rpms/systemd
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import systemd-239-58.el8

Browse Source
This commit is contained in:
CentOS Sources 2022-05-10 03:18:23 -04:00 committed by Stepan Oksanichenko
parent 253862ee4a
commit ff9b3458f8
110 changed files with 5239 additions and 355 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
SOURCES/0657-sd-hwdb-allow-empty-properties.patch → SOURCES/0637-sd-hwdb-allow-empty-properties.patch
View File

@ -1,4 +1,4 @@
From cd407514366a2ec2c32ebc7a5b405d37005456fd Mon Sep 17 00:00:00 2001
From 2ab6e6ae9853e410310268efc0cea7f2276979ee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 20 Oct 2020 17:12:42 +0200
Subject: [PATCH] sd-hwdb: allow empty properties
@ -9,7 +9,7 @@ override properties (back to the empty) value for specific cases.
(cherry picked from commit afe87974dd57741f74dd87165b251886f24c859f)
Related: #1930568
Related: #2005009
---
src/hwdb/hwdb.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

4
SOURCES/0658-Update-hwdb.patch → SOURCES/0638-Update-hwdb.patch
View File

@ -1,9 +1,9 @@
From a02798d09681906096cfb8f0f3997b535bb6a06d Mon Sep 17 00:00:00 2001
From 793dc4d9e32baba27eac1f37283a7485b0889803 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 19 Aug 2021 12:31:36 +0200
Subject: [PATCH] Update hwdb
Resolves: #1930568
Resolves: #2005009
---
hwdb/20-OUI.hwdb | 26574 +++++++++++++++++-
hwdb/20-acpi-vendor.hwdb | 257 +-

8
SOURCES/0663-Disable-libpitc-to-fix-CentOS-Stream-CI.patch → SOURCES/0639-Disable-libpitc-to-fix-CentOS-Stream-CI.patch
View File

@ -1,4 +1,4 @@
From 26a1c41e771eb3b36f6f9b95ae35ce4803766e3c Mon Sep 17 00:00:00 2001
From b029865ef6d8b23ecdbfda4e277a3f75cb59ee94 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Mon, 25 Oct 2021 15:27:27 +0200
Subject: [PATCH] Disable libpitc to fix CentOS Stream CI
@ -6,15 +6,13 @@ Subject: [PATCH] Disable libpitc to fix CentOS Stream CI
We have disabled it in our spec starting with 8.5.0, so let's follow
suit here.
(cherry picked from commit b029865ef6d8b23ecdbfda4e277a3f75cb59ee94)
Related: #2024903
Related: #2017033
---
.github/workflows/unit_tests.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/unit_tests.sh b/.github/workflows/unit_tests.sh
index 36363603db..814870e7a0 100755
index ad4584ec1d..def38bffe2 100755
--- a/.github/workflows/unit_tests.sh
+++ b/.github/workflows/unit_tests.sh
@@ -50,7 +50,7 @@ CONFIGURE_OPTS=(

25
SOURCES/0640-rpm-Fix-typo-in-_environmentdir.patch Normal file
View File

@ -0,0 +1,25 @@
From 74cbe4b73a1dbb1113c822690561b8b41b2fb60a Mon Sep 17 00:00:00 2001
From: Neal Gompa <ngompa13@gmail.com>
Date: Mon, 25 Jun 2018 12:56:50 -0400
Subject: [PATCH] rpm: Fix typo in %_environmentdir
Signed-off-by: Neal Gompa <ngompa13@gmail.com>
(cherry picked from commit 6ea4cb975f99cdfd447332ffa9631790a5975eea)
Resolves: #2018024
---
src/core/macros.systemd.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/macros.systemd.in b/src/core/macros.systemd.in
index f3b74f4273..a24d7bbe58 100644
--- a/src/core/macros.systemd.in
+++ b/src/core/macros.systemd.in
@@ -18,7 +18,7 @@
%_sysctldir @sysctldir@
%_sysusersdir @sysusersdir@
%_tmpfilesdir @tmpfilesdir@
-%_environmnentdir @environmentdir@
+%_environmentdir @environmentdir@
%_modulesloaddir @modulesloaddir@
%_modprobedir @modprobedir@
%_systemdgeneratordir @systemgeneratordir@

30
SOURCES/0641-rpm-Add-misspelled-_environmentdir-macro-for-tempora.patch Normal file
View File

@ -0,0 +1,30 @@
From 7b2d5268cf43a4ed7847bdbed2328bccddd5a716 Mon Sep 17 00:00:00 2001
From: Neal Gompa <ngompa13@gmail.com>
Date: Tue, 26 Jun 2018 07:42:29 -0400
Subject: [PATCH] rpm: Add misspelled %_environmentdir macro for temporary
compatibility
This should be removed after systemd 240 is released.
Signed-off-by: Neal Gompa <ngompa13@gmail.com>
(cherry picked from commit a6bb5504583e3267d35fa385fe20f60fd998ca5d)
Related: #2018024
---
src/core/macros.systemd.in | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/core/macros.systemd.in b/src/core/macros.systemd.in
index a24d7bbe58..abbb42b22f 100644
--- a/src/core/macros.systemd.in
+++ b/src/core/macros.systemd.in
@@ -26,6 +26,10 @@
%_systemd_system_env_generator_dir @systemenvgeneratordir@
%_systemd_user_env_generator_dir @userenvgeneratordir@
+# Because we had one release with a typo...
+# This is temporary (Remove after systemd 240 is released)
+%_environmnentdir %_environmentdir
+
%systemd_requires \
Requires(post): systemd \
Requires(preun): systemd \

32
SOURCES/0642-rpm-emit-warning-when-macro-with-typo-is-used.patch Normal file
View File

@ -0,0 +1,32 @@
From 4d994a262ec1ad3e33e197cb09aa5aeabb5835dd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 3 Jul 2018 15:40:53 +0200
Subject: [PATCH] rpm: emit warning when macro with typo is used
Follow-up for a6bb550458. Suggested by @ignatenkobrain.
$ rpmbuild --eval %_environmentdir
/usr/lib/environment.d
$ rpmbuild --eval %_environmnentdir
warning: Use %_environmentdir instead
/usr/lib/environment.d
(cherry picked from commit be9bf171bbf764997551f8a9b3c2aba5c6a875d3)
Related: #2018024
---
src/core/macros.systemd.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/macros.systemd.in b/src/core/macros.systemd.in
index abbb42b22f..fe7ca26a34 100644
--- a/src/core/macros.systemd.in
+++ b/src/core/macros.systemd.in
@@ -28,7 +28,7 @@
# Because we had one release with a typo...
# This is temporary (Remove after systemd 240 is released)
-%_environmnentdir %_environmentdir
+%_environmnentdir %{warn:Use %%_environmentdir instead}%_environmentdir
%systemd_requires \
Requires(post): systemd \

75
SOURCES/0643-Remove-unintended-additions-to-systemd-analyze-man-p.patch Normal file
View File

@ -0,0 +1,75 @@
From f29b7bcd85d4e8d824d36fecc130a0d74af718f8 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Tue, 12 Oct 2021 16:47:48 +0200
Subject: [PATCH] Remove unintended additions to systemd-analyze man page
These changes were introduced in commit
a2e00522971897909db2a81b4daf10e5700f453e .
Resolves: #2004765
---
man/systemd-analyze.xml | 51 +----------------------------------------
1 file changed, 1 insertion(+), 50 deletions(-)
diff --git a/man/systemd-analyze.xml b/man/systemd-analyze.xml
index 7c873cbdd1..e17ff0cf90 100644
--- a/man/systemd-analyze.xml
+++ b/man/systemd-analyze.xml
@@ -354,56 +354,7 @@ $ eog targets.svg</programlisting>
they elapse next. This takes the same input as the <varname>OnCalendar=</varname> setting in
<citerefentry><refentrytitle>systemd.timer</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
following the syntax described in
- <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>. By
- default, only the next time the calendar expression will elapse is shown; use
- <option>--iterations=</option> to show the specified number of next times the expression
- elapses.</para>
-
- <example>
- <title>Show leap days in the near future</title>
-
- <programlisting>$ systemd-analyze calendar --iterations=5 '*-2-29 0:0:0'
- Original form: *-2-29 0:0:0
-Normalized form: *-02-29 00:00:00
- Next elapse: Sat 2020-02-29 00:00:00 UTC
- From now: 11 months 15 days left
- Iter. #2: Thu 2024-02-29 00:00:00 UTC
- From now: 4 years 11 months left
- Iter. #3: Tue 2028-02-29 00:00:00 UTC
- From now: 8 years 11 months left
- Iter. #4: Sun 2032-02-29 00:00:00 UTC
- From now: 12 years 11 months left
- Iter. #5: Fri 2036-02-29 00:00:00 UTC
- From now: 16 years 11 months left
-</programlisting>
- </example>
- </refsect2>
-
- <refsect2>
- <title><command>systemd-analyze timespan <replaceable>EXPRESSION</replaceable>...</command></title>
-
- <para>This command parses a time span and outputs the normalized form and the equivalent value in
- microseconds. The time span should adhere to the same syntax documented in
- <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>.
- Values without associated magnitudes are parsed as seconds.</para>
-
- <example>
- <title>Show parsing of timespans</title>
-
- <programlisting>$ systemd-analyze timespan 1s 300s '1year 0.000001s'
-Original: 1s
- μs: 1000000
- Human: 1s
-
-Original: 300s
- μs: 300000000
- Human: 5min
-
-Original: 1year 0.000001s
- μs: 31557600000001
- Human: 1y 1us
-</programlisting>
- </example>
+ <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
</refsect2>
<refsect2>

7
SOURCES/0661-Disable-iptables-for-CI.patch → SOURCES/0644-Disable-iptables-for-CI.patch
View File

@ -1,17 +1,14 @@
From 5e081bdfe3711a812c0f2448a14909b0c518d808 Mon Sep 17 00:00:00 2001
From ffd20a699280a4732d0fe4cddafe12ee8010ddb6 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Wed, 13 Oct 2021 10:01:59 +0200
Subject: [PATCH] Disable iptables for CI
(cherry picked from commit ffd20a699280a4732d0fe4cddafe12ee8010ddb6)
Related: #2024903
---
.github/workflows/unit_tests.sh | 1 -
1 file changed, 1 deletion(-)
diff --git a/.github/workflows/unit_tests.sh b/.github/workflows/unit_tests.sh
index ad4584ec1d..36363603db 100755
index def38bffe2..814870e7a0 100755
--- a/.github/workflows/unit_tests.sh
+++ b/.github/workflows/unit_tests.sh
@@ -92,7 +92,6 @@ SYSTEMD_BUILD_DEPS=(

103
SOURCES/0645-core-fix-SIGABRT-on-empty-exec-command-argv.patch Normal file
View File

@ -0,0 +1,103 @@
From 8e322f5bc24547963978be071a8a2547abad875a Mon Sep 17 00:00:00 2001
From: Henri Chain <henri.chain@enioka.com>
Date: Tue, 5 Oct 2021 13:10:31 +0200
Subject: [PATCH] core: fix SIGABRT on empty exec command argv
This verifies that the argv part of any exec_command parameters that
are sent through dbus is not empty at deserialization time.
There is an additional check in service.c service_verify() that again
checks if all exec_commands are correctly populated, after the service
has been loaded, whether through dbus or otherwise.
Fixes #20933.
(cherry picked from commit 29500cf8c47e6eb0518d171d62aa8213020c9152)
Resolves: #2020239
---
src/core/dbus-execute.c | 4 ++++
src/core/service.c | 12 +++++++++++
test/TEST-23-TYPE-EXEC/testsuite.sh | 31 +++++++++++++++++++++++++++++
3 files changed, 47 insertions(+)
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index 8348663000..2e64f0baf4 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -969,6 +969,10 @@ int bus_set_transient_exec_command(
if (r < 0)
return r;
+ if (strv_isempty(argv))
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
+ "\"%s\" argv cannot be empty", name);
+
r = sd_bus_message_read(message, "b", &b);
if (r < 0)
return r;
diff --git a/src/core/service.c b/src/core/service.c
index 5e3e75b5ae..12adf89dd4 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -536,6 +536,18 @@ static int service_verify(Service *s) {
if (UNIT(s)->load_state != UNIT_LOADED)
return 0;
+ for (ServiceExecCommand c = 0; c < _SERVICE_EXEC_COMMAND_MAX; c++) {
+ ExecCommand *command;
+
+ LIST_FOREACH(command, command, s->exec_command[c])
+ if (strv_isempty(command->argv)) {
+ log_unit_error(UNIT(s),
+ "Service has an empty argv in %s=. Refusing.",
+ service_exec_command_to_string(c));
+ return -ENOEXEC;
+ }
+ }
+
if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]) {
log_unit_error(UNIT(s), "Service lacks both ExecStart= and ExecStop= setting. Refusing.");
return -ENOEXEC;
diff --git a/test/TEST-23-TYPE-EXEC/testsuite.sh b/test/TEST-23-TYPE-EXEC/testsuite.sh
index 80734bbbdc..e0c34cfd04 100755
--- a/test/TEST-23-TYPE-EXEC/testsuite.sh
+++ b/test/TEST-23-TYPE-EXEC/testsuite.sh
@@ -21,6 +21,37 @@ systemd-run --unit=four -p Type=exec /bin/sleep infinity
! systemd-run --unit=five -p Type=exec -p User=idontexist /bin/sleep infinity
! systemd-run --unit=six -p Type=exec /tmp/brokenbinary
+# For issue #20933
+
+# Should work normally
+busctl call \
+ org.freedesktop.systemd1 /org/freedesktop/systemd1 \
+ org.freedesktop.systemd1.Manager StartTransientUnit \
+ "ssa(sv)a(sa(sv))" test-20933-ok.service replace 1 \
+ ExecStart "a(sasb)" 1 \
+ /usr/bin/sleep 2 /usr/bin/sleep 1 true \
+ 0
+
+# DBus call should fail but not crash systemd
+busctl call \
+ org.freedesktop.systemd1 /org/freedesktop/systemd1 \
+ org.freedesktop.systemd1.Manager StartTransientUnit \
+ "ssa(sv)a(sa(sv))" test-20933-bad.service replace 1 \
+ ExecStart "a(sasb)" 1 \
+ /usr/bin/sleep 0 true \
+ 0 && { echo 'unexpected success'; exit 1; }
+
+# Same but with the empty argv in the middle
+busctl call \
+ org.freedesktop.systemd1 /org/freedesktop/systemd1 \
+ org.freedesktop.systemd1.Manager StartTransientUnit \
+ "ssa(sv)a(sa(sv))" test-20933-bad-middle.service replace 1 \
+ ExecStart "a(sasb)" 3 \
+ /usr/bin/sleep 2 /usr/bin/sleep 1 true \
+ /usr/bin/sleep 0 true \
+ /usr/bin/sleep 2 /usr/bin/sleep 1 true \
+ 0 && { echo 'unexpected success'; exit 1; }
+
systemd-analyze set-log-level info
echo OK > /testok

39
SOURCES/0646-core-service-also-check-path-in-exec-commands.patch Normal file
View File

@ -0,0 +1,39 @@
From 71ebbd2da606c9cb4da694bbcc925078f253f496 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 6 Oct 2021 00:19:41 +0900
Subject: [PATCH] core/service: also check path in exec commands
(cherry picked from commit 8688a389cabdff61efe187bb85cc1776de03c460)
Related: #2020239
---
src/core/service.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/core/service.c b/src/core/service.c
index 12adf89dd4..ae31973774 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -539,13 +539,21 @@ static int service_verify(Service *s) {
for (ServiceExecCommand c = 0; c < _SERVICE_EXEC_COMMAND_MAX; c++) {
ExecCommand *command;
- LIST_FOREACH(command, command, s->exec_command[c])
+ LIST_FOREACH(command, command, s->exec_command[c]) {
+ if (!path_is_absolute(command->path) && !filename_is_valid(command->path)) {
+ log_unit_error(UNIT(s),
+ "Service %s= binary path \"%s\" is neither a valid executable name nor an absolute path. Refusing.",
+ command->path,
+ service_exec_command_to_string(c));
+ return -ENOEXEC;
+ }
if (strv_isempty(command->argv)) {
log_unit_error(UNIT(s),
"Service has an empty argv in %s=. Refusing.",
service_exec_command_to_string(c));
return -ENOEXEC;
}
+ }
}
if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]) {

124
SOURCES/0647-mount-util-fix-fd_is_mount_point-when-both-the-paren.patch Normal file
View File

@ -0,0 +1,124 @@
From 397aaad6da5c4bfb160adca7a68f865086f2ed0a Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Thu, 30 Sep 2021 14:05:36 +0200
Subject: [PATCH] mount-util: fix fd_is_mount_point() when both the parent and
directory are network fs
The second call to name_to_handle_at_loop() didn't check for the specific
errors that can happen when the parent dir is mounted by nfs and instead of
falling back like it's done for the child dir, fd_is_mount_point() failed in
this case.
(cherry picked from commit 964ccab8286a7e75d7e9107f574f5cb23752bd5d)
Resolves: #2015057
---
src/basic/mount-util.c | 71 ++++++++++++++++++++++++------------------
1 file changed, 41 insertions(+), 30 deletions(-)
diff --git a/src/basic/mount-util.c b/src/basic/mount-util.c
index 45348bf878..0c709001be 100644
--- a/src/basic/mount-util.c
+++ b/src/basic/mount-util.c
@@ -139,6 +139,19 @@ static int fd_fdinfo_mnt_id(int fd, const char *filename, int flags, int *mnt_id
return safe_atoi(p, mnt_id);
}
+static bool is_name_to_handle_at_fatal_error(int err) {
+ /* name_to_handle_at() can return "acceptable" errors that are due to the context. For
+ * example the kernel does not support name_to_handle_at() at all (ENOSYS), or the syscall
+ * was blocked (EACCES/EPERM; maybe through seccomp, because we are running inside of a
+ * container), or the mount point is not triggered yet (EOVERFLOW, think nfs4), or some
+ * general name_to_handle_at() flakiness (EINVAL). However other errors are not supposed to
+ * happen and therefore are considered fatal ones. */
+
+ assert(err < 0);
+
+ return !IN_SET(err, -EOPNOTSUPP, -ENOSYS, -EACCES, -EPERM, -EOVERFLOW, -EINVAL);
+}
+
int fd_is_mount_point(int fd, const char *filename, int flags) {
_cleanup_free_ struct file_handle *h = NULL, *h_parent = NULL;
int mount_id = -1, mount_id_parent = -1;
@@ -173,42 +186,40 @@ int fd_is_mount_point(int fd, const char *filename, int flags) {
* real mounts of their own. */
r = name_to_handle_at_loop(fd, filename, &h, &mount_id, flags);
- if (IN_SET(r, -ENOSYS, -EACCES, -EPERM, -EOVERFLOW, -EINVAL))
- /* This kernel does not support name_to_handle_at() at all (ENOSYS), or the syscall was blocked
- * (EACCES/EPERM; maybe through seccomp, because we are running inside of a container?), or the mount
- * point is not triggered yet (EOVERFLOW, think nfs4), or some general name_to_handle_at() flakiness
- * (EINVAL): fall back to simpler logic. */
- goto fallback_fdinfo;
- else if (r == -EOPNOTSUPP)
- /* This kernel or file system does not support name_to_handle_at(), hence let's see if the upper fs
- * supports it (in which case it is a mount point), otherwise fallback to the traditional stat()
- * logic */
+ if (r < 0) {
+ if (is_name_to_handle_at_fatal_error(r))
+ return r;
+ if (r != -EOPNOTSUPP)
+ goto fallback_fdinfo;
+
+ /* This kernel or file system does not support name_to_handle_at(), hence let's see
+ * if the upper fs supports it (in which case it is a mount point), otherwise fall
+ * back to the traditional stat() logic */
nosupp = true;
- else if (r < 0)
- return r;
+ }
r = name_to_handle_at_loop(fd, "", &h_parent, &mount_id_parent, AT_EMPTY_PATH);
- if (r == -EOPNOTSUPP) {
+ if (r < 0) {
+ if (is_name_to_handle_at_fatal_error(r))
+ return r;
+ if (r != -EOPNOTSUPP)
+ goto fallback_fdinfo;
if (nosupp)
- /* Neither parent nor child do name_to_handle_at()? We have no choice but to fall back. */
+ /* Both the parent and the directory can't do name_to_handle_at() */
goto fallback_fdinfo;
- else
- /* The parent can't do name_to_handle_at() but the directory we are interested in can? If so,
- * it must be a mount point. */
- return 1;
- } else if (r < 0)
- return r;
- /* The parent can do name_to_handle_at() but the
- * directory we are interested in can't? If so, it
- * must be a mount point. */
+ /* The parent can't do name_to_handle_at() but the directory we are
+ * interested in can? If so, it must be a mount point. */
+ return 1;
+ }
+
+ /* The parent can do name_to_handle_at() but the directory we are interested in can't? If
+ * so, it must be a mount point. */
if (nosupp)
return 1;
- /* If the file handle for the directory we are
- * interested in and its parent are identical, we
- * assume this is the root directory, which is a mount
- * point. */
+ /* If the file handle for the directory we are interested in and its parent are identical,
+ * we assume this is the root directory, which is a mount point. */
if (h->handle_bytes == h_parent->handle_bytes &&
h->handle_type == h_parent->handle_type &&
@@ -300,10 +311,10 @@ int path_get_mnt_id(const char *path, int *ret) {
int r;
r = name_to_handle_at_loop(AT_FDCWD, path, NULL, ret, 0);
- if (IN_SET(r, -EOPNOTSUPP, -ENOSYS, -EACCES, -EPERM, -EOVERFLOW, -EINVAL)) /* kernel/fs don't support this, or seccomp blocks access, or untriggered mount, or name_to_handle_at() is flaky */
- return fd_fdinfo_mnt_id(AT_FDCWD, path, 0, ret);
+ if (r == 0 || is_name_to_handle_at_fatal_error(r))
+ return r;
- return r;
+ return fd_fdinfo_mnt_id(AT_FDCWD, path, 0, ret);
}
int umount_recursive(const char *prefix, int flags) {

28
SOURCES/0648-basic-add-vmware-hypervisor-detection-from-device-tr.patch Normal file
View File

@ -0,0 +1,28 @@
From 537055fc407d7cff32ddd3414a6900ccff579c46 Mon Sep 17 00:00:00 2001
From: Cyprien Laplace <claplace@vmware.com>
Date: Thu, 14 Nov 2019 09:42:14 -0500
Subject: [PATCH] basic: add vmware hypervisor detection from device-tree
Allow ConditionVirtualization=vmware to work on ESXi on arm VMs
using device-tree.
(cherry picked from commit 4d4ac92c928fcbc60b85fcbf8370af3883ee63db)
Resolves: #1959150
---
src/basic/virt.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/basic/virt.c b/src/basic/virt.c
index 0b88005ed6..8d862b6d67 100644
--- a/src/basic/virt.c
+++ b/src/basic/virt.c
@@ -122,6 +122,8 @@ static int detect_vm_device_tree(void) {
return VIRTUALIZATION_KVM;
else if (strstr(hvtype, "xen"))
return VIRTUALIZATION_XEN;
+ else if (strstr(hvtype, "vmware"))
+ return VIRTUALIZATION_VMWARE;
else
return VIRTUALIZATION_VM_OTHER;
#else

45
SOURCES/0649-pam-do-not-require-a-non-expired-password-for-user-..patch Normal file
View File

@ -0,0 +1,45 @@
From a677e477ef541d172ede2a5bd728a4ff1ffb312d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 1 Jun 2021 16:17:16 +0200
Subject: [PATCH] pam: do not require a non-expired password for user@.service
Without this parameter, we would allow user@ to start if the user
has no password (i.e. the password is "locked"). But when the user does have a password,
and it is marked as expired, we would refuse to start the service.
There are other authentication mechanisms and we should not tie this service to
the password state.
The documented way to disable an *account* is to call 'chage -E0'. With a disabled
account, user@.service will still refuse to start:
systemd[16598]: PAM failed: User account has expired
systemd[16598]: PAM failed: User account has expired
systemd[16598]: user@1005.service: Failed to set up PAM session: Operation not permitted
systemd[16598]: user@1005.service: Failed at step PAM spawning /usr/lib/systemd/systemd: Operation not permitted
systemd[1]: user@1005.service: Main process exited, code=exited, status=224/PAM
systemd[1]: user@1005.service: Failed with result 'exit-code'.
systemd[1]: Failed to start user@1005.service.
systemd[1]: Stopping user-runtime-dir@1005.service...
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1961746.
(cherry picked from commit 71889176e4372b443018584c3520c1ff3efe2711)
Resolves: #1961746
---
src/login/systemd-user.m4 | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/login/systemd-user.m4 b/src/login/systemd-user.m4
index 4f85b4b7fe..20c8999331 100644
--- a/src/login/systemd-user.m4
+++ b/src/login/systemd-user.m4
@@ -2,7 +2,7 @@
#
# Used by systemd --user instances.
-account required pam_unix.so
+account sufficient pam_unix.so no_pass_expiry
m4_ifdef(`HAVE_SELINUX',
session required pam_selinux.so close
session required pam_selinux.so nottys open

26
SOURCES/0650-udev-rules-add-rule-to-create-dev-ptp_hyperv.patch Normal file
View File

@ -0,0 +1,26 @@
From c0e530dc95fa7842ec1a48fd5df98956a76ae26c Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@microsoft.com>
Date: Fri, 26 Feb 2021 10:25:31 +0000
Subject: [PATCH] udev rules: add rule to create /dev/ptp_hyperv
As for the KVM case, necessary for network cards with
PTP devices when running a guest on HyperV
(cherry picked from commit 32e868f058da8b90add00b2958c516241c532b70)
Resolves: #1991834
---
rules/50-udev-default.rules.in | 2 ++
1 file changed, 2 insertions(+)
diff --git a/rules/50-udev-default.rules.in b/rules/50-udev-default.rules.in
index 191f56f42e..36657ce1a4 100644
--- a/rules/50-udev-default.rules.in
+++ b/rules/50-udev-default.rules.in
@@ -83,4 +83,6 @@ KERNEL=="kvm", GROUP="kvm", MODE="@DEV_KVM_MODE@", OPTIONS+="static_node=kvm"
SUBSYSTEM=="ptp", ATTR{clock_name}=="KVM virtual PTP", SYMLINK += "ptp_kvm"
+SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK += "ptp_hyperv"
+
LABEL="default_end"

223
SOURCES/0651-process-util-explicitly-handle-processes-lacking-par.patch Normal file
View File

@ -0,0 +1,223 @@
From 9b30c003c8f80bf44f18168d07ea11c48e6d8864 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 7 Jul 2021 15:57:51 +0200
Subject: [PATCH] process-util: explicitly handle processes lacking parents in
get_process_ppid()
Let's make sure we signal out-of-band via an error message if a process
doesn't have a parent process whose PID we could return. Otherwise we'll
too likely hide errors, as we return an invalid PID 0, which in other
contexts has special meaning (i.e. usually "myself").
Replaces: #20153
This is based on work by @dtardon, but goes a different route, by
ensuring we propagate a proper error in this case.
This modernizes the function in question a bit in other ways, i.e.
renames stuff and makes the return parameter optional.
(cherry picked from commit 0c4d1e6d96a549054bfe0597d197f829838917f1)
Resolves: #1977569
---
src/basic/process-util.c | 27 +++++++++++++-------
src/coredump/coredump.c | 23 +++++++++--------
src/test/test-process-util.c | 48 +++++++++++++++++++++++++++++++++---
3 files changed, 74 insertions(+), 24 deletions(-)
diff --git a/src/basic/process-util.c b/src/basic/process-util.c
index 0a4a747ba4..6016d83d41 100644
--- a/src/basic/process-util.c
+++ b/src/basic/process-util.c
@@ -603,20 +603,23 @@ int get_process_environ(pid_t pid, char **env) {
return 0;
}
-int get_process_ppid(pid_t pid, pid_t *_ppid) {
- int r;
+int get_process_ppid(pid_t pid, pid_t *ret) {
_cleanup_free_ char *line = NULL;
long unsigned ppid;
const char *p;
+ int r;
assert(pid >= 0);
- assert(_ppid);
if (pid == 0 || pid == getpid_cached()) {
- *_ppid = getppid();
+ if (ret)
+ *ret = getppid();
return 0;
}
+ if (pid == 1) /* PID 1 has no parent, shortcut this case */
+ return -EADDRNOTAVAIL;
+
p = procfs_file_alloca(pid, "stat");
r = read_one_line_file(p, &line);
if (r == -ENOENT)
@@ -624,9 +627,8 @@ int get_process_ppid(pid_t pid, pid_t *_ppid) {
if (r < 0)
return r;
- /* Let's skip the pid and comm fields. The latter is enclosed
- * in () but does not escape any () in its value, so let's
- * skip over it manually */
+ /* Let's skip the pid and comm fields. The latter is enclosed in () but does not escape any () in its
+ * value, so let's skip over it manually */
p = strrchr(line, ')');
if (!p)
@@ -640,10 +642,17 @@ int get_process_ppid(pid_t pid, pid_t *_ppid) {
&ppid) != 1)
return -EIO;
- if ((long unsigned) (pid_t) ppid != ppid)
+ /* If ppid is zero the process has no parent. Which might be the case for PID 1 but also for
+ * processes originating in other namespaces that are inserted into a pidns. Return a recognizable
+ * error in this case. */
+ if (ppid == 0)
+ return -EADDRNOTAVAIL;
+
+ if ((pid_t) ppid < 0 || (long unsigned) (pid_t) ppid != ppid)
return -ERANGE;
- *_ppid = (pid_t) ppid;
+ if (ret)
+ *ret = (pid_t) ppid;
return 0;
}
diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
index 2a130e8838..fb3a6ecfe9 100644
--- a/src/coredump/coredump.c
+++ b/src/coredump/coredump.c
@@ -591,8 +591,7 @@ static int get_process_ns(pid_t pid, const char *namespace, ino_t *ns) {
return 0;
}
-static int get_mount_namespace_leader(pid_t pid, pid_t *container_pid) {
- pid_t cpid = pid, ppid = 0;
+static int get_mount_namespace_leader(pid_t pid, pid_t *ret) {
ino_t proc_mntns;
int r = 0;
@@ -602,8 +601,12 @@ static int get_mount_namespace_leader(pid_t pid, pid_t *container_pid) {
for (;;) {
ino_t parent_mntns;
+ pid_t ppid;
- r = get_process_ppid(cpid, &ppid);
+ r = get_process_ppid(pid, &ppid);
+ if (r == -EADDRNOTAVAIL) /* Reached the top (i.e. typically PID 1, but could also be a process
+ * whose parent is not in our pidns) */
+ return -ENOENT;
if (r < 0)
return r;
@@ -611,17 +614,13 @@ static int get_mount_namespace_leader(pid_t pid, pid_t *container_pid) {
if (r < 0)
return r;
- if (proc_mntns != parent_mntns)
- break;
-
- if (ppid == 1)
- return -ENOENT;
+ if (proc_mntns != parent_mntns) {
+ *ret = ppid;
+ return 0;
+ }
- cpid = ppid;
+ pid = ppid;
}
-
- *container_pid = ppid;
- return 0;
}
/* Returns 1 if the parent was found.
diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c
index 26e3247993..6b14ff592b 100644
--- a/src/test/test-process-util.c
+++ b/src/test/test-process-util.c
@@ -19,6 +19,7 @@
#include "macro.h"
#include "parse-util.h"
#include "process-util.h"
+#include "procfs-util.h"
#include "signal-util.h"
#include "stdio-util.h"
#include "string-util.h"
@@ -56,9 +57,12 @@ static void test_get_process_comm(pid_t pid) {
assert_se(get_process_cmdline(pid, 1, false, &d) >= 0);
log_info("PID"PID_FMT" cmdline truncated to 1: '%s'", pid, d);
- assert_se(get_process_ppid(pid, &e) >= 0);
- log_info("PID"PID_FMT" PPID: "PID_FMT, pid, e);
- assert_se(pid == 1 ? e == 0 : e > 0);
+ r = get_process_ppid(pid, &e);
+ assert_se(pid == 1 ? r == -EADDRNOTAVAIL : r >= 0);
+ if (r >= 0) {
+ log_info("PID"PID_FMT" PPID: "PID_FMT, pid, e);
+ assert_se(e > 0);
+ }
assert_se(is_kernel_thread(pid) == 0 || pid != 1);
@@ -585,6 +589,43 @@ static void test_ioprio_class_from_to_string(void) {
test_ioprio_class_from_to_string_one("-1", -1);
}
+static void test_get_process_ppid(void) {
+ uint64_t limit;
+ int r;
+
+ log_info("/* %s */", __func__);
+
+ assert_se(get_process_ppid(1, NULL) == -EADDRNOTAVAIL);
+
+ /* the process with the PID above the global limit definitely doesn't exist. Verify that */
+ assert_se(procfs_tasks_get_limit(&limit) >= 0);
+ assert_se(limit >= INT_MAX || get_process_ppid(limit+1, NULL) == -ESRCH);
+
+ for (pid_t pid = 0;;) {
+ _cleanup_free_ char *c1 = NULL, *c2 = NULL;
+ pid_t ppid;
+
+ r = get_process_ppid(pid, &ppid);
+ if (r == -EADDRNOTAVAIL) {
+ log_info("No further parent PID");
+ break;
+ }
+
+ assert_se(r >= 0);
+
+ /* NOTE: The size is SIZE_MAX in the original commit, but it would require backporting a
+ * lot more stuff to support that (the current version of get_process_cmdline() just fails with
+ * ENOMEM). UINT16_MAX should be enough for practical purposes.
+ */
+ assert_se(get_process_cmdline(pid, UINT16_MAX, true, &c1) >= 0);
+ assert_se(get_process_cmdline(ppid, UINT16_MAX, true, &c2) >= 0);
+
+ log_info("Parent of " PID_FMT " (%s) is " PID_FMT " (%s).", pid, c1, ppid, c2);
+
+ pid = ppid;
+ }
+}
+
int main(int argc, char *argv[]) {
log_set_max_level(LOG_DEBUG);
log_parse_environment();
@@ -614,6 +655,7 @@ int main(int argc, char *argv[]) {
test_safe_fork();
test_pid_to_ptr();
test_ioprio_class_from_to_string();
+ test_get_process_ppid();
return 0;
}

30
SOURCES/0652-errno-util-add-ERRNO_IS_PRIVILEGE-helper.patch Normal file
View File

@ -0,0 +1,30 @@
From c078d4d4bc3a61d186a98e03afc699b11134e09f Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 20 Nov 2019 12:22:40 +0100
Subject: [PATCH] errno-util: add ERRNO_IS_PRIVILEGE() helper
(cherry picked from commit e884e000714c2db006384058a63788ffcce8c8b8)
Related: #1977569
---
src/basic/util.h | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/basic/util.h b/src/basic/util.h
index c70467f98c..76b76d7e91 100644
--- a/src/basic/util.h
+++ b/src/basic/util.h
@@ -170,6 +170,13 @@ static inline int negative_errno(void) {
return -errno;
}
+/* Two different errors for access problems */
+static inline bool ERRNO_IS_PRIVILEGE(int r) {
+ return IN_SET(abs(r),
+ EACCES,
+ EPERM);
+}
+
static inline unsigned u64log2(uint64_t n) {
#if __SIZEOF_LONG_LONG__ == 8
return (n > 1) ? (unsigned) __builtin_clzll(n) ^ 63U : 0;

318
SOURCES/0653-procfs-util-fix-confusion-wrt.-quantity-limit-and-ma.patch Normal file
View File

@ -0,0 +1,318 @@
From 62678ec1aa02b53cb116b6f7dd72a54bf61153b7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 2 Nov 2021 18:18:21 +0100
Subject: [PATCH] procfs-util: fix confusion wrt. quantity limit and maximum
value
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
From packit/rawhide-arm64 logs:
Assertion 'limit >= INT_MAX || get_process_ppid(limit+1, NULL) == -ESRCH' failed at src/test/test-process-util.c:855, function test_get_process_ppid(). Aborting.
――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
The kernel has a few different limits. In particular kernel.threads-max can be
set to some lower value, and kernel.pid_max can be set to a higher value. This
is nice because it reduces PID reuse, even if the number of threads that is
allowed is limited. But the tests assumed that we cannot have a thread with
PID above MIN(kernel.threads-max, kernel.pid_max-1), which is not valid.
So let's rework the whole thing: let's expose the helpers to read
kernel.threads-max and kernel.pid_max, and print what they return in tests.
procfs_tasks_get_limit() was something that is only used in tests, and wasn't
very well defined, so let's drop it.
Fixes #21193.
(cherry picked from commit c3dead53d50e334f2d072a2248256983d6dc9f8c)
Related: #1977569
---
src/basic/procfs-util.c | 53 +++++++++---------------------------
src/basic/procfs-util.h | 4 ++-
src/basic/util.c | 49 +++++++++++++++++++++++----------
src/test/test-process-util.c | 10 +++++--
src/test/test-procfs-util.c | 37 +++++++++++++++++++------
5 files changed, 88 insertions(+), 65 deletions(-)
diff --git a/src/basic/procfs-util.c b/src/basic/procfs-util.c
index 7aaf95bfce..fa5671dd72 100644
--- a/src/basic/procfs-util.c
+++ b/src/basic/procfs-util.c
@@ -12,54 +12,34 @@
#include "stdio-util.h"
#include "string-util.h"
-int procfs_tasks_get_limit(uint64_t *ret) {
+int procfs_get_pid_max(uint64_t *ret) {
_cleanup_free_ char *value = NULL;
- uint64_t pid_max, threads_max;
int r;
assert(ret);
- /* So there are two sysctl files that control the system limit of processes:
- *
- * 1. kernel.threads-max: this is probably the sysctl that makes more sense, as it directly puts a limit on
- * concurrent tasks.
- *
- * 2. kernel.pid_max: this limits the numeric range PIDs can take, and thus indirectly also limits the number
- * of concurrent threads. AFAICS it's primarily a compatibility concept: some crappy old code used a signed
- * 16bit type for PIDs, hence the kernel provides a way to ensure the PIDs never go beyond INT16_MAX by
- * default.
- *
- * By default #2 is set to much lower values than #1, hence the limit people come into contact with first, as
- * it's the lowest boundary they need to bump when they want higher number of processes.
- *
- * Also note the weird definition of #2: PIDs assigned will be kept below this value, which means the number of
- * tasks that can be created is one lower, as PID 0 is not a valid process ID. */
-
r = read_one_line_file("/proc/sys/kernel/pid_max", &value);
if (r < 0)
return r;
- r = safe_atou64(value, &pid_max);
- if (r < 0)
- return r;
+ return safe_atou64(value, ret);
+}
- value = mfree(value);
- r = read_one_line_file("/proc/sys/kernel/threads-max", &value);
- if (r < 0)
- return r;
+int procfs_get_threads_max(uint64_t *ret) {
+ _cleanup_free_ char *value = NULL;
+ int r;
- r = safe_atou64(value, &threads_max);
+ assert(ret);
+
+ r = read_one_line_file("/proc/sys/kernel/threads-max", &value);
if (r < 0)
return r;
- /* Subtract one from pid_max, since PID 0 is not a valid PID */
- *ret = MIN(pid_max-1, threads_max);
- return 0;
+ return safe_atou64(value, ret);
}
int procfs_tasks_set_limit(uint64_t limit) {
char buffer[DECIMAL_STR_MAX(uint64_t)+1];
- _cleanup_free_ char *value = NULL;
uint64_t pid_max;
int r;
@@ -74,10 +54,7 @@ int procfs_tasks_set_limit(uint64_t limit) {
* set it to the maximum. */
limit = CLAMP(limit, 20U, TASKS_MAX);
- r = read_one_line_file("/proc/sys/kernel/pid_max", &value);
- if (r < 0)
- return r;
- r = safe_atou64(value, &pid_max);
+ r = procfs_get_pid_max(&pid_max);
if (r < 0)
return r;
@@ -98,14 +75,10 @@ int procfs_tasks_set_limit(uint64_t limit) {
/* Hmm, we couldn't write this? If so, maybe it was already set properly? In that case let's not
* generate an error */
- value = mfree(value);
- if (read_one_line_file("/proc/sys/kernel/threads-max", &value) < 0)
- return r; /* return original error */
-
- if (safe_atou64(value, &threads_max) < 0)
+ if (procfs_get_threads_max(&threads_max) < 0)
return r; /* return original error */
- if (MIN(pid_max-1, threads_max) != limit)
+ if (MIN(pid_max - 1, threads_max) != limit)
return r; /* return original error */
/* Yay! Value set already matches what we were trying to set, hence consider this a success. */
diff --git a/src/basic/procfs-util.h b/src/basic/procfs-util.h
index 5a44e9eff7..caaee8b0b6 100644
--- a/src/basic/procfs-util.h
+++ b/src/basic/procfs-util.h
@@ -5,7 +5,9 @@
#include "time-util.h"
-int procfs_tasks_get_limit(uint64_t *ret);
+int procfs_get_pid_max(uint64_t *ret);
+int procfs_get_threads_max(uint64_t *ret);
+
int procfs_tasks_set_limit(uint64_t limit);
int procfs_tasks_get_current(uint64_t *ret);
diff --git a/src/basic/util.c b/src/basic/util.c
index 609f8c2f33..548e3652cc 100644
--- a/src/basic/util.c
+++ b/src/basic/util.c
@@ -527,23 +527,46 @@ uint64_t physical_memory_scale(uint64_t v, uint64_t max) {
}
uint64_t system_tasks_max(void) {
-
- uint64_t a = TASKS_MAX, b = TASKS_MAX;
+ uint64_t a = TASKS_MAX, b = TASKS_MAX, c = TASKS_MAX;
_cleanup_free_ char *root = NULL;
int r;
- /* Determine the maximum number of tasks that may run on this system. We check three sources to determine this
- * limit:
+ /* Determine the maximum number of tasks that may run on this system. We check three sources to
+ * determine this limit:
+ *
+ * a) kernel.threads-max sysctl: the maximum number of tasks (threads) the kernel allows.
+ *
+ * This puts a direct limit on the number of concurrent tasks.
+ *
+ * b) kernel.pid_max sysctl: the maximum PID value.
+ *
+ * This limits the numeric range PIDs can take, and thus indirectly also limits the number of
+ * concurrent threads. It's primarily a compatibility concept: some crappy old code used a signed
+ * 16bit type for PIDs, hence the kernel provides a way to ensure the PIDs never go beyond
+ * INT16_MAX by default.
*
- * a) the maximum tasks value the kernel allows on this architecture
- * b) the cgroups pids_max attribute for the system
- * c) the kernel's configured maximum PID value
+ * Also note the weird definition: PIDs assigned will be kept below this value, which means
+ * the number of tasks that can be created is one lower, as PID 0 is not a valid process ID.
*
- * And then pick the smallest of the three */
+ * c) pids.max on the root cgroup: the kernel's configured maximum number of tasks.
+ *
+ * and then pick the smallest of the three.
+ *
+ * By default pid_max is set to much lower values than threads-max, hence the limit people come into
+ * contact with first, as it's the lowest boundary they need to bump when they want higher number of
+ * processes.
+ */
+
+ r = procfs_get_threads_max(&a);
+ if (r < 0)
+ log_debug_errno(r, "Failed to read kernel.threads-max, ignoring: %m");
- r = procfs_tasks_get_limit(&a);
+ r = procfs_get_pid_max(&b);
if (r < 0)
- log_debug_errno(r, "Failed to read maximum number of tasks from /proc, ignoring: %m");
+ log_debug_errno(r, "Failed to read kernel.pid_max, ignoring: %m");
+ else if (b > 0)
+ /* Subtract one from pid_max, since PID 0 is not a valid PID */
+ b--;
r = cg_get_root_path(&root);
if (r < 0)
@@ -555,15 +578,13 @@ uint64_t system_tasks_max(void) {
if (r < 0)
log_debug_errno(r, "Failed to read pids.max attribute of cgroup root, ignoring: %m");
else if (!streq(value, "max")) {
- r = safe_atou64(value, &b);
+ r = safe_atou64(value, &c);
if (r < 0)
log_debug_errno(r, "Failed to parse pids.max attribute of cgroup root, ignoring: %m");
}
}
- return MIN3(TASKS_MAX,
- a <= 0 ? TASKS_MAX : a,
- b <= 0 ? TASKS_MAX : b);
+ return MIN3(a, b, c);
}
uint64_t system_tasks_max_scale(uint64_t v, uint64_t max) {
diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c
index 6b14ff592b..6295889b47 100644
--- a/src/test/test-process-util.c
+++ b/src/test/test-process-util.c
@@ -598,8 +598,14 @@ static void test_get_process_ppid(void) {
assert_se(get_process_ppid(1, NULL) == -EADDRNOTAVAIL);
/* the process with the PID above the global limit definitely doesn't exist. Verify that */
- assert_se(procfs_tasks_get_limit(&limit) >= 0);
- assert_se(limit >= INT_MAX || get_process_ppid(limit+1, NULL) == -ESRCH);
+ assert_se(procfs_get_pid_max(&limit) >= 0);
+ log_debug("kernel.pid_max = %"PRIu64, limit);
+
+ if (limit < INT_MAX) {
+ r = get_process_ppid(limit + 1, NULL);
+ log_debug_errno(r, "get_process_limit(%"PRIu64") → %d/%m", limit + 1, r);
+ assert(r == -ESRCH);
+ }
for (pid_t pid = 0;;) {
_cleanup_free_ char *c1 = NULL, *c2 = NULL;
diff --git a/src/test/test-procfs-util.c b/src/test/test-procfs-util.c
index 1d0612985b..bb6943fed0 100644
--- a/src/test/test-procfs-util.c
+++ b/src/test/test-procfs-util.c
@@ -5,11 +5,13 @@
#include "log.h"
#include "parse-util.h"
#include "procfs-util.h"
+#include "process-util.h"
+#include "util.h"
int main(int argc, char *argv[]) {
char buf[CONST_MAX(FORMAT_TIMESPAN_MAX, FORMAT_BYTES_MAX)];
nsec_t nsec;
- uint64_t v;
+ uint64_t v, w;
int r;
log_parse_environment();
@@ -24,22 +26,41 @@ int main(int argc, char *argv[]) {
assert_se(procfs_tasks_get_current(&v) >= 0);
log_info("Current number of tasks: %" PRIu64, v);
- assert_se(procfs_tasks_get_limit(&v) >= 0);
+ v = TASKS_MAX;
+ r = procfs_get_pid_max(&v);
+ assert(r >= 0 || r == -ENOENT || ERRNO_IS_PRIVILEGE(r));
+ log_info("kernel.pid_max: %"PRIu64, v);
+
+ w = TASKS_MAX;
+ r = procfs_get_threads_max(&w);
+ assert(r >= 0 || r == -ENOENT || ERRNO_IS_PRIVILEGE(r));
+ log_info("kernel.threads-max: %"PRIu64, w);
+
+ v = MIN(v - (v > 0), w);
+
+ assert_se(r >= 0);
log_info("Limit of tasks: %" PRIu64, v);
assert_se(v > 0);
- assert_se(procfs_tasks_set_limit(v) >= 0);
+ r = procfs_tasks_set_limit(v);
+ if (r == -ENOENT || ERRNO_IS_PRIVILEGE(r)) {
+ log_notice_errno(r, "Skipping test: can't set task limits");
+ return EXIT_TEST_SKIP;
+ }
+ assert(r >= 0);
if (v > 100) {
- uint64_t w;
+ log_info("Reducing limit by one to %"PRIu64"…", v-1);
+
r = procfs_tasks_set_limit(v-1);
- assert_se(IN_SET(r, 0, -EPERM, -EACCES, -EROFS));
+ log_info_errno(r, "procfs_tasks_set_limit: %m");
+ assert_se(r >= 0 || ERRNO_IS_PRIVILEGE(r));
- assert_se(procfs_tasks_get_limit(&w) >= 0);
- assert_se((r == 0 && w == v - 1) || (r < 0 && w == v));
+ assert_se(procfs_get_threads_max(&w) >= 0);
+ assert_se(r >= 0 ? w == v - 1 : w == v);
assert_se(procfs_tasks_set_limit(v) >= 0);
- assert_se(procfs_tasks_get_limit(&w) >= 0);
+ assert_se(procfs_get_threads_max(&w) >= 0);
assert_se(v == w);
}

31
SOURCES/0654-test-process-util-also-add-EROFS-to-the-list-of-good.patch Normal file
View File

@ -0,0 +1,31 @@
From fe15b97e44beb69305d3970a3748624ae76f9f04 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 3 Nov 2021 09:39:16 +0100
Subject: [PATCH] test-process-util: also add EROFS to the list of "good"
errors
It is only added in the one place where we actually try to set the
setting to a new value. Before we were testing if we can set to it the
existing value, which was a noop. We could still get a permission error,
but this is the first place where we would propagate EROFS.
(cherry picked from commit 6434a83d01d96e9f9a17ed9ce1f04a7d64859950)
Related: #1977569
---
src/test/test-procfs-util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/test/test-procfs-util.c b/src/test/test-procfs-util.c
index bb6943fed0..d656c4df4f 100644
--- a/src/test/test-procfs-util.c
+++ b/src/test/test-procfs-util.c
@@ -53,7 +53,7 @@ int main(int argc, char *argv[]) {
r = procfs_tasks_set_limit(v-1);
log_info_errno(r, "procfs_tasks_set_limit: %m");
- assert_se(r >= 0 || ERRNO_IS_PRIVILEGE(r));
+ assert_se(r >= 0 || ERRNO_IS_PRIVILEGE(r) || r == -EROFS);
assert_se(procfs_get_threads_max(&w) >= 0);
assert_se(r >= 0 ? w == v - 1 : w == v);

146
SOURCES/0655-journal-refresh-cached-credentials-of-stdout-streams.patch Normal file
View File

@ -0,0 +1,146 @@
From a42cf9af339f48f633fa0b17a960e1e407b7450f Mon Sep 17 00:00:00 2001
From: Lorenz Bauer <lmb@cloudflare.com>
Date: Mon, 4 Nov 2019 16:35:46 +0000
Subject: [PATCH] journal: refresh cached credentials of stdout streams
journald assumes that getsockopt(SO_PEERCRED) correctly identifies the
process on the remote end of the socket. However, this is incorrect
according to man 7 socket:
The returned credentials are those that were in effect at the
time of the call to connect(2) or socketpair(2).
This becomes a problem when a new process inherits the stdout stream
from a parent. First, log messages from the child process will
be attributed to the parent. Second, the struct ucred used by journald
becomes invalid as soon as the parent exits. Further sendmsg calls then
fail with ENOENT. Logs for the child process then vanish from the journal.
Fix this by using recvmsg on the stdout stream, and refreshing the cached
struct ucred if SCM_CREDENTIALS indicate a new process.
Fixes #13708
(cherry picked from commit 09d0b46ab61bebafe5bdc1be95ee153dfb13d6bc)
Resolves: #1931806
---
src/journal/journald-stream.c | 49 ++++++++++++++++++++++++++--
test/TEST-04-JOURNAL/test-journal.sh | 13 ++++++++
2 files changed, 60 insertions(+), 2 deletions(-)
diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c
index 6f8a4011ff..302a82d3d7 100644
--- a/src/journal/journald-stream.c
+++ b/src/journal/journald-stream.c
@@ -484,11 +484,22 @@ static int stdout_stream_scan(StdoutStream *s, bool force_flush) {
}
static int stdout_stream_process(sd_event_source *es, int fd, uint32_t revents, void *userdata) {
+ uint8_t buf[CMSG_SPACE(sizeof(struct ucred))];
StdoutStream *s = userdata;
+ struct ucred *ucred = NULL;
+ struct cmsghdr *cmsg;
+ struct iovec iovec;
size_t limit;
ssize_t l;
int r;
+ struct msghdr msghdr = {
+ .msg_iov = &iovec,
+ .msg_iovlen = 1,
+ .msg_control = buf,
+ .msg_controllen = sizeof(buf),
+ };
+
assert(s);
if ((revents|EPOLLIN|EPOLLHUP) != (EPOLLIN|EPOLLHUP)) {
@@ -508,20 +519,50 @@ static int stdout_stream_process(sd_event_source *es, int fd, uint32_t revents,
* always leave room for a terminating NUL we might need to add. */
limit = MIN(s->allocated - 1, s->server->line_max);
- l = read(s->fd, s->buffer + s->length, limit - s->length);
+ iovec = IOVEC_MAKE(s->buffer + s->length, limit - s->length);
+
+ l = recvmsg(s->fd, &msghdr, MSG_DONTWAIT|MSG_CMSG_CLOEXEC);
if (l < 0) {
- if (errno == EAGAIN)
+ if (IN_SET(errno, EINTR, EAGAIN))
return 0;
log_warning_errno(errno, "Failed to read from stream: %m");
goto terminate;
}
+ cmsg_close_all(&msghdr);
if (l == 0) {
stdout_stream_scan(s, true);
goto terminate;
}
+ CMSG_FOREACH(cmsg, &msghdr)
+ if (cmsg->cmsg_level == SOL_SOCKET &&
+ cmsg->cmsg_type == SCM_CREDENTIALS &&
+ cmsg->cmsg_len == CMSG_LEN(sizeof(struct ucred))) {
+ ucred = (struct ucred *)CMSG_DATA(cmsg);
+ break;
+ }
+
+ /* Invalidate the context if the pid of the sender changed.
+ * This happens when a forked process inherits stdout / stderr
+ * from a parent. In this case getpeercred returns the ucred
+ * of the parent, which can be invalid if the parent has exited
+ * in the meantime.
+ */
+ if (ucred && ucred->pid != s->ucred.pid) {
+ /* force out any previously half-written lines from a
+ * different process, before we switch to the new ucred
+ * structure for everything we just added */
+ r = stdout_stream_scan(s, true);
+ if (r < 0)
+ goto terminate;
+
+ s->ucred = *ucred;
+ client_context_release(s->server, s->context);
+ s->context = NULL;
+ }
+
s->length += l;
r = stdout_stream_scan(s, false);
if (r < 0)
@@ -559,6 +600,10 @@ int stdout_stream_install(Server *s, int fd, StdoutStream **ret) {
if (r < 0)
return log_error_errno(r, "Failed to determine peer credentials: %m");
+ r = setsockopt_int(fd, SOL_SOCKET, SO_PASSCRED, true);
+ if (r < 0)
+ return log_error_errno(r, "SO_PASSCRED failed: %m");
+
if (mac_selinux_use()) {
r = getpeersec(fd, &stream->label);
if (r < 0 && r != -EOPNOTSUPP)
diff --git a/test/TEST-04-JOURNAL/test-journal.sh b/test/TEST-04-JOURNAL/test-journal.sh
index 260cae09ab..52a6ee84d1 100755
--- a/test/TEST-04-JOURNAL/test-journal.sh
+++ b/test/TEST-04-JOURNAL/test-journal.sh
@@ -63,6 +63,19 @@ grep -q '^PRIORITY=6$' /output
! grep -q '^FOO=' /output
! grep -q '^SYSLOG_FACILITY=' /output
+# https://github.com/systemd/systemd/issues/13708
+ID=$(journalctl --new-id128 | sed -n 2p)
+systemd-cat -t "$ID" bash -c 'echo parent; (echo child) & wait' &
+PID=$!
+wait %%
+journalctl --sync
+# We can drop this grep when https://github.com/systemd/systemd/issues/13937
+# has a fix.
+journalctl -b -o export -t "$ID" --output-fields=_PID | grep '^_PID=' >/output
+[[ `grep -c . /output` -eq 2 ]]
+grep -q "^_PID=$PID" /output
+grep -vq "^_PID=$PID" /output
+
# Don't lose streams on restart
systemctl start forever-print-hola
sleep 3

37
SOURCES/0656-Fix-LGTM-build.patch
View File

@ -1,37 +0,0 @@
From 93c42f4da4563d225e3a2b9e72e8f9bb50d86bb1 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Fri, 17 Sep 2021 15:10:03 +0200
Subject: [PATCH] Fix LGTM build
Related: #1850986
---
src/network/netdev/netdev.c | 2 +-
src/network/networkd-network.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/network/netdev/netdev.c b/src/network/netdev/netdev.c
index 82ce88402f..e97cc07028 100644
--- a/src/network/netdev/netdev.c
+++ b/src/network/netdev/netdev.c
@@ -640,7 +640,7 @@ static int netdev_load_one(Manager *manager, const char *filename) {
netdev_raw->match_host, netdev_raw->match_virt,
netdev_raw->match_kernel_cmdline, netdev_raw->match_kernel_version,
netdev_raw->match_arch,
- NULL, NULL, NULL, NULL, NULL, NULL) <= 0)
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL) <= 0)
return 0;
if (netdev_raw->kind == _NETDEV_KIND_INVALID) {
diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
index 429aac5e6c..7637d135a4 100644
--- a/src/network/networkd-network.c
+++ b/src/network/networkd-network.c
@@ -479,7 +479,7 @@ int network_get(Manager *manager, struct udev_device *device,
network->match_virt, network->match_kernel_cmdline,
network->match_kernel_version, network->match_arch,
address, path, parent_driver, driver,
- devtype, ifname)) {
+ devtype, ifname, NULL)) {
if (network->match_name && device) {
const char *attr;
uint8_t name_assign_type = NET_NAME_UNKNOWN;

35
SOURCES/0656-util-lib-introduce-HAS_FEATURE_ADDRESS_SANITIZER.patch Normal file
View File

@ -0,0 +1,35 @@
From 39b10c9e7e4ad80adc0e8c43f7d1917edee515dd Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Sun, 2 Dec 2018 08:28:24 +0100
Subject: [PATCH] util-lib: introduce HAS_FEATURE_ADDRESS_SANITIZER
https://clang.llvm.org/docs/AddressSanitizer.html#conditional-compilation-with-has-feature-address-sanitizer
(cherry picked from commit 289acab951c5937fdf6d3a2666f411fd66dd20e5)
Related: #2017033
---
src/basic/macro.h | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/basic/macro.h b/src/basic/macro.h
index 0fe6a62aa8..62f2359633 100644
--- a/src/basic/macro.h
+++ b/src/basic/macro.h
@@ -55,6 +55,17 @@
# endif
#endif
+#if !defined(HAS_FEATURE_ADDRESS_SANITIZER)
+# if defined(__has_feature)
+# if __has_feature(address_sanitizer)
+# define HAS_FEATURE_ADDRESS_SANITIZER 1
+# endif
+# endif
+# if !defined(HAS_FEATURE_ADDRESS_SANITIZER)
+# define HAS_FEATURE_ADDRESS_SANITIZER 0
+# endif
+#endif
+
/* Temporarily disable some warnings */
#define DISABLE_WARNING_DECLARATION_AFTER_STATEMENT \
_Pragma("GCC diagnostic push"); \

34
SOURCES/0657-ci-skip-test-execute-on-GH-Actions-under-ASan.patch Normal file
View File

@ -0,0 +1,34 @@
From c0c7a5d73bd53375f90fbe70287512269bc8de16 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Tue, 12 Jan 2021 22:14:59 +0100
Subject: [PATCH] ci: skip test-execute on GH Actions under ASan
It seems to suffer from the same issue as on Travis CI, where the test
randomly fails due to timeouts in its subtests.
See: https://github.com/systemd/systemd/issues/10696#issuecomment-758501797
(cherry picked from commit f1a8fed286e3b9527b1837e9d5c6cb8d88bd2041)
Related: #2017033
---
src/test/test-execute.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/test/test-execute.c b/src/test/test-execute.c
index 294f8fe7dd..5303652b93 100644
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@@ -798,6 +798,13 @@ int main(int argc, char *argv[]) {
log_parse_environment();
log_open();
+#if HAS_FEATURE_ADDRESS_SANITIZER
+ if (strstr_ptr(ci_environment(), "travis") || strstr_ptr(ci_environment(), "github-actions")) {
+ log_notice("Running on Travis CI/GH Actions under ASan, skipping, see https://github.com/systemd/systemd/issues/10696");
+ return EXIT_TEST_SKIP;
+ }
+#endif
+
(void) unsetenv("USER");
(void) unsetenv("LOGNAME");
(void) unsetenv("SHELL");

4
SOURCES/0662-test-seccomp-accept-ENOSYS-from-sysctl-2-too.patch → SOURCES/0658-test-seccomp-accept-ENOSYS-from-sysctl-2-too.patch
View File

@ -1,4 +1,4 @@
From 307930f1c7e7588e6cfdc413147c5fc615ae73de Mon Sep 17 00:00:00 2001
From 8c15742d1194e0db9a2555553e4d77ebb441b3dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 22 Sep 2020 19:05:17 +0200
Subject: [PATCH] test-seccomp: accept ENOSYS from sysctl(2) too
@ -7,7 +7,7 @@ It seems that kernel 5.9 started returning that.
(cherry picked from commit 0af05e485a3a88f454c714901eb6109307dc893e)
Related: #2024903
Related: #2017033
---
src/test/test-seccomp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

5
SOURCES/0664-test-accept-that-char-device-0-0-can-now-be-created-.patch → SOURCES/0659-test-accept-that-char-device-0-0-can-now-be-created-.patch
View File

@ -1,14 +1,13 @@
From 5763844219e88a993d1b93653585bc68e909353c Mon Sep 17 00:00:00 2001
From e61aa66a63bcfe9ce0d80f0db691ba40218b872a Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 14 Aug 2020 21:50:55 +0200
Subject: [PATCH] test: accept that char device 0/0 can now be created witout
privileges
Fixes: #16721
(cherry picked from commit 5b5ce6298e5a1c09beacd5c963e2350979cbf94a)
Related: #2024903
Related: #2017033
---
src/test/test-fs-util.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)

4
SOURCES/0668-meson-do-not-fail-if-rsync-is-not-installed-with-mes.patch → SOURCES/0660-meson-do-not-fail-if-rsync-is-not-installed-with-mes.patch
View File

@ -1,4 +1,4 @@
From 112de8e094470d2a8df4f7c9b8ca62bd68c96a70 Mon Sep 17 00:00:00 2001
From d5cefb7293d2999dcad81bd71933b319ca6c3590 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 12 Apr 2021 14:03:32 +0200
Subject: [PATCH] meson: do not fail if rsync is not installed with meson
@ -11,7 +11,7 @@ we need a quick workaround here.
(cherry picked from commit 7c5fd25119a495009ea62f79e5daec34cc464628)
Related: #2030027
Related: #2017033
---
man/meson.build | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)

5
SOURCES/0660-pid1-fix-free-of-uninitialized-pointer-in-unit_fail_.patch → SOURCES/0661-pid1-fix-free-of-uninitialized-pointer-in-unit_fail_.patch
View File

@ -1,14 +1,13 @@
From b526b7636961ca3d303a6965879b3575e4cc293b Mon Sep 17 00:00:00 2001
From 30afbfdc82eb61f3bf47d6b1fa67a61d0ffcc4f2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 14 Dec 2018 08:16:31 +0100
Subject: [PATCH] pid1: fix free of uninitialized pointer in
unit_fail_if_noncanonical()
https://bugzilla.redhat.com/show_bug.cgi?id=1653068
(cherry picked from commit 58d9d89b4b41189bdcea86c2ad5cf708b7d54aca)
Related: #2024903
Related: #1970945
---
src/core/unit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

4
SOURCES/0659-sd-event-take-ref-on-event-loop-object-before-dispat.patch → SOURCES/0662-sd-event-take-ref-on-event-loop-object-before-dispat.patch
View File

@ -1,4 +1,4 @@
From 814da05c68d9e892c1f89585cc07c6a0330f3e37 Mon Sep 17 00:00:00 2001
From f025def77efc6bb1473b719e905fa70ed20b08d3 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 8 Sep 2021 15:42:11 +0200
Subject: [PATCH] sd-event: take ref on event loop object before dispatching
@ -12,7 +12,7 @@ accidentally dropped.
(cherry picked from commit 9f6ef467818f902fe5369c8e37a39a3901bdcf4f)
Resolves: #2024903
Related: #1970945
---
src/libsystemd/sd-event/sd-event.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

33
SOURCES/0663-core-consider-service-with-no-start-command-immediat.patch Normal file
View File

@ -0,0 +1,33 @@
From c667291303bb876707d86ac3ab9ca62355bae1b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 22:45:34 +0200
Subject: [PATCH] core: consider service with no start command immediately
started
The service would always be in state == SERVICE_INACTIVE, but it needs to go
through state == SERVICE_START so that SuccessAction/FailureAction are executed.
(cherry picked from commit ef5ae8e71329e43c277e6d4f983f0c0793047b94)
Related: #1860899
---
src/core/service.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/core/service.c b/src/core/service.c
index ae31973774..4da1c5accb 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -2055,6 +2055,12 @@ static void service_enter_start(Service *s) {
goto fail;
}
+ /* We force a fake state transition here. Otherwise, the unit would go directly from
+ * SERVICE_DEAD to SERVICE_DEAD without SERVICE_ACTIVATING or SERVICE_ACTIVE
+ * inbetween. This way we can later trigger actions that depend on the state
+ * transition, including SuccessAction=. */
+ service_set_state(s, SERVICE_START);
+
service_enter_start_post(s);
return;
}

84
SOURCES/0664-man-move-description-of-Action-modes-to-FailureActio.patch Normal file
View File

@ -0,0 +1,84 @@
From 12ce6830c63b4a27bb6d5b7729d70a86079b108f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 15:56:35 +0200
Subject: [PATCH] man: move description of *Action= modes to
FailureAction=/SuccessAction=
FailureAction=/SuccessAction= were added later then StartLimitAction=, so it
was easiest to refer to the existing description. But those two settings are
somewhat simpler (they just execute the action unconditionally) while
StartLimitAction= has additional timing and burst parameters, and they are
about to take on a more prominent role, so let's move the description of
allowed values.
(cherry picked from commit 454dd6ce7adb744584ecae9aa0bd1acf3a00e9ed)
Related: #1860899
---
man/systemd.unit.xml | 44 +++++++++++++++++++++++---------------------
1 file changed, 23 insertions(+), 21 deletions(-)
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 7605c43375..802db453a4 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -873,6 +873,24 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>FailureAction=</varname></term>
+ <term><varname>SuccessAction=</varname></term>
+
+ <listitem><para>Configure the action to take when the unit stops and enters a failed state or inactive
+ state. Takes one of <option>none</option>, <option>reboot</option>, <option>reboot-force</option>,
+ <option>reboot-immediate</option>, <option>poweroff</option>, <option>poweroff-force</option> or
+ <option>poweroff-immediate</option>. If <option>none</option> is set, no action will be triggered.
+ <option>reboot</option> causes a reboot following the normal shutdown procedure (i.e. equivalent to
+ <command>systemctl reboot</command>). <option>reboot-force</option> causes a forced reboot which will
+ terminate all processes forcibly but should cause no dirty file systems on reboot (i.e. equivalent to
+ <command>systemctl reboot -f</command>) and <option>reboot-immediate</option> causes immediate execution of the
+ <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call, which
+ might result in data loss. Similarly, <option>poweroff</option>, <option>poweroff-force</option>,
+ <option>poweroff-immediate</option> have the effect of powering down the system with similar semantics. Both
+ options default to <option>none</option>.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>JobTimeoutSec=</varname></term>
<term><varname>JobRunningTimeoutSec=</varname></term>
@@ -929,29 +947,13 @@
<varlistentry>
<term><varname>StartLimitAction=</varname></term>
- <listitem><para>Configure the action to take if the rate limit configured with
- <varname>StartLimitIntervalSec=</varname> and <varname>StartLimitBurst=</varname> is hit. Takes one of
- <option>none</option>, <option>reboot</option>, <option>reboot-force</option>,
- <option>reboot-immediate</option>, <option>poweroff</option>, <option>poweroff-force</option> or
- <option>poweroff-immediate</option>. If <option>none</option> is set, hitting the rate limit will trigger no
- action besides that the start will not be permitted. <option>reboot</option> causes a reboot following the
- normal shutdown procedure (i.e. equivalent to <command>systemctl reboot</command>).
- <option>reboot-force</option> causes a forced reboot which will terminate all processes forcibly but should
- cause no dirty file systems on reboot (i.e. equivalent to <command>systemctl reboot -f</command>) and
- <option>reboot-immediate</option> causes immediate execution of the
- <citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call, which
- might result in data loss. Similarly, <option>poweroff</option>, <option>poweroff-force</option>,
- <option>poweroff-immediate</option> have the effect of powering down the system with similar
- semantics. Defaults to <option>none</option>.</para></listitem>
+ <listitem><para>Configure an additional action to take if the rate limit configured with
+ <varname>StartLimitIntervalSec=</varname> and <varname>StartLimitBurst=</varname> is hit. Takes the same
+ values as the setting <varname>FailureAction=</varname>/<varname>SuccessAction=</varname> settings and executes
+ the same actions. If <option>none</option> is set, hitting the rate limit will trigger no action besides that
+ the start will not be permitted. Defaults to <option>none</option>.</para></listitem>
</varlistentry>
- <varlistentry>
- <term><varname>FailureAction=</varname></term>
- <term><varname>SuccessAction=</varname></term>
- <listitem><para>Configure the action to take when the unit stops and enters a failed state or inactive
- state. Takes the same values as the setting <varname>StartLimitAction=</varname> setting and executes the same
- actions. Both options default to <option>none</option>.</para></listitem>
- </varlistentry>
<varlistentry>
<term><varname>RebootArgument=</varname></term>

361
SOURCES/0665-core-define-exit-and-exit-force-actions-for-user-uni.patch Normal file
View File

@ -0,0 +1,361 @@
From 19d91eef7f15b654cd96ad5350385e535fab9e2a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 13:28:39 +0200
Subject: [PATCH] core: define "exit" and "exit-force" actions for user units
and only accept that
We would accept e.g. FailureAction=reboot-force in user units and then do an
exit in the user manager. Let's be stricter, and define "exit"/"exit-force" as
the only supported actions in user units.
v2:
- rename 'exit' to 'exit-force' and add new 'exit'
- add test for the parsing function
(cherry picked from commit 54fcb6192c618726d11404b24b1a1e9ec3169ee1)
Related: #1860899
---
TODO | 4 +++
man/systemd.unit.xml | 26 +++++++++-------
src/core/dbus-unit.c | 37 ++++++++++++++++++++++-
src/core/emergency-action.c | 47 ++++++++++++++++++++++-------
src/core/emergency-action.h | 5 ++++
src/core/load-fragment.c | 42 +++++++++++++++++++++++++-
src/test/meson.build | 5 ++++
src/test/test-emergency-action.c | 51 ++++++++++++++++++++++++++++++++
8 files changed, 195 insertions(+), 22 deletions(-)
create mode 100644 src/test/test-emergency-action.c
diff --git a/TODO b/TODO
index 3100e067d6..0705b6b08e 100644
--- a/TODO
+++ b/TODO
@@ -4,6 +4,10 @@ Bugfixes:
* copy.c: set the right chattrs before copying files and others after
+* Many manager configuration settings that are only applicable to user
+ manager or system manager can be always set. It would be better to reject
+ them when parsing config.
+
External:
* Fedora: add an rpmlint check that verifies that all unit files in the RPM are listed in %systemd_post macros.
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 802db453a4..5772a6684e 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -877,18 +877,24 @@
<term><varname>FailureAction=</varname></term>
<term><varname>SuccessAction=</varname></term>
- <listitem><para>Configure the action to take when the unit stops and enters a failed state or inactive
- state. Takes one of <option>none</option>, <option>reboot</option>, <option>reboot-force</option>,
- <option>reboot-immediate</option>, <option>poweroff</option>, <option>poweroff-force</option> or
- <option>poweroff-immediate</option>. If <option>none</option> is set, no action will be triggered.
- <option>reboot</option> causes a reboot following the normal shutdown procedure (i.e. equivalent to
- <command>systemctl reboot</command>). <option>reboot-force</option> causes a forced reboot which will
- terminate all processes forcibly but should cause no dirty file systems on reboot (i.e. equivalent to
- <command>systemctl reboot -f</command>) and <option>reboot-immediate</option> causes immediate execution of the
+ <listitem><para>Configure the action to take when the unit stops and enters a failed state or inactive state.
+ Takes one of <option>none</option>, <option>reboot</option>, <option>reboot-force</option>,
+ <option>reboot-immediate</option>, <option>poweroff</option>, <option>poweroff-force</option>,
+ <option>poweroff-immediate</option>, <option>exit</option>, and <option>exit-force</option>. In system mode,
+ all options except <option>exit</option> and <option>exit-force</option> are allowed. In user mode, only
+ <option>none</option>, <option>exit</option>, and <option>exit-force</option> are allowed. Both options default
+ to <option>none</option>.</para>
+
+ <para>If <option>none</option> is set, no action will be triggered. <option>reboot</option> causes a reboot
+ following the normal shutdown procedure (i.e. equivalent to <command>systemctl reboot</command>).
+ <option>reboot-force</option> causes a forced reboot which will terminate all processes forcibly but should
+ cause no dirty file systems on reboot (i.e. equivalent to <command>systemctl reboot -f</command>) and
+ <option>reboot-immediate</option> causes immediate execution of the
<citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call, which
might result in data loss. Similarly, <option>poweroff</option>, <option>poweroff-force</option>,
- <option>poweroff-immediate</option> have the effect of powering down the system with similar semantics. Both
- options default to <option>none</option>.</para></listitem>
+ <option>poweroff-immediate</option> have the effect of powering down the system with similar
+ semantics. <option>exit</option> causes the user manager to exit following the normal shutdown procedure, and
+ <option>exit-force</option> causes it terminate without shutting down services.</para></listitem>
</varlistentry>
<varlistentry>
diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
index 549a166abc..e7ea9db3ac 100644
--- a/src/core/dbus-unit.c
+++ b/src/core/dbus-unit.c
@@ -1564,8 +1564,43 @@ static int bus_unit_set_live_property(
return 0;
}
+static int bus_set_transient_emergency_action(
+ Unit *u,
+ const char *name,
+ EmergencyAction *p,
+ sd_bus_message *message,
+ UnitWriteFlags flags,
+ sd_bus_error *error) {
+
+ const char *s;
+ EmergencyAction v;
+ int r;
+ bool system;
+
+ assert(p);
+
+ r = sd_bus_message_read(message, "s", &s);
+ if (r < 0)
+ return r;
+
+ system = MANAGER_IS_SYSTEM(u->manager);
+ r = parse_emergency_action(s, system, &v);
+ if (v < 0)
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
+ v == -EOPNOTSUPP ? "EmergencyAction setting invalid for manager type: %s"
+ : "Invalid %s setting: %s",
+ name, s);
+
+ if (!UNIT_WRITE_FLAGS_NOOP(flags)) {
+ *p = v;
+ unit_write_settingf(u, flags, name,
+ "%s=%s", name, s);
+ }
+
+ return 1;
+}
+
static BUS_DEFINE_SET_TRANSIENT_PARSE(collect_mode, CollectMode, collect_mode_from_string);
-static BUS_DEFINE_SET_TRANSIENT_PARSE(emergency_action, EmergencyAction, emergency_action_from_string);
static BUS_DEFINE_SET_TRANSIENT_PARSE(job_mode, JobMode, job_mode_from_string);
static int bus_set_transient_conditions(
diff --git a/src/core/emergency-action.c b/src/core/emergency-action.c
index 766a3b4d2b..00f5996317 100644
--- a/src/core/emergency-action.c
+++ b/src/core/emergency-action.c
@@ -39,15 +39,6 @@ int emergency_action(
return -ECANCELED;
}
- if (!MANAGER_IS_SYSTEM(m)) {
- /* Downgrade all options to simply exiting if we run
- * in user mode */
-
- log_warning("Exiting: %s", reason);
- m->exit_code = MANAGER_EXIT;
- return -ECANCELED;
- }
-
switch (action) {
case EMERGENCY_ACTION_REBOOT:
@@ -80,11 +71,26 @@ int emergency_action(
(void) reboot(RB_AUTOBOOT);
break;
+ case EMERGENCY_ACTION_EXIT:
+ assert(MANAGER_IS_USER(m));
+
+ log_and_status(m, "Exiting", reason);
+
+ (void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_EXIT_TARGET, JOB_REPLACE_IRREVERSIBLY, NULL, NULL);
+ break;
+
case EMERGENCY_ACTION_POWEROFF:
log_and_status(m, "Powering off", reason);
(void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_POWEROFF_TARGET, JOB_REPLACE_IRREVERSIBLY, NULL, NULL);
break;
+ case EMERGENCY_ACTION_EXIT_FORCE:
+ assert(MANAGER_IS_USER(m));
+
+ log_and_status(m, "Exiting immediately", reason);
+ m->exit_code = MANAGER_EXIT;
+ break;
+
case EMERGENCY_ACTION_POWEROFF_FORCE:
log_and_status(m, "Forcibly powering off", reason);
m->exit_code = MANAGER_POWEROFF;
@@ -113,6 +119,27 @@ static const char* const emergency_action_table[_EMERGENCY_ACTION_MAX] = {
[EMERGENCY_ACTION_REBOOT_IMMEDIATE] = "reboot-immediate",
[EMERGENCY_ACTION_POWEROFF] = "poweroff",
[EMERGENCY_ACTION_POWEROFF_FORCE] = "poweroff-force",
- [EMERGENCY_ACTION_POWEROFF_IMMEDIATE] = "poweroff-immediate"
+ [EMERGENCY_ACTION_POWEROFF_IMMEDIATE] = "poweroff-immediate",
+ [EMERGENCY_ACTION_EXIT] = "exit",
+ [EMERGENCY_ACTION_EXIT_FORCE] = "exit-force",
};
DEFINE_STRING_TABLE_LOOKUP(emergency_action, EmergencyAction);
+
+int parse_emergency_action(
+ const char *value,
+ bool system,
+ EmergencyAction *ret) {
+
+ EmergencyAction x;
+
+ x = emergency_action_from_string(value);
+ if (x < 0)
+ return -EINVAL;
+
+ if ((system && x >= _EMERGENCY_ACTION_FIRST_USER_ACTION) ||
+ (!system && x != EMERGENCY_ACTION_NONE && x < _EMERGENCY_ACTION_FIRST_USER_ACTION))
+ return -EOPNOTSUPP;
+
+ *ret = x;
+ return 0;
+}
diff --git a/src/core/emergency-action.h b/src/core/emergency-action.h
index 61791f176f..646ccc4e6b 100644
--- a/src/core/emergency-action.h
+++ b/src/core/emergency-action.h
@@ -13,6 +13,9 @@ typedef enum EmergencyAction {
EMERGENCY_ACTION_POWEROFF,
EMERGENCY_ACTION_POWEROFF_FORCE,
EMERGENCY_ACTION_POWEROFF_IMMEDIATE,
+ EMERGENCY_ACTION_EXIT,
+ _EMERGENCY_ACTION_FIRST_USER_ACTION = EMERGENCY_ACTION_EXIT,
+ EMERGENCY_ACTION_EXIT_FORCE,
_EMERGENCY_ACTION_MAX,
_EMERGENCY_ACTION_INVALID = -1
} EmergencyAction;
@@ -24,3 +27,5 @@ int emergency_action(Manager *m, EmergencyAction action, const char *reboot_arg,
const char* emergency_action_to_string(EmergencyAction i) _const_;
EmergencyAction emergency_action_from_string(const char *s) _pure_;
+
+int parse_emergency_action(const char *value, bool system, EmergencyAction *ret);
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index e0d7b8f7f8..c102ffb9f0 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -77,7 +77,6 @@ DEFINE_CONFIG_PARSE(config_parse_socket_protocol, supported_socket_protocol_from
DEFINE_CONFIG_PARSE(config_parse_exec_secure_bits, secure_bits_from_string, "Failed to parse secure bits");
DEFINE_CONFIG_PARSE_ENUM(config_parse_collect_mode, collect_mode, CollectMode, "Failed to parse garbage collection mode");
DEFINE_CONFIG_PARSE_ENUM(config_parse_device_policy, cgroup_device_policy, CGroupDevicePolicy, "Failed to parse device policy");
-DEFINE_CONFIG_PARSE_ENUM(config_parse_emergency_action, emergency_action, EmergencyAction, "Failed to parse failure action specifier");
DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_keyring_mode, exec_keyring_mode, ExecKeyringMode, "Failed to parse keyring mode");
DEFINE_CONFIG_PARSE_ENUM(config_parse_exec_utmp_mode, exec_utmp_mode, ExecUtmpMode, "Failed to parse utmp mode");
DEFINE_CONFIG_PARSE_ENUM(config_parse_job_mode, job_mode, JobMode, "Failed to parse job mode");
@@ -4253,6 +4252,47 @@ int config_parse_job_running_timeout_sec(
return 0;
}
+int config_parse_emergency_action(
+ const char* unit,
+ const char *filename,
+ unsigned line,
+ const char *section,
+ unsigned section_line,
+ const char *lvalue,
+ int ltype,
+ const char *rvalue,
+ void *data,
+ void *userdata) {
+
+ Manager *m = NULL;
+ EmergencyAction *x = data;
+ int r;
+
+ assert(filename);
+ assert(lvalue);
+ assert(rvalue);
+ assert(data);
+
+ if (unit)
+ m = ((Unit*) userdata)->manager;
+ else
+ m = data;
+
+ r = parse_emergency_action(rvalue, MANAGER_IS_SYSTEM(m), x);
+ if (r < 0) {
+ if (r == -EOPNOTSUPP)
+ log_syntax(unit, LOG_ERR, filename, line, r,
+ "%s= specified as %s mode action, ignoring: %s",
+ lvalue, MANAGER_IS_SYSTEM(m) ? "user" : "system", rvalue);
+ else
+ log_syntax(unit, LOG_ERR, filename, line, r,
+ "Failed to parse %s=, ignoring: %s", lvalue, rvalue);
+ return 0;
+ }
+
+ return 0;
+}
+
#define FOLLOW_MAX 8
static int open_follow(char **filename, FILE **_f, Set *names, char **_final) {
diff --git a/src/test/meson.build b/src/test/meson.build
index 7b310d4ec7..40cf56d73d 100644
--- a/src/test/meson.build
+++ b/src/test/meson.build
@@ -65,6 +65,11 @@ tests += [
libshared],
[]],
+ [['src/test/test-emergency-action.c'],
+ [libcore,
+ libshared],
+ []],
+
[['src/test/test-job-type.c'],
[libcore,
libshared],
diff --git a/src/test/test-emergency-action.c b/src/test/test-emergency-action.c
new file mode 100644
index 0000000000..493b23227e
--- /dev/null
+++ b/src/test/test-emergency-action.c
@@ -0,0 +1,51 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
+#include "emergency-action.h"
+#include "tests.h"
+
+static void test_parse_emergency_action(void) {
+ EmergencyAction x;
+
+ log_info("/* %s */", __func__);
+
+ assert_se(parse_emergency_action("none", false, &x) == 0);
+ assert_se(x == EMERGENCY_ACTION_NONE);
+ assert_se(parse_emergency_action("reboot", false, &x) == -EOPNOTSUPP);
+ assert_se(parse_emergency_action("reboot-force", false, &x) == -EOPNOTSUPP);
+ assert_se(parse_emergency_action("reboot-immediate", false, &x) == -EOPNOTSUPP);
+ assert_se(parse_emergency_action("poweroff", false, &x) == -EOPNOTSUPP);
+ assert_se(parse_emergency_action("poweroff-force", false, &x) == -EOPNOTSUPP);
+ assert_se(parse_emergency_action("poweroff-immediate", false, &x) == -EOPNOTSUPP);
+ assert_se(x == EMERGENCY_ACTION_NONE);
+ assert_se(parse_emergency_action("exit", false, &x) == 0);
+ assert_se(x == EMERGENCY_ACTION_EXIT);
+ assert_se(parse_emergency_action("exit-force", false, &x) == 0);
+ assert_se(x == EMERGENCY_ACTION_EXIT_FORCE);
+ assert_se(parse_emergency_action("exit-forcee", false, &x) == -EINVAL);
+
+ assert_se(parse_emergency_action("none", true, &x) == 0);
+ assert_se(x == EMERGENCY_ACTION_NONE);
+ assert_se(parse_emergency_action("reboot", true, &x) == 0);
+ assert_se(x == EMERGENCY_ACTION_REBOOT);
+ assert_se(parse_emergency_action("reboot-force", true, &x) == 0);
+ assert_se(x == EMERGENCY_ACTION_REBOOT_FORCE);
+ assert_se(parse_emergency_action("reboot-immediate", true, &x) == 0);
+ assert_se(x == EMERGENCY_ACTION_REBOOT_IMMEDIATE);
+ assert_se(parse_emergency_action("poweroff", true, &x) == 0);
+ assert_se(x == EMERGENCY_ACTION_POWEROFF);
+ assert_se(parse_emergency_action("poweroff-force", true, &x) == 0);
+ assert_se(x == EMERGENCY_ACTION_POWEROFF_FORCE);
+ assert_se(parse_emergency_action("poweroff-immediate", true, &x) == 0);
+ assert_se(parse_emergency_action("exit", true, &x) == -EOPNOTSUPP);
+ assert_se(parse_emergency_action("exit-force", true, &x) == -EOPNOTSUPP);
+ assert_se(parse_emergency_action("exit-forcee", true, &x) == -EINVAL);
+ assert_se(x == EMERGENCY_ACTION_POWEROFF_IMMEDIATE);
+}
+
+int main(int argc, char **argv) {
+ test_setup_logging(LOG_INFO);
+
+ test_parse_emergency_action();
+
+ return EXIT_SUCCESS;
+}

40
SOURCES/0666-core-accept-system-mode-emergency-action-specifiers-.patch Normal file
View File

@ -0,0 +1,40 @@
From 9dbb6564826a0def39a77ad292aecde75537d164 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 14:49:36 +0200
Subject: [PATCH] core: accept system mode emergency action specifiers with a
warning
Before we would only accept those "system" values, so there wasn't other
chocie. Let's provide backwards compatiblity in case somebody made use of
this functionality in user mode.
v2: use 'exit-force' not 'exit'
v3: use error value in log_syntax
(cherry picked from commit 469f76f170db39c72578e869ec7c087bb43f9350)
Related: #1860899
---
src/core/load-fragment.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index c102ffb9f0..c0b1fd4f91 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -4280,6 +4280,16 @@ int config_parse_emergency_action(
r = parse_emergency_action(rvalue, MANAGER_IS_SYSTEM(m), x);
if (r < 0) {
+ if (r == -EOPNOTSUPP && MANAGER_IS_USER(m)) {
+ /* Compat mode: remove for systemd 241. */
+
+ log_syntax(unit, LOG_INFO, filename, line, r,
+ "%s= in user mode specified as \"%s\", using \"exit-force\" instead.",
+ lvalue, rvalue);
+ *x = EMERGENCY_ACTION_EXIT_FORCE;
+ return 0;
+ }
+
if (r == -EOPNOTSUPP)
log_syntax(unit, LOG_ERR, filename, line, r,
"%s= specified as %s mode action, ignoring: %s",

43
SOURCES/0667-core-allow-services-with-no-commands-but-SuccessActi.patch Normal file
View File

@ -0,0 +1,43 @@
From f97c6d921fb6b3d7ba88e064b03d3dd767df9ba1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 15:07:42 +0200
Subject: [PATCH] core: allow services with no commands but SuccessAction set
(cherry picked from commit 3f00d379fa6221a4570c8cd955afd9b661787db9)
Related: #1860899
---
src/core/service.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/core/service.c b/src/core/service.c
index 4da1c5accb..7969bbf071 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -556,8 +556,13 @@ static int service_verify(Service *s) {
}
}
- if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]) {
- log_unit_error(UNIT(s), "Service lacks both ExecStart= and ExecStop= setting. Refusing.");
+ if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP]
+ && UNIT(s)->success_action == EMERGENCY_ACTION_NONE) {
+ /* FailureAction= only makes sense if one of the start or stop commands is specified.
+ * SuccessAction= will be executed unconditionally if no commands are specified. Hence,
+ * either a command or SuccessAction= are required. */
+
+ log_unit_error(UNIT(s), "Service has no ExecStart=, ExecStop=, or SuccessAction=. Refusing.");
return -ENOEXEC;
}
@@ -566,8 +571,8 @@ static int service_verify(Service *s) {
return -ENOEXEC;
}
- if (!s->remain_after_exit && !s->exec_command[SERVICE_EXEC_START]) {
- log_unit_error(UNIT(s), "Service has no ExecStart= setting, which is only allowed for RemainAfterExit=yes services. Refusing.");
+ if (!s->remain_after_exit && !s->exec_command[SERVICE_EXEC_START] && UNIT(s)->success_action == EMERGENCY_ACTION_NONE) {
+ log_unit_error(UNIT(s), "Service has no ExecStart= and no SuccessAction= settings and does not have RemainAfterExit=yes set. Refusing.");
return -ENOEXEC;
}

120
SOURCES/0668-core-limit-service-watchdogs-no-to-actual-watchdog-c.patch Normal file
View File

@ -0,0 +1,120 @@
From b8358d4edf1896a821c9370c9ba31c2bb07c277a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 15:24:44 +0200
Subject: [PATCH] core: limit service-watchdogs=no to actual "watchdog"
commands
The setting is now only looked at when considering an action for a job timeout
or unit start limit. It is ignored for ctrl-alt-del, SuccessAction, SuccessFailure.
v2: turn the parameter into a flag field
v3: rename Options to Flags
(cherry picked from commit 1710d4beff6329cf6ae0767953cad09593517b2a)
Related: #1860899
---
src/core/emergency-action.c | 3 ++-
src/core/emergency-action.h | 8 +++++++-
src/core/job.c | 3 ++-
src/core/manager.c | 2 +-
src/core/unit.c | 9 ++++++---
5 files changed, 18 insertions(+), 7 deletions(-)
diff --git a/src/core/emergency-action.c b/src/core/emergency-action.c
index 00f5996317..e9e757dfa3 100644
--- a/src/core/emergency-action.c
+++ b/src/core/emergency-action.c
@@ -24,6 +24,7 @@ static void log_and_status(Manager *m, const char *message, const char *reason)
int emergency_action(
Manager *m,
EmergencyAction action,
+ EmergencyActionFlags options,
const char *reboot_arg,
const char *reason) {
@@ -34,7 +35,7 @@ int emergency_action(
if (action == EMERGENCY_ACTION_NONE)
return -ECANCELED;
- if (!m->service_watchdogs) {
+ if (FLAGS_SET(options, EMERGENCY_ACTION_IS_WATCHDOG) && !m->service_watchdogs) {
log_warning("Watchdog disabled! Not acting on: %s", reason);
return -ECANCELED;
}
diff --git a/src/core/emergency-action.h b/src/core/emergency-action.h
index 646ccc4e6b..efbfaf6c6a 100644
--- a/src/core/emergency-action.h
+++ b/src/core/emergency-action.h
@@ -20,10 +20,16 @@ typedef enum EmergencyAction {
_EMERGENCY_ACTION_INVALID = -1
} EmergencyAction;
+typedef enum EmergencyActionFlags {
+ EMERGENCY_ACTION_IS_WATCHDOG = 1 << 0,
+} EmergencyActionFlags;
+
#include "macro.h"
#include "manager.h"
-int emergency_action(Manager *m, EmergencyAction action, const char *reboot_arg, const char *reason);
+int emergency_action(Manager *m,
+ EmergencyAction action, EmergencyActionFlags options,
+ const char *reboot_arg, const char *reason);
const char* emergency_action_to_string(EmergencyAction i) _const_;
EmergencyAction emergency_action_from_string(const char *s) _pure_;
diff --git a/src/core/job.c b/src/core/job.c
index 870ec0a387..d647aac42d 100644
--- a/src/core/job.c
+++ b/src/core/job.c
@@ -1076,7 +1076,8 @@ static int job_dispatch_timer(sd_event_source *s, uint64_t monotonic, void *user
u = j->unit;
job_finish_and_invalidate(j, JOB_TIMEOUT, true, false);
- emergency_action(u->manager, u->job_timeout_action, u->job_timeout_reboot_arg, "job timed out");
+ emergency_action(u->manager, u->job_timeout_action, EMERGENCY_ACTION_IS_WATCHDOG,
+ u->job_timeout_reboot_arg, "job timed out");
return 0;
}
diff --git a/src/core/manager.c b/src/core/manager.c
index 3c44ad3dbc..ac1b198b21 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -2528,7 +2528,7 @@ static void manager_handle_ctrl_alt_del(Manager *m) {
if (ratelimit_below(&m->ctrl_alt_del_ratelimit) || m->cad_burst_action == EMERGENCY_ACTION_NONE)
manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE_IRREVERSIBLY);
else
- emergency_action(m, m->cad_burst_action, NULL,
+ emergency_action(m, m->cad_burst_action, 0, NULL,
"Ctrl-Alt-Del was pressed more than 7 times within 2s");
}
diff --git a/src/core/unit.c b/src/core/unit.c
index 152a860d08..dc5c89c195 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1669,7 +1669,8 @@ int unit_start_limit_test(Unit *u) {
log_unit_warning(u, "Start request repeated too quickly.");
u->start_limit_hit = true;
- return emergency_action(u->manager, u->start_limit_action, u->reboot_arg, "unit failed");
+ return emergency_action(u->manager, u->start_limit_action, EMERGENCY_ACTION_IS_WATCHDOG,
+ u->reboot_arg, "unit failed");
}
bool unit_shall_confirm_spawn(Unit *u) {
@@ -2469,9 +2470,11 @@ void unit_notify(Unit *u, UnitActiveState os, UnitActiveState ns, UnitNotifyFlag
unit_check_binds_to(u);
if (os != UNIT_FAILED && ns == UNIT_FAILED)
- (void) emergency_action(u->manager, u->failure_action, u->reboot_arg, "unit failed");
+ (void) emergency_action(u->manager, u->failure_action, 0,
+ u->reboot_arg, "unit failed");
else if (!UNIT_IS_INACTIVE_OR_FAILED(os) && ns == UNIT_INACTIVE)
- (void) emergency_action(u->manager, u->success_action, u->reboot_arg, "unit succeeded");
+ (void) emergency_action(u->manager, u->success_action, 0,
+ u->reboot_arg, "unit succeeded");
}
unit_add_to_dbus_queue(u);

56
SOURCES/0669-units-use-SuccessAction-exit-force-in-systemd-exit.s.patch Normal file
View File

@ -0,0 +1,56 @@
From b0394ad25fd601b9ef29d26b87f12b0a0c17cda0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 15:09:11 +0200
Subject: [PATCH] units: use SuccessAction=exit-force in systemd-exit.service
Fixes #10414.
v2:
- rename .service.in to .service
- rename 'exit' to 'exit-force'
(cherry picked from commit 631c9b7bf2dab5065d753a7b1cfaff5b100b3c90)
Resolves: #1860899
---
units/user/meson.build | 2 +-
units/user/{systemd-exit.service.in => systemd-exit.service} | 5 +----
2 files changed, 2 insertions(+), 5 deletions(-)
rename units/user/{systemd-exit.service.in => systemd-exit.service} (87%)
diff --git a/units/user/meson.build b/units/user/meson.build
index b1c2e95597..36341a42f5 100644
--- a/units/user/meson.build
+++ b/units/user/meson.build
@@ -14,6 +14,7 @@ units = [
'sockets.target',
'sound.target',
'timers.target',
+ 'systemd-exit.service',
'systemd-tmpfiles-clean.timer',
]
@@ -23,7 +24,6 @@ foreach file : units
endforeach
in_units = [
- 'systemd-exit.service',
'systemd-tmpfiles-clean.service',
'systemd-tmpfiles-setup.service',
]
diff --git a/units/user/systemd-exit.service.in b/units/user/systemd-exit.service
similarity index 87%
rename from units/user/systemd-exit.service.in
rename to units/user/systemd-exit.service
index d69273f6b3..1d3b61e3ab 100644
--- a/units/user/systemd-exit.service.in
+++ b/units/user/systemd-exit.service
@@ -13,7 +13,4 @@ Documentation=man:systemd.special(7)
DefaultDependencies=no
Requires=shutdown.target
After=shutdown.target
-
-[Service]
-Type=oneshot
-ExecStart=@SYSTEMCTL@ --user --force exit
+SuccessAction=exit-force

51
SOURCES/0670-units-use-SuccessAction-reboot-force-in-systemd-rebo.patch Normal file
View File

@ -0,0 +1,51 @@
From f531c34dd8ead33b9972bcd06017ac80ccedb757 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 15:30:53 +0200
Subject: [PATCH] units: use SuccessAction=reboot-force in
systemd-reboot.service
(cherry picked from commit d85515edcf9700dc068201ab9f7103f04f3b25b2)
Related: #1860899
---
units/meson.build | 2 +-
units/{systemd-reboot.service.in => systemd-reboot.service} | 5 +----
2 files changed, 2 insertions(+), 5 deletions(-)
rename units/{systemd-reboot.service.in => systemd-reboot.service} (89%)
diff --git a/units/meson.build b/units/meson.build
index a1cd2524dc..b482431a10 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -97,6 +97,7 @@ units = [
'sockets.target.wants/'],
['systemd-networkd.socket', 'ENABLE_NETWORKD',
join_paths(pkgsysconfdir, 'system/sockets.target.wants/')],
+ ['systemd-reboot.service', ''],
['systemd-rfkill.socket', 'ENABLE_RFKILL'],
['systemd-tmpfiles-clean.timer', '',
'timers.target.wants/'],
@@ -182,7 +183,6 @@ in_units = [
['systemd-quotacheck.service', 'ENABLE_QUOTACHECK'],
['systemd-random-seed.service', 'ENABLE_RANDOMSEED',
'sysinit.target.wants/'],
- ['systemd-reboot.service', ''],
['systemd-remount-fs.service', '',
'local-fs.target.wants/'],
['systemd-resolved.service', 'ENABLE_RESOLVE',
diff --git a/units/systemd-reboot.service.in b/units/systemd-reboot.service
similarity index 89%
rename from units/systemd-reboot.service.in
rename to units/systemd-reboot.service
index 4763ccfdca..505f60aabf 100644
--- a/units/systemd-reboot.service.in
+++ b/units/systemd-reboot.service
@@ -13,7 +13,4 @@ Documentation=man:systemd-halt.service(8)
DefaultDependencies=no
Requires=shutdown.target umount.target final.target
After=shutdown.target umount.target final.target
-
-[Service]
-Type=oneshot
-ExecStart=@SYSTEMCTL@ --force reboot
+SuccessAction=reboot-force

38
SOURCES/0671-macro-define-HAS_FEATURE_ADDRESS_SANITIZER-also-on-g.patch
View File

@ -1,38 +0,0 @@
From c132731b260174f5939099ceb4fccde84710c502 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 3 Dec 2018 17:30:19 +0100
Subject: [PATCH] macro: define HAS_FEATURE_ADDRESS_SANITIZER also on gcc
Let's make differences between compilers more minimal.
Related: #2039327
(cherry picked from commit 01da36fadd365329cfd9e2c97eb419c63404b25f)
---
src/basic/macro.h | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/src/basic/macro.h b/src/basic/macro.h
index 0fe6a62aa8..e87026882f 100644
--- a/src/basic/macro.h
+++ b/src/basic/macro.h
@@ -55,6 +55,19 @@
# endif
#endif
+#if !defined(HAS_FEATURE_ADDRESS_SANITIZER)
+# ifdef __SANITIZE_ADDRESS__
+# define HAS_FEATURE_ADDRESS_SANITIZER 1
+# elif defined(__has_feature)
+# if __has_feature(address_sanitizer)
+# define HAS_FEATURE_ADDRESS_SANITIZER 1
+# endif
+# endif
+# if !defined(HAS_FEATURE_ADDRESS_SANITIZER)
+# define HAS_FEATURE_ADDRESS_SANITIZER 0
+# endif
+#endif
+
/* Temporarily disable some warnings */
#define DISABLE_WARNING_DECLARATION_AFTER_STATEMENT \
_Pragma("GCC diagnostic push"); \

56
SOURCES/0671-units-use-SuccessAction-poweroff-force-in-systemd-po.patch Normal file
View File

@ -0,0 +1,56 @@
From 7e84234d9953f7ffacf7fff82679c9c9c3b78b7e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 15:34:57 +0200
Subject: [PATCH] units: use SuccessAction=poweroff-force in
systemd-poweroff.service
Explicit systemctl calls remain in systemd-halt.service and the system
systemd-exit.service. To convert systemd-halt, we'd need to add
SuccessAction=halt-force. Halting doesn't make much sense, so let's just
leave that is. systemd-exit.service will be converted in the next commit.
(cherry picked from commit afa6206583dfbc93e29981cb5d713841e4ca2865)
Related: #1860899
---
units/meson.build | 2 +-
...{systemd-poweroff.service.in => systemd-poweroff.service} | 5 +----
2 files changed, 2 insertions(+), 5 deletions(-)
rename units/{systemd-poweroff.service.in => systemd-poweroff.service} (89%)
diff --git a/units/meson.build b/units/meson.build
index b482431a10..6fa804148b 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -97,6 +97,7 @@ units = [
'sockets.target.wants/'],
['systemd-networkd.socket', 'ENABLE_NETWORKD',
join_paths(pkgsysconfdir, 'system/sockets.target.wants/')],
+ ['systemd-poweroff.service', ''],
['systemd-reboot.service', ''],
['systemd-rfkill.socket', 'ENABLE_RFKILL'],
['systemd-tmpfiles-clean.timer', '',
@@ -179,7 +180,6 @@ in_units = [
['systemd-nspawn@.service', ''],
['systemd-portabled.service', 'ENABLE_PORTABLED',
'dbus-org.freedesktop.portable1.service'],
- ['systemd-poweroff.service', ''],
['systemd-quotacheck.service', 'ENABLE_QUOTACHECK'],
['systemd-random-seed.service', 'ENABLE_RANDOMSEED',
'sysinit.target.wants/'],
diff --git a/units/systemd-poweroff.service.in b/units/systemd-poweroff.service
similarity index 89%
rename from units/systemd-poweroff.service.in
rename to units/systemd-poweroff.service
index e9fd655508..8d1d54389b 100644
--- a/units/systemd-poweroff.service.in
+++ b/units/systemd-poweroff.service
@@ -13,7 +13,4 @@ Documentation=man:systemd-halt.service(8)
DefaultDependencies=no
Requires=shutdown.target umount.target final.target
After=shutdown.target umount.target final.target
-
-[Service]
-Type=oneshot
-ExecStart=@SYSTEMCTL@ --force poweroff
+SuccessAction=poweroff-force

164
SOURCES/0672-units-allow-and-use-SuccessAction-exit-force-in-syst.patch Normal file
View File

@ -0,0 +1,164 @@
From c0aa64901aa4d5d7c917fccf0993819fb1a1262f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 16 Oct 2018 16:34:45 +0200
Subject: [PATCH] units: allow and use SuccessAction=exit-force in system
systemd-exit.service
C.f. 287419c119ef961db487a281162ab037eba70c61: 'systemctl exit 42' can be
used to set an exit value and pulls in exit.target, which pulls in systemd-exit.service,
which calls org.fdo.Manager.Exit, which calls method_exit(), which sets the objective
to MANAGER_EXIT. Allow the same to happen through SuccessAction=exit.
v2: update for 'exit' and 'exit-force'
(cherry picked from commit a400bd8c2a6285576edf8e2147e1d17aab129501)
Related: #1860899
---
man/systemd.unit.xml | 7 +++--
src/core/emergency-action.c | 27 +++++++++++--------
src/test/test-emergency-action.c | 6 ++---
units/meson.build | 2 +-
...d-exit.service.in => systemd-exit.service} | 5 +---
5 files changed, 24 insertions(+), 23 deletions(-)
rename units/{systemd-exit.service.in => systemd-exit.service} (88%)
diff --git a/man/systemd.unit.xml b/man/systemd.unit.xml
index 5772a6684e..e80c760dd6 100644
--- a/man/systemd.unit.xml
+++ b/man/systemd.unit.xml
@@ -881,9 +881,8 @@
Takes one of <option>none</option>, <option>reboot</option>, <option>reboot-force</option>,
<option>reboot-immediate</option>, <option>poweroff</option>, <option>poweroff-force</option>,
<option>poweroff-immediate</option>, <option>exit</option>, and <option>exit-force</option>. In system mode,
- all options except <option>exit</option> and <option>exit-force</option> are allowed. In user mode, only
- <option>none</option>, <option>exit</option>, and <option>exit-force</option> are allowed. Both options default
- to <option>none</option>.</para>
+ all options are allowed. In user mode, only <option>none</option>, <option>exit</option>, and
+ <option>exit-force</option> are allowed. Both options default to <option>none</option>.</para>
<para>If <option>none</option> is set, no action will be triggered. <option>reboot</option> causes a reboot
following the normal shutdown procedure (i.e. equivalent to <command>systemctl reboot</command>).
@@ -893,7 +892,7 @@
<citerefentry><refentrytitle>reboot</refentrytitle><manvolnum>2</manvolnum></citerefentry> system call, which
might result in data loss. Similarly, <option>poweroff</option>, <option>poweroff-force</option>,
<option>poweroff-immediate</option> have the effect of powering down the system with similar
- semantics. <option>exit</option> causes the user manager to exit following the normal shutdown procedure, and
+ semantics. <option>exit</option> causes the manager to exit following the normal shutdown procedure, and
<option>exit-force</option> causes it terminate without shutting down services.</para></listitem>
</varlistentry>
diff --git a/src/core/emergency-action.c b/src/core/emergency-action.c
index e9e757dfa3..44b92ae6f8 100644
--- a/src/core/emergency-action.c
+++ b/src/core/emergency-action.c
@@ -13,6 +13,7 @@
#include "special.h"
#include "string-table.h"
#include "terminal-util.h"
+#include "virt.h"
static void log_and_status(Manager *m, const char *message, const char *reason) {
log_warning("%s: %s", message, reason);
@@ -73,12 +74,14 @@ int emergency_action(
break;
case EMERGENCY_ACTION_EXIT:
- assert(MANAGER_IS_USER(m));
-
- log_and_status(m, "Exiting", reason);
+ if (MANAGER_IS_USER(m) || detect_container() > 0) {
+ log_and_status(m, "Exiting", reason);
+ (void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_EXIT_TARGET, JOB_REPLACE_IRREVERSIBLY, NULL, NULL);
+ break;
+ }
- (void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_EXIT_TARGET, JOB_REPLACE_IRREVERSIBLY, NULL, NULL);
- break;
+ log_notice("Doing \"poweroff\" action instead of an \"exit\" emergency action.");
+ _fallthrough_;
case EMERGENCY_ACTION_POWEROFF:
log_and_status(m, "Powering off", reason);
@@ -86,11 +89,14 @@ int emergency_action(
break;
case EMERGENCY_ACTION_EXIT_FORCE:
- assert(MANAGER_IS_USER(m));
+ if (MANAGER_IS_USER(m) || detect_container() > 0) {
+ log_and_status(m, "Exiting immediately", reason);
+ m->exit_code = MANAGER_EXIT;
+ break;
+ }
- log_and_status(m, "Exiting immediately", reason);
- m->exit_code = MANAGER_EXIT;
- break;
+ log_notice("Doing \"poweroff-force\" action instead of an \"exit-force\" emergency action.");
+ _fallthrough_;
case EMERGENCY_ACTION_POWEROFF_FORCE:
log_and_status(m, "Forcibly powering off", reason);
@@ -137,8 +143,7 @@ int parse_emergency_action(
if (x < 0)
return -EINVAL;
- if ((system && x >= _EMERGENCY_ACTION_FIRST_USER_ACTION) ||
- (!system && x != EMERGENCY_ACTION_NONE && x < _EMERGENCY_ACTION_FIRST_USER_ACTION))
+ if (!system && x != EMERGENCY_ACTION_NONE && x < _EMERGENCY_ACTION_FIRST_USER_ACTION)
return -EOPNOTSUPP;
*ret = x;
diff --git a/src/test/test-emergency-action.c b/src/test/test-emergency-action.c
index 493b23227e..8ce28ed9f5 100644
--- a/src/test/test-emergency-action.c
+++ b/src/test/test-emergency-action.c
@@ -36,10 +36,10 @@ static void test_parse_emergency_action(void) {
assert_se(parse_emergency_action("poweroff-force", true, &x) == 0);
assert_se(x == EMERGENCY_ACTION_POWEROFF_FORCE);
assert_se(parse_emergency_action("poweroff-immediate", true, &x) == 0);
- assert_se(parse_emergency_action("exit", true, &x) == -EOPNOTSUPP);
- assert_se(parse_emergency_action("exit-force", true, &x) == -EOPNOTSUPP);
+ assert_se(parse_emergency_action("exit", true, &x) == 0);
+ assert_se(parse_emergency_action("exit-force", true, &x) == 0);
assert_se(parse_emergency_action("exit-forcee", true, &x) == -EINVAL);
- assert_se(x == EMERGENCY_ACTION_POWEROFF_IMMEDIATE);
+ assert_se(x == EMERGENCY_ACTION_EXIT_FORCE);
}
int main(int argc, char **argv) {
diff --git a/units/meson.build b/units/meson.build
index 6fa804148b..a74fa95195 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -86,6 +86,7 @@ units = [
'multi-user.target.wants/'],
['systemd-coredump.socket', 'ENABLE_COREDUMP',
'sockets.target.wants/'],
+ ['systemd-exit.service', ''],
['systemd-initctl.socket', '',
'sockets.target.wants/'],
['systemd-journal-gatewayd.socket', 'ENABLE_REMOTE HAVE_MICROHTTPD'],
@@ -135,7 +136,6 @@ in_units = [
['systemd-binfmt.service', 'ENABLE_BINFMT',
'sysinit.target.wants/'],
['systemd-coredump@.service', 'ENABLE_COREDUMP'],
- ['systemd-exit.service', ''],
['systemd-firstboot.service', 'ENABLE_FIRSTBOOT',
'sysinit.target.wants/'],
['systemd-fsck-root.service', ''],
diff --git a/units/systemd-exit.service.in b/units/systemd-exit.service
similarity index 88%
rename from units/systemd-exit.service.in
rename to units/systemd-exit.service
index 2fb6ebd767..6029b13a05 100644
--- a/units/systemd-exit.service.in
+++ b/units/systemd-exit.service
@@ -13,7 +13,4 @@ Documentation=man:systemd.special(7)
DefaultDependencies=no
Requires=shutdown.target
After=shutdown.target
-
-[Service]
-Type=oneshot
-ExecStart=@SYSTEMCTL@ --force exit
+SuccessAction=exit

174
SOURCES/0673-core-do-not-warn-about-mundane-emergency-actions.patch Normal file
View File

@ -0,0 +1,174 @@
From c8e9877d14c8742cc3732d305af2422f8a16f47d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 17 Oct 2018 17:27:20 +0200
Subject: [PATCH] core: do not "warn" about mundane emergency actions
For example in a container we'd log:
Oct 17 17:01:10 rawhide systemd[1]: Started Power-Off.
Oct 17 17:01:10 rawhide systemd[1]: Forcibly powering off: unit succeeded
Oct 17 17:01:10 rawhide systemd[1]: Reached target Power-Off.
Oct 17 17:01:10 rawhide systemd[1]: Shutting down.
and on the console we'd write (in red)
[ !! ] Forcibly powering off: unit succeeded
This is not useful in any way, and the fact that we're calling an "emergency action"
is an internal implementation detail. Let's log about c-a-d and the watchdog actions
only.
(cherry picked from commit c7adcb1af9946d0672c16bb4bb7eedf39b3d1fcb)
Related: #1860899
---
src/core/emergency-action.c | 29 ++++++++++++++++-------------
src/core/emergency-action.h | 1 +
src/core/job.c | 3 ++-
src/core/manager.c | 2 +-
src/core/unit.c | 3 ++-
5 files changed, 22 insertions(+), 16 deletions(-)
diff --git a/src/core/emergency-action.c b/src/core/emergency-action.c
index 44b92ae6f8..fea1cb83db 100644
--- a/src/core/emergency-action.c
+++ b/src/core/emergency-action.c
@@ -15,11 +15,12 @@
#include "terminal-util.h"
#include "virt.h"
-static void log_and_status(Manager *m, const char *message, const char *reason) {
- log_warning("%s: %s", message, reason);
- manager_status_printf(m, STATUS_TYPE_EMERGENCY,
- ANSI_HIGHLIGHT_RED " !! " ANSI_NORMAL,
- "%s: %s", message, reason);
+static void log_and_status(Manager *m, bool warn, const char *message, const char *reason) {
+ log_full(warn ? LOG_WARNING : LOG_DEBUG, "%s: %s", message, reason);
+ if (warn)
+ manager_status_printf(m, STATUS_TYPE_EMERGENCY,
+ ANSI_HIGHLIGHT_RED " !! " ANSI_NORMAL,
+ "%s: %s", message, reason);
}
int emergency_action(
@@ -41,17 +42,19 @@ int emergency_action(
return -ECANCELED;
}
+ bool warn = FLAGS_SET(options, EMERGENCY_ACTION_WARN);
+
switch (action) {
case EMERGENCY_ACTION_REBOOT:
- log_and_status(m, "Rebooting", reason);
+ log_and_status(m, warn, "Rebooting", reason);
(void) update_reboot_parameter_and_warn(reboot_arg);
(void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_REBOOT_TARGET, JOB_REPLACE_IRREVERSIBLY, NULL, NULL);
break;
case EMERGENCY_ACTION_REBOOT_FORCE:
- log_and_status(m, "Forcibly rebooting", reason);
+ log_and_status(m, warn, "Forcibly rebooting", reason);
(void) update_reboot_parameter_and_warn(reboot_arg);
m->exit_code = MANAGER_REBOOT;
@@ -59,7 +62,7 @@ int emergency_action(
break;
case EMERGENCY_ACTION_REBOOT_IMMEDIATE:
- log_and_status(m, "Rebooting immediately", reason);
+ log_and_status(m, warn, "Rebooting immediately", reason);
sync();
@@ -75,7 +78,7 @@ int emergency_action(
case EMERGENCY_ACTION_EXIT:
if (MANAGER_IS_USER(m) || detect_container() > 0) {
- log_and_status(m, "Exiting", reason);
+ log_and_status(m, warn, "Exiting", reason);
(void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_EXIT_TARGET, JOB_REPLACE_IRREVERSIBLY, NULL, NULL);
break;
}
@@ -84,13 +87,13 @@ int emergency_action(
_fallthrough_;
case EMERGENCY_ACTION_POWEROFF:
- log_and_status(m, "Powering off", reason);
+ log_and_status(m, warn, "Powering off", reason);
(void) manager_add_job_by_name_and_warn(m, JOB_START, SPECIAL_POWEROFF_TARGET, JOB_REPLACE_IRREVERSIBLY, NULL, NULL);
break;
case EMERGENCY_ACTION_EXIT_FORCE:
if (MANAGER_IS_USER(m) || detect_container() > 0) {
- log_and_status(m, "Exiting immediately", reason);
+ log_and_status(m, warn, "Exiting immediately", reason);
m->exit_code = MANAGER_EXIT;
break;
}
@@ -99,12 +102,12 @@ int emergency_action(
_fallthrough_;
case EMERGENCY_ACTION_POWEROFF_FORCE:
- log_and_status(m, "Forcibly powering off", reason);
+ log_and_status(m, warn, "Forcibly powering off", reason);
m->exit_code = MANAGER_POWEROFF;
break;
case EMERGENCY_ACTION_POWEROFF_IMMEDIATE:
- log_and_status(m, "Powering off immediately", reason);
+ log_and_status(m, warn, "Powering off immediately", reason);
sync();
diff --git a/src/core/emergency-action.h b/src/core/emergency-action.h
index efbfaf6c6a..2aa1497118 100644
--- a/src/core/emergency-action.h
+++ b/src/core/emergency-action.h
@@ -22,6 +22,7 @@ typedef enum EmergencyAction {
typedef enum EmergencyActionFlags {
EMERGENCY_ACTION_IS_WATCHDOG = 1 << 0,
+ EMERGENCY_ACTION_WARN = 1 << 1,
} EmergencyActionFlags;
#include "macro.h"
diff --git a/src/core/job.c b/src/core/job.c
index d647aac42d..43ab55ed18 100644
--- a/src/core/job.c
+++ b/src/core/job.c
@@ -1076,7 +1076,8 @@ static int job_dispatch_timer(sd_event_source *s, uint64_t monotonic, void *user
u = j->unit;
job_finish_and_invalidate(j, JOB_TIMEOUT, true, false);
- emergency_action(u->manager, u->job_timeout_action, EMERGENCY_ACTION_IS_WATCHDOG,
+ emergency_action(u->manager, u->job_timeout_action,
+ EMERGENCY_ACTION_IS_WATCHDOG|EMERGENCY_ACTION_WARN,
u->job_timeout_reboot_arg, "job timed out");
return 0;
diff --git a/src/core/manager.c b/src/core/manager.c
index ac1b198b21..ee976f70b3 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -2528,7 +2528,7 @@ static void manager_handle_ctrl_alt_del(Manager *m) {
if (ratelimit_below(&m->ctrl_alt_del_ratelimit) || m->cad_burst_action == EMERGENCY_ACTION_NONE)
manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE_IRREVERSIBLY);
else
- emergency_action(m, m->cad_burst_action, 0, NULL,
+ emergency_action(m, m->cad_burst_action, EMERGENCY_ACTION_WARN, NULL,
"Ctrl-Alt-Del was pressed more than 7 times within 2s");
}
diff --git a/src/core/unit.c b/src/core/unit.c
index dc5c89c195..23afa24c77 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1669,7 +1669,8 @@ int unit_start_limit_test(Unit *u) {
log_unit_warning(u, "Start request repeated too quickly.");
u->start_limit_hit = true;
- return emergency_action(u->manager, u->start_limit_action, EMERGENCY_ACTION_IS_WATCHDOG,
+ return emergency_action(u->manager, u->start_limit_action,
+ EMERGENCY_ACTION_IS_WATCHDOG|EMERGENCY_ACTION_WARN,
u->reboot_arg, "unit failed");
}

4
SOURCES/0665-core-return-true-from-cg_is_empty-on-ENOENT.patch → SOURCES/0674-core-return-true-from-cg_is_empty-on-ENOENT.patch
View File

@ -1,11 +1,11 @@
From bfc6e3c33b49b4f2e611e2ff151d3088055df07d Mon Sep 17 00:00:00 2001
From 2aaa40e698f66fd10d0a7a71ca39637e24809e97 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 17 Oct 2018 17:48:35 +0200
Subject: [PATCH] core: return true from cg_is_empty* on ENOENT
(cherry picked from commit 1bcf3fc6c57d92927b96cad8c739099b4ceae236)
Related: #2024903
Related: #1860899
---
src/basic/cgroup-util.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

29
SOURCES/0675-macro-define-HAS_FEATURE_ADDRESS_SANITIZER-also-on-g.patch Normal file
View File

@ -0,0 +1,29 @@
From 01da36fadd365329cfd9e2c97eb419c63404b25f Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 3 Dec 2018 17:30:19 +0100
Subject: [PATCH] macro: define HAS_FEATURE_ADDRESS_SANITIZER also on gcc
Let's make differences between compilers more minimal.
(cherry picked from commit be5f77b26e22a806179c7b03e03d424682ed325c)
Related: #2017033
---
src/basic/macro.h | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/basic/macro.h b/src/basic/macro.h
index 62f2359633..e87026882f 100644
--- a/src/basic/macro.h
+++ b/src/basic/macro.h
@@ -56,7 +56,9 @@
#endif
#if !defined(HAS_FEATURE_ADDRESS_SANITIZER)
-# if defined(__has_feature)
+# ifdef __SANITIZE_ADDRESS__
+# define HAS_FEATURE_ADDRESS_SANITIZER 1
+# elif defined(__has_feature)
# if __has_feature(address_sanitizer)
# define HAS_FEATURE_ADDRESS_SANITIZER 1
# endif

6
SOURCES/0672-tests-add-helper-function-to-autodetect-CI-environme.patch → SOURCES/0676-tests-add-helper-function-to-autodetect-CI-environme.patch
View File

@ -1,4 +1,4 @@
From ccdf0a116dcba01ec4d8caec0baef2910d8d9800 Mon Sep 17 00:00:00 2001
From 6fbbf368f5a6d181b21f448255d5a4182dc2ab3a Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Mon, 29 Nov 2021 13:00:21 +0100
Subject: [PATCH] tests: add helper function to autodetect CI environments
@ -7,9 +7,9 @@ Sadly there is no standarized way to check if we're running in some
CI environment. So let's try to gather the heuristics in one helper
function.
(cherry picked from commit 6fbbf368f5a6d181b21f448255d5a4182dc2ab3a)
Loosely cherry-picked from 4eb0c875f8825199a829ddc597874915fbee0a84.
Related: #2039327
Related: #2017033
---
src/basic/string-util.h | 6 ++++++
src/shared/tests.c | 42 +++++++++++++++++++++++++++++++++++++++++

6
SOURCES/0673-strv-rework-FOREACH_STRING-macro.patch → SOURCES/0677-strv-rework-FOREACH_STRING-macro.patch
View File

@ -1,4 +1,4 @@
From ad8b47946941e6a1f3ae778f5e8563ddf532b2ba Mon Sep 17 00:00:00 2001
From 3539a72c260063713e4ecba17966ba9a768d8af9 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 16 Jan 2019 00:13:38 +0100
Subject: [PATCH] strv: rework FOREACH_STRING() macro
@ -15,9 +15,7 @@ instead of a "const char*", which is good too.
Fixes: #11394
(cherry picked from commit 66a64081f82dfad90f2f9394a477820a2e3e6510)
(cherry picked from commit 3539a72c260063713e4ecba17966ba9a768d8af9)
Related: #2039327
Related: #2017033
---
src/basic/strv.h | 15 ++++-----------
1 file changed, 4 insertions(+), 11 deletions(-)

8
SOURCES/0674-test-systemctl-use-const-char-instead-of-char.patch → SOURCES/0678-test-systemctl-use-const-char-instead-of-char.patch
View File

@ -1,4 +1,4 @@
From 5a45664f9b5d2ba7550ed1c12550554688b70f5c Mon Sep 17 00:00:00 2001
From fdfff847313222eed3306ac605db46d8cbd23212 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Mon, 29 Nov 2021 13:47:24 +0100
Subject: [PATCH] test,systemctl: use "const char*" instead of "char*"
@ -10,9 +10,7 @@ hence it's more correct to have the iterator const too.
Based on b2238e380e5f2fbcc129643b3fbd66f2828fd57c.
(cherry picked from commit fdfff847313222eed3306ac605db46d8cbd23212)
Related: #2039327
Related: #2017033
---
src/systemctl/systemctl.c | 3 ++-
src/test/test-execute.c | 2 +-
@ -33,7 +31,7 @@ index 3dd7c1522f..b967550b97 100644
size_t argc;
diff --git a/src/test/test-execute.c b/src/test/test-execute.c
index 294f8fe7dd..4d21301982 100644
index 5303652b93..7581d5ed68 100644
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@@ -146,7 +146,7 @@ invalid:

6
SOURCES/0675-ci-pass-the-GITHUB_ACTIONS-variable-to-the-CentOS-co.patch → SOURCES/0679-ci-pass-the-GITHUB_ACTIONS-variable-to-the-CentOS-co.patch
View File

@ -1,4 +1,4 @@
From d9542b919237306baee2d2396794f63da67b1314 Mon Sep 17 00:00:00 2001
From a8fd8d157c832ddad34a9a3e372579c58261f7fb Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Mon, 29 Nov 2021 13:59:41 +0100
Subject: [PATCH] ci: pass the $GITHUB_ACTIONS variable to the CentOS container
@ -6,10 +6,8 @@ Subject: [PATCH] ci: pass the $GITHUB_ACTIONS variable to the CentOS container
so we can properly skip tests which are problematic when running in GH
Actions.
Related: #2039327
Related: #2017033
rhel-only
(cherry picked from commit a8fd8d157c832ddad34a9a3e372579c58261f7fb)
---
.github/workflows/unit_tests.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

171
SOURCES/0680-lgtm-detect-uninitialized-variables-using-the-__clea.patch Normal file
View File

@ -0,0 +1,171 @@
From cecb3cc06f6025835324c1837c03def1d9be8eb1 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Wed, 1 Dec 2021 21:31:43 +0100
Subject: [PATCH] lgtm: detect uninitialized variables using the __cleanup__
attribute
This is a slightly modified version of the original
`cpp/uninitialized-local` CodeQL query which focuses only on variables
using the cleanup macros. Since this has proven to cause issues in the
past, let's panic on every uninitialized variable using any of the
cleanup macros (as long as they're written using the __cleanup__
attribute).
Some test results from a test I used when writing the query:
```
#define _cleanup_foo_ __attribute__((__cleanup__(foo)))
#define _cleanup_(x) __attribute__((__cleanup__(x)))
static inline void freep(void *p) {
*(void**)p = mfree(*(void**) p);
}
#define _cleanup_free_ _cleanup_(freep)
static inline void foo(char **p) {
if (*p)
*p = free(*p);
}
int main(void) {
__attribute__((__cleanup__(foo))) char *a;
char *b;
_cleanup_foo_ char *c;
char **d;
_cleanup_free_ char *e;
int r;
r = fun(&e);
if (r < 0)
return 1;
puts(a);
puts(b);
puts(c);
puts(*d);
puts(e);
return 0;
}
```
```
+| test.c:23:14:23:14 | e | The variable $@ may not be initialized here, but has a cleanup handler. | test.c:20:26:20:26 | e | e |
+| test.c:27:10:27:10 | a | The variable $@ may not be initialized here, but has a cleanup handler. | test.c:16:45:16:45 | a | a |
+| test.c:29:10:29:10 | c | The variable $@ may not be initialized here, but has a cleanup handler. | test.c:18:25:18:25 | c | c |
```
(cherry picked from commit 863bff75488d33f519deea6390988f3d9d72e6de)
Related: #2017033
---
.../UninitializedVariableWithCleanup.ql | 99 +++++++++++++++++++
1 file changed, 99 insertions(+)
create mode 100644 .lgtm/cpp-queries/UninitializedVariableWithCleanup.ql
diff --git a/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql b/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql
new file mode 100644
index 0000000000..6bf0ae01eb
--- /dev/null
+++ b/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql
@@ -0,0 +1,99 @@
+/**
+ * vi: sw=2 ts=2 et syntax=ql:
+ *
+ * Based on cpp/uninitialized-local.
+ *
+ * @name Potentially uninitialized local variable using the cleanup attribute
+ * @description Running the cleanup handler on a possibly uninitialized variable
+ * is generally a bad idea.
+ * @id cpp/uninitialized-local-with-cleanup
+ * @kind problem
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ */
+
+import cpp
+import semmle.code.cpp.controlflow.StackVariableReachability
+
+/**
+ * Auxiliary predicate: Types that don't require initialization
+ * before they are used, since they're stack-allocated.
+ */
+predicate allocatedType(Type t) {
+ /* Arrays: "int foo[1]; foo[0] = 42;" is ok. */
+ t instanceof ArrayType
+ or
+ /* Structs: "struct foo bar; bar.baz = 42" is ok. */
+ t instanceof Class
+ or
+ /* Typedefs to other allocated types are fine. */
+ allocatedType(t.(TypedefType).getUnderlyingType())
+ or
+ /* Type specifiers don't affect whether or not a type is allocated. */
+ allocatedType(t.getUnspecifiedType())
+}
+
+/**
+ * A declaration of a local variable using __attribute__((__cleanup__(x)))
+ * that leaves the variable uninitialized.
+ */
+DeclStmt declWithNoInit(LocalVariable v) {
+ result.getADeclaration() = v and
+ not exists(v.getInitializer()) and
+ /* The variable has __attribute__((__cleanup__(...))) set */
+ v.getAnAttribute().hasName("cleanup") and
+ /* The type of the variable is not stack-allocated. */
+ exists(Type t | t = v.getType() | not allocatedType(t))
+}
+
+class UninitialisedLocalReachability extends StackVariableReachability {
+ UninitialisedLocalReachability() { this = "UninitialisedLocal" }
+
+ override predicate isSource(ControlFlowNode node, StackVariable v) { node = declWithNoInit(v) }
+
+ /* Note: _don't_ use the `useOfVarActual()` predicate here (and a couple of lines
+ * below), as it assumes that the callee always modifies the variable if
+ * it's passed to the function.
+ *
+ * i.e.:
+ * _cleanup_free char *x;
+ * fun(&x);
+ * puts(x);
+ *
+ * `useOfVarActual()` won't treat this an an uninitialized read even if the callee
+ * doesn't modify the argument, however, `useOfVar()` will
+ */
+ override predicate isSink(ControlFlowNode node, StackVariable v) { useOfVar(v, node) }
+
+ override predicate isBarrier(ControlFlowNode node, StackVariable v) {
+ // only report the _first_ possibly uninitialized use
+ useOfVar(v, node) or
+ definitionBarrier(v, node)
+ }
+}
+
+pragma[noinline]
+predicate containsInlineAssembly(Function f) { exists(AsmStmt s | s.getEnclosingFunction() = f) }
+
+/**
+ * Auxiliary predicate: List common exceptions or false positives
+ * for this check to exclude them.
+ */
+VariableAccess commonException() {
+ // If the uninitialized use we've found is in a macro expansion, it's
+ // typically something like va_start(), and we don't want to complain.
+ result.getParent().isInMacroExpansion()
+ or
+ result.getParent() instanceof BuiltInOperation
+ or
+ // Finally, exclude functions that contain assembly blocks. It's
+ // anyone's guess what happens in those.
+ containsInlineAssembly(result.getEnclosingFunction())
+}
+
+from UninitialisedLocalReachability r, LocalVariable v, VariableAccess va
+where
+ r.reaches(_, v, va) and
+ not va = commonException()
+select va, "The variable $@ may not be initialized here, but has a cleanup handler.", v, v.getName()

84
SOURCES/0681-lgtm-replace-the-query-used-for-looking-for-fgets-wi.patch Normal file
View File

@ -0,0 +1,84 @@
From c4a34b71d4f51f071f7a722059e36388b41d30e4 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Mon, 11 Mar 2019 21:05:13 +0100
Subject: [PATCH] lgtm: replace the query used for looking for fgets with a
more general query
to make it easier to comlain about `strtok` :-)
Inspired by https://github.com/systemd/systemd/pull/11963, which, in turn,
was prompted by https://github.com/systemd/systemd/pull/11555.
(cherry picked from commit 7ba5ded9dbd7737bc368521f5ea7c90e5b06ab3e)
Related: #2017033
---
.../PotentiallyDangerousFunction.ql | 30 +++++++++++++++++++
.lgtm/cpp-queries/fgets.ql | 21 -------------
2 files changed, 30 insertions(+), 21 deletions(-)
create mode 100644 .lgtm/cpp-queries/PotentiallyDangerousFunction.ql
delete mode 100644 .lgtm/cpp-queries/fgets.ql
diff --git a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql b/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
new file mode 100644
index 0000000000..ba80f4ad8c
--- /dev/null
+++ b/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
@@ -0,0 +1,30 @@
+/**
+ * @name Use of potentially dangerous function
+ * @description Certain standard library functions are dangerous to call.
+ * @kind problem
+ * @problem.severity error
+ * @precision high
+ * @id cpp/potentially-dangerous-function
+ * @tags reliability
+ * security
+ *
+ * Borrowed from
+ * https://github.com/Semmle/ql/blob/master/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
+ */
+import cpp
+
+predicate potentiallyDangerousFunction(Function f, string message) {
+ (
+ f.getQualifiedName() = "fgets" and
+ message = "Call to fgets is potentially dangerous. Use read_line() instead."
+ ) or (
+ f.getQualifiedName() = "strtok" and
+ message = "Call to strtok is potentially dangerous. Use extract_first_word() instead."
+ )
+}
+
+from FunctionCall call, Function target, string message
+where
+ call.getTarget() = target and
+ potentiallyDangerousFunction(target, message)
+select call, message
diff --git a/.lgtm/cpp-queries/fgets.ql b/.lgtm/cpp-queries/fgets.ql
deleted file mode 100644
index a4181e4f3d..0000000000
--- a/.lgtm/cpp-queries/fgets.ql
+++ /dev/null
@@ -1,21 +0,0 @@
-/**
- * @name Use of fgets()
- * @description fgets() is dangerous to call. Use read_line() instead.
- * @kind problem
- * @problem.severity error
- * @precision high
- * @id cpp/fgets
- * @tags reliability
- * security
- */
-import cpp
-
-predicate dangerousFunction(Function function) {
- exists (string name | name = function.getQualifiedName() |
- name = "fgets")
-}
-
-from FunctionCall call, Function target
-where call.getTarget() = target
- and dangerousFunction(target)
-select call, target.getQualifiedName() + " is potentially dangerous"

48
SOURCES/0682-lgtm-beef-up-list-of-dangerous-questionnable-API-cal.patch Normal file
View File

@ -0,0 +1,48 @@
From 8b60932555141e1fe61a343863eae7655c2449a9 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 2 Apr 2019 12:43:47 +0200
Subject: [PATCH] lgtm: beef up list of dangerous/questionnable API calls not
to make
(cherry picked from commit 9b4805421eb2a7319f6507a26febfb9d2cdc3a93)
Related: #2017033
---
.../PotentiallyDangerousFunction.ql | 22 +++++++++++++++++--
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql b/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
index ba80f4ad8c..cd0284b37a 100644
--- a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
+++ b/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
@@ -16,10 +16,28 @@ import cpp
predicate potentiallyDangerousFunction(Function f, string message) {
(
f.getQualifiedName() = "fgets" and
- message = "Call to fgets is potentially dangerous. Use read_line() instead."
+ message = "Call to fgets() is potentially dangerous. Use read_line() instead."
) or (
f.getQualifiedName() = "strtok" and
- message = "Call to strtok is potentially dangerous. Use extract_first_word() instead."
+ message = "Call to strtok() is potentially dangerous. Use extract_first_word() instead."
+ ) or (
+ f.getQualifiedName() = "strsep" and
+ message = "Call to strsep() is potentially dangerous. Use extract_first_word() instead."
+ ) or (
+ f.getQualifiedName() = "dup" and
+ message = "Call to dup() is potentially dangerous. Use fcntl(fd, FD_DUPFD_CLOEXEC, 3) instead."
+ ) or (
+ f.getQualifiedName() = "htonl" and
+ message = "Call to htonl() is confusing. Use htobe32() instead."
+ ) or (
+ f.getQualifiedName() = "htons" and
+ message = "Call to htons() is confusing. Use htobe16() instead."
+ ) or (
+ f.getQualifiedName() = "ntohl" and
+ message = "Call to ntohl() is confusing. Use be32toh() instead."
+ ) or (
+ f.getQualifiedName() = "ntohs" and
+ message = "Call to ntohs() is confusing. Use be16toh() instead."
)
}

26
SOURCES/0683-lgtm-warn-about-strerror-use.patch Normal file
View File

@ -0,0 +1,26 @@
From af6eac25456d4ca7e8233e00aec7531e640f17af Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 5 Apr 2019 15:31:34 +0200
Subject: [PATCH] lgtm: warn about strerror() use
(cherry picked from commit 9ff46eded2b99d244455467eb55c0ff3f51c5362)
Related: #2017033
---
.lgtm/cpp-queries/PotentiallyDangerousFunction.ql | 3 +++
1 file changed, 3 insertions(+)
diff --git a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql b/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
index cd0284b37a..96712cf1c6 100644
--- a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
+++ b/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
@@ -38,6 +38,9 @@ predicate potentiallyDangerousFunction(Function f, string message) {
) or (
f.getQualifiedName() = "ntohs" and
message = "Call to ntohs() is confusing. Use be16toh() instead."
+ ) or (
+ f.getQualifiedName() = "strerror" and
+ message = "Call to strerror() is not thread-safe. Use strerror_r() or printf()'s %m format string instead."
)
}

27
SOURCES/0684-lgtm-complain-about-accept-people-should-use-accept4.patch Normal file
View File

@ -0,0 +1,27 @@
From bfa090ce83f2b0734c526a4426a20f6f0f943aa0 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 10 Apr 2019 19:36:40 +0200
Subject: [PATCH] lgtm: complain about accept() [people should use accept4()
instead, due to O_CLOEXEC]
(cherry picked from commit e2d0fa6feb3797246c8bfda3db45a2f5b62e1b5b)
Related: #2017033
---
.lgtm/cpp-queries/PotentiallyDangerousFunction.ql | 3 +++
1 file changed, 3 insertions(+)
diff --git a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql b/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
index 96712cf1c6..865330430d 100644
--- a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
+++ b/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
@@ -41,6 +41,9 @@ predicate potentiallyDangerousFunction(Function f, string message) {
) or (
f.getQualifiedName() = "strerror" and
message = "Call to strerror() is not thread-safe. Use strerror_r() or printf()'s %m format string instead."
+ ) or (
+ f.getQualifiedName() = "accept" and
+ message = "Call to accept() is not O_CLOEXEC-safe. Use accept4() instead."
)
}

40
SOURCES/0685-lgtm-don-t-treat-the-custom-note-as-a-list-of-tags.patch Normal file
View File

@ -0,0 +1,40 @@
From 6eeaef95566e6d85e714280c412e5df347838e34 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Thu, 2 Dec 2021 16:55:17 +0100
Subject: [PATCH] lgtm: don't treat the custom note as a list of tags
Just a cosmetic change.
(cherry picked from commit c7d70210fa45c3210b8b1eda51bc0f6d68bd8392)
Related: #2017033
---
.lgtm/cpp-queries/PotentiallyDangerousFunction.ql | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql b/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
index 865330430d..39e8dddd13 100644
--- a/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
+++ b/.lgtm/cpp-queries/PotentiallyDangerousFunction.ql
@@ -1,15 +1,17 @@
/**
+ * vi: sw=2 ts=2 et syntax=ql:
+ *
+ * Borrowed from
+ * https://github.com/Semmle/ql/blob/master/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
+ *
* @name Use of potentially dangerous function
* @description Certain standard library functions are dangerous to call.
+ * @id cpp/potentially-dangerous-function
* @kind problem
* @problem.severity error
* @precision high
- * @id cpp/potentially-dangerous-function
* @tags reliability
* security
- *
- * Borrowed from
- * https://github.com/Semmle/ql/blob/master/cpp/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
*/
import cpp

42
SOURCES/0686-lgtm-ignore-certain-cleanup-functions.patch Normal file
View File

@ -0,0 +1,42 @@
From 42123e9614ea73c7f64c684c90e4dbb049ef67ef Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Sun, 5 Dec 2021 10:25:28 +0100
Subject: [PATCH] lgtm: ignore certain cleanup functions
as they don't do any illegal stuff even when used with an uninitialized
variable.
(cherry picked from commit af1868213657b38b8d4008608976eb81546cfb8e)
Related: #2017033
---
.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql b/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql
index 6bf0ae01eb..8c24b6d8f1 100644
--- a/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql
+++ b/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql
@@ -34,6 +34,13 @@ predicate allocatedType(Type t) {
allocatedType(t.getUnspecifiedType())
}
+/** Auxiliary predicate: List cleanup functions we want to explicitly ignore
+ * since they don't do anything illegal even when the variable is uninitialized
+ */
+predicate cleanupFunctionDenyList(string fun) {
+ fun = "erase_char"
+}
+
/**
* A declaration of a local variable using __attribute__((__cleanup__(x)))
* that leaves the variable uninitialized.
@@ -43,6 +50,8 @@ DeclStmt declWithNoInit(LocalVariable v) {
not exists(v.getInitializer()) and
/* The variable has __attribute__((__cleanup__(...))) set */
v.getAnAttribute().hasName("cleanup") and
+ /* Check if the cleanup function is not on a deny list */
+ not exists(Attribute a | a = v.getAnAttribute() and a.getName() = "cleanup" | cleanupFunctionDenyList(a.getAnArgument().getValueText())) and
/* The type of the variable is not stack-allocated. */
exists(Type t | t = v.getType() | not allocatedType(t))
}

96
SOURCES/0687-lgtm-detect-more-possible-problematic-scenarios.patch Normal file
View File

@ -0,0 +1,96 @@
From f9b19c9d4caaf870b30cce8a3d6be79eda099c4e Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Sun, 5 Dec 2021 16:11:35 +0100
Subject: [PATCH] lgtm: detect more possible problematic scenarios
1) don't ignore stack-allocated variables, since they may hide
heap-allocated stuff (compound types)
2) check if there's a return between the variable declaration and its
initialization; if so, treat the variable as uninitialized
3) introduction of 2) increased the query runtime exponentially, so
introduce some optimizations to bring it back to some reasonable
values
(cherry picked from commit c8fec8bf9b086f9fc7638db0f1a613a00d7c63a3)
Related: #2017033
---
.../UninitializedVariableWithCleanup.ql | 48 ++++++++++---------
1 file changed, 25 insertions(+), 23 deletions(-)
diff --git a/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql b/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql
index 8c24b6d8f1..6b3b62f8bc 100644
--- a/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql
+++ b/.lgtm/cpp-queries/UninitializedVariableWithCleanup.ql
@@ -16,24 +16,6 @@
import cpp
import semmle.code.cpp.controlflow.StackVariableReachability
-/**
- * Auxiliary predicate: Types that don't require initialization
- * before they are used, since they're stack-allocated.
- */
-predicate allocatedType(Type t) {
- /* Arrays: "int foo[1]; foo[0] = 42;" is ok. */
- t instanceof ArrayType
- or
- /* Structs: "struct foo bar; bar.baz = 42" is ok. */
- t instanceof Class
- or
- /* Typedefs to other allocated types are fine. */
- allocatedType(t.(TypedefType).getUnderlyingType())
- or
- /* Type specifiers don't affect whether or not a type is allocated. */
- allocatedType(t.getUnspecifiedType())
-}
-
/** Auxiliary predicate: List cleanup functions we want to explicitly ignore
* since they don't do anything illegal even when the variable is uninitialized
*/
@@ -47,13 +29,11 @@ predicate cleanupFunctionDenyList(string fun) {
*/
DeclStmt declWithNoInit(LocalVariable v) {
result.getADeclaration() = v and
- not exists(v.getInitializer()) and
+ not v.hasInitializer() and
/* The variable has __attribute__((__cleanup__(...))) set */
v.getAnAttribute().hasName("cleanup") and
/* Check if the cleanup function is not on a deny list */
- not exists(Attribute a | a = v.getAnAttribute() and a.getName() = "cleanup" | cleanupFunctionDenyList(a.getAnArgument().getValueText())) and
- /* The type of the variable is not stack-allocated. */
- exists(Type t | t = v.getType() | not allocatedType(t))
+ not cleanupFunctionDenyList(v.getAnAttribute().getAnArgument().getValueText())
}
class UninitialisedLocalReachability extends StackVariableReachability {
@@ -78,7 +58,29 @@ class UninitialisedLocalReachability extends StackVariableReachability {
override predicate isBarrier(ControlFlowNode node, StackVariable v) {
// only report the _first_ possibly uninitialized use
useOfVar(v, node) or
- definitionBarrier(v, node)
+ (
+ /* If there's an return statement somewhere between the variable declaration
+ * and a possible definition, don't accept is as a valid initialization.
+ *
+ * E.g.:
+ * _cleanup_free_ char *x;
+ * ...
+ * if (...)
+ * return;
+ * ...
+ * x = malloc(...);
+ *
+ * is not a valid initialization, since we might return from the function
+ * _before_ the actual iniitialization (emphasis on _might_, since we
+ * don't know if the return statement might ever evaluate to true).
+ */
+ definitionBarrier(v, node) and
+ not exists(ReturnStmt rs |
+ /* The attribute check is "just" a complexity optimization */
+ v.getFunction() = rs.getEnclosingFunction() and v.getAnAttribute().hasName("cleanup") |
+ rs.getLocation().isBefore(node.getLocation())
+ )
+ )
}
}

48
SOURCES/0688-lgtm-enable-more-and-potentially-useful-queries.patch Normal file
View File

@ -0,0 +1,48 @@
From 842c676a36abab0d92f1e68de2c8881fd00fdf4b Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Tue, 30 Nov 2021 23:40:28 +0100
Subject: [PATCH] lgtm: enable more (and potentially useful) queries
Not all available queries on LGTM are enabled by default, but some of
the excluded ones might come in handy, hence let's enable them
explicitly.
(cherry picked from commit 38f36b9f3443b4d2085799c772e901a402b84af3)
Related: #2017033
---
.lgtm.yml | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/.lgtm.yml b/.lgtm.yml
index 5948d8c2bc..fe93957b67 100644
--- a/.lgtm.yml
+++ b/.lgtm.yml
@@ -1,3 +1,27 @@
+---
+# vi: ts=2 sw=2 et:
+
+# Explicitly enable certain checks which are hidden by default
+queries:
+ - include: cpp/bad-strncpy-size
+ - include: cpp/declaration-hides-variable
+ - include: cpp/inconsistent-null-check
+ - include: cpp/mistyped-function-arguments
+ - include: cpp/nested-loops-with-same-variable
+ - include: cpp/sizeof-side-effect
+ - include: cpp/suspicious-pointer-scaling
+ - include: cpp/suspicious-pointer-scaling-void
+ - include: cpp/suspicious-sizeof
+ - include: cpp/unsafe-strcat
+ - include: cpp/unsafe-strncat
+ - include: cpp/unsigned-difference-expression-compared-zero
+ - include: cpp/unused-local-variable
+ - include:
+ tags:
+ - "security"
+ - "correctness"
+ severity: "error"
+
extraction:
cpp:
prepare:

6
SOURCES/0667-meson-avoid-bogus-meson-warning.patch → SOURCES/0689-meson-avoid-bogus-meson-warning.patch
View File

@ -1,4 +1,4 @@
From 0e03f2192cd80e6a4a1bf83f0238cc6d133b8475 Mon Sep 17 00:00:00 2001
From 4433c31a80c4477b0a0c503c74e8faebc44f4453 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 7 Nov 2019 11:32:26 +0100
Subject: [PATCH] meson: avoid bogus meson warning
@ -11,14 +11,12 @@ so meson shouldn't warn. But let's set avoid the warning and shorten things by
setting the final value immediately.
(cherry picked from commit cbe804947482998cc767bfb0c169e6263a6ef097)
Related: #2030027
---
src/test/meson.build | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/src/test/meson.build b/src/test/meson.build
index 7b310d4ec7..4bbc67d367 100644
index 40cf56d73d..6eaa62e53f 100644
--- a/src/test/meson.build
+++ b/src/test/meson.build
@@ -10,12 +10,11 @@ test_hashmap_ordered_c = custom_target(

6
SOURCES/0670-test-make-TEST-47-less-racy.patch → SOURCES/0690-test-make-TEST-47-less-racy.patch
View File

@ -1,4 +1,4 @@
From a423abe6a3914364c36d4299c1b770fdbe376834 Mon Sep 17 00:00:00 2001
From de7125dcfe6d6c8af05262ab786f9fe7cbf15113 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Wed, 15 Dec 2021 12:15:19 +0100
Subject: [PATCH] test: make TEST-47 less racy
@ -8,9 +8,7 @@ Based on:
- e00e2e0b50bbd120290572c8d1242703fb98b34e
- 197298ff9fc930de450330095cc5b67d165d0801
Related: #2039327
(cherry picked from commit de7125dcfe6d6c8af05262ab786f9fe7cbf15113)
Related: #2017033
---
test/TEST-47-ISSUE-14566/testsuite.sh | 2 ++
1 file changed, 2 insertions(+)

14
SOURCES/0676-core-rename-unit_-start_limit-condition-assert-_test.patch → SOURCES/0691-core-rename-unit_-start_limit-condition-assert-_test.patch
View File

@ -1,4 +1,4 @@
From f1f0eb4d262e91830324de3f99fa58cd154a7876 Mon Sep 17 00:00:00 2001
From 894d307d0d149adb46e630550566e5a3f6ff8d2e Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 18 Mar 2019 12:21:27 +0100
Subject: [PATCH] core: rename unit_{start_limit|condition|assert}_test() to
@ -11,7 +11,7 @@ various things, hence let's streamline the naming a bit.
(cherry picked from commit 97a3f4ee052e1b8a0ff03accfa478e352891a84f)
Related: #2037395
Related: #2036608
---
src/core/automount.c | 2 +-
src/core/mount.c | 2 +-
@ -38,7 +38,7 @@ index 76e70f4dac..2bc160cb07 100644
automount_enter_dead(a, AUTOMOUNT_FAILURE_START_LIMIT_HIT);
return r;
diff --git a/src/core/mount.c b/src/core/mount.c
index 9b1c59b1c3..4cb49d845d 100644
index 7e80a0c974..aa586d88cb 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -1065,7 +1065,7 @@ static int mount_start(Unit *u) {
@ -64,10 +64,10 @@ index ed40bc6c19..4bccc0396b 100644
path_enter_dead(p, PATH_FAILURE_START_LIMIT_HIT);
return r;
diff --git a/src/core/service.c b/src/core/service.c
index 5e3e75b5ae..01cb1a375e 100644
index 7969bbf071..1a1de43d0d 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -2357,7 +2357,7 @@ static int service_start(Unit *u) {
@@ -2388,7 +2388,7 @@ static int service_start(Unit *u) {
assert(IN_SET(s->state, SERVICE_DEAD, SERVICE_FAILED));
/* Make sure we don't enter a busy loop of some kind. */
@ -116,7 +116,7 @@ index 1718ffc5a5..be16321296 100644
timer_enter_dead(t, TIMER_FAILURE_START_LIMIT_HIT);
return r;
diff --git a/src/core/unit.c b/src/core/unit.c
index 152a860d08..fa94a67fdd 100644
index 23afa24c77..9013186d8a 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1633,7 +1633,7 @@ static bool unit_condition_test_list(Unit *u, Condition *first, const char *(*to
@ -147,7 +147,7 @@ index 152a860d08..fa94a67fdd 100644
assert(u);
if (ratelimit_below(&u->start_limit)) {
@@ -1748,14 +1747,14 @@ int unit_start(Unit *u) {
@@ -1750,14 +1749,14 @@ int unit_start(Unit *u) {
* speed up activation in case there is some hold-off time,
* but we don't want to recheck the condition in that case. */
if (state != UNIT_ACTIVATING &&

22
SOURCES/0677-core-Check-unit-start-rate-limiting-earlier.patch → SOURCES/0692-core-Check-unit-start-rate-limiting-earlier.patch
View File

@ -1,4 +1,4 @@
From 6f3b6308bb5705fdcadec3f4cac105211bc0a3e2 Mon Sep 17 00:00:00 2001
From 471eda89a25a3ceac91a2d05e39a54aae78038ed Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 24 Aug 2021 16:46:47 +0100
Subject: [PATCH] core: Check unit start rate limiting earlier
@ -16,7 +16,7 @@ earlier on.
(cherry picked from commit 9727f2427ff6b2e1f4ab927cc57ad8e888f04e95)
Related: #2037395
Related: #2036608
[msekleta: I've deleted part of the original commit that adds test for
issue #17433. This was necessary because upstream commit assumes newer
@ -82,7 +82,7 @@ index 2bc160cb07..5e16adabb5 100644
+ .test_start_limit = automount_test_start_limit,
};
diff --git a/src/core/mount.c b/src/core/mount.c
index 4cb49d845d..619f64d5b7 100644
index aa586d88cb..22848847e5 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -1065,12 +1065,6 @@ static int mount_start(Unit *u) {
@ -98,7 +98,7 @@ index 4cb49d845d..619f64d5b7 100644
r = unit_acquire_invocation_id(u);
if (r < 0)
return r;
@@ -1953,6 +1947,21 @@ static int mount_control_pid(Unit *u) {
@@ -1957,6 +1951,21 @@ static int mount_control_pid(Unit *u) {
return m->control_pid;
}
@ -120,7 +120,7 @@ index 4cb49d845d..619f64d5b7 100644
static const char* const mount_exec_command_table[_MOUNT_EXEC_COMMAND_MAX] = {
[MOUNT_EXEC_MOUNT] = "ExecMount",
[MOUNT_EXEC_UNMOUNT] = "ExecUnmount",
@@ -2044,4 +2053,6 @@ const UnitVTable mount_vtable = {
@@ -2048,4 +2057,6 @@ const UnitVTable mount_vtable = {
[JOB_TIMEOUT] = "Timed out unmounting %s.",
},
},
@ -174,10 +174,10 @@ index 4bccc0396b..1e69a1f05f 100644
+ .test_start_limit = path_test_start_limit,
};
diff --git a/src/core/service.c b/src/core/service.c
index 01cb1a375e..a21d98ab8f 100644
index 1a1de43d0d..c5f408d817 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -2356,13 +2356,6 @@ static int service_start(Unit *u) {
@@ -2387,13 +2387,6 @@ static int service_start(Unit *u) {
assert(IN_SET(s->state, SERVICE_DEAD, SERVICE_FAILED));
@ -191,7 +191,7 @@ index 01cb1a375e..a21d98ab8f 100644
r = unit_acquire_invocation_id(u);
if (r < 0)
return r;
@@ -4050,6 +4043,22 @@ static bool service_needs_console(Unit *u) {
@@ -4081,6 +4074,22 @@ static bool service_needs_console(Unit *u) {
SERVICE_FINAL_SIGKILL);
}
@ -214,7 +214,7 @@ index 01cb1a375e..a21d98ab8f 100644
static const char* const service_restart_table[_SERVICE_RESTART_MAX] = {
[SERVICE_RESTART_NO] = "no",
[SERVICE_RESTART_ON_SUCCESS] = "on-success",
@@ -4191,4 +4200,6 @@ const UnitVTable service_vtable = {
@@ -4222,4 +4231,6 @@ const UnitVTable service_vtable = {
[JOB_FAILED] = "Stopped (with error) %s.",
},
},
@ -359,10 +359,10 @@ index be16321296..fb9ae17990 100644
+ .test_start_limit = timer_test_start_limit,
};
diff --git a/src/core/unit.c b/src/core/unit.c
index fa94a67fdd..9005f79df3 100644
index 9013186d8a..f0df7452fa 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1726,10 +1726,16 @@ int unit_start(Unit *u) {
@@ -1728,10 +1728,16 @@ int unit_start(Unit *u) {
assert(u);

4
SOURCES/0678-sd-event-introduce-callback-invoked-when-event-sourc.patch → SOURCES/0693-sd-event-introduce-callback-invoked-when-event-sourc.patch
View File

@ -1,4 +1,4 @@
From 5f2ee8632f15a8978c522de6789777171e898671 Mon Sep 17 00:00:00 2001
From 51210a849ea7f163a1760de989756206c01dd758 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 4 Oct 2021 19:44:06 +0200
Subject: [PATCH] sd-event: introduce callback invoked when event source
@ -6,7 +6,7 @@ Subject: [PATCH] sd-event: introduce callback invoked when event source
(cherry picked from commit fd69f2247520b0be3190ded96d646a415edc97b7)
Related: #2037395
Related: #2036608
---
src/libsystemd/libsystemd.sym | 5 +++
src/libsystemd/sd-event/sd-event.c | 61 +++++++++++++++++++++++-----

24
SOURCES/0679-core-rename-generalize-UNIT-u-test_start_limit-hook.patch → SOURCES/0694-core-rename-generalize-UNIT-u-test_start_limit-hook.patch
View File

@ -1,4 +1,4 @@
From c08bb8f464ff4d27fbf762d19d28fe92955a668d Mon Sep 17 00:00:00 2001
From 3674514b7220a136dcfd464c205d41609f0c99a7 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 4 Oct 2021 17:51:52 +0200
Subject: [PATCH] core: rename/generalize UNIT(u)->test_start_limit() hook
@ -15,7 +15,7 @@ the virtual function that implements the check.
(cherry picked from commit 705578c3b9d794097233aa66010cf67b2a444716)
Related: #2037395
Related: #2036608
---
src/core/automount.c | 6 +++---
src/core/mount.c | 6 +++---
@ -58,10 +58,10 @@ index 5e16adabb5..f212620c8f 100644
+ .can_start = automount_can_start,
};
diff --git a/src/core/mount.c b/src/core/mount.c
index 619f64d5b7..72341fe685 100644
index 22848847e5..032a2ca156 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -1947,7 +1947,7 @@ static int mount_control_pid(Unit *u) {
@@ -1951,7 +1951,7 @@ static int mount_control_pid(Unit *u) {
return m->control_pid;
}
@ -70,7 +70,7 @@ index 619f64d5b7..72341fe685 100644
Mount *m = MOUNT(u);
int r;
@@ -1959,7 +1959,7 @@ static int mount_test_start_limit(Unit *u) {
@@ -1963,7 +1963,7 @@ static int mount_test_start_limit(Unit *u) {
return r;
}
@ -79,7 +79,7 @@ index 619f64d5b7..72341fe685 100644
}
static const char* const mount_exec_command_table[_MOUNT_EXEC_COMMAND_MAX] = {
@@ -2054,5 +2054,5 @@ const UnitVTable mount_vtable = {
@@ -2058,5 +2058,5 @@ const UnitVTable mount_vtable = {
},
},
@ -116,10 +116,10 @@ index 1e69a1f05f..58f490589d 100644
+ .can_start = path_can_start,
};
diff --git a/src/core/service.c b/src/core/service.c
index a21d98ab8f..2b7e85d3eb 100644
index c5f408d817..e8ae1a5772 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -4043,7 +4043,7 @@ static bool service_needs_console(Unit *u) {
@@ -4074,7 +4074,7 @@ static bool service_needs_console(Unit *u) {
SERVICE_FINAL_SIGKILL);
}
@ -128,7 +128,7 @@ index a21d98ab8f..2b7e85d3eb 100644
Service *s = SERVICE(u);
int r;
@@ -4056,7 +4056,7 @@ static int service_test_start_limit(Unit *u) {
@@ -4087,7 +4087,7 @@ static int service_test_start_limit(Unit *u) {
return r;
}
@ -137,7 +137,7 @@ index a21d98ab8f..2b7e85d3eb 100644
}
static const char* const service_restart_table[_SERVICE_RESTART_MAX] = {
@@ -4201,5 +4201,5 @@ const UnitVTable service_vtable = {
@@ -4232,5 +4232,5 @@ const UnitVTable service_vtable = {
},
},
@ -232,10 +232,10 @@ index fb9ae17990..684180bf99 100644
+ .can_start = timer_can_start,
};
diff --git a/src/core/unit.c b/src/core/unit.c
index 9005f79df3..bd0a6bb7cc 100644
index f0df7452fa..4de218feac 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1726,9 +1726,9 @@ int unit_start(Unit *u) {
@@ -1728,9 +1728,9 @@ int unit_start(Unit *u) {
assert(u);

8
SOURCES/0680-mount-make-mount-units-start-jobs-not-runnable-if-p-.patch → SOURCES/0695-mount-make-mount-units-start-jobs-not-runnable-if-p-.patch
View File

@ -1,4 +1,4 @@
From faaac88f0686066e0b930952f12010f6d93fd6cf Mon Sep 17 00:00:00 2001
From cb519c7d769851ee5e24c797fc04eaa13383c674 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 4 Oct 2021 19:41:34 +0200
Subject: [PATCH] mount: make mount units start jobs not runnable if
@ -6,16 +6,16 @@ Subject: [PATCH] mount: make mount units start jobs not runnable if
(cherry picked from commit a7c93dfe91e88a5a561341c523a45c7f8d71a588)
Related: #2037395
Related: #2036608
---
src/core/mount.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/core/mount.c b/src/core/mount.c
index 72341fe685..dbac1b7cb1 100644
index 032a2ca156..ab09e6fbb0 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -1953,6 +1953,9 @@ static int mount_can_start(Unit *u) {
@@ -1957,6 +1957,9 @@ static int mount_can_start(Unit *u) {
assert(m);

10
SOURCES/0681-mount-retrigger-run-queue-after-ratelimit-expired-to.patch → SOURCES/0696-mount-retrigger-run-queue-after-ratelimit-expired-to.patch
View File

@ -1,4 +1,4 @@
From 0b28134258e40b2fc054326175317db65c23bcd6 Mon Sep 17 00:00:00 2001
From b0c226e9fd3e6bfa5388832cc2745d9ec935f3ec Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 4 Oct 2021 20:31:49 +0200
Subject: [PATCH] mount: retrigger run queue after ratelimit expired to run
@ -8,16 +8,16 @@ Fixes #20329
(cherry picked from commit edc027b4f1cfaa49e8ecdde763eb8c623402d464)
Related: #2037395
Related: #2036608
---
src/core/mount.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/src/core/mount.c b/src/core/mount.c
index dbac1b7cb1..c05779343c 100644
index ab09e6fbb0..bdba9e6884 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -1706,6 +1706,21 @@ static bool mount_is_mounted(Mount *m) {
@@ -1710,6 +1710,21 @@ static bool mount_is_mounted(Mount *m) {
return UNIT(m)->perpetual || m->is_mounted;
}
@ -39,7 +39,7 @@ index dbac1b7cb1..c05779343c 100644
static void mount_enumerate(Manager *m) {
int r;
@@ -1759,6 +1774,12 @@ static void mount_enumerate(Manager *m) {
@@ -1763,6 +1778,12 @@ static void mount_enumerate(Manager *m) {
goto fail;
}

14
SOURCES/0682-pid1-add-a-manager_trigger_run_queue-helper.patch → SOURCES/0697-pid1-add-a-manager_trigger_run_queue-helper.patch
View File

@ -1,4 +1,4 @@
From 567c8855016ee5e7641d6c5f1ed84badd9fae10d Mon Sep 17 00:00:00 2001
From 5a218b6820be7ffaf21cd42cd4c96b47d18442ee Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 12 Nov 2021 09:43:07 +0100
Subject: [PATCH] pid1: add a manager_trigger_run_queue() helper
@ -11,7 +11,7 @@ Follow-up for #20953
(cherry picked from commit b0c4b2824693fe6a27ea9439ec7a6328a0e23704)
Related: #2037395
Related: #2036608
---
src/core/job.c | 5 ++---
src/core/manager.c | 12 ++++++++++++
@ -20,10 +20,10 @@ Related: #2037395
4 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/src/core/job.c b/src/core/job.c
index 870ec0a387..cc6e1ee65a 100644
index 43ab55ed18..55f36b928f 100644
--- a/src/core/job.c
+++ b/src/core/job.c
@@ -1137,11 +1137,10 @@ void job_add_to_run_queue(Job *j) {
@@ -1139,11 +1139,10 @@ void job_add_to_run_queue(Job *j) {
if (j->in_run_queue)
return;
@ -38,7 +38,7 @@ index 870ec0a387..cc6e1ee65a 100644
void job_add_to_dbus_queue(Job *j) {
diff --git a/src/core/manager.c b/src/core/manager.c
index 3c44ad3dbc..ae6ce35d99 100644
index ee976f70b3..845c26f498 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -2120,6 +2120,18 @@ static int manager_dispatch_run_queue(sd_event_source *source, void *userdata) {
@ -74,10 +74,10 @@ index c4b8e80093..7b572c8dfd 100644
int manager_open_serialization(Manager *m, FILE **_f);
diff --git a/src/core/mount.c b/src/core/mount.c
index c05779343c..9ff7c71edd 100644
index bdba9e6884..c17154cde1 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -1708,15 +1708,12 @@ static bool mount_is_mounted(Mount *m) {
@@ -1712,15 +1712,12 @@ static bool mount_is_mounted(Mount *m) {
static int mount_on_ratelimit_expire(sd_event_source *s, void *userdata) {
Manager *m = userdata;

8
SOURCES/0683-unit-add-jobs-that-were-skipped-because-of-ratelimit.patch → SOURCES/0698-unit-add-jobs-that-were-skipped-because-of-ratelimit.patch
View File

@ -1,4 +1,4 @@
From a9a25019ea307741d7d42178ac0f47a2320f8e94 Mon Sep 17 00:00:00 2001
From dd662fc39a28655b89619a828a15e5e457bf6f4c Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Thu, 25 Nov 2021 18:28:25 +0100
Subject: [PATCH] unit: add jobs that were skipped because of ratelimit back to
@ -15,16 +15,16 @@ Fixes #21458
(cherry picked from commit c29e6a9530316823b0455cd83eb6d0bb8dd664f4)
Related: #2037395
Related: #2036608
---
src/core/mount.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/core/mount.c b/src/core/mount.c
index 9ff7c71edd..4e0a4f238a 100644
index c17154cde1..691b23ca74 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -1708,9 +1708,19 @@ static bool mount_is_mounted(Mount *m) {
@@ -1712,9 +1712,19 @@ static bool mount_is_mounted(Mount *m) {
static int mount_on_ratelimit_expire(sd_event_source *s, void *userdata) {
Manager *m = userdata;

37
SOURCES/0699-Revert-Revert-sysctl-Enable-ping-8-inside-rootless-P.patch Normal file
View File

@ -0,0 +1,37 @@
From 54faef034bb2062ed8afa72e2c1be40ef7cc41c5 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 26 Jul 2019 09:25:09 +0200
Subject: [PATCH] Revert "Revert "sysctl: Enable ping(8) inside rootless Podman
containers""
This reverts commit be74f51605b4c7cb74fec3a50cd13b67598a8ac1.
Let's add this again. With the new sysctl "-" thing we can make this
work.
Resolves: #2037807
(cherry picked from commit 0338934f4bcda6a96a5342449ae96b003de3378d)
---
sysctl.d/50-default.conf | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf
index e0afc9c702..21ae1df13d 100644
--- a/sysctl.d/50-default.conf
+++ b/sysctl.d/50-default.conf
@@ -33,6 +33,14 @@ net.ipv4.conf.all.accept_source_route = 0
# Promote secondary addresses when the primary address is removed
net.ipv4.conf.all.promote_secondaries = 1
+# ping(8) without CAP_NET_ADMIN and CAP_NET_RAW
+# The upper limit is set to 2^31-1. Values greater than that get rejected by
+# the kernel because of this definition in linux/include/net/ping.h:
+# #define GID_T_MAX (((gid_t)~0U) >> 1)
+# That's not so bad because values between 2^31 and 2^32-1 are reserved on
+# systemd-based systems anyway: https://systemd.io/UIDS-GIDS.html#summary
+net.ipv4.ping_group_range = 0 2147483647
+
# Fair Queue CoDel packet scheduler to fight bufferbloat
net.core.default_qdisc = fq_codel

27
SOURCES/0700-sysctl-prefix-ping-port-range-setting-with-a-dash.patch Normal file
View File

@ -0,0 +1,27 @@
From 41a32aeaf5d33f253f48bfbe8d00de9d160985f7 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 26 Jul 2019 09:26:07 +0200
Subject: [PATCH] sysctl: prefix ping port range setting with a dash
Fixes: #13177
Resolves: #2037807
(cherry picked from commit 000500c9d6347e0e2cdb92ec48fa10c0bb3ceca8)
---
sysctl.d/50-default.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf
index 21ae1df13d..5156d55ca9 100644
--- a/sysctl.d/50-default.conf
+++ b/sysctl.d/50-default.conf
@@ -39,7 +39,7 @@ net.ipv4.conf.all.promote_secondaries = 1
# #define GID_T_MAX (((gid_t)~0U) >> 1)
# That's not so bad because values between 2^31 and 2^32-1 are reserved on
# systemd-based systems anyway: https://systemd.io/UIDS-GIDS.html#summary
-net.ipv4.ping_group_range = 0 2147483647
+-net.ipv4.ping_group_range = 0 2147483647
# Fair Queue CoDel packet scheduler to fight bufferbloat
net.core.default_qdisc = fq_codel

17
SOURCES/0669-mount-don-t-propagate-errors-from-mount_setup_unit-f.patch → SOURCES/0701-mount-don-t-propagate-errors-from-mount_setup_unit-f.patch
View File

@ -1,4 +1,4 @@
From 4662575605089b38d611a911c03c60ec260fde05 Mon Sep 17 00:00:00 2001
From c236734f95550747c4979fe318e3a890adaa0a94 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 28 Nov 2018 12:41:44 +0100
Subject: [PATCH] mount: don't propagate errors from mount_setup_unit() further
@ -10,18 +10,23 @@ further processing of mount units. Let's keep these failures local.
Fixes: #10874
(cherry picked from commit ba0d56f55f2073164799be714b5bd1aad94d059a)
Cherry picked from commit ba0d56f55f2073164799be714b5bd1aad94d059a.
Trivial conflict in src/core/mount.c, function mount_load_proc_self_mountinfo,
due to local commit ca634baa10e. Also, due to the same commit, int k
is no longer used and is thus removed.
Resolves: #2039327
Resolves: #2036853
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
---
src/core/mount.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/src/core/mount.c b/src/core/mount.c
index 7e80a0c974..9b1c59b1c3 100644
index 691b23ca74..4e0a4f238a 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -1621,12 +1621,10 @@ static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) {
@@ -1615,12 +1615,10 @@ static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) {
if (r < 0)
return log_error_errno(r, "Failed to parse /proc/self/mountinfo: %m");
@ -34,7 +39,7 @@ index 7e80a0c974..9b1c59b1c3 100644
r = mnt_table_next_fs(table, iter, &fs);
if (r == 1)
@@ -1650,12 +1648,10 @@ static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) {
@@ -1644,12 +1642,10 @@ static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) {
device_found_node(m, d, DEVICE_FOUND_MOUNT, DEVICE_FOUND_MOUNT);

10
SOURCES/0684-udev-net_id-introduce-naming-scheme-for-RHEL-8.5.patch → SOURCES/0702-udev-net_id-introduce-naming-scheme-for-RHEL-8.5.patch
View File

@ -1,11 +1,11 @@
From 6882d94ae68468b414597696727108d588402f43 Mon Sep 17 00:00:00 2001
From d45e0cc7a64648dc3ad082b512ff488537d3ebef Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 12 Jan 2022 15:35:19 +0100
Subject: [PATCH] udev/net_id: introduce naming scheme for RHEL-8.5
RHEL-only
Related: #2040244
Related: #2039797
---
man/systemd.net-naming-scheme.xml | 6 ++++++
src/udev/udev-builtin-net_id.c | 2 ++
@ -29,10 +29,10 @@ index 10e71dcb15..be969bc8d0 100644
particular version of systemd.</para>
</variablelist>
diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
index 0611c08234..3a0b3b1eae 100644
index 7c153f0aef..81139e666b 100644
--- a/src/udev/udev-builtin-net_id.c
+++ b/src/udev/udev-builtin-net_id.c
@@ -135,6 +135,7 @@ typedef enum NamingSchemeFlags {
@@ -134,6 +134,7 @@ typedef enum NamingSchemeFlags {
NAMING_RHEL_8_2 = NAMING_V239,
NAMING_RHEL_8_3 = NAMING_V239,
NAMING_RHEL_8_4 = NAMING_V239|NAMING_BRIDGE_NO_SLOT,
@ -40,7 +40,7 @@ index 0611c08234..3a0b3b1eae 100644
_NAMING_SCHEME_FLAGS_INVALID = -1,
} NamingSchemeFlags;
@@ -152,6 +153,7 @@ static const NamingScheme naming_schemes[] = {
@@ -151,6 +152,7 @@ static const NamingScheme naming_schemes[] = {
{ "rhel-8.2", NAMING_RHEL_8_2 },
{ "rhel-8.3", NAMING_RHEL_8_3 },
{ "rhel-8.4", NAMING_RHEL_8_4 },

4
SOURCES/0685-udev-net_id-remove-extraneous-bracket.patch → SOURCES/0703-udev-net_id-remove-extraneous-bracket.patch
View File

@ -1,11 +1,11 @@
From d5d728d24b34194438e74580c1a58f5727b59444 Mon Sep 17 00:00:00 2001
From a967622c58e1ae76bb7e22e83389295c77d560df Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 12 Jan 2022 15:35:54 +0100
Subject: [PATCH] udev/net_id: remove extraneous bracket
RHEL-only
Related: #2040244
Related: #2039797
---
man/systemd.net-naming-scheme.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

50
SOURCES/0704-udev-net_id-introduce-naming-scheme-for-RHEL-8.6.patch Normal file
View File

@ -0,0 +1,50 @@
From 7ee6542c64103205d6520c1165894b3b6a40f2c9 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 12 Jan 2022 15:38:38 +0100
Subject: [PATCH] udev/net_id: introduce naming scheme for RHEL-8.6
RHEL-only
Related: #2039797
---
man/systemd.net-naming-scheme.xml | 6 ++++++
src/udev/udev-builtin-net_id.c | 2 ++
2 files changed, 8 insertions(+)
diff --git a/man/systemd.net-naming-scheme.xml b/man/systemd.net-naming-scheme.xml
index a65da5c6c1..fe1aa4b654 100644
--- a/man/systemd.net-naming-scheme.xml
+++ b/man/systemd.net-naming-scheme.xml
@@ -307,6 +307,12 @@
<para>Same as naming scheme <constant>rhel-8.4</constant>.</para>
</varlistentry>
+ <varlistentry>
+ <term><constant>rhel-8.6</constant></term>
+
+ <para>Same as naming scheme <constant>rhel-8.4</constant>.</para>
+ </varlistentry>
+
<para>Note that <constant>latest</constant> may be used to denote the latest scheme known to this
particular version of systemd.</para>
</variablelist>
diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
index 81139e666b..eafcbb64c5 100644
--- a/src/udev/udev-builtin-net_id.c
+++ b/src/udev/udev-builtin-net_id.c
@@ -135,6 +135,7 @@ typedef enum NamingSchemeFlags {
NAMING_RHEL_8_3 = NAMING_V239,
NAMING_RHEL_8_4 = NAMING_V239|NAMING_BRIDGE_NO_SLOT,
NAMING_RHEL_8_5 = NAMING_RHEL_8_4,
+ NAMING_RHEL_8_6 = NAMING_RHEL_8_4,
_NAMING_SCHEME_FLAGS_INVALID = -1,
} NamingSchemeFlags;
@@ -153,6 +154,7 @@ static const NamingScheme naming_schemes[] = {
{ "rhel-8.3", NAMING_RHEL_8_3 },
{ "rhel-8.4", NAMING_RHEL_8_4 },
{ "rhel-8.5", NAMING_RHEL_8_5 },
+ { "rhel-8.6", NAMING_RHEL_8_6 },
/* … add more schemes here, as the logic to name devices is updated … */
};

4
SOURCES/0637-define-newly-needed-constants.patch → SOURCES/0705-define-newly-needed-constants.patch
View File

@ -1,9 +1,9 @@
From 81b23f487eeffbc0e217c4e57567cfb70842f668 Mon Sep 17 00:00:00 2001
From 08c1e6e304108e8bc8beca126f50888be7575bd0 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 26 Nov 2020 16:29:10 +0100
Subject: [PATCH] define newly needed constants
Related: #1850986
Related: #2005008
---
src/basic/missing.h | 23 +++++++++++++++++++++--
1 file changed, 21 insertions(+), 2 deletions(-)

4
SOURCES/0638-sd-netlink-support-IFLA_PROP_LIST-and-IFLA_ALT_IFNAM.patch → SOURCES/0706-sd-netlink-support-IFLA_PROP_LIST-and-IFLA_ALT_IFNAM.patch
View File

@ -1,4 +1,4 @@
From b0b98085bb0b95395b686efca43980d463749f3d Mon Sep 17 00:00:00 2001
From 32e39fd249737c77248c32d064021426a2ec7a52 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 15 Dec 2019 20:57:51 +0900
Subject: [PATCH] sd-netlink: support IFLA_PROP_LIST and IFLA_ALT_IFNAME
@ -6,7 +6,7 @@ Subject: [PATCH] sd-netlink: support IFLA_PROP_LIST and IFLA_ALT_IFNAME
(cherry picked from commit ffeb16f5d832b1c65b8c8a1dd9bdd028bd76fc72)
Related: #1850986
Related: #2005008
---
src/libsystemd/sd-netlink/netlink-message.c | 2 +-
src/libsystemd/sd-netlink/netlink-types.c | 13 +++++++++++++

4
SOURCES/0639-sd-netlink-introduce-sd_netlink_message_read_strv.patch → SOURCES/0707-sd-netlink-introduce-sd_netlink_message_read_strv.patch
View File

@ -1,4 +1,4 @@
From 3c31ef05ba732e3ab5d23761c5f84768ca8de68e Mon Sep 17 00:00:00 2001
From cd3b4c5345a3500f190941454fff03fc143c6f2e Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 15 Dec 2019 21:32:25 +0900
Subject: [PATCH] sd-netlink: introduce sd_netlink_message_read_strv()
@ -10,7 +10,7 @@ The function introduced here reads all matched attributes.
(cherry picked from commit 8f3c1859669230c2c8458675f41de13e369b47e7)
Related: #1850986
Related: #2005008
---
src/libsystemd/sd-netlink/netlink-message.c | 58 +++++++++++++++++++++
src/systemd/sd-netlink.h | 1 +

4
SOURCES/0640-sd-netlink-introduce-sd_netlink_message_append_strv.patch → SOURCES/0708-sd-netlink-introduce-sd_netlink_message_append_strv.patch
View File

@ -1,11 +1,11 @@
From 7888c8796197357f0214ea5fe17b11a8814fc313 Mon Sep 17 00:00:00 2001
From bbfebb42c9023e36fb66f0e3b0bad132ab2fba55 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 15 Dec 2019 21:47:21 +0900
Subject: [PATCH] sd-netlink: introduce sd_netlink_message_append_strv()
(cherry picked from commit 6d725977c4f98a8f5effc33f44aa646cc2b6a0b7)
Related: #1850986
Related: #2005008
---
src/libsystemd/sd-netlink/netlink-message.c | 29 +++++++++++++++++++++
src/systemd/sd-netlink.h | 1 +

4
SOURCES/0641-test-add-a-test-for-sd_netlink_message_-append-read-.patch → SOURCES/0709-test-add-a-test-for-sd_netlink_message_-append-read-.patch
View File

@ -1,11 +1,11 @@
From aff5197c5f06617b1ca0291614a0fb02c0c2e948 Mon Sep 17 00:00:00 2001
From 58d0d77ddda4c02943d1f03e4c142aec9c4930f5 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 15 Dec 2019 21:48:12 +0900
Subject: [PATCH] test: add a test for sd_netlink_message_{append,read}_strv()
(cherry picked from commit d08d92d5ee508a80e35d6b95b962bd09527fb5f2)
Related: #1850986
Related: #2005008
---
src/libsystemd/sd-netlink/test-netlink.c | 33 ++++++++++++++++++++++++
1 file changed, 33 insertions(+)

4
SOURCES/0642-util-introduce-ifname_valid_full.patch → SOURCES/0710-util-introduce-ifname_valid_full.patch
View File

@ -1,11 +1,11 @@
From c50aab5f23535ea7f3ef004910465e7054931199 Mon Sep 17 00:00:00 2001
From 1b12b8e9c0f6f230e12ca13bd70f27ef0a2fcfdd Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 15 Dec 2019 23:01:54 +0900
Subject: [PATCH] util: introduce ifname_valid_full()
(cherry picked from commit 4252696aec9ec038ff312a164e25f039da25126f)
Related: #1850986
Related: #2005008
---
src/basic/socket-util.c | 12 +++++++++---
src/basic/socket-util.h | 5 ++++-

4
SOURCES/0643-rename-function.patch → SOURCES/0711-rename-function.patch
View File

@ -1,4 +1,4 @@
From 7fc7c2774e0836ace524215ced5c60db405a154a Mon Sep 17 00:00:00 2001
From 3275093305c1305d163f26cb4e4d614a87f8ff43 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Fri, 27 Nov 2020 10:25:12 +0100
Subject: [PATCH] rename function
@ -7,7 +7,7 @@ This happened upstream in commit
54a8423788ec3cc6240959ab9f5cdac40baf047a, but I don't want to backport
the whole commit...
Related: #1850986
Related: #2005008
---
src/libsystemd-network/network-internal.c | 2 +-
src/libsystemd-network/network-internal.h | 2 +-

4
SOURCES/0644-udev-support-AlternativeName-setting-in-.link-file.patch → SOURCES/0712-udev-support-AlternativeName-setting-in-.link-file.patch
View File

@ -1,11 +1,11 @@
From b99b055ba975c1663beaf94dbfe8f5c5c7398996 Mon Sep 17 00:00:00 2001
From a29790ac578540ccb4264367603aba9bc41d1bf7 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 15 Dec 2019 23:21:18 +0900
Subject: [PATCH] udev: support AlternativeName= setting in .link file
(cherry picked from commit a5053a158b43c5ddee90f4915b9fc603e0191d6d)
Related: #1850986
Related: #2005008
---
man/systemd.link.xml | 8 ++++
src/libsystemd/sd-netlink/netlink-util.c | 40 ++++++++++++++++

34
SOURCES/0645-network-make-Name-in-Match-support-alternative-names.patch → SOURCES/0713-network-make-Name-in-Match-support-alternative-names.patch
View File

@ -1,4 +1,4 @@
From c76d050d8d61b4a63d4407bd03bd3f49cd9915ce Mon Sep 17 00:00:00 2001
From 0c178bf442aebcd2b42f10a0e4d2382a15505bb6 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 15 Dec 2019 22:46:19 +0900
Subject: [PATCH] network: make Name= in [Match] support alternative names of
@ -7,13 +7,15 @@ Subject: [PATCH] network: make Name= in [Match] support alternative names of
(cherry picked from commit 572b21d96cabd5860b0670e98440b6cb99a4b749
src/network bits have been left out.)
Related: #1850986
Related: #2005008
---
man/systemd.network.xml | 7 +++----
src/libsystemd-network/network-internal.c | 20 ++++++++++++++++++--
src/libsystemd-network/network-internal.h | 3 ++-
src/network/netdev/netdev.c | 2 +-
src/network/networkd-network.c | 2 +-
src/udev/net/link-config.c | 3 ++-
4 files changed, 25 insertions(+), 8 deletions(-)
6 files changed, 27 insertions(+), 10 deletions(-)
diff --git a/man/systemd.network.xml b/man/systemd.network.xml
index fc8e0aea68..8300540096 100644
@ -99,6 +101,32 @@ index 9074758bbb..e1d098f3fe 100644
CONFIG_PARSER_PROTOTYPE(config_parse_net_condition);
CONFIG_PARSER_PROTOTYPE(config_parse_hwaddr);
diff --git a/src/network/netdev/netdev.c b/src/network/netdev/netdev.c
index 82ce88402f..e97cc07028 100644
--- a/src/network/netdev/netdev.c
+++ b/src/network/netdev/netdev.c
@@ -640,7 +640,7 @@ static int netdev_load_one(Manager *manager, const char *filename) {
netdev_raw->match_host, netdev_raw->match_virt,
netdev_raw->match_kernel_cmdline, netdev_raw->match_kernel_version,
netdev_raw->match_arch,
- NULL, NULL, NULL, NULL, NULL, NULL) <= 0)
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL) <= 0)
return 0;
if (netdev_raw->kind == _NETDEV_KIND_INVALID) {
diff --git a/src/network/networkd-network.c b/src/network/networkd-network.c
index 429aac5e6c..7637d135a4 100644
--- a/src/network/networkd-network.c
+++ b/src/network/networkd-network.c
@@ -479,7 +479,7 @@ int network_get(Manager *manager, struct udev_device *device,
network->match_virt, network->match_kernel_cmdline,
network->match_kernel_version, network->match_arch,
address, path, parent_driver, driver,
- devtype, ifname)) {
+ devtype, ifname, NULL)) {
if (network->match_name && device) {
const char *attr;
uint8_t name_assign_type = NET_NAME_UNKNOWN;
diff --git a/src/udev/net/link-config.c b/src/udev/net/link-config.c
index d07a1a1874..e5052f8f29 100644
--- a/src/udev/net/link-config.c

22
SOURCES/0646-udev-extend-the-length-of-ID_NET_NAME_XXX-to-ALTIFNA.patch → SOURCES/0714-udev-extend-the-length-of-ID_NET_NAME_XXX-to-ALTIFNA.patch
View File

@ -1,11 +1,11 @@
From 22dd44ae3cfd66e622e0b672af96728b6f505ad1 Mon Sep 17 00:00:00 2001
From 9f59dca3868b1e934a2aac2d811c55ab33cca0eb Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 17 Dec 2019 11:01:35 +0900
Subject: [PATCH] udev: extend the length of ID_NET_NAME_XXX= to ALTIFNAMSIZ
(cherry picked from commit 78f8849f84ca0939796edb840e878a9d2e124a4d)
Related: #1850986
Related: #2005008
---
src/udev/net/link-config.c | 5 ++++-
src/udev/udev-builtin-net_id.c | 33 +++++++++++++++++----------------
@ -43,7 +43,7 @@ index e5052f8f29..4de8ee7d7e 100644
}
diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
index 7c153f0aef..0611c08234 100644
index eafcbb64c5..386d74ca5e 100644
--- a/src/udev/udev-builtin-net_id.c
+++ b/src/udev/udev-builtin-net_id.c
@@ -90,6 +90,7 @@
@ -54,7 +54,7 @@ index 7c153f0aef..0611c08234 100644
#include <linux/pci_regs.h>
#include "dirent-util.h"
@@ -172,21 +173,21 @@ struct netnames {
@@ -176,21 +177,21 @@ struct netnames {
bool mac_valid;
struct udev_device *pcidev;
@ -85,7 +85,7 @@ index 7c153f0aef..0611c08234 100644
};
static const NamingScheme* naming_scheme_from_name(const char *name) {
@@ -883,7 +884,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
@@ -887,7 +888,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
err = names_mac(dev, &names);
if (err >= 0 && names.mac_valid) {
@ -94,7 +94,7 @@ index 7c153f0aef..0611c08234 100644
xsprintf(str, "%sx%02x%02x%02x%02x%02x%02x", prefix,
names.mac[0], names.mac[1], names.mac[2],
@@ -896,7 +897,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
@@ -900,7 +901,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
/* get path names for Linux on System z network devices */
err = names_ccw(dev, &names);
if (err >= 0 && names.type == NET_CCW) {
@ -103,7 +103,7 @@ index 7c153f0aef..0611c08234 100644
if (snprintf_ok(str, sizeof str, "%s%s", prefix, names.ccw_busid))
udev_builtin_add_property(dev, test, "ID_NET_NAME_PATH", str);
@@ -906,7 +907,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
@@ -910,7 +911,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
/* get ibmveth/ibmvnic slot-based names. */
err = names_vio(dev, &names);
if (err >= 0 && names.type == NET_VIO) {
@ -112,7 +112,7 @@ index 7c153f0aef..0611c08234 100644
if (snprintf_ok(str, sizeof str, "%s%s", prefix, names.vio_slot))
udev_builtin_add_property(dev, test, "ID_NET_NAME_SLOT", str);
@@ -916,7 +917,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
@@ -920,7 +921,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
/* get ACPI path names for ARM64 platform devices */
err = names_platform(dev, &names, test);
if (err >= 0 && names.type == NET_PLATFORM) {
@ -121,7 +121,7 @@ index 7c153f0aef..0611c08234 100644
if (snprintf_ok(str, sizeof str, "%s%s", prefix, names.platform_path))
udev_builtin_add_property(dev, test, "ID_NET_NAME_PATH", str);
@@ -930,7 +931,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
@@ -934,7 +935,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
/* plain PCI device */
if (names.type == NET_PCI) {
@ -130,7 +130,7 @@ index 7c153f0aef..0611c08234 100644
if (names.pci_onboard[0] &&
snprintf_ok(str, sizeof str, "%s%s", prefix, names.pci_onboard))
@@ -953,7 +954,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
@@ -957,7 +958,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
/* USB device */
err = names_usb(dev, &names);
if (err >= 0 && names.type == NET_USB) {
@ -139,7 +139,7 @@ index 7c153f0aef..0611c08234 100644
if (names.pci_path[0] &&
snprintf_ok(str, sizeof str, "%s%s%s", prefix, names.pci_path, names.usb_ports))
@@ -968,7 +969,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
@@ -972,7 +973,7 @@ static int builtin_net_id(struct udev_device *dev, int argc, char *argv[], bool
/* Broadcom bus */
err = names_bcma(dev, &names);
if (err >= 0 && names.type == NET_BCMA) {

4
SOURCES/0647-udev-do-not-fail-if-kernel-does-not-support-alternat.patch → SOURCES/0715-udev-do-not-fail-if-kernel-does-not-support-alternat.patch
View File

@ -1,4 +1,4 @@
From 42894fc33ae88f3be49aa01ac24dd1c3e96770f6 Mon Sep 17 00:00:00 2001
From f0b11f5042489c85d5016eceff06647bb49d486a Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 17 Dec 2019 15:32:22 +0900
Subject: [PATCH] udev: do not fail if kernel does not support alternative
@ -6,7 +6,7 @@ Subject: [PATCH] udev: do not fail if kernel does not support alternative
(cherry picked from commit bb181dd4a664ca8e82a8f7194261fd6531e861d8)
Related: #1850986
Related: #2005008
---
man/systemd.link.xml | 3 ++-
src/udev/net/link-config.c | 4 +++-

4
SOURCES/0648-udev-introduce-AlternativeNamesPolicy-setting.patch → SOURCES/0716-udev-introduce-AlternativeNamesPolicy-setting.patch
View File

@ -1,11 +1,11 @@
From 4f47e35ee4026f24ee99a0bfa7ba5b2f24a92a02 Mon Sep 17 00:00:00 2001
From 2faf160d0b8122e0dca603a441db68dc38c1bab6 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 16 Dec 2019 23:44:42 +0900
Subject: [PATCH] udev: introduce AlternativeNamesPolicy= setting
(cherry picked from commit ef1d2c07f9567dfea8a4e012d8779a4ded2d9ae6)
Resolves: #1850986
Related: #2005008
---
man/systemd.link.xml | 11 +++++
src/udev/net/link-config-gperf.gperf | 1 +

4
SOURCES/0649-network-set-AlternativeNamesPolicy-in-99-default.lin.patch → SOURCES/0717-network-set-AlternativeNamesPolicy-in-99-default.lin.patch
View File

@ -1,11 +1,11 @@
From 433d85ac89baa0683290cf8b5a913e7c6d666ef1 Mon Sep 17 00:00:00 2001
From 9a224b9480d218b782ac7bbacb3732672d0dad3f Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 17 Dec 2019 00:30:38 +0900
Subject: [PATCH] network: set AlternativeNamesPolicy= in 99-default.link
(cherry picked from commit 49f5cbe92484a6661bccc0ae6c547bc5767c83bf)
Related: #1850986
Related: #2005008
---
network/99-default.link | 1 +
1 file changed, 1 insertion(+)

4
SOURCES/0650-random-util-call-initialize_srand-after-fork.patch → SOURCES/0718-random-util-call-initialize_srand-after-fork.patch
View File

@ -1,11 +1,11 @@
From c4c771f2dc5c590990d1f9105886b833afa59852 Mon Sep 17 00:00:00 2001
From 58cdc09af08e065c85b2f8834ee9848c010f5afe Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 16 Dec 2019 19:47:48 +0900
Subject: [PATCH] random-util: call initialize_srand() after fork()
(cherry picked from commit a0f11d1d11a546f791855ec9c47c2ff830e6a5aa)
Related: #1850986
Related: #2005008
---
src/basic/random-util.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)

4
SOURCES/0651-sd-netlink-introduce-rtnl_resolve_link_alternative_n.patch → SOURCES/0719-sd-netlink-introduce-rtnl_resolve_link_alternative_n.patch
View File

@ -1,11 +1,11 @@
From 8db22aec9bfd140855b64f2879b7ca6d1cba69c6 Mon Sep 17 00:00:00 2001
From bb7c49cc95e9de877fafc5c2be06932bc21aa762 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 17 Dec 2019 18:28:36 +0900
Subject: [PATCH] sd-netlink: introduce rtnl_resolve_link_alternative_names()
(cherry picked from commit b04c5e51da7a61d41d564e73a1e92bd8b29b0223)
Related: #1850986
Related: #2005008
---
src/libsystemd/sd-netlink/netlink-types.c | 1 +
src/libsystemd/sd-netlink/netlink-util.c | 29 +++++++++++++++++++++++

4
SOURCES/0652-udev-sort-alternative-names.patch → SOURCES/0720-udev-sort-alternative-names.patch
View File

@ -1,4 +1,4 @@
From eeea9a2f94b5defb97c20c62a23345a367a734aa Mon Sep 17 00:00:00 2001
From f5d149095f95704fe7660069a493c0329ddbb5aa Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 17 Dec 2019 20:41:21 +0900
Subject: [PATCH] udev: sort alternative names
@ -8,7 +8,7 @@ visibility, let's sort the alternative names.
(cherry picked from commit 4d016e965b13883cccc963a34a1299a0c4f900ca)
Related: #1850986
Related: #2005008
---
src/udev/net/link-config.c | 1 +
1 file changed, 1 insertion(+)

4
SOURCES/0653-netlink-introduce-rtnl_get-delete_link_alternative_n.patch → SOURCES/0721-netlink-introduce-rtnl_get-delete_link_alternative_n.patch
View File

@ -1,11 +1,11 @@
From 8f946da7ee9bbb6e52e99b452c1f4f6f76e7b3c2 Mon Sep 17 00:00:00 2001
From c6b2c2fb577d20879b5b4c610c4c29bac259beab Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 17 Jul 2020 21:29:13 +0900
Subject: [PATCH] netlink: introduce rtnl_get/delete_link_alternative_names()
(cherry picked from commit 14982526145de84201c7e3b4fc6be6aa5e9a08f7)
Related: #1850986
Related: #2005008
---
src/libsystemd/sd-netlink/netlink-util.c | 45 ++++++++++++++++++++++--
src/libsystemd/sd-netlink/netlink-util.h | 2 ++

4
SOURCES/0654-netlink-do-not-fail-when-new-interface-name-is-alrea.patch → SOURCES/0722-netlink-do-not-fail-when-new-interface-name-is-alrea.patch
View File

@ -1,4 +1,4 @@
From 6db267672de69d6bf4809f433cde106e11145ca8 Mon Sep 17 00:00:00 2001
From 73ff88cdb6bd1991d75323c6c364bcc9bce7efda Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 17 Jul 2020 21:31:24 +0900
Subject: [PATCH] netlink: do not fail when new interface name is already used
@ -12,7 +12,7 @@ as an alternative name.
(cherry picked from commit 434a34838034347f45fb9a47df55b1a36e5addfd)
Related: #1850986
Related: #2005008
---
src/libsystemd/sd-netlink/netlink-util.c | 30 +++++++++++++++++++++---
1 file changed, 27 insertions(+), 3 deletions(-)

4
SOURCES/0655-udev-do-not-try-to-reassign-alternative-names.patch → SOURCES/0723-udev-do-not-try-to-reassign-alternative-names.patch
View File

@ -1,4 +1,4 @@
From 817a707daf1e9fa4f20eba04ce1c52af7518e355 Mon Sep 17 00:00:00 2001
From aec8473f69877c353b9e788b2a7329e290ae14f9 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 17 Jul 2020 21:36:05 +0900
Subject: [PATCH] udev: do not try to reassign alternative names
@ -7,7 +7,7 @@ Setting alternative names may fail if some of them are already assigned.
(cherry picked from commit 97fdae33dfe8e7e0a4e5230564f6cdebc4450eec)
Related: #1850986
Related: #2005008
---
src/udev/net/link-config.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)

4
SOURCES/0666-Do-not-fail-if-the-same-alt.-name-is-set-again.patch → SOURCES/0724-Do-not-fail-if-the-same-alt.-name-is-set-again.patch
View File

@ -1,4 +1,4 @@
From 21c071fbd05d112ccd92b7a49e53bf8d38cdbd06 Mon Sep 17 00:00:00 2001
From 270e3f46d1fe474eb3b4cd6789520b36a740ef32 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Wed, 8 Dec 2021 09:49:24 +0100
Subject: [PATCH] Do not fail if the same alt. name is set again
@ -7,7 +7,7 @@ This is a workaround for a kernel bug.
RHEL-only
Resolves: #2030027
Related: #2005008
---
src/udev/net/link-config.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

4
SOURCES/0686-mount-do-not-update-exec-deps-on-mountinfo-changes.patch → SOURCES/0725-mount-do-not-update-exec-deps-on-mountinfo-changes.patch
View File

@ -1,4 +1,4 @@
From 9807f473b1b3e2aaf86bcbc6e6b9ad1328548b22 Mon Sep 17 00:00:00 2001
From 21e4d155ac04bf3b999834cd42e4773ae01bf3b3 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 15 Nov 2019 14:00:54 +0100
Subject: [PATCH] mount: do not update exec deps on mountinfo changes
@ -6,7 +6,7 @@ Subject: [PATCH] mount: do not update exec deps on mountinfo changes
Fixes: #13978
(cherry picked from commit bf7eedbf8f8c83d9e775c80275f98f506ec963c6)
Related: #2038878
Related: #2008825
---
src/core/mount.c | 42 ++++++++++++++++++++++++++++--------------
1 file changed, 28 insertions(+), 14 deletions(-)

4
SOURCES/0687-core-mount-add-implicit-unit-dependencies-even-if-wh.patch → SOURCES/0726-core-mount-add-implicit-unit-dependencies-even-if-wh.patch
View File

@ -1,4 +1,4 @@
From f68eeaf2809d6866f9cca3d7746795ffc3e71f46 Mon Sep 17 00:00:00 2001
From 1fb992c50f7fc6a5c399e302ba79097d36a0cedf Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 29 Aug 2021 21:20:43 +0900
Subject: [PATCH] core/mount: add implicit unit dependencies even if when mount
@ -8,7 +8,7 @@ Hopefully fixes #20566.
(cherry picked from commit aebff2e7ce209fc2d75b894a3ae8b80f6f36ec11)
Resolves: #2038878
Resolves: #2008825
---
src/core/mount.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)

27
SOURCES/0727-core-fix-unfortunate-typo-in-unit_is_unneeded.patch Normal file
View File

@ -0,0 +1,27 @@
From 7b9b641a7721f013fb12ab4e2a03423b5ede08c6 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 9 Oct 2018 22:23:14 +0200
Subject: [PATCH] core: fix unfortunate typo in unit_is_unneeded()
Follow-up for a3c1168ac293f16d9343d248795bb4c246aaff4a.
(cherry picked from commit 93d4cb09d56e670b0c203dd6ec6939e391a0df59)
Resolves: #2040147
---
src/core/unit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/unit.c b/src/core/unit.c
index 4de218feac..e2c61ce866 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1956,7 +1956,7 @@ bool unit_is_unneeded(Unit *u) {
* restart, then don't clean this one up. */
HASHMAP_FOREACH_KEY(v, other, u->dependencies[deps[j]], i) {
- if (u->job)
+ if (other->job)
return false;
if (!UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other)))

27
SOURCES/0728-core-make-destructive-transaction-error-a-bit-more-u.patch Normal file
View File

@ -0,0 +1,27 @@
From 8cb38e1557b81740f49dff43a297aef7bd676424 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 9 Oct 2018 22:22:52 +0200
Subject: [PATCH] core: make destructive transaction error a bit more useful
(cherry picked from commit cf99f8eacf1c864b19a6a02edea78c43f3185cb7)
Related: #2040147
---
src/core/transaction.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/core/transaction.c b/src/core/transaction.c
index cdaaff4f55..ee5b39fef4 100644
--- a/src/core/transaction.c
+++ b/src/core/transaction.c
@@ -526,7 +526,9 @@ static int transaction_is_destructive(Transaction *tr, JobMode mode, sd_bus_erro
if (j->unit->job && (mode == JOB_FAIL || j->unit->job->irreversible) &&
job_type_is_conflicting(j->unit->job->type, j->type))
return sd_bus_error_setf(e, BUS_ERROR_TRANSACTION_IS_DESTRUCTIVE,
- "Transaction is destructive.");
+ "Transaction for %s/%s is destructive (%s has '%s' job queued, but '%s' is included in transaction).",
+ tr->anchor_job->unit->id, job_type_to_string(tr->anchor_job->type),
+ j->unit->id, job_type_to_string(j->unit->job->type), job_type_to_string(j->type));
}
return 0;

89
SOURCES/0729-tmpfiles-use-a-entry-in-hashmap-as-ItemArray-in-read.patch Normal file
View File

@ -0,0 +1,89 @@
From 81b967279f6e23474b1e7a0ea9b4ecf9405f87bb Mon Sep 17 00:00:00 2001
From: Masahiro Matsuya <mmatsuya@redhat.com>
Date: Wed, 31 Mar 2021 11:44:24 +0900
Subject: [PATCH] tmpfiles: use a entry in hashmap as ItemArray in
read_config_file()
[zjs: squash commits and use size_t as appropriate.
Bug seems to have been introduced in 811a15877825da9e53f9a2a8603da34589af6bbb.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1944468.]
(cherry picked from commit bec890e3cd6dac249cb12ce9430fdb78b6cf546b)
Resolves: #1944468
---
src/tmpfiles/tmpfiles.c | 47 +++++++++++++++++++++++------------------
1 file changed, 26 insertions(+), 21 deletions(-)
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 927de35f32..1aeeed0d2e 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -2646,7 +2646,7 @@ static int read_config_file(char **config_dirs, const char *fn, bool ignore_enoe
char line[LINE_MAX];
Iterator iterator;
unsigned v = 0;
- Item *i;
+ ItemArray *ia;
int r = 0;
assert(fn);
@@ -2692,32 +2692,37 @@ static int read_config_file(char **config_dirs, const char *fn, bool ignore_enoe
}
/* we have to determine age parameter for each entry of type X */
- ORDERED_HASHMAP_FOREACH(i, globs, iterator) {
- Iterator iter;
- Item *j, *candidate_item = NULL;
+ ORDERED_HASHMAP_FOREACH(ia, globs, iterator)
+ for (size_t ni = 0; ni < ia->count; ni++) {
+ Iterator iter;
+ ItemArray *ja;
+ Item *i = ia->items + ni, *candidate_item = NULL;
- if (i->type != IGNORE_DIRECTORY_PATH)
- continue;
-
- ORDERED_HASHMAP_FOREACH(j, items, iter) {
- if (!IN_SET(j->type, CREATE_DIRECTORY, TRUNCATE_DIRECTORY, CREATE_SUBVOLUME, CREATE_SUBVOLUME_INHERIT_QUOTA, CREATE_SUBVOLUME_NEW_QUOTA))
+ if (i->type != IGNORE_DIRECTORY_PATH)
continue;
- if (path_equal(j->path, i->path)) {
- candidate_item = j;
- break;
- }
+ ORDERED_HASHMAP_FOREACH(ja, items, iter)
+ for (size_t nj = 0; nj < ja->count; nj++) {
+ Item *j = ja->items + nj;
- if ((!candidate_item && path_startswith(i->path, j->path)) ||
- (candidate_item && path_startswith(j->path, candidate_item->path) && (fnmatch(i->path, j->path, FNM_PATHNAME | FNM_PERIOD) == 0)))
- candidate_item = j;
- }
+ if (!IN_SET(j->type, CREATE_DIRECTORY, TRUNCATE_DIRECTORY, CREATE_SUBVOLUME, CREATE_SUBVOLUME_INHERIT_QUOTA, CREATE_SUBVOLUME_NEW_QUOTA))
+ continue;
- if (candidate_item && candidate_item->age_set) {
- i->age = candidate_item->age;
- i->age_set = true;
+ if (path_equal(j->path, i->path)) {
+ candidate_item = j;
+ break;
+ }
+
+ if ((!candidate_item && path_startswith(i->path, j->path)) ||
+ (candidate_item && path_startswith(j->path, candidate_item->path) && (fnmatch(i->path, j->path, FNM_PATHNAME | FNM_PERIOD) == 0)))
+ candidate_item = j;
+ }
+
+ if (candidate_item && candidate_item->age_set) {
+ i->age = candidate_item->age;
+ i->age_set = true;
+ }
}
- }
if (ferror(f)) {
log_error_errno(errno, "Failed to read from file %s: %m", fn);

45
SOURCES/0730-tmpfiles-rework-condition-check.patch Normal file
View File

@ -0,0 +1,45 @@
From 520ff5394187a0d6cb0cb40251f6e8e997ccdd0e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 7 Apr 2021 17:54:49 +0200
Subject: [PATCH] tmpfiles: rework condition check
(!a && b) || (a && c) is replaced by (a ? c : b).
path_startswith() != NULL is need to avoid type warning.
(cherry picked from commit 875e7b25d84a111755dab79241c9e64e44836910)
Related: #1944468
---
src/tmpfiles/tmpfiles.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 1aeeed0d2e..50fada99dd 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -2705,7 +2705,11 @@ static int read_config_file(char **config_dirs, const char *fn, bool ignore_enoe
for (size_t nj = 0; nj < ja->count; nj++) {
Item *j = ja->items + nj;
- if (!IN_SET(j->type, CREATE_DIRECTORY, TRUNCATE_DIRECTORY, CREATE_SUBVOLUME, CREATE_SUBVOLUME_INHERIT_QUOTA, CREATE_SUBVOLUME_NEW_QUOTA))
+ if (!IN_SET(j->type, CREATE_DIRECTORY,
+ TRUNCATE_DIRECTORY,
+ CREATE_SUBVOLUME,
+ CREATE_SUBVOLUME_INHERIT_QUOTA,
+ CREATE_SUBVOLUME_NEW_QUOTA))
continue;
if (path_equal(j->path, i->path)) {
@@ -2713,8 +2717,9 @@ static int read_config_file(char **config_dirs, const char *fn, bool ignore_enoe
break;
}
- if ((!candidate_item && path_startswith(i->path, j->path)) ||
- (candidate_item && path_startswith(j->path, candidate_item->path) && (fnmatch(i->path, j->path, FNM_PATHNAME | FNM_PERIOD) == 0)))
+ if (candidate_item
+ ? (path_startswith(j->path, candidate_item->path) && fnmatch(i->path, j->path, FNM_PATHNAME | FNM_PERIOD) == 0)
+ : path_startswith(i->path, j->path) != NULL)
candidate_item = j;
}

160
SOURCES/0731-TEST-22-TMPFILES-add-reproducer-for-bug-with-X.patch Normal file
View File

@ -0,0 +1,160 @@
From 4871d0807e4add56258633d3c3452b0ee5cc8f99 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 7 Apr 2021 22:35:19 +0200
Subject: [PATCH] TEST-22-TMPFILES: add reproducer for bug with X
(cherry picked from commit 1672be86021b5ae8e80d095409a4fffcba7cbb75)
Related: #1944468
---
test/TEST-22-TMPFILES/test-11.sh | 141 +++++++++++++++++++++++++++++++
1 file changed, 141 insertions(+)
create mode 100755 test/TEST-22-TMPFILES/test-11.sh
diff --git a/test/TEST-22-TMPFILES/test-11.sh b/test/TEST-22-TMPFILES/test-11.sh
new file mode 100755
index 0000000000..21ef210cd1
--- /dev/null
+++ b/test/TEST-22-TMPFILES/test-11.sh
@@ -0,0 +1,141 @@
+#! /bin/bash
+
+set -e
+set -x
+
+rm -fr /tmp/x
+mkdir /tmp/x
+
+#
+# 'x'
+#
+mkdir -p /tmp/x/{1,2}
+touch /tmp/x/1/{x1,x2} /tmp/x/2/{y1,y2} /tmp/x/{z1,z2}
+
+systemd-tmpfiles --clean - <<EOF
+d /tmp/x - - - 0
+x /tmp/x/1
+EOF
+
+find /tmp/x | sort
+test -d /tmp/x/1
+test -f /tmp/x/1/x1
+test -f /tmp/x/1/x2
+test ! -d /tmp/x/2
+test ! -f /tmp/x/2/x1
+test ! -f /tmp/x/2/x2
+test ! -f /tmp/x/z1
+test ! -f /tmp/x/z2
+
+#
+# 'X'
+#
+
+mkdir -p /tmp/x/{1,2}
+touch /tmp/x/1/{x1,x2} /tmp/x/2/{y1,y2} /tmp/x/{z1,z2}
+
+systemd-tmpfiles --clean - <<EOF
+d /tmp/x - - - 0
+X /tmp/x/1
+EOF
+
+find /tmp/x | sort
+test -d /tmp/x/1
+test ! -f /tmp/x/1/x1
+test ! -f /tmp/x/1/x2
+test ! -d /tmp/x/2
+test ! -f /tmp/x/2/x1
+test ! -f /tmp/x/2/x2
+test ! -f /tmp/x/z1
+test ! -f /tmp/x/z2
+
+#
+# 'x' with glob
+#
+
+mkdir -p /tmp/x/{1,2}
+touch /tmp/x/1/{x1,x2} /tmp/x/2/{y1,y2} /tmp/x/{z1,z2}
+
+systemd-tmpfiles --clean - <<EOF
+d /tmp/x - - - 0
+x /tmp/x/[1345]
+x /tmp/x/z*
+EOF
+
+find /tmp/x | sort
+test -d /tmp/x/1
+test -f /tmp/x/1/x1
+test -f /tmp/x/1/x2
+test ! -d /tmp/x/2
+test ! -f /tmp/x/2/x1
+test ! -f /tmp/x/2/x2
+test -f /tmp/x/z1
+test -f /tmp/x/z2
+
+#
+# 'X' with glob
+#
+
+mkdir -p /tmp/x/{1,2}
+touch /tmp/x/1/{x1,x2} /tmp/x/2/{y1,y2} /tmp/x/{z1,z2}
+
+systemd-tmpfiles --clean - <<EOF
+d /tmp/x - - - 0
+X /tmp/x/[1345]
+X /tmp/x/?[12]
+EOF
+
+find /tmp/x | sort
+test -d /tmp/x/1
+test ! -f /tmp/x/1/x1
+test ! -f /tmp/x/1/x2
+test ! -d /tmp/x/2
+test ! -f /tmp/x/2/x1
+test ! -f /tmp/x/2/x2
+test -f /tmp/x/z1
+test -f /tmp/x/z2
+
+#
+# 'x' with 'r'
+#
+
+mkdir -p /tmp/x/{1,2}/a
+touch /tmp/x/1/a/{x1,x2} /tmp/x/2/a/{y1,y2}
+
+systemd-tmpfiles --clean - <<EOF
+# x/X is not supposed to influence r
+x /tmp/x/1/a
+X /tmp/x/2/a
+r /tmp/x/1
+r /tmp/x/2
+EOF
+
+find /tmp/x | sort
+test -d /tmp/x/1
+test -d /tmp/x/1/a
+test -f /tmp/x/1/a/x1
+test -f /tmp/x/1/a/x2
+test -f /tmp/x/2/a/y1
+test -f /tmp/x/2/a/y2
+
+#
+# 'x' with 'R'
+#
+
+mkdir -p /tmp/x/{1,2}/a
+touch /tmp/x/1/a/{x1,x2} /tmp/x/2/a/{y1,y2}
+
+systemd-tmpfiles --remove - <<EOF
+# X is not supposed to influence R
+X /tmp/x/1/a
+X /tmp/x/2/a
+R /tmp/x/1
+EOF
+
+find /tmp/x | sort
+test ! -d /tmp/x/1
+test ! -d /tmp/x/1/a
+test ! -f /tmp/x/1/a/x1
+test ! -f /tmp/x/1/a/x2
+test -f /tmp/x/2/a/y1
+test -f /tmp/x/2/a/y2

36
SOURCES/0732-core-make-sure-we-don-t-get-confused-when-setting-TE.patch Normal file
View File

@ -0,0 +1,36 @@
From 858519383fec2b3fadc1b8423214f703d69d6a6c Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 22 Apr 2020 21:52:22 +0200
Subject: [PATCH] core: make sure we don't get confused when setting TERM for a
tty fd
Fixes: #15344
(cherry picked from commit e8cf09b2a2ad0d48e5493050d54251d5f512d9b6)
Resolves: #2045307
---
src/core/execute.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/src/core/execute.c b/src/core/execute.c
index d528d08830..a104294966 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -1709,12 +1709,13 @@ static int build_environment(
tty_path = exec_context_tty_path(c);
- /* If we are forked off PID 1 and we are supposed to operate on /dev/console, then let's try to inherit
- * the $TERM set for PID 1. This is useful for containers so that the $TERM the container manager
- * passes to PID 1 ends up all the way in the console login shown. */
+ /* If we are forked off PID 1 and we are supposed to operate on /dev/console, then let's try
+ * to inherit the $TERM set for PID 1. This is useful for containers so that the $TERM the
+ * container manager passes to PID 1 ends up all the way in the console login shown. */
- if (path_equal(tty_path, "/dev/console") && getppid() == 1)
+ if (path_equal_ptr(tty_path, "/dev/console") && getppid() == 1)
term = getenv("TERM");
+
if (!term)
term = default_term_for_tty(tty_path);

37
SOURCES/0733-hash-funcs-introduce-macro-to-create-typesafe-hash_o.patch Normal file
View File

@ -0,0 +1,37 @@
From cfa7b3d0a1900b725e5489dfec2c39abb8569c29 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 28 Nov 2018 14:10:04 +0900
Subject: [PATCH] hash-funcs: introduce macro to create typesafe hash_ops
(cherry picked from commit d1005d1c0050d3dc3a24c054bac4c4916073cbba)
Resolves: #2037807
---
src/basic/hash-funcs.h | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/src/basic/hash-funcs.h b/src/basic/hash-funcs.h
index 5e5989f021..2ff687e5f9 100644
--- a/src/basic/hash-funcs.h
+++ b/src/basic/hash-funcs.h
@@ -13,6 +13,20 @@ struct hash_ops {
compare_func_t compare;
};
+#define _DEFINE_HASH_OPS(uq, name, type, hash_func, compare_func, scope) \
+ _unused_ static void (* UNIQ_T(static_hash_wrapper, uq))(const type *, struct siphash *) = hash_func; \
+ _unused_ static int (* UNIQ_T(static_compare_wrapper, uq))(const type *, const type *) = compare_func; \
+ scope const struct hash_ops name = { \
+ .hash = (hash_func_t) hash_func, \
+ .compare = (compare_func_t) compare_func, \
+ }
+
+#define DEFINE_HASH_OPS(name, type, hash_func, compare_func) \
+ _DEFINE_HASH_OPS(UNIQ, name, type, hash_func, compare_func,)
+
+#define DEFINE_PRIVATE_HASH_OPS(name, type, hash_func, compare_func) \
+ _DEFINE_HASH_OPS(UNIQ, name, type, hash_func, compare_func, static)
+
void string_hash_func(const void *p, struct siphash *state);
int string_compare_func(const void *a, const void *b) _pure_;
extern const struct hash_ops string_hash_ops;

369
SOURCES/0734-hash-func-add-destructors-for-key-and-value.patch Normal file
View File

@ -0,0 +1,369 @@
From 3bee193141bdf3106732a2c925ffaf5ce48f0ecb Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 27 Nov 2018 22:25:40 +0900
Subject: [PATCH] hash-func: add destructors for key and value
If they are set, then they are called in hashmap_clear() or
hashmap_free().
(cherry picked from commit 59a5cda7b904cd7ef9853bda15b498bbc0577524)
Resolves: #2037807
---
src/basic/hash-funcs.h | 54 ++++++++++++++++++++++++++---
src/basic/hashmap.c | 76 +++++++++++------------------------------
src/basic/hashmap.h | 50 ++++++++++++++++++---------
src/basic/ordered-set.h | 6 ++--
src/basic/set.h | 10 +++---
5 files changed, 109 insertions(+), 87 deletions(-)
diff --git a/src/basic/hash-funcs.h b/src/basic/hash-funcs.h
index 2ff687e5f9..2d3125d0f9 100644
--- a/src/basic/hash-funcs.h
+++ b/src/basic/hash-funcs.h
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: LGPL-2.1+ */
#pragma once
-
+#include "alloc-util.h"
#include "macro.h"
#include "siphash24.h"
@@ -11,21 +11,67 @@ typedef int (*compare_func_t)(const void *a, const void *b);
struct hash_ops {
hash_func_t hash;
compare_func_t compare;
+ free_func_t free_key;
+ free_func_t free_value;
};
-#define _DEFINE_HASH_OPS(uq, name, type, hash_func, compare_func, scope) \
+#define _DEFINE_HASH_OPS(uq, name, type, hash_func, compare_func, free_key_func, free_value_func, scope) \
_unused_ static void (* UNIQ_T(static_hash_wrapper, uq))(const type *, struct siphash *) = hash_func; \
_unused_ static int (* UNIQ_T(static_compare_wrapper, uq))(const type *, const type *) = compare_func; \
scope const struct hash_ops name = { \
.hash = (hash_func_t) hash_func, \
.compare = (compare_func_t) compare_func, \
+ .free_key = free_key_func, \
+ .free_value = free_value_func, \
+ }
+
+#define _DEFINE_FREE_FUNC(uq, type, wrapper_name, func) \
+ /* Type-safe free function */ \
+ static void UNIQ_T(wrapper_name, uq)(void *a) { \
+ type *_a = a; \
+ func(_a); \
}
+#define _DEFINE_HASH_OPS_WITH_KEY_DESTRUCTOR(uq, name, type, hash_func, compare_func, free_func, scope) \
+ _DEFINE_FREE_FUNC(uq, type, static_free_wrapper, free_func); \
+ _DEFINE_HASH_OPS(uq, name, type, hash_func, compare_func, \
+ UNIQ_T(static_free_wrapper, uq), NULL, scope)
+
+#define _DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(uq, name, type, hash_func, compare_func, type_value, free_func, scope) \
+ _DEFINE_FREE_FUNC(uq, type_value, static_free_wrapper, free_func); \
+ _DEFINE_HASH_OPS(uq, name, type, hash_func, compare_func, \
+ NULL, UNIQ_T(static_free_wrapper, uq), scope)
+
+#define _DEFINE_HASH_OPS_FULL(uq, name, type, hash_func, compare_func, free_key_func, type_value, free_value_func, scope) \
+ _DEFINE_FREE_FUNC(uq, type, static_free_key_wrapper, free_key_func); \
+ _DEFINE_FREE_FUNC(uq, type_value, static_free_value_wrapper, free_value_func); \
+ _DEFINE_HASH_OPS(uq, name, type, hash_func, compare_func, \
+ UNIQ_T(static_free_key_wrapper, uq), \
+ UNIQ_T(static_free_value_wrapper, uq), scope)
+
#define DEFINE_HASH_OPS(name, type, hash_func, compare_func) \
- _DEFINE_HASH_OPS(UNIQ, name, type, hash_func, compare_func,)
+ _DEFINE_HASH_OPS(UNIQ, name, type, hash_func, compare_func, NULL, NULL,)
#define DEFINE_PRIVATE_HASH_OPS(name, type, hash_func, compare_func) \
- _DEFINE_HASH_OPS(UNIQ, name, type, hash_func, compare_func, static)
+ _DEFINE_HASH_OPS(UNIQ, name, type, hash_func, compare_func, NULL, NULL, static)
+
+#define DEFINE_HASH_OPS_WITH_KEY_DESTRUCTOR(name, type, hash_func, compare_func, free_func) \
+ _DEFINE_HASH_OPS_WITH_KEY_DESTRUCTOR(UNIQ, name, type, hash_func, compare_func, free_func,)
+
+#define DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR(name, type, hash_func, compare_func, free_func) \
+ _DEFINE_HASH_OPS_WITH_KEY_DESTRUCTOR(UNIQ, name, type, hash_func, compare_func, free_func, static)
+
+#define DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(name, type, hash_func, compare_func, value_type, free_func) \
+ _DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(UNIQ, name, type, hash_func, compare_func, value_type, free_func,)
+
+#define DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(name, type, hash_func, compare_func, value_type, free_func) \
+ _DEFINE_HASH_OPS_WITH_VALUE_DESTRUCTOR(UNIQ, name, type, hash_func, compare_func, value_type, free_func, static)
+
+#define DEFINE_HASH_OPS_FULL(name, type, hash_func, compare_func, free_key_func, value_type, free_value_func) \
+ _DEFINE_HASH_OPS_FULL(UNIQ, name, type, hash_func, compare_func, free_key_func, value_type, free_value_func,)
+
+#define DEFINE_PRIVATE_HASH_OPS_FULL(name, type, hash_func, compare_func, free_key_func, value_type, free_value_func) \
+ _DEFINE_HASH_OPS_FULL(UNIQ, name, type, hash_func, compare_func, free_key_func, value_type, free_value_func, static)
void string_hash_func(const void *p, struct siphash *state);
int string_compare_func(const void *a, const void *b) _pure_;
diff --git a/src/basic/hashmap.c b/src/basic/hashmap.c
index 69a7d70b04..7c508086f0 100644
--- a/src/basic/hashmap.c
+++ b/src/basic/hashmap.c
@@ -863,47 +863,38 @@ static void hashmap_free_no_clear(HashmapBase *h) {
free(h);
}
-HashmapBase *internal_hashmap_free(HashmapBase *h) {
-
- /* Free the hashmap, but nothing in it */
-
+HashmapBase *internal_hashmap_free(HashmapBase *h, free_func_t default_free_key, free_func_t default_free_value) {
if (h) {
- internal_hashmap_clear(h);
+ internal_hashmap_clear(h, default_free_key, default_free_value);
hashmap_free_no_clear(h);
}
return NULL;
}
-HashmapBase *internal_hashmap_free_free(HashmapBase *h) {
+void internal_hashmap_clear(HashmapBase *h, free_func_t default_free_key, free_func_t default_free_value) {
+ free_func_t free_key, free_value;
+ if (!h)
+ return;
- /* Free the hashmap and all data objects in it, but not the
- * keys */
+ free_key = h->hash_ops->free_key ?: default_free_key;
+ free_value = h->hash_ops->free_value ?: default_free_value;
- if (h) {
- internal_hashmap_clear_free(h);
- hashmap_free_no_clear(h);
- }
-
- return NULL;
-}
+ if (free_key || free_value) {
+ unsigned idx;
-Hashmap *hashmap_free_free_free(Hashmap *h) {
+ for (idx = skip_free_buckets(h, 0); idx != IDX_NIL;
+ idx = skip_free_buckets(h, idx + 1)) {
+ struct hashmap_base_entry *e = bucket_at(h, idx);
- /* Free the hashmap and all data and key objects in it */
+ if (free_key)
+ free_key((void *) e->key);
- if (h) {
- hashmap_clear_free_free(h);
- hashmap_free_no_clear(HASHMAP_BASE(h));
+ if (free_value)
+ free_value(entry_value(h, e));
+ }
}
- return NULL;
-}
-
-void internal_hashmap_clear(HashmapBase *h) {
- if (!h)
- return;
-
if (h->has_indirect) {
free(h->indirect.storage);
h->has_indirect = false;
@@ -920,35 +911,6 @@ void internal_hashmap_clear(HashmapBase *h) {
base_set_dirty(h);
}
-void internal_hashmap_clear_free(HashmapBase *h) {
- unsigned idx;
-
- if (!h)
- return;
-
- for (idx = skip_free_buckets(h, 0); idx != IDX_NIL;
- idx = skip_free_buckets(h, idx + 1))
- free(entry_value(h, bucket_at(h, idx)));
-
- internal_hashmap_clear(h);
-}
-
-void hashmap_clear_free_free(Hashmap *h) {
- unsigned idx;
-
- if (!h)
- return;
-
- for (idx = skip_free_buckets(HASHMAP_BASE(h), 0); idx != IDX_NIL;
- idx = skip_free_buckets(HASHMAP_BASE(h), idx + 1)) {
- struct plain_hashmap_entry *e = plain_bucket_at(h, idx);
- free((void*)e->b.key);
- free(e->value);
- }
-
- internal_hashmap_clear(HASHMAP_BASE(h));
-}
-
static int resize_buckets(HashmapBase *h, unsigned entries_add);
/*
@@ -1771,7 +1733,7 @@ HashmapBase *internal_hashmap_copy(HashmapBase *h) {
}
if (r < 0) {
- internal_hashmap_free(copy);
+ internal_hashmap_free(copy, false, false);
return NULL;
}
diff --git a/src/basic/hashmap.h b/src/basic/hashmap.h
index 5c70c102d7..9e4772b497 100644
--- a/src/basic/hashmap.h
+++ b/src/basic/hashmap.h
@@ -23,6 +23,8 @@
#define HASH_KEY_SIZE 16
+typedef void* (*hashmap_destroy_t)(void *p);
+
/* The base type for all hashmap and set types. Many functions in the
* implementation take (HashmapBase*) parameters and are run-time polymorphic,
* though the API is not meant to be polymorphic (do not call functions
@@ -88,25 +90,33 @@ OrderedHashmap *internal_ordered_hashmap_new(const struct hash_ops *hash_ops HA
#define hashmap_new(ops) internal_hashmap_new(ops HASHMAP_DEBUG_SRC_ARGS)
#define ordered_hashmap_new(ops) internal_ordered_hashmap_new(ops HASHMAP_DEBUG_SRC_ARGS)
-HashmapBase *internal_hashmap_free(HashmapBase *h);
+HashmapBase *internal_hashmap_free(HashmapBase *h, free_func_t default_free_key, free_func_t default_free_value);
static inline Hashmap *hashmap_free(Hashmap *h) {
- return (void*)internal_hashmap_free(HASHMAP_BASE(h));
+ return (void*) internal_hashmap_free(HASHMAP_BASE(h), NULL, NULL);
}
static inline OrderedHashmap *ordered_hashmap_free(OrderedHashmap *h) {
- return (void*)internal_hashmap_free(HASHMAP_BASE(h));
+ return (void*) internal_hashmap_free(HASHMAP_BASE(h), NULL, NULL);
}
-HashmapBase *internal_hashmap_free_free(HashmapBase *h);
static inline Hashmap *hashmap_free_free(Hashmap *h) {
- return (void*)internal_hashmap_free_free(HASHMAP_BASE(h));
+ return (void*) internal_hashmap_free(HASHMAP_BASE(h), NULL, free);
}
static inline OrderedHashmap *ordered_hashmap_free_free(OrderedHashmap *h) {
- return (void*)internal_hashmap_free_free(HASHMAP_BASE(h));
+ return (void*) internal_hashmap_free(HASHMAP_BASE(h), NULL, free);
}
-Hashmap *hashmap_free_free_free(Hashmap *h);
+static inline Hashmap *hashmap_free_free_key(Hashmap *h) {
+ return (void*) internal_hashmap_free(HASHMAP_BASE(h), free, NULL);
+}
+static inline OrderedHashmap *ordered_hashmap_free_free_key(OrderedHashmap *h) {
+ return (void*) internal_hashmap_free(HASHMAP_BASE(h), free, NULL);
+}
+
+static inline Hashmap *hashmap_free_free_free(Hashmap *h) {
+ return (void*) internal_hashmap_free(HASHMAP_BASE(h), free, free);
+}
static inline OrderedHashmap *ordered_hashmap_free_free_free(OrderedHashmap *h) {
- return (void*)hashmap_free_free_free(PLAIN_HASHMAP(h));
+ return (void*) internal_hashmap_free(HASHMAP_BASE(h), free, free);
}
IteratedCache *iterated_cache_free(IteratedCache *cache);
@@ -259,25 +269,33 @@ static inline bool ordered_hashmap_iterate(OrderedHashmap *h, Iterator *i, void
return internal_hashmap_iterate(HASHMAP_BASE(h), i, value, key);
}
-void internal_hashmap_clear(HashmapBase *h);
+void internal_hashmap_clear(HashmapBase *h, free_func_t default_free_key, free_func_t default_free_value);
static inline void hashmap_clear(Hashmap *h) {
- internal_hashmap_clear(HASHMAP_BASE(h));
+ internal_hashmap_clear(HASHMAP_BASE(h), NULL, NULL);
}
static inline void ordered_hashmap_clear(OrderedHashmap *h) {
- internal_hashmap_clear(HASHMAP_BASE(h));
+ internal_hashmap_clear(HASHMAP_BASE(h), NULL, NULL);
}
-void internal_hashmap_clear_free(HashmapBase *h);
static inline void hashmap_clear_free(Hashmap *h) {
- internal_hashmap_clear_free(HASHMAP_BASE(h));
+ internal_hashmap_clear(HASHMAP_BASE(h), NULL, free);
}
static inline void ordered_hashmap_clear_free(OrderedHashmap *h) {
- internal_hashmap_clear_free(HASHMAP_BASE(h));
+ internal_hashmap_clear(HASHMAP_BASE(h), NULL, free);
}
-void hashmap_clear_free_free(Hashmap *h);
+static inline void hashmap_clear_free_key(Hashmap *h) {
+ internal_hashmap_clear(HASHMAP_BASE(h), free, NULL);
+}
+static inline void ordered_hashmap_clear_free_key(OrderedHashmap *h) {
+ internal_hashmap_clear(HASHMAP_BASE(h), free, NULL);
+}
+
+static inline void hashmap_clear_free_free(Hashmap *h) {
+ internal_hashmap_clear(HASHMAP_BASE(h), free, free);
+}
static inline void ordered_hashmap_clear_free_free(OrderedHashmap *h) {
- hashmap_clear_free_free(PLAIN_HASHMAP(h));
+ internal_hashmap_clear(HASHMAP_BASE(h), free, free);
}
/*
diff --git a/src/basic/ordered-set.h b/src/basic/ordered-set.h
index e7c054d8e4..7cbb71819b 100644
--- a/src/basic/ordered-set.h
+++ b/src/basic/ordered-set.h
@@ -21,13 +21,11 @@ static inline int ordered_set_ensure_allocated(OrderedSet **s, const struct hash
}
static inline OrderedSet* ordered_set_free(OrderedSet *s) {
- ordered_hashmap_free((OrderedHashmap*) s);
- return NULL;
+ return (OrderedSet*) ordered_hashmap_free((OrderedHashmap*) s);
}
static inline OrderedSet* ordered_set_free_free(OrderedSet *s) {
- ordered_hashmap_free_free((OrderedHashmap*) s);
- return NULL;
+ return (OrderedSet*) ordered_hashmap_free_free((OrderedHashmap*) s);
}
static inline int ordered_set_put(OrderedSet *s, void *p) {
diff --git a/src/basic/set.h b/src/basic/set.h
index 664713810d..8e12670a6e 100644
--- a/src/basic/set.h
+++ b/src/basic/set.h
@@ -9,13 +9,11 @@ Set *internal_set_new(const struct hash_ops *hash_ops HASHMAP_DEBUG_PARAMS);
#define set_new(ops) internal_set_new(ops HASHMAP_DEBUG_SRC_ARGS)
static inline Set *set_free(Set *s) {
- internal_hashmap_free(HASHMAP_BASE(s));
- return NULL;
+ return (Set*) internal_hashmap_free(HASHMAP_BASE(s), NULL, NULL);
}
static inline Set *set_free_free(Set *s) {
- internal_hashmap_free_free(HASHMAP_BASE(s));
- return NULL;
+ return (Set*) internal_hashmap_free(HASHMAP_BASE(s), free, NULL);
}
/* no set_free_free_free */
@@ -76,11 +74,11 @@ static inline unsigned set_buckets(Set *s) {
bool set_iterate(Set *s, Iterator *i, void **value);
static inline void set_clear(Set *s) {
- internal_hashmap_clear(HASHMAP_BASE(s));
+ internal_hashmap_clear(HASHMAP_BASE(s), NULL, NULL);
}
static inline void set_clear_free(Set *s) {
- internal_hashmap_clear_free(HASHMAP_BASE(s));
+ internal_hashmap_clear(HASHMAP_BASE(s), free, NULL);
}
/* no set_clear_free_free */

Some files were not shown because too many files have changed in this diff Show More