initialization to fix freeing invalid
address
Releated: #1939914
(cherry picked from commit b08c3fbe0e3f310b520d17be92110b4cb96a5f2c)
---
src/udev/udev-builtin-net_id.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
index b57227a09f..816661fb93 100644
--- a/src/udev/udev-builtin-net_id.c
+++ b/src/udev/udev-builtin-net_id.c
@@ -498,7 +498,7 @@ static int dev_pci_slot(struct udev_device *dev, struct netnames *names) {
attr = udev_device_get_sysattr_value(hotplug_slot_dev, "function_id");
if (attr) {
int function_id;
- _cleanup_free_ char *str;
+ _cleanup_free_ char *str = NULL;
if (safe_atoi(attr, &function_id) >= 0 &&
asprintf(&str, "%s/%08x/", slots, function_id) >= 0 &&

View File

@ -0,0 +1,25 @@
From 100324ef0d911913e09db71e030a5ba137ac357e Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 7 Apr 2021 19:19:45 +0900
Subject: [PATCH] udev: it is not necessary that the path is readable
Related: #1939914
(cherry picked from commit 70c35e4bfd64f24c7cb3536bdf63af537e0f2971)
---
src/udev/udev-builtin-net_id.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
index 816661fb93..ba7638fcb8 100644
--- a/src/udev/udev-builtin-net_id.c
+++ b/src/udev/udev-builtin-net_id.c
@@ -502,7 +502,7 @@ static int dev_pci_slot(struct udev_device *dev, struct netnames *names) {
if (safe_atoi(attr, &function_id) >= 0 &&
asprintf(&str, "%s/%08x/", slots, function_id) >= 0 &&
- access(str, R_OK) == 0) {
+ access(str, F_OK) == 0) {
hotplug_slot = function_id;
domain = 0;
} else

View File

@ -0,0 +1,100 @@
From 033998c21f01e7b7d91e4aa51a358f8016f3740a Mon Sep 17 00:00:00 2001
From: Viktor Mihajlovski <mihajlov@linux.ibm.com>
Date: Tue, 27 Apr 2021 15:25:16 +0200
Subject: [PATCH] udev: allow onboard index up to 65535
The maximum allowed value of the sysfs device index entry was limited to
16383 (2^14-1) to avoid the generation of unreasonable onboard interface
names.
For s390 the index can assume a value of up to 65535 (2^16-1) which is
now allowed depending on the new naming flag NAMING_16BIT_INDEX.
Larger index values are considered unreasonable and remain to be
ignored.
Related: #1939914
(cherry picked from commit 5a7eb46c0206411d380543021291b4bca0b6f59f)
---
man/systemd.net-naming-scheme.xml | 7 ++++++-
src/udev/udev-builtin-net_id.c | 22 +++++++++++++++-------
2 files changed, 21 insertions(+), 8 deletions(-)
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
index e42c93eaad..a567483995 100644
--- a/man/systemd.net-naming-scheme.xml
+++ b/man/systemd.net-naming-scheme.xml
@@ -320,7 +320,12 @@
of the <filename>function_id</filename> device attribute. This attribute is now used to build the
<varname>ID_NET_NAME_SLOT</varname>. Before that, all slot names were parsed as decimal
numbers, which could either result in an incorrect value of the <varname>ID_NET_NAME_SLOT</varname>
- property or none at all.</para></listitem>
+ property or none at all.</para>
+
+ <para>Some firmware and hypervisor implementations report unreasonable high numbers for the onboard
+ index. To prevent the generation of bogus onbard interface names, index numbers greater than 16381
+ (2^14-1) were ignored. For s390 PCI devices index values up to 65535 (2^16-1) are valid. To account
+ for that, the limit is increased to now 65535.</para></listitem>
</varlistentry>
<para>Note that <constant>latest</constant> may be used to denote the latest scheme known to this
diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
index ba7638fcb8..df84acf27c 100644
--- a/src/udev/udev-builtin-net_id.c
+++ b/src/udev/udev-builtin-net_id.c
@@ -104,7 +104,8 @@
#include "udev.h"
#include "udev-util.h"
-#define ONBOARD_INDEX_MAX (16*1024-1)
+#define ONBOARD_14BIT_INDEX_MAX ((1U << 14) - 1)
+#define ONBOARD_16BIT_INDEX_MAX ((1U << 16) - 1)
/* So here's the deal: net_id is supposed to be an excercise in providing stable names for network devices. However, we
* also want to keep updating the naming scheme used in future versions of net_id. These two goals of course are
@@ -127,6 +128,7 @@ typedef enum NamingSchemeFlags {
NAMING_NPAR_ARI = 1 << 1, /* Use NPAR "ARI", see 6bc04997b6eab35d1cb9fa73889892702c27be09 */
NAMING_BRIDGE_NO_SLOT = 1 << 9, /* Don't use PCI hotplug slot information if the corresponding device is a PCI bridge */
NAMING_SLOT_FUNCTION_ID = 1 << 10, /* Use function_id if present to identify PCI hotplug slots */
+ NAMING_16BIT_INDEX = 1 << 11, /* Allow full 16-bit for the onboard index */
/* And now the masks that combine the features above */
NAMING_V238 = 0,
@@ -138,7 +140,7 @@ typedef enum NamingSchemeFlags {
NAMING_RHEL_8_4 = NAMING_V239|NAMING_BRIDGE_NO_SLOT,
NAMING_RHEL_8_5 = NAMING_RHEL_8_4,
NAMING_RHEL_8_6 = NAMING_RHEL_8_4,
- NAMING_RHEL_8_7 = NAMING_RHEL_8_4|NAMING_SLOT_FUNCTION_ID,
+ NAMING_RHEL_8_7 = NAMING_RHEL_8_4|NAMING_SLOT_FUNCTION_ID|NAMING_16BIT_INDEX,
_NAMING_SCHEME_FLAGS_INVALID = -1,
} NamingSchemeFlags;
@@ -326,6 +328,16 @@ out_unref:
return r;
}
+static bool is_valid_onboard_index(unsigned long idx) {
+ /* Some BIOSes report rubbish indexes that are excessively high (2^24-1 is an index VMware likes to
+ * report for example). Let's define a cut-off where we don't consider the index reliable anymore. We
+ * pick some arbitrary cut-off, which is somewhere beyond the realistic number of physical network
+ * interface a system might have. Ideally the kernel would already filter this crap for us, but it
+ * doesn't currently. The initial cut-off value (2^14-1) was too conservative for s390 PCI which
+ * allows for index values up 2^16-1 which is now enabled with the NAMING_16BIT_INDEX naming flag. */
+ return idx <= (naming_scheme_has(NAMING_16BIT_INDEX) ? ONBOARD_16BIT_INDEX_MAX : ONBOARD_14BIT_INDEX_MAX);
+}
+
/* retrieve on-board index number and label from firmware */
static int dev_pci_onboard(struct udev_device *dev, struct netnames *names) {
unsigned dev_port = 0;
@@ -346,11 +358,7 @@ static int dev_pci_onboard(struct udev_device *dev, struct netnames *names) {
if (idx <= 0)
return -EINVAL;
- /* Some BIOSes report rubbish indexes that are excessively high (2^24-1 is an index VMware likes to report for
- * example). Let's define a cut-off where we don't consider the index reliable anymore. We pick some arbitrary
- * cut-off, which is somewhere beyond the realistic number of physical network interface a system might
- * have. Ideally the kernel would already filter his crap for us, but it doesn't currently. */
- if (idx > ONBOARD_INDEX_MAX)
+ if (!is_valid_onboard_index(idx))
return -ENOENT;
/* kernel provided port index for multiple ports on a single PCI function */

View File

@ -0,0 +1,98 @@
From 1ad8be47cd41f017faa5a9ca9614cbcbe784d43b Mon Sep 17 00:00:00 2001
From: Jacek Migacz <jmigacz@redhat.com>
Date: Mon, 25 Apr 2022 21:12:40 +0200
Subject: [PATCH] Revert "basic: use comma as separator in cpuset cgroup cpu
ranges"
This reverts commit 9fe3b9c7165afeedcf9f31959c436bcec233bb4d.
RHEL-only
Resolves: #1858220
---
src/basic/cpu-set-util.c | 45 ----------------------------------------
src/basic/cpu-set-util.h | 1 -
src/core/cgroup.c | 2 +-
3 files changed, 1 insertion(+), 47 deletions(-)
diff --git a/src/basic/cpu-set-util.c b/src/basic/cpu-set-util.c
index 1922c95864..db2e1d6c97 100644
--- a/src/basic/cpu-set-util.c
+++ b/src/basic/cpu-set-util.c
@@ -88,51 +88,6 @@ char *cpu_set_to_range_string(const CPUSet *set) {
return TAKE_PTR(str) ?: strdup("");
}
-/* XXX(msekleta): this is the workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1819152, remove in 8.3 */
-char *cpu_set_to_range_string_kernel(const CPUSet *set) {
- unsigned range_start = 0, range_end;
- _cleanup_free_ char *str = NULL;
- size_t allocated = 0, len = 0;
- bool in_range = false;
- int r;
-
- for (unsigned i = 0; i < set->allocated * 8; i++)
- if (CPU_ISSET_S(i, set->allocated, set->set)) {
- if (in_range)
- range_end++;
- else {
- range_start = range_end = i;
- in_range = true;
- }
- } else if (in_range) {
- in_range = false;
-
- if (!GREEDY_REALLOC(str, allocated, len + 2 + 2 * DECIMAL_STR_MAX(unsigned)))
- return NULL;
-
- if (range_end > range_start)
- r = sprintf(str + len, len > 0 ? ",%d-%d" : "%d-%d", range_start, range_end);
- else
- r = sprintf(str + len, len > 0 ? ",%d" : "%d", range_start);
- assert_se(r > 0);
- len += r;
- }
-
- if (in_range) {
- if (!GREEDY_REALLOC(str, allocated, len + 2 + 2 * DECIMAL_STR_MAX(int)))
- return NULL;
-
- if (range_end > range_start)
- r = sprintf(str + len, len > 0 ? ",%d-%d" : "%d-%d", range_start, range_end);
- else
- r = sprintf(str + len, len > 0 ? ",%d" : "%d", range_start);
- assert_se(r > 0);
- }
-
- return TAKE_PTR(str) ?: strdup("");
-}
-
-
int cpu_set_realloc(CPUSet *cpu_set, unsigned ncpus) {
size_t need;
diff --git a/src/basic/cpu-set-util.h b/src/basic/cpu-set-util.h
index 795be807af..406b08ee11 100644
--- a/src/basic/cpu-set-util.h
+++ b/src/basic/cpu-set-util.h
@@ -27,7 +27,6 @@ int cpu_set_add_all(CPUSet *a, const CPUSet *b);
char* cpu_set_to_string(const CPUSet *a);
char *cpu_set_to_range_string(const CPUSet *a);
-char *cpu_set_to_range_string_kernel(const CPUSet *a);
int cpu_set_realloc(CPUSet *cpu_set, unsigned ncpus);
int parse_cpu_set_full(
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index f02cc31c6e..f89bce3d61 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -687,7 +687,7 @@ static void cgroup_apply_unified_cpuset(Unit *u, CPUSet cpus, const char *name)
_cleanup_free_ char *buf = NULL;
int r;
- buf = cpu_set_to_range_string_kernel(&cpus);
+ buf = cpu_set_to_range_string(&cpus);
if (!buf)
return;

View File

@ -0,0 +1,51 @@
From 45670b65ccc1d41a32b83217ba9a78c9eed5fc02 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 23 Apr 2020 08:49:10 +0200
Subject: [PATCH] acpi-fpdt: mark structures as packed
Let's make sure the alignment doesn't matter.
(cherry picked from commit 49490c1d353bc920cbf73f4c71e9c35d2e3eb8b1)
Related: #2047373
---
src/shared/acpi-fpdt.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/shared/acpi-fpdt.c b/src/shared/acpi-fpdt.c
index d565ebd43e..38c464c912 100644
--- a/src/shared/acpi-fpdt.c
+++ b/src/shared/acpi-fpdt.c
@@ -23,7 +23,7 @@ struct acpi_table_header {
uint32_t oem_revision;
char asl_compiler_id[4];
uint32_t asl_compiler_revision;
-};
+} _packed_;
enum {
ACPI_FPDT_TYPE_BOOT = 0,
@@ -36,12 +36,12 @@ struct acpi_fpdt_header {
uint8_t revision;
uint8_t reserved[4];
uint64_t ptr;
-};
+} _packed_;
struct acpi_fpdt_boot_header {
char signature[4];
uint32_t length;
-};
+} _packed_;
enum {
ACPI_FPDT_S3PERF_RESUME_REC = 0,
@@ -59,7 +59,7 @@ struct acpi_fpdt_boot {
uint64_t startup_start;
uint64_t exit_services_entry;
uint64_t exit_services_exit;
-};
+} _packed;
int acpi_get_boot_usec(usec_t *loader_start, usec_t *loader_exit) {
_cleanup_free_ char *buf = NULL;

View File

@ -0,0 +1,46 @@
From 1f4af2e456675c6226857ee0c8127ff4b3d1d18a Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 6 May 2022 14:01:22 +0900
Subject: [PATCH] core/slice: make slice_freezer_action() return 0 if freezing
state is unchanged
Fixes #23278.
(cherry picked from commit d171e72e7afa11b238ba20758384d223b0c76e39)
Related: #2047373
---
src/core/slice.c | 6 +-----
src/core/unit.c | 2 ++
2 files changed, 3 insertions(+), 5 deletions(-)
diff --git a/src/core/slice.c b/src/core/slice.c
index c10e830917..34f3c84bf9 100644
--- a/src/core/slice.c
+++ b/src/core/slice.c
@@ -395,11 +395,7 @@ static int slice_freezer_action(Unit *s, FreezerAction action) {
return r;
}
- r = unit_cgroup_freezer_action(s, action);
- if (r < 0)
- return r;
-
- return 1;
+ return unit_cgroup_freezer_action(s, action);
}
static int slice_freeze(Unit *s) {
diff --git a/src/core/unit.c b/src/core/unit.c
index e2c61ce866..bd79578255 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -5622,6 +5622,8 @@ static int unit_freezer_action(Unit *u, FreezerAction action) {
if (r <= 0)
return r;
+ assert(IN_SET(u->freezer_state, FREEZER_FREEZING, FREEZER_THAWING));
+
return 1;
}

View File

@ -0,0 +1,29 @@
From f307c633acd12d59800a760b1c45fad8c79b6f49 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 9 May 2022 00:56:05 +0900
Subject: [PATCH] core/unit: fix use-after-free
Fixes #23312.
(cherry picked from commit 734582830b58e000a26e18807ea277c18778573c)
Related: #2047373
---
src/core/unit.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/core/unit.c b/src/core/unit.c
index bd79578255..68affa2c0e 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -580,8 +580,8 @@ void unit_free(Unit *u) {
unit_dequeue_rewatch_pids(u);
- sd_bus_slot_unref(u->match_bus_slot);
- sd_bus_track_unref(u->bus_track);
+ u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot);
+ u->bus_track = sd_bus_track_unref(u->bus_track);
u->deserialized_refs = strv_free(u->deserialized_refs);
u->pending_freezer_message = sd_bus_message_unref(u->pending_freezer_message);

View File

@ -0,0 +1,58 @@
From 39e9bd0412bef0c37d487834b8be3a78e28cb804 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 17 Apr 2022 07:05:07 +0900
Subject: [PATCH] sd-bus: fix reference counter to be incremented
Fixes #23097.
(cherry picked from commit b21f237d996c8c18991a68e1204f060d07dc4745)
[msekleta: This commit also contains the hunk from c2d7dd35d2
(in sd_bus_track_remove_name). I've decided to not backport that commit
fully because of conflicts and because its was made largely irrelevant
by 7f40cb7c86]
Related: #2047373
---
src/libsystemd/sd-bus/bus-track.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/src/libsystemd/sd-bus/bus-track.c b/src/libsystemd/sd-bus/bus-track.c
index 16bf615f50..b1ec5ecbbb 100644
--- a/src/libsystemd/sd-bus/bus-track.c
+++ b/src/libsystemd/sd-bus/bus-track.c
@@ -208,12 +208,12 @@ _public_ int sd_bus_track_add_name(sd_bus_track *track, const char *name) {
i = hashmap_get(track->names, name);
if (i) {
if (track->recursive) {
- unsigned k = track->n_ref + 1;
+ unsigned k = i->n_ref + 1;
- if (k < track->n_ref) /* Check for overflow */
+ if (k < i->n_ref) /* Check for overflow */
return -EOVERFLOW;
- track->n_ref = k;
+ i->n_ref = k;
}
bus_track_remove_from_queue(track);
@@ -281,14 +281,13 @@ _public_ int sd_bus_track_remove_name(sd_bus_track *track, const char *name) {
i = hashmap_get(track->names, name);
if (!i)
return -EUNATCH;
- if (i->n_ref <= 0)
- return -EUNATCH;
-
- i->n_ref--;
- if (i->n_ref <= 0)
+ assert(i->n_ref >=1);
+ if (i->n_ref <= 1)
return bus_track_remove_name_fully(track, name);
+ i->n_ref--;
+
return 1;
}

View File

@ -0,0 +1,32 @@
From 480658d6c79f494e820eb3da59a1818b5b7c3c8b Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 17 Apr 2022 07:25:09 +0900
Subject: [PATCH] sd-bus: do not read unused value
(cherry picked from commit 6a7ca27740be4229b4c9f540cd610b205ca5752c)
Related: #2047373
---
src/libsystemd/sd-bus/bus-track.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/libsystemd/sd-bus/bus-track.c b/src/libsystemd/sd-bus/bus-track.c
index b1ec5ecbbb..b9965d9d64 100644
--- a/src/libsystemd/sd-bus/bus-track.c
+++ b/src/libsystemd/sd-bus/bus-track.c
@@ -182,13 +182,13 @@ _public_ sd_bus_track* sd_bus_track_unref(sd_bus_track *track) {
static int on_name_owner_changed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
sd_bus_track *track = userdata;
- const char *name, *old, *new;
+ const char *name;
int r;
assert(message);
assert(track);
- r = sd_bus_message_read(message, "sss", &name, &old, &new);
+ r = sd_bus_message_read(message, "sss", &name, NULL, NULL);
if (r < 0)
return 0;

View File

@ -0,0 +1,35 @@
From 805e13f7016f37c882069f43b5f0c0972d5fdf95 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 17 Apr 2022 07:29:24 +0900
Subject: [PATCH] sd-bus: do not return negative errno when unknown name is
specified
When 'recursive' is false, then sd_bus_track_remove_name() does not
return negative errno when unknown name is specified. Let's follow the
same pattern for the case that 'recursive' is true.
(cherry picked from commit 55bfacc6c33eaf3475762e71172b2ef504be5af8)
Related: #2047373
---
src/libsystemd/sd-bus/bus-track.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/src/libsystemd/sd-bus/bus-track.c b/src/libsystemd/sd-bus/bus-track.c
index b9965d9d64..8893f190a1 100644
--- a/src/libsystemd/sd-bus/bus-track.c
+++ b/src/libsystemd/sd-bus/bus-track.c
@@ -275,12 +275,9 @@ _public_ int sd_bus_track_remove_name(sd_bus_track *track, const char *name) {
if (!track) /* Treat a NULL track object as an empty track object */
return 0;
- if (!track->recursive)
- return bus_track_remove_name_fully(track, name);
-
i = hashmap_get(track->names, name);
if (!i)
- return -EUNATCH;
+ return 0;
assert(i->n_ref >=1);
if (i->n_ref <= 1)

View File

@ -0,0 +1,48 @@
From 598eecf5c1c948535ca626833bc5cea59060913f Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 20 Apr 2022 22:30:22 +0200
Subject: [PATCH] sd-bus: switch to a manual overflow check in
sd_bus_track_add_name()
This is generally used in a directly client controllable way, hence we
should handle ref count overflow gracefully, instead of hitting an
assert().
As discussed:
https://github.com/systemd/systemd/pull/23099#discussion_r854341850
(cherry picked from commit 7f40cb7c86b0fff3a82096a9499570bad9c19fd2)
[msekleta: We've never switched to using track_item_ref/unref introduced
in c2d7dd35d2 hence we still had potential undefined behavior related to
overflow check and this commit fixes that.]
Related: #2047373
---
src/libsystemd/sd-bus/bus-track.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/src/libsystemd/sd-bus/bus-track.c b/src/libsystemd/sd-bus/bus-track.c
index 8893f190a1..b818e93bec 100644
--- a/src/libsystemd/sd-bus/bus-track.c
+++ b/src/libsystemd/sd-bus/bus-track.c
@@ -208,12 +208,16 @@ _public_ int sd_bus_track_add_name(sd_bus_track *track, const char *name) {
i = hashmap_get(track->names, name);
if (i) {
if (track->recursive) {
- unsigned k = i->n_ref + 1;
+ assert(i->n_ref > 0);
- if (k < i->n_ref) /* Check for overflow */
+ /* Manual oveflow check (instead of a DEFINE_TRIVIAL_REF_FUNC() helper or so), so
+ * that we can return a proper error, given this is almost always called in a
+ * directly client controllable way, and thus better should never hit an assertion
+ * here. */
+ if (i->n_ref >= UINT_MAX)
return -EOVERFLOW;
- i->n_ref = k;
+ i->n_ref++;
}
bus_track_remove_from_queue(track);

View File

@ -0,0 +1,194 @@
From b9844d3dd9d7fdf81d475b81d06a6e9ec821f91d Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 9 Nov 2020 22:22:56 +0100
Subject: [PATCH] resolved: let's preferably route reverse lookups for local
subnets to matching interfaces
Let's preferably route traffic for reverse lookups to LLMNR/mDNS/DNS on
the matching interface if the IP address is in the local subnet. Also,
if looking up an IP address of our own host, let's avoid doing
LLMNR/mDNS at all.
This is useful if "~." is a routing domain to DNS, as it means, local
reverse lookups still go to LLMNR/mDNS, too.
(cherry picked from commit 13eb76ef06f5d50bbeb58df1744057e41ef2647e)
Resolves #1739689
---
src/resolve/resolved-dns-scope.c | 85 +++++++++++++++++++++++++++++++-
src/resolve/resolved-link.c | 12 +++--
src/resolve/resolved-link.h | 1 +
3 files changed, 92 insertions(+), 6 deletions(-)
diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c
index 38ea7fea0a..8b65813428 100644
--- a/src/resolve/resolved-dns-scope.c
+++ b/src/resolve/resolved-dns-scope.c
@@ -417,6 +417,65 @@ int dns_scope_socket_tcp(DnsScope *s, int family, const union in_addr_union *add
return dns_scope_socket(s, SOCK_STREAM, family, address, server, port, ret_socket_address);
}
+static DnsScopeMatch match_subnet_reverse_lookups(
+ DnsScope *s,
+ const char *domain,
+ bool exclude_own) {
+
+ union in_addr_union ia;
+ LinkAddress *a;
+ int f, r;
+
+ assert(s);
+ assert(domain);
+
+ /* Checks whether the specified domain is a reverse address domain (i.e. in the .in-addr.arpa or
+ * .ip6.arpa area), and if so, whether the address matches any of the local subnets of the link the
+ * scope is associated with. If so, our scope should consider itself relevant for any lookup in the
+ * domain, since it apparently refers to hosts on this link's subnet.
+ *
+ * If 'exclude_own' is true this will return DNS_SCOPE_NO for any IP addresses assigned locally. This
+ * is useful for LLMNR/mDNS as we never want to look up our own hostname on LLMNR/mDNS but always use
+ * the locally synthesized one. */
+
+ if (!s->link)
+ return _DNS_SCOPE_INVALID; /* No link, hence no local addresses to check */
+
+ r = dns_name_address(domain, &f, &ia);
+ if (r < 0)
+ log_debug_errno(r, "Failed to determine whether '%s' is an address domain: %m", domain);
+ if (r <= 0)
+ return _DNS_SCOPE_INVALID;
+
+ if (s->family != AF_UNSPEC && f != s->family)
+ return _DNS_SCOPE_INVALID; /* Don't look for IPv4 addresses on LLMNR/mDNS over IPv6 and vice versa */
+
+ LIST_FOREACH(addresses, a, s->link->addresses) {
+
+ if (a->family != f)
+ continue;
+
+ /* Equals our own address? nah, let's not use this scope. The local synthesizer will pick it up for us. */
+ if (exclude_own &&
+ in_addr_equal(f, &a->in_addr, &ia) > 0)
+ return DNS_SCOPE_NO;
+
+ if (a->prefixlen == UCHAR_MAX) /* don't know subnet mask */
+ continue;
+
+ /* Check if the address is in the local subnet */
+ r = in_addr_prefix_covers(f, &a->in_addr, a->prefixlen, &ia);
+ if (r < 0)
+ log_debug_errno(r, "Failed to determine whether link address covers lookup address '%s': %m", domain);
+ if (r > 0)
+ /* Note that we only claim zero labels match. This is so that this is at the same
+ * priority a DNS scope with "." as routing domain is. */
+ return DNS_SCOPE_YES + 0;
+ }
+
+ return _DNS_SCOPE_INVALID;
+}
+
DnsScopeMatch dns_scope_good_domain(DnsScope *s, int ifindex, uint64_t flags, const char *domain) {
DnsSearchDomain *d;
@@ -455,6 +514,7 @@ DnsScopeMatch dns_scope_good_domain(DnsScope *s, int ifindex, uint64_t flags, co
case DNS_PROTOCOL_DNS: {
DnsServer *dns_server;
+ DnsScopeMatch m;
/* Never route things to scopes that lack DNS servers */
dns_server = dns_scope_get_dns_server(s);
@@ -485,10 +545,23 @@ DnsScopeMatch dns_scope_good_domain(DnsScope *s, int ifindex, uint64_t flags, co
dns_name_endswith(domain, "local") == 0)
return DNS_SCOPE_MAYBE;
+ /* If the IP address to look up matches the local subnet, then implicity synthesizes
+ * DNS_SCOPE_YES_BASE + 0 on this interface, i.e. preferably resolve IP addresses via the DNS
+ * server belonging to this interface. */
+ m = match_subnet_reverse_lookups(s, domain, false);
+ if (m >= 0)
+ return m;
+
return DNS_SCOPE_NO;
}
- case DNS_PROTOCOL_MDNS:
+ case DNS_PROTOCOL_MDNS: {
+ DnsScopeMatch m;
+
+ m = match_subnet_reverse_lookups(s, domain, true);
+ if (m >= 0)
+ return m;
+
if ((s->family == AF_INET && dns_name_endswith(domain, "in-addr.arpa") > 0) ||
(s->family == AF_INET6 && dns_name_endswith(domain, "ip6.arpa") > 0) ||
(dns_name_endswith(domain, "local") > 0 && /* only resolve names ending in .local via mDNS */
@@ -497,8 +570,15 @@ DnsScopeMatch dns_scope_good_domain(DnsScope *s, int ifindex, uint64_t flags, co
return DNS_SCOPE_MAYBE;
return DNS_SCOPE_NO;
+ }
+
+ case DNS_PROTOCOL_LLMNR: {
+ DnsScopeMatch m;
+
+ m = match_subnet_reverse_lookups(s, domain, true);
+ if (m >= 0)
+ return m;
- case DNS_PROTOCOL_LLMNR:
if ((s->family == AF_INET && dns_name_endswith(domain, "in-addr.arpa") > 0) ||
(s->family == AF_INET6 && dns_name_endswith(domain, "ip6.arpa") > 0) ||
(dns_name_is_single_label(domain) && /* only resolve single label names via LLMNR */
@@ -507,6 +587,7 @@ DnsScopeMatch dns_scope_good_domain(DnsScope *s, int ifindex, uint64_t flags, co
return DNS_SCOPE_MAYBE;
return DNS_SCOPE_NO;
+ }
default:
assert_not_reached("Unknown scope protocol");
diff --git a/src/resolve/resolved-link.c b/src/resolve/resolved-link.c
index ff2be12415..c42fe5b5f4 100644
--- a/src/resolve/resolved-link.c
+++ b/src/resolve/resolved-link.c
@@ -776,10 +776,13 @@ int link_address_new(Link *l, LinkAddress **ret, int family, const union in_addr
if (!a)
return -ENOMEM;
- a->family = family;
- a->in_addr = *in_addr;
+ *a = (LinkAddress) {
+ .family = family,
+ .in_addr = *in_addr,
+ .link = l,
+ .prefixlen = UCHAR_MAX,
+ };
- a->link = l;
LIST_PREPEND(addresses, l->addresses, a);
l->n_addresses++;
@@ -1077,7 +1080,8 @@ int link_address_update_rtnl(LinkAddress *a, sd_netlink_message *m) {
if (r < 0)
return r;
- sd_rtnl_message_addr_get_scope(m, &a->scope);
+ (void) sd_rtnl_message_addr_get_prefixlen(m, &a->prefixlen);
+ (void) sd_rtnl_message_addr_get_scope(m, &a->scope);
link_allocate_scopes(a->link);
link_add_rrs(a->link, false);
diff --git a/src/resolve/resolved-link.h b/src/resolve/resolved-link.h
index 063d3f35c3..8d52b10950 100644
--- a/src/resolve/resolved-link.h
+++ b/src/resolve/resolved-link.h
@@ -24,6 +24,7 @@ struct LinkAddress {
int family;
union in_addr_union in_addr;
+ unsigned char prefixlen;
unsigned char flags, scope;

View File

@ -2,6 +2,7 @@
#
# Used by systemd --user instances.
account sufficient pam_unix.so no_pass_expiry
account include system-auth
session required pam_selinux.so close

View File

@ -13,7 +13,7 @@
Name: systemd
Url: http://www.freedesktop.org/wiki/Software/systemd
Version: 239
Release: 58%{?dist}
Release: 59%{?dist}
# For a breakdown of the licensing, see README
License: LGPLv2+ and MIT and GPLv2+
Summary: System and Service Manager
@ -793,6 +793,23 @@ Patch0740: 0740-sysctl-fix-segfault.patch
Patch0741: 0741-ci-drop-CentOS-8-CI.patch
Patch0742: 0742-test-adapt-to-the-new-capsh-format.patch
Patch0743: 0743-test-ignore-IAB-capabilities-in-test-execute.patch
Patch0744: 0744-core-disallow-using-.service-as-a-service-name.patch
Patch0745: 0745-shared-dropin-support-.service.d-top-level-drop-in-f.patch
Patch0746: 0746-core-change-top-level-drop-in-from-.service.d-to-ser.patch
Patch0747: 0747-shared-dropin-fix-assert-for-invalid-drop-in.patch
Patch0748: 0748-udev-fix-slot-based-network-names-on-s390.patch
Patch0749: 0749-udev-add-missing-initialization-to-fix-freeing-inval.patch
Patch0750: 0750-udev-it-is-not-necessary-that-the-path-is-readable.patch
Patch0751: 0751-udev-allow-onboard-index-up-to-65535.patch
Patch0752: 0752-Revert-basic-use-comma-as-separator-in-cpuset-cgroup.patch
Patch0753: 0753-acpi-fpdt-mark-structures-as-packed.patch
Patch0754: 0754-core-slice-make-slice_freezer_action-return-0-if-fre.patch
Patch0755: 0755-core-unit-fix-use-after-free.patch
Patch0756: 0756-sd-bus-fix-reference-counter-to-be-incremented.patch
Patch0757: 0757-sd-bus-do-not-read-unused-value.patch
Patch0758: 0758-sd-bus-do-not-return-negative-errno-when-unknown-nam.patch
Patch0759: 0759-sd-bus-switch-to-a-manual-overflow-check-in-sd_bus_t.patch
Patch0760: 0760-resolved-let-s-preferably-route-reverse-lookups-for-.patch
%ifarch %{ix86} x86_64 aarch64
@ -856,6 +873,7 @@ Requires: %{name}-pam = %{version}-%{release}
Requires: %{name}-libs = %{version}-%{release}
Recommends: diffutils
Requires: util-linux
Requires: timedatex
Recommends: libxkbcommon%{?_isa}
Provides: /bin/systemctl
Provides: /sbin/shutdown
@ -1423,6 +1441,24 @@ fi
%files tests -f .file-list-tests
%changelog
* Wed May 18 2022 systemd maintenance team <systemd-maint@redhat.com> - 239-59
- core: disallow using '-.service' as a service name (#2051520)
- shared/dropin: support -.service.d/ top level drop-in for service units (#2051520)
- core: change top-level drop-in from -.service.d to service.d (#2051520)
- shared/dropin: fix assert for invalid drop-in (#2051520)
- udev: fix slot based network names on s390 (#1939914)
- udev: it is not necessary that the path is readable (#1939914)
- udev: allow onboard index up to 65535 (#1939914)
- Revert "basic: use comma as separator in cpuset cgroup cpu ranges" (#1858220)
- acpi-fpdt: mark structures as packed (#2047373)
- core/slice: make slice_freezer_action() return 0 if freezing state is unchanged (#2047373)
- core/unit: fix use-after-free (#2047373)
- sd-bus: fix reference counter to be incremented (#2047373)
- sd-bus: do not read unused value (#2047373)
- sd-bus: do not return negative errno when unknown name is specified (#2047373)
- sd-bus: switch to a manual overflow check in sd_bus_track_add_name() (#2047373)
- spec: Add dependency on timedatex (#2066946)
* Tue Feb 08 2022 systemd maintenance team <systemd-maint@redhat.com> - 239-58
- ci: drop CentOS 8 CI (#2017033)
- test: adapt to the new capsh format (#2017033)