Auto sync2gitlab import of systemd-239-59.el8.src.rpm
This commit is contained in:
parent
762ff8eb2c
commit
9dd4df73d8
133
0744-core-disallow-using-.service-as-a-service-name.patch
Normal file
133
0744-core-disallow-using-.service-as-a-service-name.patch
Normal file
@ -0,0 +1,133 @@
|
||||
From a4e9cf5b5c5e4c4a6f05825cd9c159283a425ae2 Mon Sep 17 00:00:00 2001
|
||||
From: Anita Zhang <the.anitazha@gmail.com>
|
||||
Date: Fri, 4 Oct 2019 16:03:04 -0700
|
||||
Subject: [PATCH] core: disallow using '-.service' as a service name
|
||||
|
||||
-.service.d will become a special top level drop in so don't let it be a
|
||||
usable service name (otherwise the interaction gets complicated).
|
||||
|
||||
(cherry picked from commit e23d911664b4fd86eb2c24b64233cb9f23cffdd1)
|
||||
|
||||
Resolves: #2051520
|
||||
---
|
||||
src/basic/special.h | 4 ++++
|
||||
src/basic/unit-name.c | 25 +++++++++++++++++++++++++
|
||||
src/basic/unit-name.h | 2 ++
|
||||
src/core/service.c | 5 +++++
|
||||
src/test/test-unit-name.c | 19 +++++++++++++++++++
|
||||
5 files changed, 55 insertions(+)
|
||||
|
||||
diff --git a/src/basic/special.h b/src/basic/special.h
|
||||
index 379a3d7979..2915122929 100644
|
||||
--- a/src/basic/special.h
|
||||
+++ b/src/basic/special.h
|
||||
@@ -103,3 +103,7 @@
|
||||
|
||||
/* The root directory. */
|
||||
#define SPECIAL_ROOT_MOUNT "-.mount"
|
||||
+
|
||||
+/* Used to apply settings to all services through drop-ins.
|
||||
+ * Should not exist as an actual service. */
|
||||
+#define SPECIAL_ROOT_SERVICE "-.service"
|
||||
diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c
|
||||
index 614eb8649b..82a666a481 100644
|
||||
--- a/src/basic/unit-name.c
|
||||
+++ b/src/basic/unit-name.c
|
||||
@@ -668,6 +668,31 @@ good:
|
||||
return 0;
|
||||
}
|
||||
|
||||
+bool service_unit_name_is_valid(const char *name) {
|
||||
+ _cleanup_free_ char *prefix = NULL, *s = NULL;
|
||||
+ const char *e, *service_name = name;
|
||||
+
|
||||
+ if (!unit_name_is_valid(name, UNIT_NAME_ANY))
|
||||
+ return false;
|
||||
+
|
||||
+ e = endswith(name, ".service");
|
||||
+ if (!e)
|
||||
+ return false;
|
||||
+
|
||||
+ /* If it's a template or instance, get the prefix as a service name. */
|
||||
+ if (unit_name_is_valid(name, UNIT_NAME_INSTANCE|UNIT_NAME_TEMPLATE)) {
|
||||
+ assert_se(unit_name_to_prefix(name, &prefix) == 0);
|
||||
+ assert_se(s = strjoin(prefix, ".service"));
|
||||
+ service_name = s;
|
||||
+ }
|
||||
+
|
||||
+ /* Reject reserved service name(s). */
|
||||
+ if (streq(service_name, SPECIAL_ROOT_SERVICE))
|
||||
+ return false;
|
||||
+
|
||||
+ return true;
|
||||
+}
|
||||
+
|
||||
int slice_build_parent_slice(const char *slice, char **ret) {
|
||||
char *s, *dash;
|
||||
int r;
|
||||
diff --git a/src/basic/unit-name.h b/src/basic/unit-name.h
|
||||
index 61abcd585b..21729cba83 100644
|
||||
--- a/src/basic/unit-name.h
|
||||
+++ b/src/basic/unit-name.h
|
||||
@@ -60,6 +60,8 @@ static inline int unit_name_mangle(const char *name, UnitNameMangle flags, char
|
||||
return unit_name_mangle_with_suffix(name, flags, ".service", ret);
|
||||
}
|
||||
|
||||
+bool service_unit_name_is_valid(const char *name);
|
||||
+
|
||||
int slice_build_parent_slice(const char *slice, char **ret);
|
||||
int slice_build_subslice(const char *slice, const char*name, char **subslice);
|
||||
bool slice_name_is_valid(const char *name);
|
||||
diff --git a/src/core/service.c b/src/core/service.c
|
||||
index e8ae1a5772..b7eb10c044 100644
|
||||
--- a/src/core/service.c
|
||||
+++ b/src/core/service.c
|
||||
@@ -556,6 +556,11 @@ static int service_verify(Service *s) {
|
||||
}
|
||||
}
|
||||
|
||||
+ if (!service_unit_name_is_valid(UNIT(s)->id)) {
|
||||
+ log_unit_error(UNIT(s), "Service name is invalid or reserved. Refusing.");
|
||||
+ return -ENOEXEC;
|
||||
+ }
|
||||
+
|
||||
if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]
|
||||
&& UNIT(s)->success_action == EMERGENCY_ACTION_NONE) {
|
||||
/* FailureAction= only makes sense if one of the start or stop commands is specified.
|
||||
diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c
|
||||
index 2b00ef8cb7..b629df5aea 100644
|
||||
--- a/src/test/test-unit-name.c
|
||||
+++ b/src/test/test-unit-name.c
|
||||
@@ -347,6 +347,24 @@ static void test_unit_name_build(void) {
|
||||
free(t);
|
||||
}
|
||||
|
||||
+static void test_service_unit_name_is_valid(void) {
|
||||
+ assert_se(service_unit_name_is_valid("foo.service"));
|
||||
+ assert_se(service_unit_name_is_valid("foo@bar.service"));
|
||||
+ assert_se(service_unit_name_is_valid("foo@bar@bar.service"));
|
||||
+ assert_se(service_unit_name_is_valid("--.service"));
|
||||
+ assert_se(service_unit_name_is_valid(".-.service"));
|
||||
+ assert_se(service_unit_name_is_valid("-foo-bar.service"));
|
||||
+ assert_se(service_unit_name_is_valid("-foo-bar-.service"));
|
||||
+ assert_se(service_unit_name_is_valid("foo-bar-.service"));
|
||||
+
|
||||
+ assert_se(!service_unit_name_is_valid("-.service"));
|
||||
+ assert_se(!service_unit_name_is_valid(""));
|
||||
+ assert_se(!service_unit_name_is_valid("foo.slice"));
|
||||
+ assert_se(!service_unit_name_is_valid("@.service"));
|
||||
+ assert_se(!service_unit_name_is_valid("@bar.service"));
|
||||
+ assert_se(!service_unit_name_is_valid("-@.service"));
|
||||
+}
|
||||
+
|
||||
static void test_slice_name_is_valid(void) {
|
||||
assert_se( slice_name_is_valid(SPECIAL_ROOT_SLICE));
|
||||
assert_se( slice_name_is_valid("foo.slice"));
|
||||
@@ -833,6 +851,7 @@ int main(int argc, char* argv[]) {
|
||||
test_unit_prefix_is_valid();
|
||||
test_unit_name_change_suffix();
|
||||
test_unit_name_build();
|
||||
+ test_service_unit_name_is_valid();
|
||||
test_slice_name_is_valid();
|
||||
test_build_subslice();
|
||||
test_build_parent_slice();
|
190
0745-shared-dropin-support-.service.d-top-level-drop-in-f.patch
Normal file
190
0745-shared-dropin-support-.service.d-top-level-drop-in-f.patch
Normal file
@ -0,0 +1,190 @@
|
||||
From adc0a99b18153535ef73cf1b6ce2bc64ca501c81 Mon Sep 17 00:00:00 2001
|
||||
From: Anita Zhang <the.anitazha@gmail.com>
|
||||
Date: Fri, 4 Oct 2019 17:39:34 -0700
|
||||
Subject: [PATCH] shared/dropin: support -.service.d/ top level drop-in for
|
||||
service units
|
||||
|
||||
(cherry picked from commit 272467882c9c3c3d4faca5fd7a1f44c5ef2f064)
|
||||
|
||||
Resolves: #2051520
|
||||
---
|
||||
man/systemd.service.xml | 13 +++++++++++++
|
||||
man/systemd.special.xml | 9 +++++++++
|
||||
man/systemd.unit.xml | 4 ++++
|
||||
src/basic/unit-name.c | 9 +++++++--
|
||||
src/core/service.c | 2 +-
|
||||
src/shared/dropin.c | 29 ++++++++++++++++++++++++++---
|
||||
test/TEST-15-DROPIN/test-dropin.sh | 15 ++++++++++++++-
|
||||
7 files changed, 74 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/man/systemd.service.xml b/man/systemd.service.xml
|
||||
index 1e30a564df..4164402d0e 100644
|
||||
--- a/man/systemd.service.xml
|
||||
+++ b/man/systemd.service.xml
|
||||
@@ -62,6 +62,19 @@
|
||||
about the incompatibilities, see the <ulink
|
||||
url="https://www.freedesktop.org/wiki/Software/systemd/Incompatibilities">Incompatibilities
|
||||
with SysV</ulink> document.</para>
|
||||
+
|
||||
+ <para>In addition to the various drop-in behaviors described in
|
||||
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
+ services also support a top-level drop-in with <filename>-.service.d/</filename> that allows
|
||||
+ altering or adding to the settings of all services on the system.
|
||||
+ The formatting and precedence of applying drop-in configurations follow what is defined in
|
||||
+ <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||
+ However, configurations in <filename>-.service.d/</filename> have the lowest precedence compared to settings
|
||||
+ in the service specific override directories. For example, for <filename>foo-bar-baz.service</filename>,
|
||||
+ drop-ins in <filename>foo-bar-baz.service.d/</filename> override the ones in
|
||||
+ <filename>foo-bar-.service.d/</filename>, which override the ones <filename>foo-.service.d/</filename>,
|
||||
+ which override the ones in <filename>-.service.d/</filename>.
|
||||
+ </para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
diff --git a/man/systemd.special.xml b/man/systemd.special.xml
|
||||
index fe6324a4a0..06798cd9e2 100644
|
||||
--- a/man/systemd.special.xml
|
||||
+++ b/man/systemd.special.xml
|
||||
@@ -117,6 +117,15 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
+ <varlistentry>
|
||||
+ <term><filename>-.service</filename></term>
|
||||
+ <listitem>
|
||||
+ <para>This is a reserved unit name used to support top-level drop-ins for services. See
|
||||
+ <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
+ for details.</para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
<varlistentry>
|
||||
<term><filename>basic.target</filename></term>
|
||||
<listitem>
|
||||
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
|
||||
index e80c760dd6..5aa3bd1699 100644
|
||||
--- a/man/systemd.unit.xml
|
||||
+++ b/man/systemd.unit.xml
|
||||
@@ -190,6 +190,10 @@
|
||||
over unit files wherever located. Multiple drop-in files with different names are applied in
|
||||
lexicographic order, regardless of which of the directories they reside in.</para>
|
||||
|
||||
+ <para>Service units also support a top-level drop-in directory for modifying the settings of all service units. See
|
||||
+ <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
+ for details.</para>
|
||||
+
|
||||
<!-- Note that we do not document .include here, as we consider it mostly obsolete, and want
|
||||
people to use .d/ drop-ins instead. -->
|
||||
|
||||
diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c
|
||||
index 82a666a481..078628d6e8 100644
|
||||
--- a/src/basic/unit-name.c
|
||||
+++ b/src/basic/unit-name.c
|
||||
@@ -681,8 +681,13 @@ bool service_unit_name_is_valid(const char *name) {
|
||||
|
||||
/* If it's a template or instance, get the prefix as a service name. */
|
||||
if (unit_name_is_valid(name, UNIT_NAME_INSTANCE|UNIT_NAME_TEMPLATE)) {
|
||||
- assert_se(unit_name_to_prefix(name, &prefix) == 0);
|
||||
- assert_se(s = strjoin(prefix, ".service"));
|
||||
+ if (unit_name_to_prefix(name, &prefix) < 0)
|
||||
+ return false;
|
||||
+
|
||||
+ s = strjoin(prefix, ".service");
|
||||
+ if (!s)
|
||||
+ return false;
|
||||
+
|
||||
service_name = s;
|
||||
}
|
||||
|
||||
diff --git a/src/core/service.c b/src/core/service.c
|
||||
index b7eb10c044..b3ef79228f 100644
|
||||
--- a/src/core/service.c
|
||||
+++ b/src/core/service.c
|
||||
@@ -558,7 +558,7 @@ static int service_verify(Service *s) {
|
||||
|
||||
if (!service_unit_name_is_valid(UNIT(s)->id)) {
|
||||
log_unit_error(UNIT(s), "Service name is invalid or reserved. Refusing.");
|
||||
- return -ENOEXEC;
|
||||
+ return -EINVAL;
|
||||
}
|
||||
|
||||
if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]
|
||||
diff --git a/src/shared/dropin.c b/src/shared/dropin.c
|
||||
index 357c66d800..78ca7f4452 100644
|
||||
--- a/src/shared/dropin.c
|
||||
+++ b/src/shared/dropin.c
|
||||
@@ -19,6 +19,7 @@
|
||||
#include "mkdir.h"
|
||||
#include "path-util.h"
|
||||
#include "set.h"
|
||||
+#include "special.h"
|
||||
#include "string-util.h"
|
||||
#include "strv.h"
|
||||
#include "unit-name.h"
|
||||
@@ -232,15 +233,37 @@ int unit_file_find_dropin_paths(
|
||||
char ***ret) {
|
||||
|
||||
_cleanup_strv_free_ char **dirs = NULL;
|
||||
- char *t, **p;
|
||||
+ UnitType type = _UNIT_TYPE_INVALID;
|
||||
+ char *name, **p;
|
||||
Iterator i;
|
||||
int r;
|
||||
|
||||
assert(ret);
|
||||
|
||||
- SET_FOREACH(t, names, i)
|
||||
+ /* All the names in the unit are of the same type so just grab one. */
|
||||
+ name = (char*) set_first(names);
|
||||
+ if (name) {
|
||||
+ type = unit_name_to_type(name);
|
||||
+ if (type < 0)
|
||||
+ return log_error_errno(EINVAL,
|
||||
+ "Failed to to derive unit type from unit name: %s",
|
||||
+ name);
|
||||
+ }
|
||||
+
|
||||
+ /* Special drop in for -.service. Add this first as it's the most generic
|
||||
+ * and should be able to be overridden by more specific drop-ins. */
|
||||
+ if (type == UNIT_SERVICE)
|
||||
+ STRV_FOREACH(p, lookup_path)
|
||||
+ (void) unit_file_find_dirs(original_root,
|
||||
+ unit_path_cache,
|
||||
+ *p,
|
||||
+ SPECIAL_ROOT_SERVICE,
|
||||
+ dir_suffix,
|
||||
+ &dirs);
|
||||
+
|
||||
+ SET_FOREACH(name, names, i)
|
||||
STRV_FOREACH(p, lookup_path)
|
||||
- (void) unit_file_find_dirs(original_root, unit_path_cache, *p, t, dir_suffix, &dirs);
|
||||
+ (void) unit_file_find_dirs(original_root, unit_path_cache, *p, name, dir_suffix, &dirs);
|
||||
|
||||
if (strv_isempty(dirs)) {
|
||||
*ret = NULL;
|
||||
diff --git a/test/TEST-15-DROPIN/test-dropin.sh b/test/TEST-15-DROPIN/test-dropin.sh
|
||||
index ab0a58caea..def2e03304 100755
|
||||
--- a/test/TEST-15-DROPIN/test-dropin.sh
|
||||
+++ b/test/TEST-15-DROPIN/test-dropin.sh
|
||||
@@ -102,7 +102,20 @@ test_basic_dropins () {
|
||||
check_ok b Wants c.service
|
||||
systemctl stop a c
|
||||
|
||||
- clear_services a b c
|
||||
+ echo "*** test -.service.d/ top level drop-in"
|
||||
+ create_services a b
|
||||
+ check_ko a ExecCondition "/bin/echo a"
|
||||
+ check_ko b ExecCondition "/bin/echo b"
|
||||
+ mkdir -p /usr/lib/systemd/system/-.service.d
|
||||
+ cat >/usr/lib/systemd/system/-.service.d/override.conf <<EOF
|
||||
+[Service]
|
||||
+ExecCondition=/bin/echo %n
|
||||
+EOF
|
||||
+ check_ok a ExecCondition "/bin/echo a"
|
||||
+ check_ok b ExecCondition "/bin/echo b"
|
||||
+ rm -rf /usr/lib/systemd/system/-.service.d
|
||||
+
|
||||
+ clear_services a b c
|
||||
}
|
||||
|
||||
test_template_dropins () {
|
289
0746-core-change-top-level-drop-in-from-.service.d-to-ser.patch
Normal file
289
0746-core-change-top-level-drop-in-from-.service.d-to-ser.patch
Normal file
@ -0,0 +1,289 @@
|
||||
From 07829c10b8dfff3c6d0bb8d30e77b9b3193b1f0f Mon Sep 17 00:00:00 2001
|
||||
From: Anita Zhang <the.anitazha@gmail.com>
|
||||
Date: Mon, 4 Nov 2019 18:29:55 -0800
|
||||
Subject: [PATCH] core: change top-level drop-in from -.service.d to service.d
|
||||
|
||||
Discussed in #13743, the -.service semantic conflicts with the
|
||||
existing root mount and slice names, making this feature not
|
||||
uniformly extensible to all types. Change the name to be
|
||||
<type>.d instead.
|
||||
|
||||
Updating to this format also extends the top-level dropin to
|
||||
unit types.
|
||||
|
||||
(cherry picked from commit 3e1db806b0c18fd6138886ce67fac2655f09caef)
|
||||
|
||||
Resolves: #2051520
|
||||
---
|
||||
man/systemd.service.xml | 13 -------------
|
||||
man/systemd.special.xml | 9 ---------
|
||||
man/systemd.unit.xml | 11 ++++++++---
|
||||
src/basic/special.h | 4 ----
|
||||
src/basic/unit-name.c | 30 ------------------------------
|
||||
src/basic/unit-name.h | 2 --
|
||||
src/core/service.c | 5 -----
|
||||
src/shared/dropin.c | 22 ++++++++++++----------
|
||||
src/test/test-unit-name.c | 19 -------------------
|
||||
test/TEST-15-DROPIN/test-dropin.sh | 8 ++++----
|
||||
10 files changed, 24 insertions(+), 99 deletions(-)
|
||||
|
||||
diff --git a/man/systemd.service.xml b/man/systemd.service.xml
|
||||
index 4164402d0e..1e30a564df 100644
|
||||
--- a/man/systemd.service.xml
|
||||
+++ b/man/systemd.service.xml
|
||||
@@ -62,19 +62,6 @@
|
||||
about the incompatibilities, see the <ulink
|
||||
url="https://www.freedesktop.org/wiki/Software/systemd/Incompatibilities">Incompatibilities
|
||||
with SysV</ulink> document.</para>
|
||||
-
|
||||
- <para>In addition to the various drop-in behaviors described in
|
||||
- <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||||
- services also support a top-level drop-in with <filename>-.service.d/</filename> that allows
|
||||
- altering or adding to the settings of all services on the system.
|
||||
- The formatting and precedence of applying drop-in configurations follow what is defined in
|
||||
- <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
|
||||
- However, configurations in <filename>-.service.d/</filename> have the lowest precedence compared to settings
|
||||
- in the service specific override directories. For example, for <filename>foo-bar-baz.service</filename>,
|
||||
- drop-ins in <filename>foo-bar-baz.service.d/</filename> override the ones in
|
||||
- <filename>foo-bar-.service.d/</filename>, which override the ones <filename>foo-.service.d/</filename>,
|
||||
- which override the ones in <filename>-.service.d/</filename>.
|
||||
- </para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
diff --git a/man/systemd.special.xml b/man/systemd.special.xml
|
||||
index 06798cd9e2..fe6324a4a0 100644
|
||||
--- a/man/systemd.special.xml
|
||||
+++ b/man/systemd.special.xml
|
||||
@@ -117,15 +117,6 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
- <varlistentry>
|
||||
- <term><filename>-.service</filename></term>
|
||||
- <listitem>
|
||||
- <para>This is a reserved unit name used to support top-level drop-ins for services. See
|
||||
- <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
- for details.</para>
|
||||
- </listitem>
|
||||
- </varlistentry>
|
||||
-
|
||||
<varlistentry>
|
||||
<term><filename>basic.target</filename></term>
|
||||
<listitem>
|
||||
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
|
||||
index 5aa3bd1699..6f213ccd56 100644
|
||||
--- a/man/systemd.unit.xml
|
||||
+++ b/man/systemd.unit.xml
|
||||
@@ -190,9 +190,14 @@
|
||||
over unit files wherever located. Multiple drop-in files with different names are applied in
|
||||
lexicographic order, regardless of which of the directories they reside in.</para>
|
||||
|
||||
- <para>Service units also support a top-level drop-in directory for modifying the settings of all service units. See
|
||||
- <citerefentry><refentrytitle>systemd.service</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||||
- for details.</para>
|
||||
+ <para>Units also support a top-level drop-in with <filename><replaceable>type</replaceable>.d/</filename>,
|
||||
+ where <replaceable>type</replaceable> may be e.g. <literal>service</literal> or <literal>socket</literal>,
|
||||
+ that allows altering or adding to the settings of all corresponding unit files on the system.
|
||||
+ The formatting and precedence of applying drop-in configurations follow what is defined above.
|
||||
+ Configurations in <filename><replaceable>type</replaceable>.d/</filename> have the lowest precedence
|
||||
+ compared to settings in the name specific override directories. So the contents of
|
||||
+ <filename>foo-.service.d/10-override.conf</filename> would override
|
||||
+ <filename>service.d/10-override.conf</filename>.</para>
|
||||
|
||||
<!-- Note that we do not document .include here, as we consider it mostly obsolete, and want
|
||||
people to use .d/ drop-ins instead. -->
|
||||
diff --git a/src/basic/special.h b/src/basic/special.h
|
||||
index 2915122929..379a3d7979 100644
|
||||
--- a/src/basic/special.h
|
||||
+++ b/src/basic/special.h
|
||||
@@ -103,7 +103,3 @@
|
||||
|
||||
/* The root directory. */
|
||||
#define SPECIAL_ROOT_MOUNT "-.mount"
|
||||
-
|
||||
-/* Used to apply settings to all services through drop-ins.
|
||||
- * Should not exist as an actual service. */
|
||||
-#define SPECIAL_ROOT_SERVICE "-.service"
|
||||
diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c
|
||||
index 078628d6e8..614eb8649b 100644
|
||||
--- a/src/basic/unit-name.c
|
||||
+++ b/src/basic/unit-name.c
|
||||
@@ -668,36 +668,6 @@ good:
|
||||
return 0;
|
||||
}
|
||||
|
||||
-bool service_unit_name_is_valid(const char *name) {
|
||||
- _cleanup_free_ char *prefix = NULL, *s = NULL;
|
||||
- const char *e, *service_name = name;
|
||||
-
|
||||
- if (!unit_name_is_valid(name, UNIT_NAME_ANY))
|
||||
- return false;
|
||||
-
|
||||
- e = endswith(name, ".service");
|
||||
- if (!e)
|
||||
- return false;
|
||||
-
|
||||
- /* If it's a template or instance, get the prefix as a service name. */
|
||||
- if (unit_name_is_valid(name, UNIT_NAME_INSTANCE|UNIT_NAME_TEMPLATE)) {
|
||||
- if (unit_name_to_prefix(name, &prefix) < 0)
|
||||
- return false;
|
||||
-
|
||||
- s = strjoin(prefix, ".service");
|
||||
- if (!s)
|
||||
- return false;
|
||||
-
|
||||
- service_name = s;
|
||||
- }
|
||||
-
|
||||
- /* Reject reserved service name(s). */
|
||||
- if (streq(service_name, SPECIAL_ROOT_SERVICE))
|
||||
- return false;
|
||||
-
|
||||
- return true;
|
||||
-}
|
||||
-
|
||||
int slice_build_parent_slice(const char *slice, char **ret) {
|
||||
char *s, *dash;
|
||||
int r;
|
||||
diff --git a/src/basic/unit-name.h b/src/basic/unit-name.h
|
||||
index 21729cba83..61abcd585b 100644
|
||||
--- a/src/basic/unit-name.h
|
||||
+++ b/src/basic/unit-name.h
|
||||
@@ -60,8 +60,6 @@ static inline int unit_name_mangle(const char *name, UnitNameMangle flags, char
|
||||
return unit_name_mangle_with_suffix(name, flags, ".service", ret);
|
||||
}
|
||||
|
||||
-bool service_unit_name_is_valid(const char *name);
|
||||
-
|
||||
int slice_build_parent_slice(const char *slice, char **ret);
|
||||
int slice_build_subslice(const char *slice, const char*name, char **subslice);
|
||||
bool slice_name_is_valid(const char *name);
|
||||
diff --git a/src/core/service.c b/src/core/service.c
|
||||
index b3ef79228f..e8ae1a5772 100644
|
||||
--- a/src/core/service.c
|
||||
+++ b/src/core/service.c
|
||||
@@ -556,11 +556,6 @@ static int service_verify(Service *s) {
|
||||
}
|
||||
}
|
||||
|
||||
- if (!service_unit_name_is_valid(UNIT(s)->id)) {
|
||||
- log_unit_error(UNIT(s), "Service name is invalid or reserved. Refusing.");
|
||||
- return -EINVAL;
|
||||
- }
|
||||
-
|
||||
if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]
|
||||
&& UNIT(s)->success_action == EMERGENCY_ACTION_NONE) {
|
||||
/* FailureAction= only makes sense if one of the start or stop commands is specified.
|
||||
diff --git a/src/shared/dropin.c b/src/shared/dropin.c
|
||||
index 78ca7f4452..bd2a3c0feb 100644
|
||||
--- a/src/shared/dropin.c
|
||||
+++ b/src/shared/dropin.c
|
||||
@@ -19,7 +19,6 @@
|
||||
#include "mkdir.h"
|
||||
#include "path-util.h"
|
||||
#include "set.h"
|
||||
-#include "special.h"
|
||||
#include "string-util.h"
|
||||
#include "strv.h"
|
||||
#include "unit-name.h"
|
||||
@@ -170,6 +169,10 @@ static int unit_file_find_dirs(
|
||||
return r;
|
||||
}
|
||||
|
||||
+ /* Return early for top level drop-ins. */
|
||||
+ if (unit_type_from_string(name) >= 0)
|
||||
+ return 0;
|
||||
+
|
||||
/* Let's see if there's a "-" prefix for this unit name. If so, let's invoke ourselves for it. This will then
|
||||
* recursively do the same for all our prefixes. i.e. this means given "foo-bar-waldo.service" we'll also
|
||||
* search "foo-bar-.service" and "foo-.service".
|
||||
@@ -250,16 +253,15 @@ int unit_file_find_dropin_paths(
|
||||
name);
|
||||
}
|
||||
|
||||
- /* Special drop in for -.service. Add this first as it's the most generic
|
||||
+ /* Special top level drop in for "<unit type>.<suffix>". Add this first as it's the most generic
|
||||
* and should be able to be overridden by more specific drop-ins. */
|
||||
- if (type == UNIT_SERVICE)
|
||||
- STRV_FOREACH(p, lookup_path)
|
||||
- (void) unit_file_find_dirs(original_root,
|
||||
- unit_path_cache,
|
||||
- *p,
|
||||
- SPECIAL_ROOT_SERVICE,
|
||||
- dir_suffix,
|
||||
- &dirs);
|
||||
+ STRV_FOREACH(p, lookup_path)
|
||||
+ (void) unit_file_find_dirs(original_root,
|
||||
+ unit_path_cache,
|
||||
+ *p,
|
||||
+ unit_type_to_string(type),
|
||||
+ dir_suffix,
|
||||
+ &dirs);
|
||||
|
||||
SET_FOREACH(name, names, i)
|
||||
STRV_FOREACH(p, lookup_path)
|
||||
diff --git a/src/test/test-unit-name.c b/src/test/test-unit-name.c
|
||||
index b629df5aea..2b00ef8cb7 100644
|
||||
--- a/src/test/test-unit-name.c
|
||||
+++ b/src/test/test-unit-name.c
|
||||
@@ -347,24 +347,6 @@ static void test_unit_name_build(void) {
|
||||
free(t);
|
||||
}
|
||||
|
||||
-static void test_service_unit_name_is_valid(void) {
|
||||
- assert_se(service_unit_name_is_valid("foo.service"));
|
||||
- assert_se(service_unit_name_is_valid("foo@bar.service"));
|
||||
- assert_se(service_unit_name_is_valid("foo@bar@bar.service"));
|
||||
- assert_se(service_unit_name_is_valid("--.service"));
|
||||
- assert_se(service_unit_name_is_valid(".-.service"));
|
||||
- assert_se(service_unit_name_is_valid("-foo-bar.service"));
|
||||
- assert_se(service_unit_name_is_valid("-foo-bar-.service"));
|
||||
- assert_se(service_unit_name_is_valid("foo-bar-.service"));
|
||||
-
|
||||
- assert_se(!service_unit_name_is_valid("-.service"));
|
||||
- assert_se(!service_unit_name_is_valid(""));
|
||||
- assert_se(!service_unit_name_is_valid("foo.slice"));
|
||||
- assert_se(!service_unit_name_is_valid("@.service"));
|
||||
- assert_se(!service_unit_name_is_valid("@bar.service"));
|
||||
- assert_se(!service_unit_name_is_valid("-@.service"));
|
||||
-}
|
||||
-
|
||||
static void test_slice_name_is_valid(void) {
|
||||
assert_se( slice_name_is_valid(SPECIAL_ROOT_SLICE));
|
||||
assert_se( slice_name_is_valid("foo.slice"));
|
||||
@@ -851,7 +833,6 @@ int main(int argc, char* argv[]) {
|
||||
test_unit_prefix_is_valid();
|
||||
test_unit_name_change_suffix();
|
||||
test_unit_name_build();
|
||||
- test_service_unit_name_is_valid();
|
||||
test_slice_name_is_valid();
|
||||
test_build_subslice();
|
||||
test_build_parent_slice();
|
||||
diff --git a/test/TEST-15-DROPIN/test-dropin.sh b/test/TEST-15-DROPIN/test-dropin.sh
|
||||
index def2e03304..7836c6535d 100755
|
||||
--- a/test/TEST-15-DROPIN/test-dropin.sh
|
||||
+++ b/test/TEST-15-DROPIN/test-dropin.sh
|
||||
@@ -102,18 +102,18 @@ test_basic_dropins () {
|
||||
check_ok b Wants c.service
|
||||
systemctl stop a c
|
||||
|
||||
- echo "*** test -.service.d/ top level drop-in"
|
||||
+ echo "*** test service.d/ top level drop-in"
|
||||
create_services a b
|
||||
check_ko a ExecCondition "/bin/echo a"
|
||||
check_ko b ExecCondition "/bin/echo b"
|
||||
- mkdir -p /usr/lib/systemd/system/-.service.d
|
||||
- cat >/usr/lib/systemd/system/-.service.d/override.conf <<EOF
|
||||
+ mkdir -p /usr/lib/systemd/system/service.d
|
||||
+ cat >/usr/lib/systemd/system/service.d/override.conf <<EOF
|
||||
[Service]
|
||||
ExecCondition=/bin/echo %n
|
||||
EOF
|
||||
check_ok a ExecCondition "/bin/echo a"
|
||||
check_ok b ExecCondition "/bin/echo b"
|
||||
- rm -rf /usr/lib/systemd/system/-.service.d
|
||||
+ rm -rf /usr/lib/systemd/system/service.d
|
||||
|
||||
clear_services a b c
|
||||
}
|
96
0747-shared-dropin-fix-assert-for-invalid-drop-in.patch
Normal file
96
0747-shared-dropin-fix-assert-for-invalid-drop-in.patch
Normal file
@ -0,0 +1,96 @@
|
||||
From 9e1e02a83538a865dae65454214363d306e69854 Mon Sep 17 00:00:00 2001
|
||||
From: Topi Miettinen <toiwoton@gmail.com>
|
||||
Date: Tue, 17 Dec 2019 15:47:37 +0200
|
||||
Subject: [PATCH] shared/dropin: fix assert for invalid drop-in
|
||||
|
||||
Don't try to show top level drop-in for non-existent units or when trying to
|
||||
instantiate non-instantiated units:
|
||||
|
||||
$ systemctl cat nonexistent@.service
|
||||
Assertion 'name' failed at src/shared/dropin.c:143, function unit_file_find_dirs(). Aborting.
|
||||
$ systemctl cat systemd-journald@.service
|
||||
Assertion 'name' failed at src/shared/dropin.c:143, function unit_file_find_dirs(). Aborting.
|
||||
|
||||
(cherry picked from commit 7a670b1dd981c645064f69faf85b04620aadbafb)
|
||||
|
||||
Resolves: #2051520
|
||||
---
|
||||
src/shared/dropin.c | 23 ++++++++++++-----------
|
||||
test/TEST-15-DROPIN/test-dropin.sh | 14 ++++++++++++++
|
||||
2 files changed, 26 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/src/shared/dropin.c b/src/shared/dropin.c
|
||||
index bd2a3c0feb..11ed4c7184 100644
|
||||
--- a/src/shared/dropin.c
|
||||
+++ b/src/shared/dropin.c
|
||||
@@ -236,7 +236,6 @@ int unit_file_find_dropin_paths(
|
||||
char ***ret) {
|
||||
|
||||
_cleanup_strv_free_ char **dirs = NULL;
|
||||
- UnitType type = _UNIT_TYPE_INVALID;
|
||||
char *name, **p;
|
||||
Iterator i;
|
||||
int r;
|
||||
@@ -246,22 +245,24 @@ int unit_file_find_dropin_paths(
|
||||
/* All the names in the unit are of the same type so just grab one. */
|
||||
name = (char*) set_first(names);
|
||||
if (name) {
|
||||
+ UnitType type = _UNIT_TYPE_INVALID;
|
||||
+
|
||||
type = unit_name_to_type(name);
|
||||
if (type < 0)
|
||||
return log_error_errno(EINVAL,
|
||||
"Failed to to derive unit type from unit name: %s",
|
||||
name);
|
||||
- }
|
||||
|
||||
- /* Special top level drop in for "<unit type>.<suffix>". Add this first as it's the most generic
|
||||
- * and should be able to be overridden by more specific drop-ins. */
|
||||
- STRV_FOREACH(p, lookup_path)
|
||||
- (void) unit_file_find_dirs(original_root,
|
||||
- unit_path_cache,
|
||||
- *p,
|
||||
- unit_type_to_string(type),
|
||||
- dir_suffix,
|
||||
- &dirs);
|
||||
+ /* Special top level drop in for "<unit type>.<suffix>". Add this first as it's the most generic
|
||||
+ * and should be able to be overridden by more specific drop-ins. */
|
||||
+ STRV_FOREACH(p, lookup_path)
|
||||
+ (void) unit_file_find_dirs(original_root,
|
||||
+ unit_path_cache,
|
||||
+ *p,
|
||||
+ unit_type_to_string(type),
|
||||
+ dir_suffix,
|
||||
+ &dirs);
|
||||
+ }
|
||||
|
||||
SET_FOREACH(name, names, i)
|
||||
STRV_FOREACH(p, lookup_path)
|
||||
diff --git a/test/TEST-15-DROPIN/test-dropin.sh b/test/TEST-15-DROPIN/test-dropin.sh
|
||||
index 7836c6535d..5419169f7b 100755
|
||||
--- a/test/TEST-15-DROPIN/test-dropin.sh
|
||||
+++ b/test/TEST-15-DROPIN/test-dropin.sh
|
||||
@@ -289,9 +289,23 @@ EOF
|
||||
clear_services a b
|
||||
}
|
||||
|
||||
+test_invalid_dropins () {
|
||||
+ echo "Testing invalid dropins..."
|
||||
+ # Assertion failed on earlier versions, command exits unsuccessfully on later versions
|
||||
+ systemctl cat nonexistent@.service || true
|
||||
+ create_services a
|
||||
+ systemctl daemon-reload
|
||||
+ # Assertion failed on earlier versions, command exits unsuccessfully on later versions
|
||||
+ systemctl cat a@.service || true
|
||||
+ systemctl stop a
|
||||
+ clear_services a
|
||||
+ return 0
|
||||
+}
|
||||
+
|
||||
test_basic_dropins
|
||||
test_template_dropins
|
||||
test_alias_dropins
|
||||
test_masked_dropins
|
||||
+test_invalid_dropins
|
||||
|
||||
touch /testok
|
132
0748-udev-fix-slot-based-network-names-on-s390.patch
Normal file
132
0748-udev-fix-slot-based-network-names-on-s390.patch
Normal file
@ -0,0 +1,132 @@
|
||||
From 2e7f41bd0632312d00d472a73a312218a29ce65b Mon Sep 17 00:00:00 2001
|
||||
From: Viktor Mihajlovski <mihajlov@linux.ibm.com>
|
||||
Date: Thu, 18 Mar 2021 11:03:34 +0100
|
||||
Subject: [PATCH] udev: fix slot based network names on s390
|
||||
|
||||
The s390 PCI driver assigns the hotplug slot name from the
|
||||
function_id attribute of the PCI device using a 8 char hexadecimal
|
||||
format to match the underlying firmware/hypervisor notation.
|
||||
|
||||
Further, there's always a one-to-one mapping between a PCI
|
||||
function and a hotplug slot, as individual functions can
|
||||
hot plugged even for multi-function devices.
|
||||
|
||||
As the generic matching code will always try to parse the slot
|
||||
name in /sys/bus/pci/slots as a positive decimal number, either
|
||||
a wrong value might be produced for ID_NET_NAME_SLOT if
|
||||
the slot name consists of decimal numbers only, or none at all
|
||||
if a character in the range from 'a' to 'f' is encountered.
|
||||
|
||||
Additionally, the generic code assumes that two interfaces
|
||||
share a hotplug slot, if they differ only in the function part
|
||||
of the PCI address. E.g., for an interface with the PCI address
|
||||
dddd:bb:aa.f, it will match the device to the first slot with
|
||||
an address dddd:bb:aa. As more than one slot may have this address
|
||||
for the s390 PCI driver, the wrong slot may be selected.
|
||||
|
||||
To resolve this we're adding a new naming schema version with the
|
||||
flag NAMING_SLOT_FUNCTION_ID, which enables the correct matching
|
||||
of hotplug slots if the device has an attribute named function_id.
|
||||
The ID_NET_NAME_SLOT property will only be produced if there's
|
||||
a file /sys/bus/pci/slots/<slotname> where <slotname> matches
|
||||
the value of /sys/bus/pci/devices/.../function_id in 8 char
|
||||
hex notation.
|
||||
|
||||
Fixes #19016
|
||||
See also #19078
|
||||
|
||||
Related: #1939914
|
||||
|
||||
(cherry picked from commit a496a238e8ee66ce25ad13a3f46549b2e2e979fc)
|
||||
---
|
||||
man/systemd.net-naming-scheme.xml | 10 +++++++++
|
||||
src/udev/udev-builtin-net_id.c | 34 +++++++++++++++++++++++++++++++
|
||||
2 files changed, 44 insertions(+)
|
||||
|
||||
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
|
||||
index fe1aa4b654..e42c93eaad 100644
|
||||
--- a/man/systemd.net-naming-scheme.xml
|
||||
+++ b/man/systemd.net-naming-scheme.xml
|
||||
@@ -313,6 +313,16 @@
|
||||
<para>Same as naming scheme <constant>rhel-8.4</constant>.</para>
|
||||
</varlistentry>
|
||||
|
||||
+ <varlistentry>
|
||||
+ <term><constant>rhel-8.7</constant></term>
|
||||
+
|
||||
+ <listitem><para>PCI hotplug slot names for the s390 PCI driver are a hexadecimal representation
|
||||
+ of the <filename>function_id</filename> device attribute. This attribute is now used to build the
|
||||
+ <varname>ID_NET_NAME_SLOT</varname>. Before that, all slot names were parsed as decimal
|
||||
+ numbers, which could either result in an incorrect value of the <varname>ID_NET_NAME_SLOT</varname>
|
||||
+ property or none at all.</para></listitem>
|
||||
+ </varlistentry>
|
||||
+
|
||||
<para>Note that <constant>latest</constant> may be used to denote the latest scheme known to this
|
||||
particular version of systemd.</para>
|
||||
</variablelist>
|
||||
diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
|
||||
index 386d74ca5e..b57227a09f 100644
|
||||
--- a/src/udev/udev-builtin-net_id.c
|
||||
+++ b/src/udev/udev-builtin-net_id.c
|
||||
@@ -126,6 +126,7 @@ typedef enum NamingSchemeFlags {
|
||||
NAMING_SR_IOV_V = 1 << 0, /* Use "v" suffix for SR-IOV, see 609948c7043a40008b8299529c978ed8e11de8f6*/
|
||||
NAMING_NPAR_ARI = 1 << 1, /* Use NPAR "ARI", see 6bc04997b6eab35d1cb9fa73889892702c27be09 */
|
||||
NAMING_BRIDGE_NO_SLOT = 1 << 9, /* Don't use PCI hotplug slot information if the corresponding device is a PCI bridge */
|
||||
+ NAMING_SLOT_FUNCTION_ID = 1 << 10, /* Use function_id if present to identify PCI hotplug slots */
|
||||
|
||||
/* And now the masks that combine the features above */
|
||||
NAMING_V238 = 0,
|
||||
@@ -137,6 +138,7 @@ typedef enum NamingSchemeFlags {
|
||||
NAMING_RHEL_8_4 = NAMING_V239|NAMING_BRIDGE_NO_SLOT,
|
||||
NAMING_RHEL_8_5 = NAMING_RHEL_8_4,
|
||||
NAMING_RHEL_8_6 = NAMING_RHEL_8_4,
|
||||
+ NAMING_RHEL_8_7 = NAMING_RHEL_8_4|NAMING_SLOT_FUNCTION_ID,
|
||||
|
||||
_NAMING_SCHEME_FLAGS_INVALID = -1,
|
||||
} NamingSchemeFlags;
|
||||
@@ -156,6 +158,7 @@ static const NamingScheme naming_schemes[] = {
|
||||
{ "rhel-8.4", NAMING_RHEL_8_4 },
|
||||
{ "rhel-8.5", NAMING_RHEL_8_5 },
|
||||
{ "rhel-8.6", NAMING_RHEL_8_6 },
|
||||
+ { "rhel-8.7", NAMING_RHEL_8_7 },
|
||||
/* … add more schemes here, as the logic to name devices is updated … */
|
||||
};
|
||||
|
||||
@@ -477,6 +480,37 @@ static int dev_pci_slot(struct udev_device *dev, struct netnames *names) {
|
||||
|
||||
hotplug_slot_dev = names->pcidev;
|
||||
while (hotplug_slot_dev) {
|
||||
+ if (!udev_device_get_sysname(hotplug_slot_dev))
|
||||
+ continue;
|
||||
+
|
||||
+ /* The <sysname>/function_id attribute is unique to the s390 PCI driver.
|
||||
+ If present, we know that the slot's directory name for this device is
|
||||
+ /sys/bus/pci/XXXXXXXX/ where XXXXXXXX is the fixed length 8 hexadecimal
|
||||
+ character string representation of function_id.
|
||||
+ Therefore we can short cut here and just check for the existence of
|
||||
+ the slot directory. As this directory has to exist, we're emitting a
|
||||
+ debug message for the unlikely case it's not found.
|
||||
+ Note that the domain part of doesn't belong to the slot name here
|
||||
+ because there's a 1-to-1 relationship between PCI function and its hotplug
|
||||
+ slot.
|
||||
+ */
|
||||
+ if (naming_scheme_has(NAMING_SLOT_FUNCTION_ID)) {
|
||||
+ attr = udev_device_get_sysattr_value(hotplug_slot_dev, "function_id");
|
||||
+ if (attr) {
|
||||
+ int function_id;
|
||||
+ _cleanup_free_ char *str;
|
||||
+
|
||||
+ if (safe_atoi(attr, &function_id) >= 0 &&
|
||||
+ asprintf(&str, "%s/%08x/", slots, function_id) >= 0 &&
|
||||
+ access(str, R_OK) == 0) {
|
||||
+ hotplug_slot = function_id;
|
||||
+ domain = 0;
|
||||
+ } else
|
||||
+ log_debug("No matching slot for function_id (%s).", attr);
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
FOREACH_DIRENT_ALL(dent, dir, break) {
|
||||
int i, r;
|
||||
char str[PATH_MAX];
|
@ -0,0 +1,26 @@
|
||||
From e6def2e6be6a1cb87874cf8589ccdcb6ee3eec1e Mon Sep 17 00:00:00 2001
|
||||
From: Yu Watanabe <watanabe.yu+github@gmail.com>
|
||||
Date: Wed, 7 Apr 2021 19:09:50 +0900
|
||||
Subject: [PATCH] udev: add missing initialization to fix freeing invalid
|
||||
address
|
||||
|
||||
Releated: #1939914
|
||||
|
||||
(cherry picked from commit b08c3fbe0e3f310b520d17be92110b4cb96a5f2c)
|
||||
---
|
||||
src/udev/udev-builtin-net_id.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
|
||||
index b57227a09f..816661fb93 100644
|
||||
--- a/src/udev/udev-builtin-net_id.c
|
||||
+++ b/src/udev/udev-builtin-net_id.c
|
||||
@@ -498,7 +498,7 @@ static int dev_pci_slot(struct udev_device *dev, struct netnames *names) {
|
||||
attr = udev_device_get_sysattr_value(hotplug_slot_dev, "function_id");
|
||||
if (attr) {
|
||||
int function_id;
|
||||
- _cleanup_free_ char *str;
|
||||
+ _cleanup_free_ char *str = NULL;
|
||||
|
||||
if (safe_atoi(attr, &function_id) >= 0 &&
|
||||
asprintf(&str, "%s/%08x/", slots, function_id) >= 0 &&
|
@ -0,0 +1,25 @@
|
||||
From 100324ef0d911913e09db71e030a5ba137ac357e Mon Sep 17 00:00:00 2001
|
||||
From: Yu Watanabe <watanabe.yu+github@gmail.com>
|
||||
Date: Wed, 7 Apr 2021 19:19:45 +0900
|
||||
Subject: [PATCH] udev: it is not necessary that the path is readable
|
||||
|
||||
Related: #1939914
|
||||
|
||||
(cherry picked from commit 70c35e4bfd64f24c7cb3536bdf63af537e0f2971)
|
||||
---
|
||||
src/udev/udev-builtin-net_id.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
|
||||
index 816661fb93..ba7638fcb8 100644
|
||||
--- a/src/udev/udev-builtin-net_id.c
|
||||
+++ b/src/udev/udev-builtin-net_id.c
|
||||
@@ -502,7 +502,7 @@ static int dev_pci_slot(struct udev_device *dev, struct netnames *names) {
|
||||
|
||||
if (safe_atoi(attr, &function_id) >= 0 &&
|
||||
asprintf(&str, "%s/%08x/", slots, function_id) >= 0 &&
|
||||
- access(str, R_OK) == 0) {
|
||||
+ access(str, F_OK) == 0) {
|
||||
hotplug_slot = function_id;
|
||||
domain = 0;
|
||||
} else
|
100
0751-udev-allow-onboard-index-up-to-65535.patch
Normal file
100
0751-udev-allow-onboard-index-up-to-65535.patch
Normal file
@ -0,0 +1,100 @@
|
||||
From 033998c21f01e7b7d91e4aa51a358f8016f3740a Mon Sep 17 00:00:00 2001
|
||||
From: Viktor Mihajlovski <mihajlov@linux.ibm.com>
|
||||
Date: Tue, 27 Apr 2021 15:25:16 +0200
|
||||
Subject: [PATCH] udev: allow onboard index up to 65535
|
||||
|
||||
The maximum allowed value of the sysfs device index entry was limited to
|
||||
16383 (2^14-1) to avoid the generation of unreasonable onboard interface
|
||||
names.
|
||||
For s390 the index can assume a value of up to 65535 (2^16-1) which is
|
||||
now allowed depending on the new naming flag NAMING_16BIT_INDEX.
|
||||
Larger index values are considered unreasonable and remain to be
|
||||
ignored.
|
||||
|
||||
Related: #1939914
|
||||
|
||||
(cherry picked from commit 5a7eb46c0206411d380543021291b4bca0b6f59f)
|
||||
---
|
||||
man/systemd.net-naming-scheme.xml | 7 ++++++-
|
||||
src/udev/udev-builtin-net_id.c | 22 +++++++++++++++-------
|
||||
2 files changed, 21 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
|
||||
index e42c93eaad..a567483995 100644
|
||||
--- a/man/systemd.net-naming-scheme.xml
|
||||
+++ b/man/systemd.net-naming-scheme.xml
|
||||
@@ -320,7 +320,12 @@
|
||||
of the <filename>function_id</filename> device attribute. This attribute is now used to build the
|
||||
<varname>ID_NET_NAME_SLOT</varname>. Before that, all slot names were parsed as decimal
|
||||
numbers, which could either result in an incorrect value of the <varname>ID_NET_NAME_SLOT</varname>
|
||||
- property or none at all.</para></listitem>
|
||||
+ property or none at all.</para>
|
||||
+
|
||||
+ <para>Some firmware and hypervisor implementations report unreasonable high numbers for the onboard
|
||||
+ index. To prevent the generation of bogus onbard interface names, index numbers greater than 16381
|
||||
+ (2^14-1) were ignored. For s390 PCI devices index values up to 65535 (2^16-1) are valid. To account
|
||||
+ for that, the limit is increased to now 65535.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<para>Note that <constant>latest</constant> may be used to denote the latest scheme known to this
|
||||
diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
|
||||
index ba7638fcb8..df84acf27c 100644
|
||||
--- a/src/udev/udev-builtin-net_id.c
|
||||
+++ b/src/udev/udev-builtin-net_id.c
|
||||
@@ -104,7 +104,8 @@
|
||||
#include "udev.h"
|
||||
#include "udev-util.h"
|
||||
|
||||
-#define ONBOARD_INDEX_MAX (16*1024-1)
|
||||
+#define ONBOARD_14BIT_INDEX_MAX ((1U << 14) - 1)
|
||||
+#define ONBOARD_16BIT_INDEX_MAX ((1U << 16) - 1)
|
||||
|
||||
/* So here's the deal: net_id is supposed to be an excercise in providing stable names for network devices. However, we
|
||||
* also want to keep updating the naming scheme used in future versions of net_id. These two goals of course are
|
||||
@@ -127,6 +128,7 @@ typedef enum NamingSchemeFlags {
|
||||
NAMING_NPAR_ARI = 1 << 1, /* Use NPAR "ARI", see 6bc04997b6eab35d1cb9fa73889892702c27be09 */
|
||||
NAMING_BRIDGE_NO_SLOT = 1 << 9, /* Don't use PCI hotplug slot information if the corresponding device is a PCI bridge */
|
||||
NAMING_SLOT_FUNCTION_ID = 1 << 10, /* Use function_id if present to identify PCI hotplug slots */
|
||||
+ NAMING_16BIT_INDEX = 1 << 11, /* Allow full 16-bit for the onboard index */
|
||||
|
||||
/* And now the masks that combine the features above */
|
||||
NAMING_V238 = 0,
|
||||
@@ -138,7 +140,7 @@ typedef enum NamingSchemeFlags {
|
||||
NAMING_RHEL_8_4 = NAMING_V239|NAMING_BRIDGE_NO_SLOT,
|
||||
NAMING_RHEL_8_5 = NAMING_RHEL_8_4,
|
||||
NAMING_RHEL_8_6 = NAMING_RHEL_8_4,
|
||||
- NAMING_RHEL_8_7 = NAMING_RHEL_8_4|NAMING_SLOT_FUNCTION_ID,
|
||||
+ NAMING_RHEL_8_7 = NAMING_RHEL_8_4|NAMING_SLOT_FUNCTION_ID|NAMING_16BIT_INDEX,
|
||||
|
||||
_NAMING_SCHEME_FLAGS_INVALID = -1,
|
||||
} NamingSchemeFlags;
|
||||
@@ -326,6 +328,16 @@ out_unref:
|
||||
return r;
|
||||
}
|
||||
|
||||
+static bool is_valid_onboard_index(unsigned long idx) {
|
||||
+ /* Some BIOSes report rubbish indexes that are excessively high (2^24-1 is an index VMware likes to
|
||||
+ * report for example). Let's define a cut-off where we don't consider the index reliable anymore. We
|
||||
+ * pick some arbitrary cut-off, which is somewhere beyond the realistic number of physical network
|
||||
+ * interface a system might have. Ideally the kernel would already filter this crap for us, but it
|
||||
+ * doesn't currently. The initial cut-off value (2^14-1) was too conservative for s390 PCI which
|
||||
+ * allows for index values up 2^16-1 which is now enabled with the NAMING_16BIT_INDEX naming flag. */
|
||||
+ return idx <= (naming_scheme_has(NAMING_16BIT_INDEX) ? ONBOARD_16BIT_INDEX_MAX : ONBOARD_14BIT_INDEX_MAX);
|
||||
+}
|
||||
+
|
||||
/* retrieve on-board index number and label from firmware */
|
||||
static int dev_pci_onboard(struct udev_device *dev, struct netnames *names) {
|
||||
unsigned dev_port = 0;
|
||||
@@ -346,11 +358,7 @@ static int dev_pci_onboard(struct udev_device *dev, struct netnames *names) {
|
||||
if (idx <= 0)
|
||||
return -EINVAL;
|
||||
|
||||
- /* Some BIOSes report rubbish indexes that are excessively high (2^24-1 is an index VMware likes to report for
|
||||
- * example). Let's define a cut-off where we don't consider the index reliable anymore. We pick some arbitrary
|
||||
- * cut-off, which is somewhere beyond the realistic number of physical network interface a system might
|
||||
- * have. Ideally the kernel would already filter his crap for us, but it doesn't currently. */
|
||||
- if (idx > ONBOARD_INDEX_MAX)
|
||||
+ if (!is_valid_onboard_index(idx))
|
||||
return -ENOENT;
|
||||
|
||||
/* kernel provided port index for multiple ports on a single PCI function */
|
@ -0,0 +1,98 @@
|
||||
From 1ad8be47cd41f017faa5a9ca9614cbcbe784d43b Mon Sep 17 00:00:00 2001
|
||||
From: Jacek Migacz <jmigacz@redhat.com>
|
||||
Date: Mon, 25 Apr 2022 21:12:40 +0200
|
||||
Subject: [PATCH] Revert "basic: use comma as separator in cpuset cgroup cpu
|
||||
ranges"
|
||||
|
||||
This reverts commit 9fe3b9c7165afeedcf9f31959c436bcec233bb4d.
|
||||
|
||||
RHEL-only
|
||||
|
||||
Resolves: #1858220
|
||||
---
|
||||
src/basic/cpu-set-util.c | 45 ----------------------------------------
|
||||
src/basic/cpu-set-util.h | 1 -
|
||||
src/core/cgroup.c | 2 +-
|
||||
3 files changed, 1 insertion(+), 47 deletions(-)
|
||||
|
||||
diff --git a/src/basic/cpu-set-util.c b/src/basic/cpu-set-util.c
|
||||
index 1922c95864..db2e1d6c97 100644
|
||||
--- a/src/basic/cpu-set-util.c
|
||||
+++ b/src/basic/cpu-set-util.c
|
||||
@@ -88,51 +88,6 @@ char *cpu_set_to_range_string(const CPUSet *set) {
|
||||
return TAKE_PTR(str) ?: strdup("");
|
||||
}
|
||||
|
||||
-/* XXX(msekleta): this is the workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1819152, remove in 8.3 */
|
||||
-char *cpu_set_to_range_string_kernel(const CPUSet *set) {
|
||||
- unsigned range_start = 0, range_end;
|
||||
- _cleanup_free_ char *str = NULL;
|
||||
- size_t allocated = 0, len = 0;
|
||||
- bool in_range = false;
|
||||
- int r;
|
||||
-
|
||||
- for (unsigned i = 0; i < set->allocated * 8; i++)
|
||||
- if (CPU_ISSET_S(i, set->allocated, set->set)) {
|
||||
- if (in_range)
|
||||
- range_end++;
|
||||
- else {
|
||||
- range_start = range_end = i;
|
||||
- in_range = true;
|
||||
- }
|
||||
- } else if (in_range) {
|
||||
- in_range = false;
|
||||
-
|
||||
- if (!GREEDY_REALLOC(str, allocated, len + 2 + 2 * DECIMAL_STR_MAX(unsigned)))
|
||||
- return NULL;
|
||||
-
|
||||
- if (range_end > range_start)
|
||||
- r = sprintf(str + len, len > 0 ? ",%d-%d" : "%d-%d", range_start, range_end);
|
||||
- else
|
||||
- r = sprintf(str + len, len > 0 ? ",%d" : "%d", range_start);
|
||||
- assert_se(r > 0);
|
||||
- len += r;
|
||||
- }
|
||||
-
|
||||
- if (in_range) {
|
||||
- if (!GREEDY_REALLOC(str, allocated, len + 2 + 2 * DECIMAL_STR_MAX(int)))
|
||||
- return NULL;
|
||||
-
|
||||
- if (range_end > range_start)
|
||||
- r = sprintf(str + len, len > 0 ? ",%d-%d" : "%d-%d", range_start, range_end);
|
||||
- else
|
||||
- r = sprintf(str + len, len > 0 ? ",%d" : "%d", range_start);
|
||||
- assert_se(r > 0);
|
||||
- }
|
||||
-
|
||||
- return TAKE_PTR(str) ?: strdup("");
|
||||
-}
|
||||
-
|
||||
-
|
||||
int cpu_set_realloc(CPUSet *cpu_set, unsigned ncpus) {
|
||||
size_t need;
|
||||
|
||||
diff --git a/src/basic/cpu-set-util.h b/src/basic/cpu-set-util.h
|
||||
index 795be807af..406b08ee11 100644
|
||||
--- a/src/basic/cpu-set-util.h
|
||||
+++ b/src/basic/cpu-set-util.h
|
||||
@@ -27,7 +27,6 @@ int cpu_set_add_all(CPUSet *a, const CPUSet *b);
|
||||
|
||||
char* cpu_set_to_string(const CPUSet *a);
|
||||
char *cpu_set_to_range_string(const CPUSet *a);
|
||||
-char *cpu_set_to_range_string_kernel(const CPUSet *a);
|
||||
int cpu_set_realloc(CPUSet *cpu_set, unsigned ncpus);
|
||||
|
||||
int parse_cpu_set_full(
|
||||
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
|
||||
index f02cc31c6e..f89bce3d61 100644
|
||||
--- a/src/core/cgroup.c
|
||||
+++ b/src/core/cgroup.c
|
||||
@@ -687,7 +687,7 @@ static void cgroup_apply_unified_cpuset(Unit *u, CPUSet cpus, const char *name)
|
||||
_cleanup_free_ char *buf = NULL;
|
||||
int r;
|
||||
|
||||
- buf = cpu_set_to_range_string_kernel(&cpus);
|
||||
+ buf = cpu_set_to_range_string(&cpus);
|
||||
if (!buf)
|
||||
return;
|
||||
|
51
0753-acpi-fpdt-mark-structures-as-packed.patch
Normal file
51
0753-acpi-fpdt-mark-structures-as-packed.patch
Normal file
@ -0,0 +1,51 @@
|
||||
From 45670b65ccc1d41a32b83217ba9a78c9eed5fc02 Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Thu, 23 Apr 2020 08:49:10 +0200
|
||||
Subject: [PATCH] acpi-fpdt: mark structures as packed
|
||||
|
||||
Let's make sure the alignment doesn't matter.
|
||||
|
||||
(cherry picked from commit 49490c1d353bc920cbf73f4c71e9c35d2e3eb8b1)
|
||||
|
||||
Related: #2047373
|
||||
---
|
||||
src/shared/acpi-fpdt.c | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/shared/acpi-fpdt.c b/src/shared/acpi-fpdt.c
|
||||
index d565ebd43e..38c464c912 100644
|
||||
--- a/src/shared/acpi-fpdt.c
|
||||
+++ b/src/shared/acpi-fpdt.c
|
||||
@@ -23,7 +23,7 @@ struct acpi_table_header {
|
||||
uint32_t oem_revision;
|
||||
char asl_compiler_id[4];
|
||||
uint32_t asl_compiler_revision;
|
||||
-};
|
||||
+} _packed_;
|
||||
|
||||
enum {
|
||||
ACPI_FPDT_TYPE_BOOT = 0,
|
||||
@@ -36,12 +36,12 @@ struct acpi_fpdt_header {
|
||||
uint8_t revision;
|
||||
uint8_t reserved[4];
|
||||
uint64_t ptr;
|
||||
-};
|
||||
+} _packed_;
|
||||
|
||||
struct acpi_fpdt_boot_header {
|
||||
char signature[4];
|
||||
uint32_t length;
|
||||
-};
|
||||
+} _packed_;
|
||||
|
||||
enum {
|
||||
ACPI_FPDT_S3PERF_RESUME_REC = 0,
|
||||
@@ -59,7 +59,7 @@ struct acpi_fpdt_boot {
|
||||
uint64_t startup_start;
|
||||
uint64_t exit_services_entry;
|
||||
uint64_t exit_services_exit;
|
||||
-};
|
||||
+} _packed;
|
||||
|
||||
int acpi_get_boot_usec(usec_t *loader_start, usec_t *loader_exit) {
|
||||
_cleanup_free_ char *buf = NULL;
|
@ -0,0 +1,46 @@
|
||||
From 1f4af2e456675c6226857ee0c8127ff4b3d1d18a Mon Sep 17 00:00:00 2001
|
||||
From: Yu Watanabe <watanabe.yu+github@gmail.com>
|
||||
Date: Fri, 6 May 2022 14:01:22 +0900
|
||||
Subject: [PATCH] core/slice: make slice_freezer_action() return 0 if freezing
|
||||
state is unchanged
|
||||
|
||||
Fixes #23278.
|
||||
|
||||
(cherry picked from commit d171e72e7afa11b238ba20758384d223b0c76e39)
|
||||
|
||||
Related: #2047373
|
||||
---
|
||||
src/core/slice.c | 6 +-----
|
||||
src/core/unit.c | 2 ++
|
||||
2 files changed, 3 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/core/slice.c b/src/core/slice.c
|
||||
index c10e830917..34f3c84bf9 100644
|
||||
--- a/src/core/slice.c
|
||||
+++ b/src/core/slice.c
|
||||
@@ -395,11 +395,7 @@ static int slice_freezer_action(Unit *s, FreezerAction action) {
|
||||
return r;
|
||||
}
|
||||
|
||||
- r = unit_cgroup_freezer_action(s, action);
|
||||
- if (r < 0)
|
||||
- return r;
|
||||
-
|
||||
- return 1;
|
||||
+ return unit_cgroup_freezer_action(s, action);
|
||||
}
|
||||
|
||||
static int slice_freeze(Unit *s) {
|
||||
diff --git a/src/core/unit.c b/src/core/unit.c
|
||||
index e2c61ce866..bd79578255 100644
|
||||
--- a/src/core/unit.c
|
||||
+++ b/src/core/unit.c
|
||||
@@ -5622,6 +5622,8 @@ static int unit_freezer_action(Unit *u, FreezerAction action) {
|
||||
if (r <= 0)
|
||||
return r;
|
||||
|
||||
+ assert(IN_SET(u->freezer_state, FREEZER_FREEZING, FREEZER_THAWING));
|
||||
+
|
||||
return 1;
|
||||
}
|
||||
|
29
0755-core-unit-fix-use-after-free.patch
Normal file
29
0755-core-unit-fix-use-after-free.patch
Normal file
@ -0,0 +1,29 @@
|
||||
From f307c633acd12d59800a760b1c45fad8c79b6f49 Mon Sep 17 00:00:00 2001
|
||||
From: Yu Watanabe <watanabe.yu+github@gmail.com>
|
||||
Date: Mon, 9 May 2022 00:56:05 +0900
|
||||
Subject: [PATCH] core/unit: fix use-after-free
|
||||
|
||||
Fixes #23312.
|
||||
|
||||
(cherry picked from commit 734582830b58e000a26e18807ea277c18778573c)
|
||||
|
||||
Related: #2047373
|
||||
---
|
||||
src/core/unit.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/core/unit.c b/src/core/unit.c
|
||||
index bd79578255..68affa2c0e 100644
|
||||
--- a/src/core/unit.c
|
||||
+++ b/src/core/unit.c
|
||||
@@ -580,8 +580,8 @@ void unit_free(Unit *u) {
|
||||
|
||||
unit_dequeue_rewatch_pids(u);
|
||||
|
||||
- sd_bus_slot_unref(u->match_bus_slot);
|
||||
- sd_bus_track_unref(u->bus_track);
|
||||
+ u->match_bus_slot = sd_bus_slot_unref(u->match_bus_slot);
|
||||
+ u->bus_track = sd_bus_track_unref(u->bus_track);
|
||||
u->deserialized_refs = strv_free(u->deserialized_refs);
|
||||
u->pending_freezer_message = sd_bus_message_unref(u->pending_freezer_message);
|
||||
|
58
0756-sd-bus-fix-reference-counter-to-be-incremented.patch
Normal file
58
0756-sd-bus-fix-reference-counter-to-be-incremented.patch
Normal file
@ -0,0 +1,58 @@
|
||||
From 39e9bd0412bef0c37d487834b8be3a78e28cb804 Mon Sep 17 00:00:00 2001
|
||||
From: Yu Watanabe <watanabe.yu+github@gmail.com>
|
||||
Date: Sun, 17 Apr 2022 07:05:07 +0900
|
||||
Subject: [PATCH] sd-bus: fix reference counter to be incremented
|
||||
|
||||
Fixes #23097.
|
||||
|
||||
(cherry picked from commit b21f237d996c8c18991a68e1204f060d07dc4745)
|
||||
|
||||
[msekleta: This commit also contains the hunk from c2d7dd35d2
|
||||
(in sd_bus_track_remove_name). I've decided to not backport that commit
|
||||
fully because of conflicts and because its was made largely irrelevant
|
||||
by 7f40cb7c86]
|
||||
|
||||
Related: #2047373
|
||||
---
|
||||
src/libsystemd/sd-bus/bus-track.c | 15 +++++++--------
|
||||
1 file changed, 7 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/src/libsystemd/sd-bus/bus-track.c b/src/libsystemd/sd-bus/bus-track.c
|
||||
index 16bf615f50..b1ec5ecbbb 100644
|
||||
--- a/src/libsystemd/sd-bus/bus-track.c
|
||||
+++ b/src/libsystemd/sd-bus/bus-track.c
|
||||
@@ -208,12 +208,12 @@ _public_ int sd_bus_track_add_name(sd_bus_track *track, const char *name) {
|
||||
i = hashmap_get(track->names, name);
|
||||
if (i) {
|
||||
if (track->recursive) {
|
||||
- unsigned k = track->n_ref + 1;
|
||||
+ unsigned k = i->n_ref + 1;
|
||||
|
||||
- if (k < track->n_ref) /* Check for overflow */
|
||||
+ if (k < i->n_ref) /* Check for overflow */
|
||||
return -EOVERFLOW;
|
||||
|
||||
- track->n_ref = k;
|
||||
+ i->n_ref = k;
|
||||
}
|
||||
|
||||
bus_track_remove_from_queue(track);
|
||||
@@ -281,14 +281,13 @@ _public_ int sd_bus_track_remove_name(sd_bus_track *track, const char *name) {
|
||||
i = hashmap_get(track->names, name);
|
||||
if (!i)
|
||||
return -EUNATCH;
|
||||
- if (i->n_ref <= 0)
|
||||
- return -EUNATCH;
|
||||
-
|
||||
- i->n_ref--;
|
||||
|
||||
- if (i->n_ref <= 0)
|
||||
+ assert(i->n_ref >=1);
|
||||
+ if (i->n_ref <= 1)
|
||||
return bus_track_remove_name_fully(track, name);
|
||||
|
||||
+ i->n_ref--;
|
||||
+
|
||||
return 1;
|
||||
}
|
||||
|
32
0757-sd-bus-do-not-read-unused-value.patch
Normal file
32
0757-sd-bus-do-not-read-unused-value.patch
Normal file
@ -0,0 +1,32 @@
|
||||
From 480658d6c79f494e820eb3da59a1818b5b7c3c8b Mon Sep 17 00:00:00 2001
|
||||
From: Yu Watanabe <watanabe.yu+github@gmail.com>
|
||||
Date: Sun, 17 Apr 2022 07:25:09 +0900
|
||||
Subject: [PATCH] sd-bus: do not read unused value
|
||||
|
||||
(cherry picked from commit 6a7ca27740be4229b4c9f540cd610b205ca5752c)
|
||||
|
||||
Related: #2047373
|
||||
---
|
||||
src/libsystemd/sd-bus/bus-track.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/libsystemd/sd-bus/bus-track.c b/src/libsystemd/sd-bus/bus-track.c
|
||||
index b1ec5ecbbb..b9965d9d64 100644
|
||||
--- a/src/libsystemd/sd-bus/bus-track.c
|
||||
+++ b/src/libsystemd/sd-bus/bus-track.c
|
||||
@@ -182,13 +182,13 @@ _public_ sd_bus_track* sd_bus_track_unref(sd_bus_track *track) {
|
||||
|
||||
static int on_name_owner_changed(sd_bus_message *message, void *userdata, sd_bus_error *error) {
|
||||
sd_bus_track *track = userdata;
|
||||
- const char *name, *old, *new;
|
||||
+ const char *name;
|
||||
int r;
|
||||
|
||||
assert(message);
|
||||
assert(track);
|
||||
|
||||
- r = sd_bus_message_read(message, "sss", &name, &old, &new);
|
||||
+ r = sd_bus_message_read(message, "sss", &name, NULL, NULL);
|
||||
if (r < 0)
|
||||
return 0;
|
||||
|
@ -0,0 +1,35 @@
|
||||
From 805e13f7016f37c882069f43b5f0c0972d5fdf95 Mon Sep 17 00:00:00 2001
|
||||
From: Yu Watanabe <watanabe.yu+github@gmail.com>
|
||||
Date: Sun, 17 Apr 2022 07:29:24 +0900
|
||||
Subject: [PATCH] sd-bus: do not return negative errno when unknown name is
|
||||
specified
|
||||
|
||||
When 'recursive' is false, then sd_bus_track_remove_name() does not
|
||||
return negative errno when unknown name is specified. Let's follow the
|
||||
same pattern for the case that 'recursive' is true.
|
||||
|
||||
(cherry picked from commit 55bfacc6c33eaf3475762e71172b2ef504be5af8)
|
||||
|
||||
Related: #2047373
|
||||
---
|
||||
src/libsystemd/sd-bus/bus-track.c | 5 +----
|
||||
1 file changed, 1 insertion(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/libsystemd/sd-bus/bus-track.c b/src/libsystemd/sd-bus/bus-track.c
|
||||
index b9965d9d64..8893f190a1 100644
|
||||
--- a/src/libsystemd/sd-bus/bus-track.c
|
||||
+++ b/src/libsystemd/sd-bus/bus-track.c
|
||||
@@ -275,12 +275,9 @@ _public_ int sd_bus_track_remove_name(sd_bus_track *track, const char *name) {
|
||||
if (!track) /* Treat a NULL track object as an empty track object */
|
||||
return 0;
|
||||
|
||||
- if (!track->recursive)
|
||||
- return bus_track_remove_name_fully(track, name);
|
||||
-
|
||||
i = hashmap_get(track->names, name);
|
||||
if (!i)
|
||||
- return -EUNATCH;
|
||||
+ return 0;
|
||||
|
||||
assert(i->n_ref >=1);
|
||||
if (i->n_ref <= 1)
|
@ -0,0 +1,48 @@
|
||||
From 598eecf5c1c948535ca626833bc5cea59060913f Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Wed, 20 Apr 2022 22:30:22 +0200
|
||||
Subject: [PATCH] sd-bus: switch to a manual overflow check in
|
||||
sd_bus_track_add_name()
|
||||
|
||||
This is generally used in a directly client controllable way, hence we
|
||||
should handle ref count overflow gracefully, instead of hitting an
|
||||
assert().
|
||||
|
||||
As discussed:
|
||||
|
||||
https://github.com/systemd/systemd/pull/23099#discussion_r854341850
|
||||
(cherry picked from commit 7f40cb7c86b0fff3a82096a9499570bad9c19fd2)
|
||||
|
||||
[msekleta: We've never switched to using track_item_ref/unref introduced
|
||||
in c2d7dd35d2 hence we still had potential undefined behavior related to
|
||||
overflow check and this commit fixes that.]
|
||||
|
||||
Related: #2047373
|
||||
---
|
||||
src/libsystemd/sd-bus/bus-track.c | 10 +++++++---
|
||||
1 file changed, 7 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/libsystemd/sd-bus/bus-track.c b/src/libsystemd/sd-bus/bus-track.c
|
||||
index 8893f190a1..b818e93bec 100644
|
||||
--- a/src/libsystemd/sd-bus/bus-track.c
|
||||
+++ b/src/libsystemd/sd-bus/bus-track.c
|
||||
@@ -208,12 +208,16 @@ _public_ int sd_bus_track_add_name(sd_bus_track *track, const char *name) {
|
||||
i = hashmap_get(track->names, name);
|
||||
if (i) {
|
||||
if (track->recursive) {
|
||||
- unsigned k = i->n_ref + 1;
|
||||
+ assert(i->n_ref > 0);
|
||||
|
||||
- if (k < i->n_ref) /* Check for overflow */
|
||||
+ /* Manual oveflow check (instead of a DEFINE_TRIVIAL_REF_FUNC() helper or so), so
|
||||
+ * that we can return a proper error, given this is almost always called in a
|
||||
+ * directly client controllable way, and thus better should never hit an assertion
|
||||
+ * here. */
|
||||
+ if (i->n_ref >= UINT_MAX)
|
||||
return -EOVERFLOW;
|
||||
|
||||
- i->n_ref = k;
|
||||
+ i->n_ref++;
|
||||
}
|
||||
|
||||
bus_track_remove_from_queue(track);
|
194
0760-resolved-let-s-preferably-route-reverse-lookups-for-.patch
Normal file
194
0760-resolved-let-s-preferably-route-reverse-lookups-for-.patch
Normal file
@ -0,0 +1,194 @@
|
||||
From b9844d3dd9d7fdf81d475b81d06a6e9ec821f91d Mon Sep 17 00:00:00 2001
|
||||
From: Lennart Poettering <lennart@poettering.net>
|
||||
Date: Mon, 9 Nov 2020 22:22:56 +0100
|
||||
Subject: [PATCH] resolved: let's preferably route reverse lookups for local
|
||||
subnets to matching interfaces
|
||||
|
||||
Let's preferably route traffic for reverse lookups to LLMNR/mDNS/DNS on
|
||||
the matching interface if the IP address is in the local subnet. Also,
|
||||
if looking up an IP address of our own host, let's avoid doing
|
||||
LLMNR/mDNS at all.
|
||||
|
||||
This is useful if "~." is a routing domain to DNS, as it means, local
|
||||
reverse lookups still go to LLMNR/mDNS, too.
|
||||
|
||||
(cherry picked from commit 13eb76ef06f5d50bbeb58df1744057e41ef2647e)
|
||||
|
||||
Resolves #1739689
|
||||
---
|
||||
src/resolve/resolved-dns-scope.c | 85 +++++++++++++++++++++++++++++++-
|
||||
src/resolve/resolved-link.c | 12 +++--
|
||||
src/resolve/resolved-link.h | 1 +
|
||||
3 files changed, 92 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c
|
||||
index 38ea7fea0a..8b65813428 100644
|
||||
--- a/src/resolve/resolved-dns-scope.c
|
||||
+++ b/src/resolve/resolved-dns-scope.c
|
||||
@@ -417,6 +417,65 @@ int dns_scope_socket_tcp(DnsScope *s, int family, const union in_addr_union *add
|
||||
return dns_scope_socket(s, SOCK_STREAM, family, address, server, port, ret_socket_address);
|
||||
}
|
||||
|
||||
+static DnsScopeMatch match_subnet_reverse_lookups(
|
||||
+ DnsScope *s,
|
||||
+ const char *domain,
|
||||
+ bool exclude_own) {
|
||||
+
|
||||
+ union in_addr_union ia;
|
||||
+ LinkAddress *a;
|
||||
+ int f, r;
|
||||
+
|
||||
+ assert(s);
|
||||
+ assert(domain);
|
||||
+
|
||||
+ /* Checks whether the specified domain is a reverse address domain (i.e. in the .in-addr.arpa or
|
||||
+ * .ip6.arpa area), and if so, whether the address matches any of the local subnets of the link the
|
||||
+ * scope is associated with. If so, our scope should consider itself relevant for any lookup in the
|
||||
+ * domain, since it apparently refers to hosts on this link's subnet.
|
||||
+ *
|
||||
+ * If 'exclude_own' is true this will return DNS_SCOPE_NO for any IP addresses assigned locally. This
|
||||
+ * is useful for LLMNR/mDNS as we never want to look up our own hostname on LLMNR/mDNS but always use
|
||||
+ * the locally synthesized one. */
|
||||
+
|
||||
+ if (!s->link)
|
||||
+ return _DNS_SCOPE_INVALID; /* No link, hence no local addresses to check */
|
||||
+
|
||||
+ r = dns_name_address(domain, &f, &ia);
|
||||
+ if (r < 0)
|
||||
+ log_debug_errno(r, "Failed to determine whether '%s' is an address domain: %m", domain);
|
||||
+ if (r <= 0)
|
||||
+ return _DNS_SCOPE_INVALID;
|
||||
+
|
||||
+ if (s->family != AF_UNSPEC && f != s->family)
|
||||
+ return _DNS_SCOPE_INVALID; /* Don't look for IPv4 addresses on LLMNR/mDNS over IPv6 and vice versa */
|
||||
+
|
||||
+ LIST_FOREACH(addresses, a, s->link->addresses) {
|
||||
+
|
||||
+ if (a->family != f)
|
||||
+ continue;
|
||||
+
|
||||
+ /* Equals our own address? nah, let's not use this scope. The local synthesizer will pick it up for us. */
|
||||
+ if (exclude_own &&
|
||||
+ in_addr_equal(f, &a->in_addr, &ia) > 0)
|
||||
+ return DNS_SCOPE_NO;
|
||||
+
|
||||
+ if (a->prefixlen == UCHAR_MAX) /* don't know subnet mask */
|
||||
+ continue;
|
||||
+
|
||||
+ /* Check if the address is in the local subnet */
|
||||
+ r = in_addr_prefix_covers(f, &a->in_addr, a->prefixlen, &ia);
|
||||
+ if (r < 0)
|
||||
+ log_debug_errno(r, "Failed to determine whether link address covers lookup address '%s': %m", domain);
|
||||
+ if (r > 0)
|
||||
+ /* Note that we only claim zero labels match. This is so that this is at the same
|
||||
+ * priority a DNS scope with "." as routing domain is. */
|
||||
+ return DNS_SCOPE_YES + 0;
|
||||
+ }
|
||||
+
|
||||
+ return _DNS_SCOPE_INVALID;
|
||||
+}
|
||||
+
|
||||
DnsScopeMatch dns_scope_good_domain(DnsScope *s, int ifindex, uint64_t flags, const char *domain) {
|
||||
DnsSearchDomain *d;
|
||||
|
||||
@@ -455,6 +514,7 @@ DnsScopeMatch dns_scope_good_domain(DnsScope *s, int ifindex, uint64_t flags, co
|
||||
|
||||
case DNS_PROTOCOL_DNS: {
|
||||
DnsServer *dns_server;
|
||||
+ DnsScopeMatch m;
|
||||
|
||||
/* Never route things to scopes that lack DNS servers */
|
||||
dns_server = dns_scope_get_dns_server(s);
|
||||
@@ -485,10 +545,23 @@ DnsScopeMatch dns_scope_good_domain(DnsScope *s, int ifindex, uint64_t flags, co
|
||||
dns_name_endswith(domain, "local") == 0)
|
||||
return DNS_SCOPE_MAYBE;
|
||||
|
||||
+ /* If the IP address to look up matches the local subnet, then implicity synthesizes
|
||||
+ * DNS_SCOPE_YES_BASE + 0 on this interface, i.e. preferably resolve IP addresses via the DNS
|
||||
+ * server belonging to this interface. */
|
||||
+ m = match_subnet_reverse_lookups(s, domain, false);
|
||||
+ if (m >= 0)
|
||||
+ return m;
|
||||
+
|
||||
return DNS_SCOPE_NO;
|
||||
}
|
||||
|
||||
- case DNS_PROTOCOL_MDNS:
|
||||
+ case DNS_PROTOCOL_MDNS: {
|
||||
+ DnsScopeMatch m;
|
||||
+
|
||||
+ m = match_subnet_reverse_lookups(s, domain, true);
|
||||
+ if (m >= 0)
|
||||
+ return m;
|
||||
+
|
||||
if ((s->family == AF_INET && dns_name_endswith(domain, "in-addr.arpa") > 0) ||
|
||||
(s->family == AF_INET6 && dns_name_endswith(domain, "ip6.arpa") > 0) ||
|
||||
(dns_name_endswith(domain, "local") > 0 && /* only resolve names ending in .local via mDNS */
|
||||
@@ -497,8 +570,15 @@ DnsScopeMatch dns_scope_good_domain(DnsScope *s, int ifindex, uint64_t flags, co
|
||||
return DNS_SCOPE_MAYBE;
|
||||
|
||||
return DNS_SCOPE_NO;
|
||||
+ }
|
||||
+
|
||||
+ case DNS_PROTOCOL_LLMNR: {
|
||||
+ DnsScopeMatch m;
|
||||
+
|
||||
+ m = match_subnet_reverse_lookups(s, domain, true);
|
||||
+ if (m >= 0)
|
||||
+ return m;
|
||||
|
||||
- case DNS_PROTOCOL_LLMNR:
|
||||
if ((s->family == AF_INET && dns_name_endswith(domain, "in-addr.arpa") > 0) ||
|
||||
(s->family == AF_INET6 && dns_name_endswith(domain, "ip6.arpa") > 0) ||
|
||||
(dns_name_is_single_label(domain) && /* only resolve single label names via LLMNR */
|
||||
@@ -507,6 +587,7 @@ DnsScopeMatch dns_scope_good_domain(DnsScope *s, int ifindex, uint64_t flags, co
|
||||
return DNS_SCOPE_MAYBE;
|
||||
|
||||
return DNS_SCOPE_NO;
|
||||
+ }
|
||||
|
||||
default:
|
||||
assert_not_reached("Unknown scope protocol");
|
||||
diff --git a/src/resolve/resolved-link.c b/src/resolve/resolved-link.c
|
||||
index ff2be12415..c42fe5b5f4 100644
|
||||
--- a/src/resolve/resolved-link.c
|
||||
+++ b/src/resolve/resolved-link.c
|
||||
@@ -776,10 +776,13 @@ int link_address_new(Link *l, LinkAddress **ret, int family, const union in_addr
|
||||
if (!a)
|
||||
return -ENOMEM;
|
||||
|
||||
- a->family = family;
|
||||
- a->in_addr = *in_addr;
|
||||
+ *a = (LinkAddress) {
|
||||
+ .family = family,
|
||||
+ .in_addr = *in_addr,
|
||||
+ .link = l,
|
||||
+ .prefixlen = UCHAR_MAX,
|
||||
+ };
|
||||
|
||||
- a->link = l;
|
||||
LIST_PREPEND(addresses, l->addresses, a);
|
||||
l->n_addresses++;
|
||||
|
||||
@@ -1077,7 +1080,8 @@ int link_address_update_rtnl(LinkAddress *a, sd_netlink_message *m) {
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
- sd_rtnl_message_addr_get_scope(m, &a->scope);
|
||||
+ (void) sd_rtnl_message_addr_get_prefixlen(m, &a->prefixlen);
|
||||
+ (void) sd_rtnl_message_addr_get_scope(m, &a->scope);
|
||||
|
||||
link_allocate_scopes(a->link);
|
||||
link_add_rrs(a->link, false);
|
||||
diff --git a/src/resolve/resolved-link.h b/src/resolve/resolved-link.h
|
||||
index 063d3f35c3..8d52b10950 100644
|
||||
--- a/src/resolve/resolved-link.h
|
||||
+++ b/src/resolve/resolved-link.h
|
||||
@@ -24,6 +24,7 @@ struct LinkAddress {
|
||||
|
||||
int family;
|
||||
union in_addr_union in_addr;
|
||||
+ unsigned char prefixlen;
|
||||
|
||||
unsigned char flags, scope;
|
||||
|
@ -2,6 +2,7 @@
|
||||
#
|
||||
# Used by systemd --user instances.
|
||||
|
||||
account sufficient pam_unix.so no_pass_expiry
|
||||
account include system-auth
|
||||
|
||||
session required pam_selinux.so close
|
||||
|
38
systemd.spec
38
systemd.spec
@ -13,7 +13,7 @@
|
||||
Name: systemd
|
||||
Url: http://www.freedesktop.org/wiki/Software/systemd
|
||||
Version: 239
|
||||
Release: 58%{?dist}
|
||||
Release: 59%{?dist}
|
||||
# For a breakdown of the licensing, see README
|
||||
License: LGPLv2+ and MIT and GPLv2+
|
||||
Summary: System and Service Manager
|
||||
@ -793,6 +793,23 @@ Patch0740: 0740-sysctl-fix-segfault.patch
|
||||
Patch0741: 0741-ci-drop-CentOS-8-CI.patch
|
||||
Patch0742: 0742-test-adapt-to-the-new-capsh-format.patch
|
||||
Patch0743: 0743-test-ignore-IAB-capabilities-in-test-execute.patch
|
||||
Patch0744: 0744-core-disallow-using-.service-as-a-service-name.patch
|
||||
Patch0745: 0745-shared-dropin-support-.service.d-top-level-drop-in-f.patch
|
||||
Patch0746: 0746-core-change-top-level-drop-in-from-.service.d-to-ser.patch
|
||||
Patch0747: 0747-shared-dropin-fix-assert-for-invalid-drop-in.patch
|
||||
Patch0748: 0748-udev-fix-slot-based-network-names-on-s390.patch
|
||||
Patch0749: 0749-udev-add-missing-initialization-to-fix-freeing-inval.patch
|
||||
Patch0750: 0750-udev-it-is-not-necessary-that-the-path-is-readable.patch
|
||||
Patch0751: 0751-udev-allow-onboard-index-up-to-65535.patch
|
||||
Patch0752: 0752-Revert-basic-use-comma-as-separator-in-cpuset-cgroup.patch
|
||||
Patch0753: 0753-acpi-fpdt-mark-structures-as-packed.patch
|
||||
Patch0754: 0754-core-slice-make-slice_freezer_action-return-0-if-fre.patch
|
||||
Patch0755: 0755-core-unit-fix-use-after-free.patch
|
||||
Patch0756: 0756-sd-bus-fix-reference-counter-to-be-incremented.patch
|
||||
Patch0757: 0757-sd-bus-do-not-read-unused-value.patch
|
||||
Patch0758: 0758-sd-bus-do-not-return-negative-errno-when-unknown-nam.patch
|
||||
Patch0759: 0759-sd-bus-switch-to-a-manual-overflow-check-in-sd_bus_t.patch
|
||||
Patch0760: 0760-resolved-let-s-preferably-route-reverse-lookups-for-.patch
|
||||
|
||||
|
||||
%ifarch %{ix86} x86_64 aarch64
|
||||
@ -856,6 +873,7 @@ Requires: %{name}-pam = %{version}-%{release}
|
||||
Requires: %{name}-libs = %{version}-%{release}
|
||||
Recommends: diffutils
|
||||
Requires: util-linux
|
||||
Requires: timedatex
|
||||
Recommends: libxkbcommon%{?_isa}
|
||||
Provides: /bin/systemctl
|
||||
Provides: /sbin/shutdown
|
||||
@ -1423,6 +1441,24 @@ fi
|
||||
%files tests -f .file-list-tests
|
||||
|
||||
%changelog
|
||||
* Wed May 18 2022 systemd maintenance team <systemd-maint@redhat.com> - 239-59
|
||||
- core: disallow using '-.service' as a service name (#2051520)
|
||||
- shared/dropin: support -.service.d/ top level drop-in for service units (#2051520)
|
||||
- core: change top-level drop-in from -.service.d to service.d (#2051520)
|
||||
- shared/dropin: fix assert for invalid drop-in (#2051520)
|
||||
- udev: fix slot based network names on s390 (#1939914)
|
||||
- udev: it is not necessary that the path is readable (#1939914)
|
||||
- udev: allow onboard index up to 65535 (#1939914)
|
||||
- Revert "basic: use comma as separator in cpuset cgroup cpu ranges" (#1858220)
|
||||
- acpi-fpdt: mark structures as packed (#2047373)
|
||||
- core/slice: make slice_freezer_action() return 0 if freezing state is unchanged (#2047373)
|
||||
- core/unit: fix use-after-free (#2047373)
|
||||
- sd-bus: fix reference counter to be incremented (#2047373)
|
||||
- sd-bus: do not read unused value (#2047373)
|
||||
- sd-bus: do not return negative errno when unknown name is specified (#2047373)
|
||||
- sd-bus: switch to a manual overflow check in sd_bus_track_add_name() (#2047373)
|
||||
- spec: Add dependency on timedatex (#2066946)
|
||||
|
||||
* Tue Feb 08 2022 systemd maintenance team <systemd-maint@redhat.com> - 239-58
|
||||
- ci: drop CentOS 8 CI (#2017033)
|
||||
- test: adapt to the new capsh format (#2017033)
|
||||
|
Loading…
Reference in New Issue
Block a user