Projects
Mega:23.09
systemd
Sign Up
Log In
Username
Password
We truncated the diff of some files because they were too big. If you want to see the full diff for every file,
click here
.
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 3
View file
_service:tar_scm:systemd.spec
Changed
@@ -14,6 +14,10 @@ %global efi_arch x64 %endif +%ifarch ppc64le +%global efi_arch ppc64 +%endif + %ifarch %{ix86} x86_64 aarch64 %global have_gnu_efi 1 %endif @@ -21,10 +25,11 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd Version: 253 -Release: 5 +Release: 10 License: MIT and LGPLv2+ and GPLv2+ Summary: System and Service Manager + Source0: https://github.com/systemd/systemd/archive/v%{version}/%{name}-%{version}.tar.gz Source3: purge-nobody-user Source4: yum-protect-systemd.conf @@ -44,6 +49,7 @@ Source105: rule_generator.functions Source106: write_net_rules Source107: detect_virt +Source108: sense_data.py Patch6001: backport-Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch Patch6002: backport-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch @@ -52,6 +58,19 @@ Patch6005: backport-sd-event-fix-error-handling.patch Patch6006: backport-core-refuse-dbus-activation-if-dbus-is-not-running.patch Patch6007: backport-core-only-refuse-Type-dbus-service-enqueuing-if-dbus.patch +Patch6008: backport-journalctl-verify-that-old-entries-are-not-sealed-wi.patch +Patch6009: backport-units-modprobe-.service-don-t-unescape-instance-name.patch +Patch6010: backport-core-path-do-not-enqueue-new-job-in-.trigger_notify-.patch +Patch6011: backport-socket-fix-use-of-ERRNO_IS_DISCONNECT.patch +Patch6012: backport-sd-bus-fix-use-of-ERRNO_IS_DISCONNECT.patch +Patch6013: backport-resolved-fix-use-of-ERRNO_IS_DISCONNECT.patch +Patch6014: backport-bus-add-some-minimal-bounds-check-on-signatures.patch +Patch6015: backport-udev-builtin-net_id-fix-potential-buffer-overflow.patch +Patch6016: backport-hostname-Make-sure-we-pass-error-to-bus_verify_polki.patch +Patch6017: backport-Limit-rlim_max-in-rlimit_nofile_safe-to-nr_open.patch +Patch6018: backport-udev-raise-RLIMIT_NOFILE-as-high-as-we-can.patch +Patch6019: backport-rules-go-to-the-end-of-rules-indeed-when-dm-is-suspe.patch +Patch6020: backport-CVE-2023-7008.patch Patch9008: update-rtc-with-system-clock-when-shutdown.patch Patch9009: udev-add-actions-while-rename-netif-failed.patch @@ -103,8 +122,8 @@ Patch9055: bugfix-for-cgroup-Swap-cgroup-v1-deletion-and-migration.patch Patch9056: delete-journal-files-except-system.journal-when-jour.patch Patch9057: set-the-cpuset.cpus-mems-of-machine.slice-to-all-by-.patch -Patch9058: journal-don-t-enable-systemd-journald-audit.socket.patch -Patch9059: core-check-for-SERVICE_RELOAD_NOTIFY-in-manager_dbus.patch +Patch9058: add-a-new-switch-to-control-whether-udev-complies-wi.patch +Patch9059: journal-don-t-enable-systemd-journald-audit.socket.patch BuildRequires: gcc, gcc-c++ BuildRequires: libcap-devel, libmount-devel, pam-devel, libselinux-devel @@ -473,6 +492,7 @@ ln -s rc.d/rc.local %{buildroot}%{_sysconfdir}/rc.local install -m 0644 %{SOURCE100} %{buildroot}/%{_udevrulesdir}/40-%{vendor}.rules +install -m 0500 %{SOURCE108} %{buildroot}/usr/lib/udev # remove rpath info for file in $(find %{buildroot}/ -executable -type f -exec file {} ';' | grep "\<ELF\>" | awk -F ':' '{print $1}') @@ -1306,6 +1326,9 @@ %exclude %dir /usr/lib/kernel/install.d %exclude %{_unitdir}/usb-gadget.target %ghost /var/lib/systemd/random-seed +# exclude redundant compilation for python file +%exclude /usr/lib/udev/__pycache__/* + /etc/modules-load.d /usr/sbin/udevadm /usr/share/bash-completion/completions/udevadm @@ -1370,9 +1393,10 @@ /usr/lib/udev/mtd_probe /usr/lib/udev/scsi_id /usr/lib/udev/fido_id -%ifnarch sw_64 riscv64 +%ifnarch sw_64 riscv64 ppc64le /usr/lib/udev/dmi_memory_id %endif +/usr/lib/udev/sense_data.py %dir /usr/lib/udev/hwdb.d %{_udevhwdbdir}/20-bluetooth-vendor-product.hwdb @@ -1443,7 +1467,7 @@ %{_udevrulesdir}/81-net-dhcp.rules %{_udevrulesdir}/60-infiniband.rules %{_udevrulesdir}/70-camera.rules -%ifnarch sw_64 riscv64 +%ifnarch sw_64 riscv64 ppc64le %{_udevrulesdir}/70-memory.rules %endif %{_udevrulesdir}/README @@ -1565,12 +1589,38 @@ %{_libdir}/security/pam_systemd.so %changelog -* Mon Sep 18 2023 jiangchuangang <jiangchuangang@huawei.com> - 253-5 -- add core-check-for-SERVICE_RELOAD_NOTIFY-in-manager_dbus.patch for logind session residue +* Thu Dec 28 2023 wangyuhang <wangyuhang27@huawei.com> - 253-10 +- actually check authenticated flag of SOA transaction in resolved + +* Thu Dec 21 2023 xujing <xujing125@huawei.com> - 253-9 +- backport: fix /boot unmounted issue when the device is suspended during boot time -* Fri Sep 15 2023 hongjinghao <hongjinghao@huawei.com> - 253-4 +* Mon Dec 18 2023 huyubiao <huyubiao@huawei.com> - 253-8 +- backport: sync patches from systemd community + add backport-core-path-do-not-enqueue-new-job-in-.trigger_notify-.patch + backport-socket-fix-use-of-ERRNO_IS_DISCONNECT.patch + backport-sd-bus-fix-use-of-ERRNO_IS_DISCONNECT.patch + backport-resolved-fix-use-of-ERRNO_IS_DISCONNECT.patch + backport-bus-add-some-minimal-bounds-check-on-signatures.patch + backport-udev-builtin-net_id-fix-potential-buffer-overflow.patch + backport-hostname-Make-sure-we-pass-error-to-bus_verify_polki.patch + backport-Limit-rlim_max-in-rlimit_nofile_safe-to-nr_open.patch + backport-udev-raise-RLIMIT_NOFILE-as-high-as-we-can.patch + +* Tue Dec 12 2023 hongjinghao <hongjinghao@huawei.com> - 253-7 +- backport: sync patches from systemd community + +* Thu Nov 30 2023 jiahua.yu <jiahua.yu@shingroup.cn> - 253-6 +- init support for ppc64le + +* Fri Sep 15 2023 hongjinghao <hongjinghao@huawei.com> - 253-5 - journal: don't enable systemd-journald-audit.socket +* Thu Aug 17 2023 wangyuhang <wangyuhang27@huawei.com> - 253-4 +- add a new switch to control whether udev complies with the new SAT standards + and add sense_data.py to check if the device meets the new SAT standards + fix compilation failure with - O0 option + * Mon Jul 31 2023 huyubiao <huyubiao@huawei.com> - 253-3 - sync the patch from v249
View file
_service:tar_scm:add-a-new-switch-to-control-whether-udev-complies-wi.patch
Added
@@ -0,0 +1,148 @@ +From 18c373e2686a9156a701ad440507172ec8bb13a3 Mon Sep 17 00:00:00 2001 +From: wangyuhang <wangyuhang27@huawei.com> +Date: Fri, 7 Jul 2023 16:11:01 +0800 +Subject: PATCH Add a new switch to control whether udev complies with the + new SAT standards + +Reason: Original revisions of the SAT (SCSI-ATA Translation) specification, + udev will identify devices starting with 70 and ending with 00 1d as ATA devices, + rather than scsi devices, which may have a change in wwn id and affect user usage. + So Add a new switch to control whether udev complies with the new SAT standards + +--- + src/shared/udev-util.c | 16 ++++++++++++++-- + src/shared/udev-util.h | 5 +++-- + src/udev/ata_id/ata_id.c | 19 +++++++++++++++++-- + src/udev/udevd.c | 3 ++- + 4 files changed, 36 insertions(+), 7 deletions(-) + +diff --git a/src/shared/udev-util.c b/src/shared/udev-util.c +index f934fc1..2ff4a7c 100644 +--- a/src/shared/udev-util.c ++++ b/src/shared/udev-util.c +@@ -38,9 +38,11 @@ int udev_parse_config_full( + usec_t *ret_exec_delay_usec, + usec_t *ret_event_timeout_usec, + ResolveNameTiming *ret_resolve_name_timing, +- int *ret_timeout_signal) { ++ int *ret_timeout_signal, ++ bool *ret_ignore_newer_SAT) { + + _cleanup_free_ char *log_val = NULL, *children_max = NULL, *exec_delay = NULL, *event_timeout = NULL, *resolve_names = NULL, *timeout_signal = NULL; ++ _cleanup_free_ char *ignore_newer_SAT = NULL; + int r; + + r = parse_env_file(NULL, "/etc/udev/udev.conf", +@@ -49,7 +51,8 @@ int udev_parse_config_full( + "exec_delay", &exec_delay, + "event_timeout", &event_timeout, + "resolve_names", &resolve_names, +- "timeout_signal", &timeout_signal); ++ "timeout_signal", &timeout_signal, ++ "ignore_newer_SAT", &ignore_newer_SAT); + if (r == -ENOENT) + return 0; + if (r < 0) +@@ -118,6 +121,15 @@ int udev_parse_config_full( + *ret_timeout_signal = r; + } + ++ if (ret_ignore_newer_SAT && ignore_newer_SAT) { ++ r = parse_boolean(ignore_newer_SAT); ++ if (r < 0) ++ log_syntax(NULL, LOG_WARNING, "/etc/udev/udev.conf", 0, r, ++ "failed to parse ignore_newer_SAT=%s, ignoring.", ignore_newer_SAT); ++ else ++ *ret_ignore_newer_SAT = r; ++ } ++ + return 0; + } + +diff --git a/src/shared/udev-util.h b/src/shared/udev-util.h +index 276686d..9695c64 100644 +--- a/src/shared/udev-util.h ++++ b/src/shared/udev-util.h +@@ -30,10 +30,11 @@ int udev_parse_config_full( + usec_t *ret_exec_delay_usec, + usec_t *ret_event_timeout_usec, + ResolveNameTiming *ret_resolve_name_timing, +- int *ret_timeout_signal); ++ int *ret_timeout_signal, ++ bool *ret_ignore_newer_SAT); + + static inline int udev_parse_config(void) { +- return udev_parse_config_full(NULL, NULL, NULL, NULL, NULL); ++ return udev_parse_config_full(NULL, NULL, NULL, NULL, NULL, NULL); + } + + int device_wait_for_initialization(sd_device *device, const char *subsystem, usec_t timeout_usec, sd_device **ret); +diff --git a/src/udev/ata_id/ata_id.c b/src/udev/ata_id/ata_id.c +index 1fc27f4..10a3464 100644 +--- a/src/udev/ata_id/ata_id.c ++++ b/src/udev/ata_id/ata_id.c +@@ -28,9 +28,13 @@ + #include "log.h" + #include "memory-util.h" + #include "udev-util.h" ++#include "proc-cmdline.h" ++#include "string-util.h" + + #define COMMAND_TIMEOUT_MSEC (30 * 1000) + ++static bool arg_ignore_newer_SAT = false; ++ + static int disk_scsi_inquiry_command( + int fd, + void *buf, +@@ -163,7 +167,7 @@ static int disk_identify_command( + } + + if (!((sense0 & 0x7f) == 0x72 && desc0 == 0x9 && desc1 == 0x0c) && +- !((sense0 & 0x7f) == 0x70 && sense12 == 0x00 && sense13 == 0x1d)) { ++ (arg_ignore_newer_SAT || !((sense0 & 0x7f) == 0x70 && sense12 == 0x00 && sense13 == 0x1d))) { + errno = EIO; + return -1; + } +@@ -407,12 +411,23 @@ int main(int argc, char *argv) { + { "help", no_argument, NULL, 'h' }, + {} + }; ++ int r; + + log_set_target(LOG_TARGET_AUTO); +- udev_parse_config(); ++ udev_parse_config_full(NULL, NULL, NULL, NULL, NULL, &arg_ignore_newer_SAT); + log_parse_environment(); + log_open(); + ++ /* When either ignore_newer_SAT in udev.conf or udev.ignore_newer_SAT in the kernel command line is true, ++ * set arg_ignore_newer_SAT to true and ignoring the new SAT standard ++ */ ++ if (!arg_ignore_newer_SAT) { ++ r = proc_cmdline_get_bool("udev.ignore_newer_SAT", &arg_ignore_newer_SAT); ++ if (r < 0) { ++ log_warning_errno(r, "Failed to parse udev.ignore_newer_SAT kernel command line argument, ignoring: %m"); ++ } ++ } ++ + for (;;) { + int option; + +diff --git a/src/udev/udevd.c b/src/udev/udevd.c +index 023fe55..34bc6ee 100644 +--- a/src/udev/udevd.c ++++ b/src/udev/udevd.c +@@ -2073,7 +2073,8 @@ int run_udevd(int argc, char *argv) { + + log_set_target(LOG_TARGET_AUTO); + log_open(); +- udev_parse_config_full(&arg_children_max, &arg_exec_delay_usec, &arg_event_timeout_usec, &arg_resolve_name_timing, &arg_timeout_signal); ++ /* ignore_newer_SAT only valid in ata_id.c */ ++ udev_parse_config_full(&arg_children_max, &arg_exec_delay_usec, &arg_event_timeout_usec, &arg_resolve_name_timing, &arg_timeout_signal, NULL); + log_parse_environment(); + log_open(); /* Done again to update after reading configuration. */ + +-- +2.33.0 +
View file
_service:tar_scm:backport-CVE-2023-7008.patch
Added
@@ -0,0 +1,39 @@ +From 3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar <msekleta@redhat.com> +Date: Wed, 20 Dec 2023 16:44:14 +0100 +Subject: PATCH resolved: actually check authenticated flag of SOA + transaction + +Fixes #25676 + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1 +--- + src/resolve/resolved-dns-transaction.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c +index 696fce532a..fe88e502e7 100644 +--- a/src/resolve/resolved-dns-transaction.c ++++ b/src/resolve/resolved-dns-transaction.c +@@ -2808,7 +2808,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord * + if (r == 0) + continue; + +- return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED); ++ return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED); + } + + return true; +@@ -2835,7 +2835,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord * + /* We found the transaction that was supposed to find the SOA RR for us. It was + * successful, but found no RR for us. This means we are not at a zone cut. In this + * case, we require authentication if the SOA lookup was authenticated too. */ +- return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED); ++ return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED); + } + + return true; +-- +2.33.0 +
View file
_service:tar_scm:backport-Limit-rlim_max-in-rlimit_nofile_safe-to-nr_open.patch
Added
@@ -0,0 +1,39 @@ +From f470dafddcd688c3ea6031d4bbcbf934fd094711 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer <daan.j.demeyer@gmail.com> +Date: Fri, 25 Aug 2023 13:55:36 +0200 +Subject: PATCH Limit rlim_max in rlimit_nofile_safe() to nr_open + +We might inherit a max rlim value that's larger than the kernel's +maximum (nr_open). This will cause setrlimit() to fail as the given +maximum is larger than the kernel's maximum. To get around this, +let's limit the max rlim we pass to rlimit() to the value of nr_open. + +Should fix #28965 + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/f470dafddcd688c3ea6031d4bbcbf934fd094711 + +--- + src/basic/rlimit-util.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/basic/rlimit-util.c b/src/basic/rlimit-util.c +index 91424cd3cc..a0ffb24626 100644 +--- a/src/basic/rlimit-util.c ++++ b/src/basic/rlimit-util.c +@@ -401,7 +401,11 @@ int rlimit_nofile_safe(void) { + if (rl.rlim_cur <= FD_SETSIZE) + return 0; + +- rl.rlim_cur = FD_SETSIZE; ++ /* So we might have inherited a hard limit that's larger than the kernel's maximum limit as stored in ++ * /proc/sys/fs/nr_open. If we pass this hard limit unmodified to setrlimit(), we'll get EPERM. To ++ * make sure that doesn't happen, let's limit our hard limit to the value from nr_open. */ ++ rl.rlim_max = MIN(rl.rlim_max, (rlim_t) read_nr_open()); ++ rl.rlim_cur = MIN((rlim_t) FD_SETSIZE, rl.rlim_max); + if (setrlimit(RLIMIT_NOFILE, &rl) < 0) + return log_debug_errno(errno, "Failed to lower RLIMIT_NOFILE's soft limit to " RLIM_FMT ": %m", rl.rlim_cur); + +-- +2.39.1 +
View file
_service:tar_scm:backport-bus-add-some-minimal-bounds-check-on-signatures.patch
Added
@@ -0,0 +1,73 @@ +From d80cc39558ec7e596d594d1aadc4df81262611f8 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi <bluca@debian.org> +Date: Sun, 16 Jul 2023 01:10:47 +0100 +Subject: PATCH bus: add some minimal bounds check on signatures + +CID#1491292 +CID#1491291 +CID#1491290 +CID#1491289 +CID#1491284 +CID#1491281 +CID#1491280 +CID#1491278 + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/d80cc39558ec7e596d594d1aadc4df81262611f8 + +--- + src/busctl/busctl.c | 5 ++++- + src/libsystemd/sd-bus/bus-message.c | 6 ++++++ + 2 files changed, 10 insertions(+), 1 deletion(-) + +diff --git a/src/busctl/busctl.c b/src/busctl/busctl.c +index 72eed36335..c1a0479015 100644 +--- a/src/busctl/busctl.c ++++ b/src/busctl/busctl.c +@@ -1627,8 +1627,11 @@ static int message_append_cmdline(sd_bus_message *m, const char *signature, char + p--; + + r = signature_element_length(signature, &k); +- if (r < 0) ++ if (r < 0 || k < 2) { ++ if (r >= 0 && k < 2) ++ r = -ERANGE; + return log_error_errno(r, "Invalid struct/dict entry signature: %m"); ++ } + + { + char sk-1; +diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c +index 3cf1419a14..f1cf6a8cc4 100644 +--- a/src/libsystemd/sd-bus/bus-message.c ++++ b/src/libsystemd/sd-bus/bus-message.c +@@ -2027,6 +2027,8 @@ _public_ int sd_bus_message_appendv( + r = signature_element_length(t, &k); + if (r < 0) + return r; ++ if (k < 2) ++ return -ERANGE; + + { + char sk - 1; +@@ -3470,6 +3472,8 @@ _public_ int sd_bus_message_readv( + r = signature_element_length(t, &k); + if (r < 0) + return r; ++ if (k < 2) ++ return -ERANGE; + + { + char sk - 1; +@@ -3650,6 +3654,8 @@ _public_ int sd_bus_message_skip(sd_bus_message *m, const char *types) { + r = signature_element_length(types, &k); + if (r < 0) + return r; ++ if (k < 2) ++ return -ERANGE; + + { + char sk-1; +-- +2.39.1 +
View file
_service:tar_scm:backport-core-path-do-not-enqueue-new-job-in-.trigger_notify-.patch
Added
@@ -0,0 +1,152 @@ +From bc6377762c210d1bdd7fd2465930731d87dda576 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sat, 29 Apr 2023 04:31:53 +0900 +Subject: PATCH core/path: do not enqueue new job in .trigger_notify callback + +Otherwise, +1. X.path triggered X.service, and the service has waiting start job, +2. systemctl stop X.service +3. the waiting start job is cancelled to install new stop job, +4. path_trigger_notify() is called, and may reinstall new start job, +5. the stop job cannot be installed, and triggeres assertion. + +So, instead, let's add a defer event source, then enqueue the new start +job after the stop (or any other type) job finished. + +Fixes https://github.com/systemd/systemd/issues/24577#issuecomment-1522628906. + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/bc6377762c210d1bdd7fd2465930731d87dda576 + +--- + src/core/path.c | 68 +++++++++++++++++++++++++++++++++++++++++++++---- + src/core/path.h | 2 ++ + 2 files changed, 65 insertions(+), 5 deletions(-) + +diff --git a/src/core/path.c b/src/core/path.c +index 9f6a246ab0..c95663c3aa 100644 +--- a/src/core/path.c ++++ b/src/core/path.c +@@ -10,6 +10,7 @@ + #include "dbus-path.h" + #include "dbus-unit.h" + #include "escape.h" ++#include "event-util.h" + #include "fd-util.h" + #include "glob-util.h" + #include "inotify-util.h" +@@ -300,6 +301,7 @@ static void path_done(Unit *u) { + + assert(p); + ++ p->trigger_notify_event_source = sd_event_source_disable_unref(p->trigger_notify_event_source); + path_free_specs(p); + } + +@@ -575,6 +577,9 @@ static void path_enter_waiting(Path *p, bool initial, bool from_trigger_notify) + Unit *trigger; + int r; + ++ if (p->trigger_notify_event_source) ++ (void) event_source_disable(p->trigger_notify_event_source); ++ + /* If the triggered unit is already running, so are we */ + trigger = UNIT_TRIGGER(UNIT(p)); + if (trigger && !UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(trigger))) { +@@ -799,8 +804,28 @@ fail: + return 0; + } + +-static void path_trigger_notify(Unit *u, Unit *other) { ++static void path_trigger_notify_impl(Unit *u, Unit *other, bool on_defer); ++ ++static int path_trigger_notify_on_defer(sd_event_source *s, void *userdata) { ++ Path *p = ASSERT_PTR(userdata); ++ Unit *trigger; ++ ++ assert(s); ++ ++ trigger = UNIT_TRIGGER(UNIT(p)); ++ if (!trigger) { ++ log_unit_error(UNIT(p), "Unit to trigger vanished."); ++ path_enter_dead(p, PATH_FAILURE_RESOURCES); ++ return 0; ++ } ++ ++ path_trigger_notify_impl(UNIT(p), trigger, /* on_defer = */ true); ++ return 0; ++} ++ ++static void path_trigger_notify_impl(Unit *u, Unit *other, bool on_defer) { + Path *p = PATH(u); ++ int r; + + assert(u); + assert(other); +@@ -826,13 +851,46 @@ static void path_trigger_notify(Unit *u, Unit *other) { + + if (p->state == PATH_RUNNING && + UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other))) { +- log_unit_debug(UNIT(p), "Got notified about unit deactivation."); +- path_enter_waiting(p, false, true); ++ if (!on_defer) ++ log_unit_debug(u, "Got notified about unit deactivation."); + } else if (p->state == PATH_WAITING && + !UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other))) { +- log_unit_debug(UNIT(p), "Got notified about unit activation."); +- path_enter_waiting(p, false, true); ++ if (!on_defer) ++ log_unit_debug(u, "Got notified about unit activation."); ++ } else ++ return; ++ ++ if (on_defer) { ++ path_enter_waiting(p, /* initial = */ false, /* from_trigger_notify = */ true); ++ return; + } ++ ++ /* Do not call path_enter_waiting() directly from path_trigger_notify(), as this may be called by ++ * job_install() -> job_finish_and_invalidate() -> unit_trigger_notify(), and path_enter_waiting() ++ * may install another job and will trigger assertion in job_install(). ++ * https://github.com/systemd/systemd/issues/24577#issuecomment-1522628906 ++ * Hence, first setup defer event source here, and call path_enter_waiting() slightly later. */ ++ if (p->trigger_notify_event_source) { ++ r = sd_event_source_set_enabled(p->trigger_notify_event_source, SD_EVENT_ONESHOT); ++ if (r < 0) { ++ log_unit_warning_errno(u, r, "Failed to enable event source for triggering notify: %m"); ++ path_enter_dead(p, PATH_FAILURE_RESOURCES); ++ return; ++ } ++ } else { ++ r = sd_event_add_defer(u->manager->event, &p->trigger_notify_event_source, path_trigger_notify_on_defer, p); ++ if (r < 0) { ++ log_unit_warning_errno(u, r, "Failed to allocate event source for triggering notify: %m"); ++ path_enter_dead(p, PATH_FAILURE_RESOURCES); ++ return; ++ } ++ ++ (void) sd_event_source_set_description(p->trigger_notify_event_source, "path-trigger-notify"); ++ } ++} ++ ++static void path_trigger_notify(Unit *u, Unit *other) { ++ path_trigger_notify_impl(u, other, /* on_defer = */ false); + } + + static void path_reset_failed(Unit *u) { +diff --git a/src/core/path.h b/src/core/path.h +index c76103cc12..cb5b662911 100644 +--- a/src/core/path.h ++++ b/src/core/path.h +@@ -65,6 +65,8 @@ struct Path { + PathResult result; + + RateLimit trigger_limit; ++ ++ sd_event_source *trigger_notify_event_source; + }; + + struct ActivationDetailsPath { +-- +2.39.1 +
View file
_service:tar_scm:backport-hostname-Make-sure-we-pass-error-to-bus_verify_polki.patch
Added
@@ -0,0 +1,44 @@ +From b56ee692334231f0312c2fd142b9f2a84da14ac9 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer <daan.j.demeyer@gmail.com> +Date: Thu, 24 Aug 2023 09:00:04 +0200 +Subject: PATCH hostname: Make sure we pass error to + bus_verify_polkit_async() + +Fixes #28943 + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/b56ee692334231f0312c2fd142b9f2a84da14ac9 + +--- + src/hostname/hostnamed.c | 2 +- + src/shared/bus-polkit.c | 1 + + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c +index 9ef45f8e75..85904aabe9 100644 +--- a/src/hostname/hostnamed.c ++++ b/src/hostname/hostnamed.c +@@ -1318,7 +1318,7 @@ static int method_describe(sd_bus_message *m, void *userdata, sd_bus_error *erro + false, + UID_INVALID, + &c->polkit_registry, +- NULL); ++ error); + if (r == 0) + return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */ + +diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c +index 3ff2726d4a..904b897984 100644 +--- a/src/shared/bus-polkit.c ++++ b/src/shared/bus-polkit.c +@@ -480,6 +480,7 @@ int bus_verify_polkit_async( + assert(call); + assert(action); + assert(registry); ++ assert(ret_error); + + r = check_good_user(call, good_user); + if (r != 0) +-- +2.39.1 +
View file
_service:tar_scm:backport-journalctl-verify-that-old-entries-are-not-sealed-wi.patch
Added
@@ -0,0 +1,88 @@ +From 9627e6a72f9c5c336a285b11515bda49345e7bfe Mon Sep 17 00:00:00 2001 +From: felixdoerre <felixdoerre@users.noreply.github.com> +Date: Fri, 6 Oct 2023 05:18:21 +0200 +Subject: PATCH journalctl: verify that old entries are not sealed with too + recent key (#28885) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When verifying seals produced with forward secure sealing, the verification +currently does not check that old entries are only sealed with the key for +their epoch and not a more recent one. This missing check allows an attacker +to remove seals, and create new ones with the currently available key, and +verify will claim everything is in order, although all entries could have +been modified. + +This resolves CVE-2023-31439. + +Co-authored-by: Felix Dörre <felix.doerre@kit.edu> +(cherry picked from commit 3846d3aa292a6daa1916f667bdd79ebee9cb4ac4) +(cherry picked from commit ea67d4755b5d81a42a9013d6ce72c9cf7adb56b9) +(cherry picked from commit e140c1d10b04c757832adf2366ed6fbdfb2e92c9) +--- + src/libsystemd/sd-journal/journal-verify.c | 26 ++++++++++++++++++++-- + 1 file changed, 24 insertions(+), 2 deletions(-) + +diff --git a/src/libsystemd/sd-journal/journal-verify.c b/src/libsystemd/sd-journal/journal-verify.c +index ad4039dee0f..fe4465c5e65 100644 +--- a/src/libsystemd/sd-journal/journal-verify.c ++++ b/src/libsystemd/sd-journal/journal-verify.c +@@ -820,6 +820,7 @@ int journal_file_verify( + uint64_t p = 0, last_epoch = 0, last_tag_realtime = 0, last_sealed_realtime = 0; + + uint64_t entry_seqnum = 0, entry_monotonic = 0, entry_realtime = 0; ++ usec_t min_entry_realtime = USEC_INFINITY, max_entry_realtime = 0; + sd_id128_t entry_boot_id = {}; /* Unnecessary initialization to appease gcc */ + bool entry_seqnum_set = false, entry_monotonic_set = false, entry_realtime_set = false, found_main_entry_array = false; + uint64_t n_objects = 0, n_entries = 0, n_data = 0, n_fields = 0, n_data_hash_tables = 0, n_field_hash_tables = 0, n_entry_arrays = 0, n_tags = 0; +@@ -1071,6 +1072,9 @@ int journal_file_verify( + entry_realtime = le64toh(o->entry.realtime); + entry_realtime_set = true; + ++ max_entry_realtime = MAX(max_entry_realtime, le64toh(o->entry.realtime)); ++ min_entry_realtime = MIN(min_entry_realtime, le64toh(o->entry.realtime)); ++ + n_entries++; + break; + +@@ -1136,12 +1140,13 @@ int journal_file_verify( + + #if HAVE_GCRYPT + if (JOURNAL_HEADER_SEALED(f->header)) { +- uint64_t q, rt; ++ uint64_t q, rt, rt_end; + + debug(p, "Checking tag %"PRIu64"...", le64toh(o->tag.seqnum)); + + rt = f->fss_start_usec + le64toh(o->tag.epoch) * f->fss_interval_usec; +- if (entry_realtime_set && entry_realtime >= rt + f->fss_interval_usec) { ++ rt_end = usec_add(rt, f->fss_interval_usec); ++ if (entry_realtime_set && entry_realtime >= rt_end) { + error(p, + "tag/entry realtime timestamp out of synchronization (%"PRIu64" >= %"PRIu64")", + entry_realtime, +@@ -1149,6 +1154,23 @@ int journal_file_verify( + r = -EBADMSG; + goto fail; + } ++ if (max_entry_realtime >= rt_end) { ++ error(p, ++ "Entry realtime (%"PRIu64", %s) is too late with respect to tag (%"PRIu64", %s)", ++ max_entry_realtime, FORMAT_TIMESTAMP(max_entry_realtime), ++ rt_end, FORMAT_TIMESTAMP(rt_end)); ++ r = -EBADMSG; ++ goto fail; ++ } ++ if (min_entry_realtime < rt) { ++ error(p, ++ "Entry realtime (%"PRIu64", %s) is too early with respect to tag (%"PRIu64", %s)", ++ min_entry_realtime, FORMAT_TIMESTAMP(min_entry_realtime), ++ rt, FORMAT_TIMESTAMP(rt)); ++ r = -EBADMSG; ++ goto fail; ++ } ++ min_entry_realtime = USEC_INFINITY; + + /* OK, now we know the epoch. So let's now set + * it, and calculate the HMAC for everything
View file
_service:tar_scm:backport-resolved-fix-use-of-ERRNO_IS_DISCONNECT.patch
Added
@@ -0,0 +1,66 @@ +From 0bdea17c0aa37c4cdf586c072a7b35f8d0598cc3 Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" <ldv@strace.io> +Date: Fri, 7 Jul 2023 08:00:00 +0000 +Subject: PATCH resolved: fix use of ERRNO_IS_DISCONNECT() + +Given that ERRNO_IS_DISCONNECT() also matches positive values, +make sure this macro is not called with arguments that do not have +errno semantics. + +In this case the argument passed to ERRNO_IS_DISCONNECT() is the value +returned by manager_recv() which can legitimately return 1 without errno +semantics, so fix this by moving ERRNO_IS_DISCONNECT() invocation to the +branch where the return value is known to be negative. + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/0bdea17c0aa37c4cdf586c072a7b35f8d0598cc3 + +--- + src/resolve/resolved-dns-transaction.c | 27 ++++++++++++-------------- + 1 file changed, 12 insertions(+), 15 deletions(-) + +diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c +index a5293357c0..323786896b 100644 +--- a/src/resolve/resolved-dns-transaction.c ++++ b/src/resolve/resolved-dns-transaction.c +@@ -1367,25 +1367,22 @@ static int on_dns_packet(sd_event_source *s, int fd, uint32_t revents, void *use + assert(t->scope); + + r = manager_recv(t->scope->manager, fd, DNS_PROTOCOL_DNS, &p); +- if (ERRNO_IS_DISCONNECT(r)) { +- usec_t usec; +- +- /* UDP connection failures get reported via ICMP and then are possibly delivered to us on the +- * next recvmsg(). Treat this like a lost packet. */ ++ if (r < 0) { ++ if (ERRNO_IS_DISCONNECT(r)) { ++ usec_t usec; + +- log_debug_errno(r, "Connection failure for DNS UDP packet: %m"); +- assert_se(sd_event_now(t->scope->manager->event, CLOCK_BOOTTIME, &usec) >= 0); +- dns_server_packet_lost(t->server, IPPROTO_UDP, t->current_feature_level); ++ /* UDP connection failures get reported via ICMP and then are possibly delivered to us on the ++ * next recvmsg(). Treat this like a lost packet. */ + +- dns_transaction_close_connection(t, /* use_graveyard = */ false); ++ log_debug_errno(r, "Connection failure for DNS UDP packet: %m"); ++ assert_se(sd_event_now(t->scope->manager->event, CLOCK_BOOTTIME, &usec) >= 0); ++ dns_server_packet_lost(t->server, IPPROTO_UDP, t->current_feature_level); + +- if (dns_transaction_limited_retry(t)) /* Try a different server */ +- return 0; ++ dns_transaction_close_connection(t, /* use_graveyard = */ false); + +- dns_transaction_complete_errno(t, r); +- return 0; +- } +- if (r < 0) { ++ if (dns_transaction_limited_retry(t)) /* Try a different server */ ++ return 0; ++ } + dns_transaction_complete_errno(t, r); + return 0; + } +-- +2.39.1 +
View file
_service:tar_scm:backport-rules-go-to-the-end-of-rules-indeed-when-dm-is-suspe.patch
Added
@@ -0,0 +1,48 @@ +From c1a2ada89708d6aeeada496712cb24a4a58e75cc Mon Sep 17 00:00:00 2001 +From: janana <40876700+jiayi0118@users.noreply.github.com> +Date: Wed, 29 Nov 2023 11:36:52 +0800 +Subject: PATCH rules: go to the end of rules indeed when dm is suspended + +The previous patch 466266c does not make sense indeed, that is to say, if the SYSTEMD_READY is not recorded in the database, the GOTO="systemd_end" will not be applied. + +The IMPORT{db} is actually a matching token, it returns false when there is no SYSTEMD_READY recorded in the database. + +The previous patch 466266c tended to inherit the state of SYSTEMD_READY from the database and skip to the end of current rule file. But when the database does not contain SYSTEMD_READY, e.g., the dm-* is not set db_persistent during initrd and the database will be cleared after switching root, the following rules will still be applied not as expected. +--- + rules.d/99-systemd.rules.in | 4 +++- + test/fuzz/fuzz-udev-rules/99-systemd.rules | 4 +++- + 2 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/rules.d/99-systemd.rules.in b/rules.d/99-systemd.rules.in +index 9bf02a705f..455a2368eb 100644 +--- a/rules.d/99-systemd.rules.in ++++ b/rules.d/99-systemd.rules.in +@@ -19,7 +19,9 @@ SUBSYSTEM=="ubi", TAG+="systemd" + SUBSYSTEM=="block", TAG+="systemd" + + # We can't make any conclusions about suspended DM devices so let's just import previous SYSTEMD_READY state and skip other rules +-SUBSYSTEM=="block", ENV{DM_SUSPENDED}=="1", IMPORT{db}="SYSTEMD_READY", GOTO="systemd_end" ++SUBSYSTEM=="block", ENV{DM_SUSPENDED}=="1", IMPORT{db}="SYSTEMD_READY" ++SUBSYSTEM=="block", ENV{DM_SUSPENDED}=="1", GOTO="systemd_end" ++ + SUBSYSTEM=="block", ACTION=="add", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0" + + # Ignore encrypted devices with no identified superblock on it, since +diff --git a/test/fuzz/fuzz-udev-rules/99-systemd.rules b/test/fuzz/fuzz-udev-rules/99-systemd.rules +index 278383b02c..5f29d709ae 100644 +--- a/test/fuzz/fuzz-udev-rules/99-systemd.rules ++++ b/test/fuzz/fuzz-udev-rules/99-systemd.rules +@@ -17,7 +17,9 @@ SUBSYSTEM=="ubi", TAG+="systemd" + SUBSYSTEM=="block", TAG+="systemd" + + # We can't make any conclusions about suspended DM devices so let's just import previous SYSTEMD_READY state and skip other rules +-SUBSYSTEM=="block", ENV{DM_SUSPENDED}=="1", IMPORT{db}="SYSTEMD_READY", GOTO="systemd_end" ++SUBSYSTEM=="block", ENV{DM_SUSPENDED}=="1", IMPORT{db}="SYSTEMD_READY" ++SUBSYSTEM=="block", ENV{DM_SUSPENDED}=="1", GOTO="systemd_end" ++ + SUBSYSTEM=="block", ACTION=="add", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0" + + # Ignore encrypted devices with no identified superblock on it, since +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-bus-fix-use-of-ERRNO_IS_DISCONNECT.patch
Added
@@ -0,0 +1,49 @@ +From bb228f0ebc9b691ee2a871bffbf949936568f3ea Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" <ldv@strace.io> +Date: Fri, 7 Jul 2023 08:00:00 +0000 +Subject: PATCH sd-bus: fix use of ERRNO_IS_DISCONNECT() + +Given that ERRNO_IS_DISCONNECT() also matches positive values, +make sure this macro is not called with arguments that do not have +errno semantics. + +In this case the argument passed to ERRNO_IS_DISCONNECT() is the value +returned by bus_socket_process_watch_bind(), bus_socket_process_opening(), +and bus_socket_process_authenticating() which can legitimately return +positive values without errno semantics, so fix this by moving the +ERRNO_IS_DISCONNECT() invocation to the branch where the return value +is known to be negative. + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/bb228f0ebc9b691ee2a871bffbf949936568f3ea + +--- + src/libsystemd/sd-bus/sd-bus.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c +index 2758309ac5..a250e7b81a 100644 +--- a/src/libsystemd/sd-bus/sd-bus.c ++++ b/src/libsystemd/sd-bus/sd-bus.c +@@ -3284,11 +3284,13 @@ static int bus_process_internal(sd_bus *bus, sd_bus_message **ret) { + assert_not_reached(); + } + +- if (ERRNO_IS_DISCONNECT(r)) { +- bus_enter_closing(bus); +- r = 1; +- } else if (r < 0) +- return r; ++ if (r < 0) { ++ if (ERRNO_IS_DISCONNECT(r)) { ++ bus_enter_closing(bus); ++ r = 1; ++ } else ++ return r; ++ } + + if (ret) + *ret = NULL; +-- +2.39.1 +
View file
_service:tar_scm:backport-socket-fix-use-of-ERRNO_IS_DISCONNECT.patch
Added
@@ -0,0 +1,44 @@ +From d5f8890bbf375075c7042b31ff6e79ad491df04c Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" <ldv@strace.io> +Date: Fri, 7 Jul 2023 08:00:00 +0000 +Subject: PATCH socket: fix use of ERRNO_IS_DISCONNECT() + +Given that ERRNO_IS_DISCONNECT() also matches positive values, +make sure this macro is not called with arguments that do not have +errno semantics. + +In this case the argument passed to ERRNO_IS_DISCONNECT() is the value +returned by socket_acquire_peer() which can legitimately return 1 +without errno semantics, so fix this by moving ERRNO_IS_DISCONNECT() +invocation to the branch where the return value is known to be negative. + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/d5f8890bbf375075c7042b31ff6e79ad491df04c + +--- + src/core/socket.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/src/core/socket.c b/src/core/socket.c +index d72194f20b..03b8cbd164 100644 +--- a/src/core/socket.c ++++ b/src/core/socket.c +@@ -2358,10 +2358,12 @@ static void socket_enter_running(Socket *s, int cfd_in) { + + if (s->max_connections_per_source > 0) { + r = socket_acquire_peer(s, cfd, &p); +- if (ERRNO_IS_DISCONNECT(r)) +- return; +- if (r < 0) /* We didn't have enough resources to acquire peer information, let's fail. */ ++ if (r < 0) { ++ if (ERRNO_IS_DISCONNECT(r)) ++ return; ++ /* We didn't have enough resources to acquire peer information, let's fail. */ + goto fail; ++ } + if (r > 0 && p->n_ref > s->max_connections_per_source) { + _cleanup_free_ char *t = NULL; + +-- +2.39.1 +
View file
_service:tar_scm:backport-udev-builtin-net_id-fix-potential-buffer-overflow.patch
Added
@@ -0,0 +1,33 @@ +From 5660e68d651545b43e13a51b068e64022637a6c6 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 28 Sep 2022 18:09:29 +0900 +Subject: PATCH udev-builtin-net_id: fix potential buffer overflow + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/5660e68d651545b43e13a51b068e64022637a6c6 + +--- + src/udev/udev-builtin-net_id.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c +index 4936ba518a..d1f343573d 100644 +--- a/src/udev/udev-builtin-net_id.c ++++ b/src/udev/udev-builtin-net_id.c +@@ -948,11 +948,11 @@ static int names_usb(sd_device *dev, NetNames *names) { + + /* append USB config number, suppress the common config == 1 */ + if (!streq(config, "1")) +- l = strpcpyl(&s, sizeof(names->usb_ports), "c", config, NULL); ++ l = strpcpyl(&s, l, "c", config, NULL); + + /* append USB interface number, suppress the interface == 0 */ + if (!streq(interf, "0")) +- l = strpcpyl(&s, sizeof(names->usb_ports), "i", interf, NULL); ++ l = strpcpyl(&s, l, "i", interf, NULL); + if (l == 0) + return log_device_debug_errno(dev, SYNTHETIC_ERRNO(ENAMETOOLONG), + "Generated USB name would be too long."); +-- +2.39.1 +
View file
_service:tar_scm:backport-udev-raise-RLIMIT_NOFILE-as-high-as-we-can.patch
Added
@@ -0,0 +1,47 @@ +From 1617424ce76d797d081dd6cb1082b954c4d2bf38 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Tue, 26 Sep 2023 09:52:05 +0200 +Subject: PATCH udev: raise RLIMIT_NOFILE as high as we can + +We might need a lot of fds on large systems, hence raise RLIMIT_NOFILE +to what the service manager allows us, which is quite a lot these days. + +udev already sets FORK_RLIMIT_NOFILE_SAFE when forking of chilren, thus +ensuring that forked off processes get their RLIMIT_NOFILE soft limit +reset to 1K for compat with crappy old select(). + +Replaces: #29298 +Fixes: #28583 + +Conflict:code context adaptation +Reference:https://github.com/systemd/systemd-stable/commit/1617424ce76d797d081dd6cb1082b954c4d2bf38 + +--- + src/udev/udevd.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/udev/udevd.c b/src/udev/udevd.c +index 257336aec6..2ed4282253 100644 +--- a/src/udev/udevd.c ++++ b/src/udev/udevd.c +@@ -18,6 +18,7 @@ + #include "pretty-print.h" + #include "proc-cmdline.h" + #include "process-util.h" ++#include "rlimit-util.h" + #include "selinux-util.h" + #include "signal-util.h" + #include "socket-util.h" +@@ -365,6 +366,9 @@ int run_udevd(int argc, char *argv) { + if (r < 0) + return r; + ++ /* Make sure we can have plenty fds (for example for pidfds) */ ++ (void) rlimit_nofile_bump(-1); ++ + r = RET_NERRNO(mkdir("/run/udev", 0755)); + if (r < 0 && r != -EEXIST) + return log_error_errno(r, "Failed to create /run/udev: %m"); +-- +2.39.1 +
View file
_service:tar_scm:backport-units-modprobe-.service-don-t-unescape-instance-name.patch
Added
@@ -0,0 +1,35 @@ +From 540b3c5d53f7b5889247e9cb4aea62d3983a48b8 Mon Sep 17 00:00:00 2001 +From: Martin Wilck <mwilck@suse.com> +Date: Fri, 20 Oct 2023 16:25:15 +0200 +Subject: PATCH units: modprobe@.service: don't unescape instance name + +modprobe treats "-" and "_" interchangeably, thereby avoiding frequent +errors because some module names contain dashes and others underscores. + +Because modprobe@.service unescapes the instance name, an attempt to +start "modprobe@dm-crypt.service" will run "modprobe -abq dm/crypt", +which is doomed to fail. "modprobe@dm_crypt.service" will work as +expected. Thus unescaping the instance name has surprising side effects. +Use "%i" instead. + +(cherry picked from commit bf25cf6c49253e922524dfa0e7960f554838f18b) +(cherry picked from commit c98d0130dc8efd826cd85020337353cdbe644bb4) +(cherry picked from commit 6d5eba0814e7dfc15ebb68ca5afdabab214c9da6) + +--- + units/modprobe@.service | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/units/modprobe@.service b/units/modprobe@.service +index 85a2c08dee..fe631fffeb 100644 +--- a/units/modprobe@.service ++++ b/units/modprobe@.service +@@ -17,4 +17,4 @@ StartLimitIntervalSec=0 + + Service + Type=oneshot +-ExecStart=-/sbin/modprobe -abq %I ++ExecStart=-/sbin/modprobe -abq %i +-- +2.33.0 +
View file
_service:tar_scm:core-check-for-SERVICE_RELOAD_NOTIFY-in-manager_dbus.patch
Deleted
@@ -1,43 +0,0 @@ -From 845824acddf2e7e08c94afe7cfee6e50a682c947 Mon Sep 17 00:00:00 2001 -From: msizanoen1 <msizanoen@qtmlabs.xyz> -Date: Tue, 2 May 2023 16:59:07 +0700 -Subject: PATCH core: check for SERVICE_RELOAD_NOTIFY in - manager_dbus_is_running - -This ensures that systemd won't erronously disconnect from the system -bus in case a bus recheck is triggered immediately after the bus service -emits `RELOADING=1`. - -This fixes an issue where systemd-logind sometimes randomly stops -receiving `UnitRemoved` after a system update. - -This also handles SERVICE_RELOAD_SIGNAL just in case somebody ever -creates a D-Bus broker implementation that uses `Type=notify-reload`. - -Conflict:NA -Reference:https://github.com/systemd/systemd/commit/845824acddf2e7e08c94afe7cfee6e50a682c947 - ---- - src/core/manager.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/src/core/manager.c b/src/core/manager.c -index 9e91aba632..9226cd2ab7 100644 ---- a/src/core/manager.c -+++ b/src/core/manager.c -@@ -1822,7 +1822,11 @@ static bool manager_dbus_is_running(Manager *m, bool deserialized) { - u = manager_get_unit(m, SPECIAL_DBUS_SERVICE); - if (!u) - return false; -- if (!IN_SET((deserialized ? SERVICE(u)->deserialized_state : SERVICE(u)->state), SERVICE_RUNNING, SERVICE_RELOAD)) -+ if (!IN_SET((deserialized ? SERVICE(u)->deserialized_state : SERVICE(u)->state), -+ SERVICE_RUNNING, -+ SERVICE_RELOAD, -+ SERVICE_RELOAD_NOTIFY, -+ SERVICE_RELOAD_SIGNAL)) - return false; - - return true; --- -2.36.1 -
View file
_service:tar_scm:delete-journal-files-except-system.journal-when-jour.patch
Changed
@@ -10,12 +10,13 @@ except system.journal, to ensure that the sd_journal_next function meets user expectations. --- - meson.build | 2 ++ + meson.build | 3 ++- src/basic/dirent-util.c | 24 +++++++++++++++++ src/basic/dirent-util.h | 2 ++ src/libsystemd/sd-journal/journal-file.c | 34 ++++++++++++++++++++++++ src/libsystemd/sd-journal/sd-journal.c | 22 --------------- - 5 files changed, 62 insertions(+), 22 deletions(-) + src/test/meson.build | 2 +- + 6 files changed, 63 insertions(+), 23 deletions(-) diff --git a/meson.build b/meson.build index 0372b17..8b1ce23 100644 @@ -30,6 +31,15 @@ '.') libsystemd_includes = basic_includes, include_directories( +@@ -1801,7 +1801,7 @@ test_dlopen = executable( + 'test-dlopen', + test_dlopen_c, + include_directories : includes, +- link_with : libbasic, ++ link_with : libbasic, libsystemd_static, + dependencies : libdl, + build_by_default : want_tests != 'false') + diff --git a/src/basic/dirent-util.c b/src/basic/dirent-util.c index 17df6a2..e362554 100644 --- a/src/basic/dirent-util.c
View file
_service
Changed
@@ -2,7 +2,7 @@ <service name="tar_scm"> <param name="url">git@gitee.com:src-openeuler/systemd.git</param> <param name="scm">git</param> - <param name="revision">openEuler-23.09</param> + <param name="revision">master</param> <param name="exclude">*</param> <param name="extract">*</param> </service>
View file
_service:tar_scm:sense_data.py
Added
@@ -0,0 +1,267 @@ +#!/usr/bin/env python + +import sys +import os +import re +import ctypes +import fcntl +import string + +MEET_NEWER_SAT = 0 +wwn = ctypes.c_uint64() + +BSG_PROTOCOL_SCSI = 0 # <linux/bsg.h> +BSG_SUB_PROTOCOL_SCSI_CMD = 0 # <linux/bsg.h> + +SG_DXFER_FROM_DEV = -3 # SCSI READ command + +ASCII_S = 83 # 'S' +ASCII_Q = 81 # 'Q' +SG_IO = 0x2285 # <scsi/sg.h> + + +""" +INQUIRY Command +https://www.seagate.com/files/staticfiles/support/docs/manual/Interface%20manuals/100293068j.pdf +3.6.1 Section +""" + + +class inquiry_cmd(ctypes.Structure): + _pack_ = 1 + _fields_ = + ("opcode", ctypes.c_ubyte), + ("reserved", ctypes.c_ubyte), + ("pagecode", ctypes.c_ubyte), + ("alloc_len_3", ctypes.c_ubyte), + ("alloc_len_4", ctypes.c_ubyte), + ("control", ctypes.c_ubyte) + + + +""" +ATA PASS-THROUGH (12) command +https://www.t10.org/ftp/t10/document.04/04-262r8.pdf +13.2.2 Section +""" + + +class ata_cmd_12(ctypes.Structure): + _pack_ = 1 + _fields_ = + ("opcode", ctypes.c_ubyte), + ("protocol", ctypes.c_ubyte), + ("flags", ctypes.c_ubyte), + ("features", ctypes.c_ubyte), + ("sector_count", ctypes.c_ubyte), + ("lba_low", ctypes.c_ubyte), + ("lba_mid", ctypes.c_ubyte), + ("lba_high", ctypes.c_ubyte), + ("device", ctypes.c_ubyte), + ("command", ctypes.c_ubyte), + ("reserved", ctypes.c_ubyte), + ("control", ctypes.c_ubyte) + + + +""" +ref: include/scsi/sg.h +""" + + +class sgio_hdr(ctypes.Structure): + _pack_ = 1 + _fields_ = + # i 'S' for SCSI generic (required) + ("interface_id", ctypes.c_int), + ("dxfer_direction", ctypes.c_int), # i data transfer direction + # i SCSI command length ( <= 16 bytes) + ("cmd_len", ctypes.c_ubyte), + ("mx_sb_len", ctypes.c_ubyte), # i max length to write to sbp + ("iovec_count", ctypes.c_ushort), # i 0 implies no scatter gather + ("dxfer_len", ctypes.c_uint), # i byte count of data transfer + # i, *io points to data transfer memory + ("dxferp", ctypes.c_void_p), + # i, *i points to command to perform + ("cmdp", ctypes.c_void_p), + # i, *o points to sense_buffer memory + ("sbp", ctypes.c_void_p), + # i MAX_UINT->no timeout (unit: millisec) + ("timeout", ctypes.c_uint), + ("flags", ctypes.c_uint), # i 0 -> default, see SG_FLAG... + # i->o unused internally (normally) + ("pack_id", ctypes.c_int), + ("usr_ptr", ctypes.c_void_p), # i->o unused internally + ("status", ctypes.c_ubyte), # o scsi status + ("masked_status", ctypes.c_ubyte), # o shifted, masked scsi status + # o messaging level data (optional) + ("msg_status", ctypes.c_ubyte), + # o byte count actually written to sbp + ("sb_len_wr", ctypes.c_ubyte), + ("host_status", ctypes.c_ushort), # o errors from host adapter + ("driver_status", ctypes.c_ushort), # o errors from software driver + # o dxfer_len - actual_transferred + ("resid", ctypes.c_int), + # o time taken by cmd (unit: millisec) + ("duration", ctypes.c_uint), + ("info", ctypes.c_uint) # o auxiliary information + + + +def from_bytes(bytes_in_array, byteorder="big", signed=False): + if byteorder == "little": + little_ordered = list(bytes_in_array) + elif byteorder == "big": + little_ordered = list(reversed(bytes_in_array)) + else: + raise ValueError("byteorder must be either 'little' or 'big'") + + n = sum(b << i*8 for i, b in enumerate(little_ordered)) + if signed and little_ordered and (little_ordered-1 & 0x80): + n -= 1 << 8*len(little_ordered) + + return n + + +def disk_scsi_inquiry_command(dev, buf): + sense = ctypes.c_buffer(32) + buf_len = ctypes.sizeof(buf) + cdb = inquiry_cmd(opcode=0x12, + reserved=0, + pagecode=0, + alloc_len_3=(buf_len >> 8), + alloc_len_4=(buf_len & 0xff), + control=0) + + # systemd first tries to identify the disk by version 4, but failed. We directly use version3 + io_hdr = sgio_hdr(interface_id=ASCII_S, dxfer_direction=SG_DXFER_FROM_DEV, + cmd_len=ctypes.sizeof(cdb), + mx_sb_len=ctypes.sizeof(sense), iovec_count=0, + dxfer_len=buf_len, + dxferp=ctypes.cast(buf, ctypes.c_void_p), + cmdp=ctypes.addressof(cdb), + sbp=ctypes.cast(sense, ctypes.c_void_p), timeout=30 * 1000, + flags=0, pack_id=0, usr_ptr=None, status=0, masked_status=0, + msg_status=0, sb_len_wr=0, host_status=0, driver_status=0, + resid=0, duration=0, info=0) + + try: + with open(dev, "r") as fd: + ret = fcntl.ioctl(fd.fileno(), SG_IO, io_hdr) + if io_hdr.status != 0 or io_hdr.host_status != 0 or io_hdr.driver_status != 0 or ret != 0: + return False + except OSError as err: + return False + except IOError as err: + return False + + return True + + +def disk_identify_command(dev, buf): + global MEET_NEWER_SAT + MEET_NEWER_SAT = 0 + sense = ctypes.c_buffer(32) + buf_len = ctypes.sizeof(buf) + cdb = ata_cmd_12(opcode=0xa1, protocol=(4 << 1), flags=0x2e, + features=0, sector_count=1, lba_low=0, lba_mid=0, lba_high=0, + device=0 & 0x4F, command=0xEC, reserved=0, control=0) + + # systemd first tries to identify the disk by version 4, but failed. We directly use version3 + io_hdr = sgio_hdr(interface_id=ASCII_S, dxfer_direction=SG_DXFER_FROM_DEV, + cmd_len=ctypes.sizeof(cdb), + mx_sb_len=ctypes.sizeof(sense), iovec_count=0, + dxfer_len=buf_len, + dxferp=ctypes.cast(buf, ctypes.c_void_p), + cmdp=ctypes.addressof(cdb), + sbp=ctypes.cast(sense, ctypes.c_void_p), timeout=30 * 1000, + flags=0, pack_id=0, usr_ptr=None, status=0, masked_status=0, + msg_status=0, sb_len_wr=0, host_status=0, driver_status=0, + resid=0, duration=0, info=0) + + try: + with open(dev, "r") as fd: + ret = fcntl.ioctl(fd.fileno(), SG_IO, io_hdr) + if ret != 0: + return False + except OSError as err: + return False + except IOError as err: + return False + + if sense0 == b'\x72' and sense8 == b'\x09' and sense9 == b'\x0c': + return True + + if sense0 == b'\x70' and sense12 == b'\x00' and sense13 == b'\x1d': + MEET_NEWER_SAT = 1 + return True + + return False
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2