Projects
openEuler:Mainline
systemd
Sign Up
Log In
Username
Password
We truncated the diff of some files because they were too big. If you want to see the full diff for every file,
click here
.
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 2
View file
_service:tar_scm:systemd.spec
Changed
@@ -1,3 +1,4 @@ +%global vendor %{?_vendor:%{_vendor}}%{!?_vendor:openEuler} %global __requires_exclude pkg-config %global pkgdir %{_prefix}/lib/systemd %global system_unit_dir %{pkgdir}/system @@ -20,7 +21,7 @@ Name: systemd Url: https://www.freedesktop.org/wiki/Software/systemd Version: 249 -Release: 31 +Release: 49 License: MIT and LGPLv2+ and GPLv2+ Summary: System and Service Manager @@ -37,75 +38,477 @@ Source12: systemd-user Source13: rc.local -Source100: udev-40-openEuler.rules +Source100: udev-40-generic.rules Source101: udev-55-persistent-net-generator.rules Source102: udev-56-net-sriov-names.rules -Source103: udev-61-openeuler-persistent-storage.rules Source104: net-set-sriov-names Source105: rule_generator.functions Source106: write_net_rules Source107: detect_virt -Patch0001: update-rtc-with-system-clock-when-shutdown.patch -Patch0002: udev-add-actions-while-rename-netif-failed.patch -Patch0003: fix-two-VF-virtual-machines-have-same-mac-address.patch -Patch0004: logind-set-RemoveIPC-to-false-by-default.patch -Patch0005: rules-add-rule-for-naming-Dell-iDRAC-USB-Virtual-NIC.patch -Patch0006: unit-don-t-add-Requires-for-tmp.mount.patch -Patch0007: rules-add-elevator-kernel-command-line-parameter.patch -Patch0008: rules-add-the-rule-that-adds-elevator-kernel-command.patch -Patch0009: units-add-Install-section-to-tmp.mount.patch -Patch0010: Make-systemd-udevd.service-start-after-systemd-remou.patch -Patch0011: udev-virsh-shutdown-vm.patch -Patch0012: sd-bus-properly-initialize-containers.patch -Patch0013: Revert-core-one-step-back-again-for-nspawn-we-actual.patch -Patch0014: journal-don-t-enable-systemd-journald-audit.socket-b.patch -Patch0015: systemd-change-time-log-level.patch -Patch0016: fix-capsh-drop-but-ping-success.patch -Patch0017: resolved-create-etc-resolv.conf-symlink-at-runtime.patch -Patch0018: pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch -Patch0019: fix-journal-file-descriptors-leak-problems.patch -Patch0020: activation-service-must-be-restarted-when-reactivated.patch -Patch0021: systemd-core-fix-problem-of-dbus-service-can-not-be-started.patch -Patch0022: delay-to-restart-when-a-service-can-not-be-auto-restarted.patch -Patch0023: disable-initialize_clock.patch -Patch0024: systemd-solve-that-rsyslog-reads-journal-s-object-of.patch -Patch0025: check-whether-command_prev-is-null-before-assigning-.patch -Patch0026: print-the-real-reason-for-link-update.patch -Patch0027: core-skip-change-device-to-dead-in-manager_catchup-d.patch -Patch0028: revert-rpm-restart-services-in-posttrans.patch - -#backport -Patch6000: backport-core-fix-free-undefined-pointer-when-strdup-failed-i.patch -Patch6001: backport-fix-ConditionDirectoryNotEmpty-when-it-comes-to-a-No.patch -Patch6002: backport-fix-ConditionPathIsReadWrite-when-path-does-not-exis.patch -Patch6003: backport-fix-DirectoryNotEmpty-when-it-comes-to-a-Non-directo.patch -Patch6004: backport-CVE-2021-3997-rm-rf-refactor-rm_rf_children-split-out-body-of-dire.patch -Patch6005: backport-CVE-2021-3997-rm-rf-optionally-fsync-after-removing-directory-tree.patch -Patch6006: backport-CVE-2021-3997-tmpfiles-st-may-have-been-used-uninitialized.patch -Patch6007: backport-CVE-2021-3997-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch -Patch6008: backport-CVE-2021-3997-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch -Patch6009: backport-CVE-2021-3997-shared-rm-rf-loop-over-nested-directories-instead-of.patch -Patch6010: backport-fix-CVE-2021-33910.patch -Patch6011: backport-temporarily-disable-test-seccomp.patch -Patch6012: backport-revert-core-map-io.bfq.weight-to-1.1000.patch -Patch6013: backport-core-cgroup-fix-error-handling-of-cg_remove_xattr.patch -Patch6014: backport-core-wrap-cgroup-path-with-empty_to_root-in-log-mess.patch -Patch6015: backport-Bump-the-max-number-of-inodes-for-dev-to-a-million.patch -Patch6016: backport-Bump-the-max-number-of-inodes-for-tmp-to-a-million-t.patch -Patch6017: backport-unit-escape.patch -Patch6018: backport-udev-rename-type-name-e.g.-struct-worker-Worker.patch -Patch6019: backport-udev-run-the-main-process-workers-and-spawned-comman.patch -Patch6020: backport-timesync-fix-wrong-type-for-receiving-timestamp-in-n.patch -Patch6021: backport-udev-fix-potential-memleak.patch -Patch6022: backport-journalctl-never-fail-at-flushing-when-the-flushed-f.patch -Patch6023: backport-core-fix-SIGABRT-on-empty-exec-command-argv.patch -Patch6024: backport-core-service-also-check-path-in-exec-commands.patch -Patch6025: backport-Add-meson-option-to-disable-urlify.patch -Patch6026: backport-logind.conf-Fix-name-of-option-RuntimeDirectoryInode.patch -Patch6027: backport-unit-coldplug-both-job-and-nop_job-if-possible.patch -Patch6028: backport-meson.build-change-operator-combining-bools-from-to-.patch -Patch6029: backport-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch +Patch6000: backport-hostnamed-correct-variable-with-errno-in-fallback_ch.patch +Patch6001: backport-docs-improve-wording-when-mentioning-the-acronym-ESP.patch +Patch6002: backport-systemctl-show-error-when-help-for-unknown-unit-is-r.patch +Patch6003: backport-shared-format-table-allocate-buffer-of-sufficient-si.patch +Patch6004: backport-fix-CVE-2021-33910.patch +Patch6005: backport-sd-bus-fix-missing-initializer-in-SD_BUS_VTABLE_END-.patch +Patch6006: backport-pid1-propagate-the-original-command-line-when-reexec.patch +Patch6007: backport-coredump-stacktrace.c-avoid-crash-on-binaries-withou.patch +Patch6008: backport-machined-varlink-fix-double-free.patch +Patch6009: backport-malloc-uses-getrandom-now.patch +Patch6010: backport-discover-image-mount-as-read-only-when-extracting-me.patch +Patch6011: backport-networkd-Include-linux-netdevice.h-header.patch +Patch6012: backport-seccomp-drop-getrandom-from-system-service.patch +Patch6013: backport-seccomp-move-sched_getaffinity-from-system-service-t.patch +Patch6014: backport-systemctl-allow-set-property-to-be-called-with-a-glo.patch +Patch6015: backport-Use-correct-fcntl.h-include.patch +Patch6016: backport-Use-correct-poll.h-include.patch +Patch6017: backport-veritysetup-print-help-for-help-h-help.patch +Patch6018: backport-network-use-address_equal-route_equal-to-compare-add.patch +Patch6019: backport-mkosi-openSUSE-update-bootable-no-dependencies.patch +Patch6020: backport-mkosi-Fix-openSUSE-Jinja2-package-name.patch +Patch6021: backport-sd-netlink-always-append-new-bridge-FDB-entries.patch +Patch6022: backport-core-cgroup-fix-error-handling-of-cg_remove_xattr.patch +Patch6023: backport-core-wrap-cgroup-path-with-empty_to_root-in-log-mess.patch +Patch6024: backport-network-add-comments.patch +Patch6025: backport-network-ignore-errors-on-setting-bridge-config.patch +Patch6026: backport-network-ignore-errors-on-unsetting-master-ifindex.patch +Patch6027: backport-network-also-check-addresses-when-determine-a-gatewa.patch +Patch6028: backport-network-check-the-received-interface-name-is-actuall.patch +Patch6029: backport-network-configure-address-with-requested-lifetime.patch +Patch6030: backport-network-use-monotonic-instead-of-boot-time-to-handle.patch +Patch6031: backport-udev-when-setting-up-lo-do-not-return-an-error.patch +Patch6032: backport-network-fix-configuring-of-CAN-devices.patch +Patch6033: backport-network-fix-logic-for-checking-gateway-address-is-re.patch +Patch6034: backport-Fix-the-Failed-to-open-random-seed-.-message.patch +Patch6035: backport-resolved-Don-t-omit-AD-bit-in-reply-if-DO-is-set-in-.patch +Patch6036: backport-sd-dhcp6-client-fix-copy-and-paste-mistake.patch +Patch6037: backport-sd-dhcp6-client-cirtainly-adjust-T1-and-T2.patch +Patch6038: backport-Get-rid-of-dangling-setutxent.patch +Patch6039: backport-sd-dhcp-server-fix-possible-double-free-or-use-after.patch +Patch6040: backport-hostname-fix-off-by-one-issue-in-gethostname.patch +Patch6041: backport-systemd-analyze-parse-ip_filters_custom_egress-corre.patch +Patch6042: backport-cgroup-do-catchup-for-unit-cgroup-inotify-watch-file.patch +Patch6043: backport-core-Make-sure-cgroup_oom_queue-is-flushed-on-manage.patch +Patch6044: backport-sd-boot-Fix-possible-null-pointer-dereference.patch +Patch6045: backport-resolved-retry-on-SERVFAIL-before-downgrading-featur.patch +Patch6046: backport-Don-t-open-var-journals-in-volatile-mode-when-runtim.patch +Patch6047: backport-network-allow-users-to-forbid-passthru-MACVLAN-from-.patch +Patch6048: backport-unit-coldplug-both-job-and-nop_job-if-possible.patch +Patch6049: backport-network-do-not-assume-the-highest-priority-when-Prio.patch +Patch6050: backport-fstab-generator-Respect-nofail-when-ordering.patch +Patch6051: backport-discover-image-pass-the-right-fd-to-fd_getcrtime.patch +Patch6052: backport-src-boot-efi-linux-fix-linux_exec-prototype.patch +Patch6053: backport-timesync-fix-wrong-type-for-receiving-timestamp-in-n.patch +Patch6054: backport-import-turn-off-weird-protocols-in-curl.patch +Patch6055: backport-network-fix-wrong-flag-manage_foreign_routes-manage_.patch +Patch6056: backport-icmp6-drop-unnecessary-assertion.patch +Patch6057: backport-socket-util-introduce-CMSG_SPACE_TIMEVAL-TIMESPEC-ma.patch +Patch6058: backport-timesync-check-cmsg-length.patch +Patch6059: backport-journal-network-timesync-fix-segfault-on-32bit-timev.patch +Patch6060: backport-tpm-util-fix-TPM-parameter-handling.patch +Patch6061: backport-basic-linux-Sync-if_arp.h-with-Linux-5.14.patch +Patch6062: backport-Drop-bundled-copy-of-linux-if_arp.h.patch +Patch6063: backport-explicitly-close-FIDO2-devices.patch +Patch6064: backport-core-respect-install_sysconfdir_samples-in-meson-fil.patch +Patch6065: backport-login-respect-install_sysconfdir_samples-in-meson-fi.patch +Patch6066: backport-core-Remove-circular-include.patch +Patch6067: backport-path-util-make-find_executable-work-without-proc-mou.patch +Patch6068: backport-Fix-another-crash-due-to-missing-NHDR.patch +Patch6069: backport-hwdb-remove-double-empty-line-in-help-text.patch +Patch6070: backport-run-mount-systemctl-don-t-fork-off-PolicyKit-ask-pw-.patch +Patch6071: backport-homed-make-sure-to-use-right-asssesors-for-GID-acces.patch +Patch6072: backport-homed-fix-log-message-referring-to-fsck-when-we-actu.patch +Patch6073: backport-homed-add-missing-SYNTHETIC_ERRNO.patch +Patch6074: backport-homed-remove-misplaced-assert.patch +Patch6075: backport-network-print-Ethernet-Link-Layer-DHCP-client-ID-wit.patch +Patch6076: backport-udev-fix-potential-memleak.patch +Patch6077: backport-nspawn-fix-type-to-pass-to-connect.patch +Patch6078: backport-home-secret-argument-of-handle_generic_user_record_e.patch +Patch6079: backport-docs-portablectl-is-in-bin.patch +Patch6080: backport-core-fix-free-undefined-pointer-when-strdup-failed-i.patch +Patch6081: backport-sd-event-take-ref-on-event-loop-object-before-dispat.patch +Patch6082: backport-nss-systemd-pack-pw_passwd-result-into-supplied-buff.patch +Patch6083: backport-nss-systemd-ensure-returned-strings-point-into-provi.patch +Patch6084: backport-core-Parse-log-environment-settings-again-after-appl.patch +Patch6085: backport-network-fix-handling-of-network-interface-renaming.patch +Patch6086: backport-virt-Improve-detection-of-EC2-metal-instances.patch +Patch6087: backport-Fix-error-building-repart-with-no-libcryptsetup-2073.patch +Patch6088: backport-sd-journal-Don-t-compare-hashes-from-different-journ.patch +Patch6089: backport-test-use-a-less-restrictive-portable-profile-when-ru.patch +Patch6090: backport-Respect-install_sysconfdir.patch +Patch6091: backport-journalctl-never-fail-at-flushing-when-the-flushed-f.patch +Patch6092: backport-sd-journal-Ignore-data-threshold-if-set-to-zero-in-s.patch +Patch6093: backport-watchdog-pass-right-error-code-to-log-function-so-th.patch +Patch6094: backport-fileio-lower-maximum-virtual-file-buffer-size-by-one.patch +Patch6095: backport-fileio-set-O_NOCTTY-when-reading-virtual-files.patch +Patch6096: backport-fileio-start-with-4k-buffer-for-procfs.patch +Patch6097: backport-fileio-fix-truncated-read-handling-in-read_virtual_f.patch +Patch6098: backport-test-fileio-test-read_virtual_file-with-more-files-f.patch +Patch6099: backport-bootctl-Fix-update-not-adding-EFI-entry-if-Boot-IDs-.patch +Patch6100: backport-network-disable-event-sources-before-unref-them.patch +Patch6101: backport-libsystemd-network-disable-event-sources-before-unre.patch +Patch6102: backport-resolved-suppress-writing-DNS-server-info-into-etc-r.patch +Patch6103: backport-resolvconf-compat-make-u-operation-a-NOP.patch +Patch6104: backport-basic-unit-file-don-t-filter-out-names-starting-with.patch +Patch6105: backport-core-mount-add-implicit-unit-dependencies-even-if-wh.patch +Patch6106: backport-seccomp-Always-install-filters-for-native-architectu.patch +Patch6107: backport-test-Check-that-native-architecture-is-always-filter.patch +Patch6108: backport-mount-util-fix-fd_is_mount_point-when-both-the-paren.patch +Patch6109: backport-sleep-don-t-skip-resume-device-with-low-priority-ava.patch +Patch6110: backport-repart-use-right-error-variable.patch +Patch6111: backport-basic-env-util-correctly-parse-extended-vars-after-n.patch
View file
_service:tar_scm:0029-Add-support-for-the-LoongArch-architecture.patch
Added
@@ -0,0 +1,43 @@ +diff --git a/src/basic/architecture.c b/src/basic/architecture.c +index 409632c..e86aff3 100644 +--- a/src/basic/architecture.c ++++ b/src/basic/architecture.c +@@ -118,6 +118,8 @@ int uname_architecture(void) { + #elif defined(__arc__) + { "arc", ARCHITECTURE_ARC }, + { "arceb", ARCHITECTURE_ARC_BE }, ++#elif defined(__loongarch64) ++ { "loongarch64", ARCHITECTURE_LOONGARCH64 }, + #else + #error "Please register your architecture here!" + #endif +@@ -173,6 +175,7 @@ static const char *const architecture_table_ARCHITECTURE_MAX = { + ARCHITECTURE_RISCV64 = "riscv64", + ARCHITECTURE_ARC = "arc", + ARCHITECTURE_ARC_BE = "arc-be", ++ ARCHITECTURE_LOONGARCH64 = "loongarch64", + }; + + DEFINE_STRING_TABLE_LOOKUP(architecture, int); +diff --git a/src/basic/architecture.h b/src/basic/architecture.h +index 9abc183..758bd8c 100644 +--- a/src/basic/architecture.h ++++ b/src/basic/architecture.h +@@ -44,6 +44,7 @@ enum { + ARCHITECTURE_RISCV64, + ARCHITECTURE_ARC, + ARCHITECTURE_ARC_BE, ++ ARCHITECTURE_LOONGARCH64, + _ARCHITECTURE_MAX, + _ARCHITECTURE_INVALID = -EINVAL, + }; +@@ -229,6 +230,9 @@ int uname_architecture(void); + # define native_architecture() ARCHITECTURE_ARC + # define LIB_ARCH_TUPLE "arc-linux" + # endif ++#elif defined(__loongarch64) ++# define native_architecture() ARCHITECTURE_LOONGARCH64 ++# define LIB_ARCH_TUPLE "loongarch64-linux-gnu" + #else + # error "Please register your architecture here!" + #endif
View file
_service:tar_scm:0030-Add-LoongArch-dmi-virt-detection-and-testcase.patch
Added
@@ -0,0 +1,65 @@ +diff --git a/src/basic/virt.c b/src/basic/virt.c +index 7e88f09..de1acf1 100644 +--- a/src/basic/virt.c ++++ b/src/basic/virt.c +@@ -140,7 +140,7 @@ static int detect_vm_device_tree(void) { + #endif + } + +-#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) ++#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__loongarch64) + static int detect_vm_dmi_vendor(void) { + static const char *const dmi_vendors = { + "/sys/class/dmi/id/product_name", /* Test this before sys_vendor to detect KVM over QEMU */ +@@ -225,10 +225,10 @@ static int detect_vm_smbios(void) { + log_debug("DMI BIOS Extension table does not indicate virtualization."); + return SMBIOS_VM_BIT_UNSET; + } +-#endif /* defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) */ ++#endif /* defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__loongarch64) */ + + static int detect_vm_dmi(void) { +-#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) ++#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__loongarch64) + + int r; + r = detect_vm_dmi_vendor(); +diff --git a/src/test/test-execute.c b/src/test/test-execute.c +index 125e0bb..6e168d3 100644 +--- a/src/test/test-execute.c ++++ b/src/test/test-execute.c +@@ -284,6 +284,8 @@ static void test_exec_personality(Manager *m) { + + #elif defined(__i386__) + test(m, "exec-personality-x86.service", 0, CLD_EXITED); ++#elif defined(__loongarch64) ++ test(m, "exec-personality-loongarch64.service", 0, CLD_EXITED); + #else + log_notice("Unknown personality, skipping %s", __func__); + #endif +diff --git a/src/udev/meson.build b/src/udev/meson.build +index 4e80f9b..f2eb0b2 100644 +--- a/src/udev/meson.build ++++ b/src/udev/meson.build +@@ -129,7 +129,7 @@ udev_id_progs = 'ata_id/ata_id.c', + 'mtd_probe/mtd_probe.h', + 'mtd_probe/probe_smartmedia.c' + +-dmi_arches = 'x86', 'x86_64', 'aarch64', 'arm', 'ia64', 'mips' ++dmi_arches = 'x86', 'x86_64', 'aarch64', 'arm', 'ia64', 'loongarch64', 'mips' + if dmi_arches.contains(host_machine.cpu_family()) + udev_id_progs += 'dmi_memory_id/dmi_memory_id.c' + endif +diff --git a/test/test-execute/exec-personality-loongarch64.service b/test/test-execute/exec-personality-loongarch64.service +new file mode 100644 +index 0000000..0531ad1 +--- /dev/null ++++ b/test/test-execute/exec-personality-loongarch64.service +@@ -0,0 +1,7 @@ ++Unit ++Description=Test for Personality=loongarch64 ++ ++Service ++ExecStart=/bin/sh -c 'echo $(uname -m); exit $(test $(uname -m) = "loongarch64")' ++Type=oneshot ++Personality=loongarch64
View file
_service:tar_scm:Don-t-set-AlternativeNamesPolicy-by-default.patch
Added
@@ -0,0 +1,26 @@ +From 1e3f74b7ca5ead53c10e5b37cf8660651f32d181 Mon Sep 17 00:00:00 2001 +From: xujing <xujing125@huawei.com> +Date: Thu, 11 Aug 2022 19:53:35 +0800 +Subject: PATCH Don't set AlternativeNamesPolicy by default + +When a network adapter is renamed, the altname of the network adapter may be +set based on AlternativeNamesPolicy. As a result, the network adapter name +fails to be restored. For example, after enp4s0 is renamed tmp, udev sets the +altname of tmp to enp4s0. If you want to restore tmp to enp4s0, it will fail. +--- + network/99-default.link | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/network/99-default.link b/network/99-default.link +index 31aee37..db48c4d 100644 +--- a/network/99-default.link ++++ b/network/99-default.link +@@ -12,5 +12,4 @@ OriginalName=* + + Link + NamePolicy=keep kernel database onboard slot path +-AlternativeNamesPolicy=database onboard slot path + MACAddressPolicy=none +-- +2.23.0 +
View file
_service:tar_scm:Retry-to-handle-the-uevent-when-worker-is-terminated.patch
Added
@@ -0,0 +1,93 @@ +From a3d2f4261ef9a953904e3e21abafba0dad7daa77 Mon Sep 17 00:00:00 2001 +From: gaoyi <gaoyi15@huawei.com> +Date: Mon, 28 Sep 2020 22:36:37 +0800 +Subject: PATCH Retry to handle the uevent when worker is terminated abnormal + +When processing uevent events fails, retry it. +--- + src/udev/udevd.c | 41 ++++++++++++++++++++++++++++++++++++----- + 1 file changed, 36 insertions(+), 5 deletions(-) + +diff --git a/src/udev/udevd.c b/src/udev/udevd.c +index eb94ed3..5b743ad 100644 +--- a/src/udev/udevd.c ++++ b/src/udev/udevd.c +@@ -70,6 +70,7 @@ + #include "version.h" + + #define WORKER_NUM_MAX 2048U ++#define UEVENT_MAX_RETRY_TIMES 3 + + static bool arg_debug = false; + static int arg_daemonize = false; +@@ -114,6 +115,7 @@ typedef struct Event { + Manager *manager; + Worker *worker; + EventState state; ++ int retry; + + sd_device *dev; + sd_device *dev_kernel; /* clone of originally received device */ +@@ -148,6 +150,32 @@ typedef struct Worker { + typedef struct WorkerMessage { + } WorkerMessage; + ++static bool event_retry(Event *event) { ++ if (!event) ++ return false; ++ ++ assert(event->manager); ++ ++ if (--event->retry < 0) { ++ log_device_error(event->dev, "Retry failed."); ++ return false; ++ } ++ ++ log_device_info(event->dev, "Retry %d times.", UEVENT_MAX_RETRY_TIMES - event->retry); ++ ++ event->timeout_warning_event = sd_event_source_unref(event->timeout_warning_event); ++ event->timeout_event = sd_event_source_unref(event->timeout_event); ++ ++ if (event->worker) { ++ event->worker->event = NULL; ++ event->worker = NULL; ++ } ++ ++ event->state = EVENT_QUEUED; ++ ++ return true; ++} ++ + static void event_free(Event *event) { + if (!event) + return; +@@ -638,6 +666,7 @@ static int event_queue_insert(Manager *manager, sd_device *dev) { + .dev_kernel = TAKE_PTR(clone), + .seqnum = seqnum, + .state = EVENT_QUEUED, ++ .retry = UEVENT_MAX_RETRY_TIMES, + }; + + if (LIST_IS_EMPTY(manager->events)) { +@@ -1314,11 +1343,13 @@ static int on_sigchld(sd_event_source *s, const struct signalfd_siginfo *si, voi + device_delete_db(worker->event->dev); + device_tag_index(worker->event->dev, NULL, false); + +- if (manager->monitor) { +- /* forward kernel event without amending it */ +- r = device_monitor_send_device(manager->monitor, NULL, worker->event->dev_kernel); +- if (r < 0) +- log_device_error_errno(worker->event->dev_kernel, r, "Failed to send back device to kernel: %m"); ++ if (event_retry(worker->event) == false) { ++ if (manager->monitor) { ++ /* forward kernel event without amending it */ ++ r = device_monitor_send_device(manager->monitor, NULL, worker->event->dev_kernel); ++ if (r < 0) ++ log_device_error_errno(worker->event->dev_kernel, r, "Failed to send back device to kernel: %m"); ++ } + } + } + +-- +2.23.0 +
View file
_service:tar_scm:Systemd-Add-sw64-architecture.patch
Added
@@ -0,0 +1,872 @@ +From b9043cf1d074497cf77272dd9bf24c2098e56265 Mon Sep 17 00:00:00 2001 +From: rpm-build <rpm-build> +Date: Tue, 25 Oct 2022 15:26:32 +0800 +Subject: PATCH Systemd Add sw64 architecture + +Signed-off-by: rpm-build <rpm-build> +--- + src/basic/architecture.c | 3 + + src/basic/architecture.h | 4 + + src/basic/meson.build | 1 + + src/basic/missing_fcntl.h | 2 + + src/basic/missing_syscall_def.h | 35 ++ + src/basic/missing_syscalls.py | 2 + + src/basic/syscalls-sw_64.txt | 600 ++++++++++++++++++++++++++++++++ + 7 files changed, 647 insertions(+) + create mode 100644 src/basic/syscalls-sw_64.txt + +diff --git a/src/basic/architecture.c b/src/basic/architecture.c +index 409632c..8314aa5 100644 +--- a/src/basic/architecture.c ++++ b/src/basic/architecture.c +@@ -54,6 +54,8 @@ int uname_architecture(void) { + { "mips", ARCHITECTURE_MIPS }, + #elif defined(__alpha__) + { "alpha" , ARCHITECTURE_ALPHA }, ++#elif defined(__sw_64__) ++ { "sw_64" , ARCHITECTURE_SW_64 }, + #elif defined(__arm__) || defined(__aarch64__) + { "aarch64", ARCHITECTURE_ARM64 }, + { "aarch64_be", ARCHITECTURE_ARM64_BE }, +@@ -159,6 +161,7 @@ static const char *const architecture_table_ARCHITECTURE_MAX = { + ARCHITECTURE_MIPS64 = "mips64", + ARCHITECTURE_MIPS64_LE = "mips64-le", + ARCHITECTURE_ALPHA = "alpha", ++ ARCHITECTURE_SW_64 = "sw_64", + ARCHITECTURE_ARM = "arm", + ARCHITECTURE_ARM_BE = "arm-be", + ARCHITECTURE_ARM64 = "arm64", +diff --git a/src/basic/architecture.h b/src/basic/architecture.h +index 9abc183..3361eaf 100644 +--- a/src/basic/architecture.h ++++ b/src/basic/architecture.h +@@ -30,6 +30,7 @@ enum { + ARCHITECTURE_MIPS64, + ARCHITECTURE_MIPS64_LE, + ARCHITECTURE_ALPHA, ++ ARCHITECTURE_SW_64, + ARCHITECTURE_ARM, + ARCHITECTURE_ARM_BE, + ARCHITECTURE_ARM64, +@@ -143,6 +144,9 @@ int uname_architecture(void); + #elif defined(__alpha__) + # define native_architecture() ARCHITECTURE_ALPHA + # define LIB_ARCH_TUPLE "alpha-linux-gnu" ++#elif defined(__sw_64__) ++# define native_architecture() ARCHITECTURE_SW_64 ++# define LIB_ARCH_TUPLE "sw_64-linux-gnu" + #elif defined(__aarch64__) + # if __BYTE_ORDER == __BIG_ENDIAN + # define native_architecture() ARCHITECTURE_ARM64_BE +diff --git a/src/basic/meson.build b/src/basic/meson.build +index 452b965..80dab1b 100644 +--- a/src/basic/meson.build ++++ b/src/basic/meson.build +@@ -325,6 +325,7 @@ basic_sources += generated_gperf_headers + + arch_list = + 'alpha', ++ 'sw_64', + 'arc', + 'arm', + 'arm64', +diff --git a/src/basic/missing_fcntl.h b/src/basic/missing_fcntl.h +index 00937d2..fff662b 100644 +--- a/src/basic/missing_fcntl.h ++++ b/src/basic/missing_fcntl.h +@@ -45,6 +45,8 @@ + #ifndef __O_TMPFILE + #if defined(__alpha__) + #define __O_TMPFILE 0100000000 ++#elif defined(__sw_64__) ++#define __O_TMPFILE 0100000000 + #elif defined(__parisc__) || defined(__hppa__) + #define __O_TMPFILE 0400000000 + #elif defined(__sparc__) || defined(__sparc64__) +diff --git a/src/basic/missing_syscall_def.h b/src/basic/missing_syscall_def.h +index 29dfd2e..10a585b 100644 +--- a/src/basic/missing_syscall_def.h ++++ b/src/basic/missing_syscall_def.h +@@ -9,6 +9,7 @@ + * template as the per-syscall blocks below. */ + # if defined(__aarch64__) + # elif defined(__alpha__) ++# elif defined(__sw_64__) + # elif defined(__arc__) || defined(__tilegx__) + # elif defined(__arm__) + # elif defined(__i386__) +@@ -44,6 +45,8 @@ + # define systemd_NR_bpf 280 + # elif defined(__alpha__) + # define systemd_NR_bpf 515 ++# elif defined(__sw_64__) ++# define systemd_NR_bpf 170 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_bpf 280 + # elif defined(__arm__) +@@ -108,6 +111,8 @@ assert_cc(__NR_bpf == systemd_NR_bpf); + # define systemd_NR_close_range 436 + # elif defined(__alpha__) + # define systemd_NR_close_range 546 ++# elif defined(__sw_64__) ++# define systemd_NR_close_range 283 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_close_range 436 + # elif defined(__arm__) +@@ -172,6 +177,8 @@ assert_cc(__NR_close_range == systemd_NR_close_range); + # define systemd_NR_copy_file_range 285 + # elif defined(__alpha__) + # define systemd_NR_copy_file_range 519 ++# elif defined(__sw_64__) ++# define systemd_NR_copy_file_range 515 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_copy_file_range 285 + # elif defined(__arm__) +@@ -236,6 +243,8 @@ assert_cc(__NR_copy_file_range == systemd_NR_copy_file_range); + # define systemd_NR_epoll_pwait2 441 + # elif defined(__alpha__) + # define systemd_NR_epoll_pwait2 551 ++# elif defined(__sw_64__) ++# define systemd_NR_epoll_pwait2 551 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_epoll_pwait2 441 + # elif defined(__arm__) +@@ -300,6 +309,8 @@ assert_cc(__NR_epoll_pwait2 == systemd_NR_epoll_pwait2); + # define systemd_NR_getrandom 278 + # elif defined(__alpha__) + # define systemd_NR_getrandom 511 ++# elif defined(__sw_64__) ++# define systemd_NR_getrandom 511 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_getrandom 278 + # elif defined(__arm__) +@@ -364,6 +375,8 @@ assert_cc(__NR_getrandom == systemd_NR_getrandom); + # define systemd_NR_memfd_create 279 + # elif defined(__alpha__) + # define systemd_NR_memfd_create 512 ++# elif defined(__sw_64__) ++# define systemd_NR_memfd_create 512 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_memfd_create 279 + # elif defined(__arm__) +@@ -428,6 +441,8 @@ assert_cc(__NR_memfd_create == systemd_NR_memfd_create); + # define systemd_NR_mount_setattr 442 + # elif defined(__alpha__) + # define systemd_NR_mount_setattr 552 ++# elif defined(__sw_64__) ++# define systemd_NR_mount_setattr 552 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_mount_setattr 442 + # elif defined(__arm__) +@@ -492,6 +507,8 @@ assert_cc(__NR_mount_setattr == systemd_NR_mount_setattr); + # define systemd_NR_move_mount 429 + # elif defined(__alpha__) + # define systemd_NR_move_mount 539 ++# elif defined(__sw_64__) ++# define systemd_NR_move_mount 276 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_move_mount 429 + # elif defined(__arm__) +@@ -556,6 +573,8 @@ assert_cc(__NR_move_mount == systemd_NR_move_mount); + # define systemd_NR_name_to_handle_at 264 + # elif defined(__alpha__) + # define systemd_NR_name_to_handle_at 497 ++# elif defined(__sw_64__) ++# define systemd_NR_name_to_handle_at 497 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_name_to_handle_at 264 + # elif defined(__arm__) +@@ -620,6 +639,8 @@ assert_cc(__NR_name_to_handle_at == systemd_NR_name_to_handle_at); + # define systemd_NR_open_tree 428 + # elif defined(__alpha__) + # define systemd_NR_open_tree 538 ++# elif defined(__sw_64__) ++# define systemd_NR_open_tree 275 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_open_tree 428 + # elif defined(__arm__) +@@ -684,6 +705,8 @@ assert_cc(__NR_open_tree == systemd_NR_open_tree); + # define systemd_NR_openat2 437 + # elif defined(__alpha__) + # define systemd_NR_openat2 547 ++# elif defined(__sw_64__) ++# define systemd_NR_openat2 284 + # elif defined(__arc__) || defined(__tilegx__) + # define systemd_NR_openat2 437 + # elif defined(__arm__) +@@ -750,6 +773,8 @@ assert_cc(__NR_openat2 == systemd_NR_openat2); + # define systemd_NR_pidfd_open 434 + # elif defined(__alpha__)
View file
_service:tar_scm:add-loongarch-for-missing_syscall_def.patch
Added
@@ -0,0 +1,165 @@ +diff --git a/src/basic/missing_syscall_def.h b/src/basic/missing_syscall_def.h +index 29dfd2e..629cad0 100644 +--- a/src/basic/missing_syscall_def.h ++++ b/src/basic/missing_syscall_def.h +@@ -28,6 +28,7 @@ + # else + # error "Unknown RISC-V ABI" + # endif ++# elif defined(__loongarch__) + # elif defined(__s390__) + # elif defined(__sparc__) + # elif defined(__x86_64__) +@@ -74,6 +75,8 @@ + # else + # error "Unknown RISC-V ABI" + # endif ++# elif defined(__loongarch__) ++# define systemd_NR_bpf 280 + # elif defined(__s390__) + # define systemd_NR_bpf 351 + # elif defined(__sparc__) +@@ -138,6 +141,8 @@ assert_cc(__NR_bpf == systemd_NR_bpf); + # else + # error "Unknown RISC-V ABI" + # endif ++# elif defined(__loongarch__) ++# define systemd_NR_close_range 436 + # elif defined(__s390__) + # define systemd_NR_close_range 436 + # elif defined(__sparc__) +@@ -202,6 +207,8 @@ assert_cc(__NR_close_range == systemd_NR_close_range); + # else + # error "Unknown RISC-V ABI" + # endif ++# elif defined(__loongarch__) ++# define systemd_NR_copy_file_range 285 + # elif defined(__s390__) + # define systemd_NR_copy_file_range 375 + # elif defined(__sparc__) +@@ -266,6 +273,8 @@ assert_cc(__NR_copy_file_range == systemd_NR_copy_file_range); + # else + # error "Unknown RISC-V ABI" + # endif ++# elif defined(__loongarch__) ++# define systemd_NR_epoll_pwait2 441 + # elif defined(__s390__) + # define systemd_NR_epoll_pwait2 441 + # elif defined(__sparc__) +@@ -330,6 +339,8 @@ assert_cc(__NR_epoll_pwait2 == systemd_NR_epoll_pwait2); + # else + # error "Unknown RISC-V ABI" + # endif ++# elif defined(__loongarch__) ++# define systemd_NR_getrandom 278 + # elif defined(__s390__) + # define systemd_NR_getrandom 349 + # elif defined(__sparc__) +@@ -394,6 +405,8 @@ assert_cc(__NR_getrandom == systemd_NR_getrandom); + # else + # error "Unknown RISC-V ABI" + # endif ++# elif defined(__loongarch__) ++# define systemd_NR_memfd_create 279 + # elif defined(__s390__) + # define systemd_NR_memfd_create 350 + # elif defined(__sparc__) +@@ -458,6 +471,8 @@ assert_cc(__NR_memfd_create == systemd_NR_memfd_create); + # else + # error "Unknown RISC-V ABI" + # endif ++# elif defined(__loongarch__) ++# define systemd_NR_mount_setattr 442 + # elif defined(__s390__) + # define systemd_NR_mount_setattr 442 + # elif defined(__sparc__) +@@ -522,6 +537,8 @@ assert_cc(__NR_mount_setattr == systemd_NR_mount_setattr); + # else + # error "Unknown RISC-V ABI" + # endif ++# elif defined(__loongarch__) ++# define systemd_NR_move_mount 429 + # elif defined(__s390__) + # define systemd_NR_move_mount 429 + # elif defined(__sparc__) +@@ -586,6 +603,8 @@ assert_cc(__NR_move_mount == systemd_NR_move_mount); + # else + # error "Unknown RISC-V ABI" + # endif ++# elif defined(__loongarch__) ++# define systemd_NR_name_to_handle_at 264 + # elif defined(__s390__) + # define systemd_NR_name_to_handle_at 335 + # elif defined(__sparc__) +@@ -650,6 +669,8 @@ assert_cc(__NR_name_to_handle_at == systemd_NR_name_to_handle_at); + # else + # error "Unknown RISC-V ABI" + # endif ++# elif defined(__loongarch__) ++# define systemd_NR_open_tree 428 + # elif defined(__s390__) + # define systemd_NR_open_tree 428 + # elif defined(__sparc__) +@@ -692,7 +713,7 @@ assert_cc(__NR_open_tree == systemd_NR_open_tree); + # define systemd_NR_openat2 437 + # elif defined(__ia64__) + # define systemd_NR_openat2 1461 +-# elif defined(__loongarch64) ++# elif defined(__loongarch__) + # define systemd_NR_openat2 437 + # elif defined(__m68k__) + # define systemd_NR_openat2 437 +@@ -780,6 +801,8 @@ assert_cc(__NR_openat2 == systemd_NR_openat2); + # else + # error "Unknown RISC-V ABI" + # endif ++# elif defined(__loongarch__) ++# define systemd_NR_pidfd_open 434 + # elif defined(__s390__) + # define systemd_NR_pidfd_open 434 + # elif defined(__sparc__) +@@ -844,6 +867,8 @@ assert_cc(__NR_pidfd_open == systemd_NR_pidfd_open); + # else + # error "Unknown RISC-V ABI" + # endif ++# elif defined(__loongarch__) ++# define systemd_NR_pidfd_send_signal 424 + # elif defined(__s390__) + # define systemd_NR_pidfd_send_signal 424 + # elif defined(__sparc__) +@@ -908,6 +933,8 @@ assert_cc(__NR_pidfd_send_signal == systemd_NR_pidfd_send_signal); + # else + # error "Unknown RISC-V ABI" + # endif ++# elif defined(__loongarch__) ++# define systemd_NR_pkey_mprotect 288 + # elif defined(__s390__) + # define systemd_NR_pkey_mprotect 384 + # elif defined(__sparc__) +@@ -972,6 +999,8 @@ assert_cc(__NR_pkey_mprotect == systemd_NR_pkey_mprotect); + # else + # error "Unknown RISC-V ABI" + # endif ++# elif defined(__loongarch__) ++# define systemd_NR_renameat2 276 + # elif defined(__s390__) + # define systemd_NR_renameat2 347 + # elif defined(__sparc__) +@@ -1036,6 +1065,8 @@ assert_cc(__NR_renameat2 == systemd_NR_renameat2); + # else + # error "Unknown RISC-V ABI" + # endif ++# elif defined(__loongarch__) ++# define systemd_NR_setns 268 + # elif defined(__s390__) + # define systemd_NR_setns 339 + # elif defined(__sparc__) +@@ -1100,6 +1131,8 @@ assert_cc(__NR_setns == systemd_NR_setns); + # else + # error "Unknown RISC-V ABI" + # endif ++# elif defined(__loongarch__) ++# define systemd_NR_statx 291 + # elif defined(__s390__) + # define systemd_NR_statx 379 + # elif defined(__sparc__)
View file
_service:tar_scm:backport-Add-meson-option-to-disable-urlify.patch
Changed
@@ -5,6 +5,9 @@ Useful for systems that don't use a version of less with hyperlink support. + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/e5d86ebed5624ef62342c820a5868b1075deb300 --- meson.build | 1 + meson_options.txt | 2 ++
View file
_service:tar_scm:backport-Bump-the-max-number-of-inodes-for-dev-to-128k.patch
Added
@@ -0,0 +1,46 @@ +From b1bb976219e4c63d4b8099a2820fedbedf0aa8a5 Mon Sep 17 00:00:00 2001 +From: Franck Bui <fbui@suse.com> +Date: Fri, 3 Dec 2021 11:23:36 +0100 +Subject: PATCH Bump the max number of inodes for /dev to 128k + +Follow-up for 7d85383edbab73274dc81cc888d884bb01070bc2. + +Apparently the previous limit set on the max number of inodes for /dev was too +small as a system with 4096 LUNs attached can consume up to 95k inodes for +symlinks: + + # /bin/df -i + Filesystem Inodes IUsed IFree IUse% Mounted on + devtmpfs 49274377 95075 49179302 1% /dev + +Hence this patch bumps the limit from 64k to 128k although the new limit is +still pretty arbitrary (that said, not sure if it really makes sense to put +such absolute limit number). + +(cherry picked from commit 4c733d3046942984c5f73b40c3af39cc218c103f) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/b1bb976219e4c63d4b8099a2820fedbedf0aa8a5 +--- + src/shared/mount-util.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/shared/mount-util.h b/src/shared/mount-util.h +index 36501c2c4a..c5bd881070 100644 +--- a/src/shared/mount-util.h ++++ b/src/shared/mount-util.h +@@ -11,9 +11,9 @@ + #include "errno-util.h" + #include "macro.h" + +-/* 4MB for contents of regular files, 64k inodes for directories, symbolic links and device specials, using ++/* 4MB for contents of regular files, 128k inodes for directories, symbolic links and device specials, using + * large storage array systems as a baseline */ +-#define TMPFS_LIMITS_DEV ",size=4m,nr_inodes=64k" ++#define TMPFS_LIMITS_DEV ",size=4m,nr_inodes=128k" + + /* Very little, if any use expected */ + #define TMPFS_LIMITS_EMPTY_OR_ALMOST ",size=4m,nr_inodes=1k" +-- +2.33.0 +
View file
_service:tar_scm:backport-Bump-the-max-number-of-inodes-for-dev-to-a-million.patch
Changed
@@ -17,10 +17,10 @@ #include "errno-util.h" #include "macro.h" --/* 4MB for contents of regular files, 64k inodes for directories, symbolic links and device specials, using +-/* 4MB for contents of regular files, 128k inodes for directories, symbolic links and device specials, using +/* 4MB for contents of regular files, 1m inodes for directories, symbolic links and device nodes, using * large storage array systems as a baseline */ --#define TMPFS_LIMITS_DEV ",size=4m,nr_inodes=64k" +-#define TMPFS_LIMITS_DEV ",size=4m,nr_inodes=128k" +#define TMPFS_LIMITS_DEV ",size=4m,nr_inodes=1m" /* Very little, if any use expected */
View file
_service:tar_scm:backport-Bump-the-max-number-of-inodes-for-tmp-to-a-million-t.patch
Changed
@@ -1,7 +1,7 @@ From cac372a80177fb622806270eb0d810e4c6ad0c84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> Date: Thu, 9 Dec 2021 10:20:46 +0100 -Subject: PATCH 2/2 Bump the max number of inodes for /tmp to a million too +Subject: PATCH Bump the max number of inodes for /tmp to a million too Fixes #21626. (The bug report talks about /run, but the issue is actually with /tmp.) People use /tmp for various things that fit in memory, e.g. unpacking @@ -14,15 +14,12 @@ index 516bd1621c..4e1bb8de24 100644 --- a/units/tmp.mount +++ b/units/tmp.mount -@@ -22,7 +22,7 @@ After=swap.target +@@ -22,4 +22,4 @@ After=swap.target What=tmpfs Where=/tmp Type=tmpfs -Options=mode=1777,strictatime,nosuid,nodev,size=50%,nr_inodes=400k +Options=mode=1777,strictatime,nosuid,nodev,size=50%,nr_inodes=1m - - # Make 'systemctl enable tmp.mount' work: - Install -- 2.27.0
View file
_service:tar_scm:backport-CVE-2021-3997-rm-rf-optionally-fsync-after-removing-directory-tree.patch
Changed
@@ -1,9 +1,12 @@ From 2426beacca09d84091759be45b25c88116302184 Mon Sep 17 00:00:00 2001 From: Lennart Poettering <lennart@poettering.net> Date: Tue, 5 Oct 2021 10:32:56 +0200 -Subject: PATCH 2/6 rm-rf: optionally fsync() after removing directory tree +Subject: PATCH rm-rf: optionally fsync() after removing directory tree (cherry picked from commit bdfe7ada0d4d66e6d6e65f2822acbb1ec230f9c2) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/2426beacca09d84091759be45b25c88116302184 --- src/shared/rm-rf.c | 3 +++ src/shared/rm-rf.h | 1 + @@ -36,5 +39,5 @@ int unlinkat_harder(int dfd, const char *filename, int unlink_flags, RemoveFlags remove_flags); -- -2.27.0 +2.33.0
View file
_service:tar_scm:backport-CVE-2021-3997-rm-rf-refactor-rm_rf_children-split-out-body-of-dire.patch
Changed
@@ -1,14 +1,17 @@ From ca4a0e7d41f0b2a1fe2f99dbc3763187c16cf7ab Mon Sep 17 00:00:00 2001 From: Lennart Poettering <lennart@poettering.net> Date: Tue, 26 Jan 2021 16:30:06 +0100 -Subject: PATCH 1/6 rm-rf: refactor rm_rf_children(), split out body of - directory iteration loop +Subject: PATCH rm-rf: refactor rm_rf_children(), split out body of directory + iteration loop This splits out rm_rf_children_inner() as body of the loop. We can use that to implement rm_rf_child() for deleting one specific entry in a directory. (cherry picked from commit 1f0fb7d544711248cba34615e43c5a76bc902d74) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/ca4a0e7d41f0b2a1fe2f99dbc3763187c16cf7ab --- src/shared/rm-rf.c | 223 ++++++++++++++++++++++++++------------------- src/shared/rm-rf.h | 3 +- @@ -317,5 +320,5 @@ /* Useful for usage with _cleanup_(), destroys a directory and frees the pointer */ -- -2.27.0 +2.33.0
View file
_service:tar_scm:backport-CVE-2021-3997-shared-rm-rf-loop-over-nested-directories-instead-of.patch
Changed
@@ -1,8 +1,8 @@ From 6a28f8b55904c818b25e4db2e1511faac79fd471 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> Date: Tue, 30 Nov 2021 22:29:05 +0100 -Subject: PATCH 6/6 shared/rm-rf: loop over nested directories instead of - instead of recursing +Subject: PATCH shared/rm-rf: loop over nested directories instead of instead + of recursing To remove directory structures, we need to remove the innermost items first, and then recursively remove higher-level directories. We would recursively @@ -24,6 +24,9 @@ (cherry picked from commit 5b1cf7a9be37e20133c0208005274ce4a5b5c6a1) (cherry picked from commit 911516e1614e435755814ada5fc6064fa107a105) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/6a28f8b55904c818b25e4db2e1511faac79fd471 --- src/shared/rm-rf.c | 161 +++++++++++++++++++++++++++++++-------------- 1 file changed, 113 insertions(+), 48 deletions(-) @@ -269,5 +272,5 @@ + return rm_rf_inner_child(fd, name, -1, flags, NULL, true); } -- -2.27.0 +2.33.0
View file
_service:tar_scm:backport-CVE-2021-3997-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch
Changed
@@ -1,10 +1,13 @@ From 811b137d6137cc3e8932599e6ef9254ba43ff5eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> Date: Tue, 23 Nov 2021 16:56:42 +0100 -Subject: PATCH 5/6 shared/rm_rf: refactor rm_rf() to shorten code a bit +Subject: PATCH shared/rm_rf: refactor rm_rf() to shorten code a bit (cherry picked from commit 84ced330020c0bae57bd4628f1f44eec91304e69) (cherry picked from commit 664529efa9431edc043126013ea54e6c399ae2d3) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/811b137d6137cc3e8932599e6ef9254ba43ff5eb --- src/shared/rm-rf.c | 54 +++++++++++++++++++++------------------------- 1 file changed, 24 insertions(+), 30 deletions(-) @@ -96,5 +99,5 @@ int rm_rf_child(int fd, const char *name, RemoveFlags flags) { -- -2.27.0 +2.33.0
View file
_service:tar_scm:backport-CVE-2021-3997-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch
Changed
@@ -1,11 +1,14 @@ From 89395b63f04f1acc0db533c32637ea20379f97c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> Date: Tue, 23 Nov 2021 15:55:45 +0100 -Subject: PATCH 4/6 shared/rm_rf: refactor rm_rf_children_inner() to shorten - code a bit +Subject: PATCH shared/rm_rf: refactor rm_rf_children_inner() to shorten code + a bit (cherry picked from commit 3bac86abfa1b1720180840ffb9d06b3d54841c11) (cherry picked from commit 47741ff9eae6311a03e4d3d837128191826a4a3a) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/89395b63f04f1acc0db533c32637ea20379f97c0 --- src/shared/rm-rf.c | 27 +++++++++------------------ 1 file changed, 9 insertions(+), 18 deletions(-) @@ -64,5 +67,5 @@ int rm_rf_children( -- -2.27.0 +2.33.0
View file
_service:tar_scm:backport-CVE-2021-3997-tmpfiles-st-may-have-been-used-uninitialized.patch
Changed
@@ -1,9 +1,12 @@ From 7563de501246dccf5a9ea229933481aa1e7bd5c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> Date: Tue, 23 Nov 2021 15:05:58 +0100 -Subject: PATCH 3/6 tmpfiles: 'st' may have been used uninitialized +Subject: PATCH tmpfiles: 'st' may have been used uninitialized (cherry picked from commit 160dadc0350c77d612aa9d5569f57d9bc84c3dca) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/7563de501246dccf5a9ea229933481aa1e7bd5c9 --- src/shared/rm-rf.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) @@ -24,5 +27,5 @@ r = fstatat_harder(fd, fname, &st, AT_SYMLINK_NOFOLLOW, flags); if (r < 0) -- -2.27.0 +2.33.0
View file
_service:tar_scm:backport-CVE-2022-4415-basic-add-STRERROR-wrapper-for-strerror_r.patch
Added
@@ -0,0 +1,102 @@ +From 2c5d05b3cd986568105d67891e4010b868dea24f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Fri, 7 Oct 2022 12:28:31 +0200 +Subject: PATCH basic: add STRERROR() wrapper for strerror_r() + +Conflict:Modify the content in meson.build. +Reference:https://github.com/systemd/systemd/commit/2c5d05b3cd986568105d67891e4010b868dea24f + +--- + src/basic/errno-util.h | 10 +++++++++ + src/test/meson.build | 2 ++ + src/test/test-errno-util.c | 44 ++++++++++++++++++++++++++++++++++++++ + 3 files changed, 56 insertions(+) + create mode 100644 src/test/test-errno-util.c + +diff --git a/src/basic/errno-util.h b/src/basic/errno-util.h +index a71864ca60..f0d24d95cb 100644 +--- a/src/basic/errno-util.h ++++ b/src/basic/errno-util.h +@@ -6,6 +6,16 @@ + + #include "macro.h" + ++/* strerror(3) says that glibc uses a maximum length of 1024 bytes. */ ++#define ERRNO_BUF_LEN 1024 ++ ++/* Note: the lifetime of the compound literal is the immediately surrounding block, ++ * see C11 §6.5.2.5, and ++ * https://stackoverflow.com/questions/34880638/compound-literal-lifetime-and-if-blocks ++ * ++ * Note that we use the GNU variant of strerror_r() here. */ ++#define STRERROR(errnum) strerror_r(abs(errnum), (charERRNO_BUF_LEN){}, ERRNO_BUF_LEN) ++ + static inline void _reset_errno_(int *saved_errno) { + if (*saved_errno < 0) /* Invalidated by UNPROTECT_ERRNO? */ + return; +diff --git a/src/test/meson.build b/src/test/meson.build +index 31ac149b96..86fc1d4fc0 100644 +--- a/src/test/meson.build ++++ b/src/test/meson.build +@@ -615,6 +615,8 @@ tests += + 'src/test/test-arphrd-list.c', + generated_gperf_headers, + ++ 'src/test/test-errno-util.c', ++ + 'src/test/test-ip-protocol-list.c', + shared_generated_gperf_headers, + +diff --git a/src/test/test-errno-util.c b/src/test/test-errno-util.c +new file mode 100644 +index 0000000000..284f451002 +--- /dev/null ++++ b/src/test/test-errno-util.c +@@ -0,0 +1,44 @@ ++/* SPDX-License-Identifier: LGPL-2.1-or-later */ ++ ++#include "errno-util.h" ++#include "stdio-util.h" ++#include "string-util.h" ++#include "tests.h" ++ ++TEST(strerror_not_threadsafe) { ++ /* Just check that strerror really is not thread-safe. */ ++ log_info("strerror(%d) → %s", 200, strerror(200)); ++ log_info("strerror(%d) → %s", 201, strerror(201)); ++ log_info("strerror(%d) → %s", INT_MAX, strerror(INT_MAX)); ++ ++ log_info("strerror(%d), strerror(%d) → %p, %p", 200, 201, strerror(200), strerror(201)); ++ ++ /* This call is not allowed, because the first returned string becomes invalid when ++ * we call strerror the second time: ++ * ++ * log_info("strerror(%d), strerror(%d) → %s, %s", 200, 201, strerror(200), strerror(201)); ++ */ ++} ++ ++TEST(STRERROR) { ++ /* Just check that STRERROR really is thread-safe. */ ++ log_info("STRERROR(%d) → %s", 200, STRERROR(200)); ++ log_info("STRERROR(%d) → %s", 201, STRERROR(201)); ++ log_info("STRERROR(%d), STRERROR(%d) → %s, %s", 200, 201, STRERROR(200), STRERROR(201)); ++ ++ const char *a = STRERROR(200), *b = STRERROR(201); ++ assert_se(strstr(a, "200")); ++ assert_se(strstr(b, "201")); ++ ++ /* Check with negative values */ ++ assert_se(streq(a, STRERROR(-200))); ++ assert_se(streq(b, STRERROR(-201))); ++ ++ const char *c = STRERROR(INT_MAX); ++ char bufDECIMAL_STR_MAX(int); ++ xsprintf(buf, "%d", INT_MAX); /* INT_MAX is hexadecimal, use printf to convert to decimal */ ++ log_info("STRERROR(%d) → %s", INT_MAX, c); ++ assert_se(strstr(c, buf)); ++} ++ ++DEFINE_TEST_MAIN(LOG_INFO); +-- +2.33.0 +
View file
_service:tar_scm:backport-CVE-2022-4415-coredump-adjust-whitespace.patch
Added
@@ -0,0 +1,83 @@ +From 510a146634f3e095b34e2a26023b1b1f99dcb8c0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Tue, 29 Nov 2022 09:00:16 +0100 +Subject: PATCH coredump: adjust whitespace + +Conflict:Delete the modification of parse_config. +Reference:https://github.com/systemd/systemd/commit/510a146634f3e095b34e2a26023b1b1f99dcb8c0 + +--- + src/coredump/coredump.c | 56 ++++++++++++++++++++--------------------- + 1 file changed, 28 insertions(+), 28 deletions(-) + +diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c +index 50220c5ec7..9ce2b92ded 100644 +--- a/src/coredump/coredump.c ++++ b/src/coredump/coredump.c +@@ -111,16 +111,16 @@ enum { + }; + + static const char * const meta_field_names_META_MAX = { +- META_ARGV_PID = "COREDUMP_PID=", +- META_ARGV_UID = "COREDUMP_UID=", +- META_ARGV_GID = "COREDUMP_GID=", +- META_ARGV_SIGNAL = "COREDUMP_SIGNAL=", +- META_ARGV_TIMESTAMP = "COREDUMP_TIMESTAMP=", +- META_ARGV_RLIMIT = "COREDUMP_RLIMIT=", +- META_ARGV_HOSTNAME = "COREDUMP_HOSTNAME=", +- META_COMM = "COREDUMP_COMM=", +- META_EXE = "COREDUMP_EXE=", +- META_UNIT = "COREDUMP_UNIT=", ++ META_ARGV_PID = "COREDUMP_PID=", ++ META_ARGV_UID = "COREDUMP_UID=", ++ META_ARGV_GID = "COREDUMP_GID=", ++ META_ARGV_SIGNAL = "COREDUMP_SIGNAL=", ++ META_ARGV_TIMESTAMP = "COREDUMP_TIMESTAMP=", ++ META_ARGV_RLIMIT = "COREDUMP_RLIMIT=", ++ META_ARGV_HOSTNAME = "COREDUMP_HOSTNAME=", ++ META_COMM = "COREDUMP_COMM=", ++ META_EXE = "COREDUMP_EXE=", ++ META_UNIT = "COREDUMP_UNIT=", + }; + + typedef struct Context { +@@ -139,9 +139,9 @@ typedef enum CoredumpStorage { + } CoredumpStorage; + + static const char* const coredump_storage_table_COREDUMP_STORAGE_MAX = { +- COREDUMP_STORAGE_NONE = "none", ++ COREDUMP_STORAGE_NONE = "none", + COREDUMP_STORAGE_EXTERNAL = "external", +- COREDUMP_STORAGE_JOURNAL = "journal", ++ COREDUMP_STORAGE_JOURNAL = "journal", + }; + + DEFINE_PRIVATE_STRING_TABLE_LOOKUP(coredump_storage, CoredumpStorage); +@@ -209,15 +209,15 @@ static int fix_acl(int fd, uid_t uid) { + static int fix_xattr(int fd, const Context *context) { + + static const char * const xattrs_META_MAX = { +- META_ARGV_PID = "user.coredump.pid", +- META_ARGV_UID = "user.coredump.uid", +- META_ARGV_GID = "user.coredump.gid", +- META_ARGV_SIGNAL = "user.coredump.signal", +- META_ARGV_TIMESTAMP = "user.coredump.timestamp", +- META_ARGV_RLIMIT = "user.coredump.rlimit", +- META_ARGV_HOSTNAME = "user.coredump.hostname", +- META_COMM = "user.coredump.comm", +- META_EXE = "user.coredump.exe", ++ META_ARGV_PID = "user.coredump.pid", ++ META_ARGV_UID = "user.coredump.uid", ++ META_ARGV_GID = "user.coredump.gid", ++ META_ARGV_SIGNAL = "user.coredump.signal", ++ META_ARGV_TIMESTAMP = "user.coredump.timestamp", ++ META_ARGV_RLIMIT = "user.coredump.rlimit", ++ META_ARGV_HOSTNAME = "user.coredump.hostname", ++ META_COMM = "user.coredump.comm", ++ META_EXE = "user.coredump.exe", + }; + + int r = 0; +-- +2.33.0 +
View file
_service:tar_scm:backport-CVE-2022-4415-dont-allow-user-access-coredumps-with-changed-uid.patch
Added
@@ -0,0 +1,386 @@ +From 3e4d0f6cf99f8677edd6a237382a65bfe758de03 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Mon, 28 Nov 2022 12:12:55 +0100 +Subject: PATCH coredump: do not allow user to access coredumps with changed + uid/gid/capabilities + +When the user starts a program which elevates its permissions via setuid, +setgid, or capabilities set on the file, it may access additional information +which would then be visible in the coredump. We shouldn't make the the coredump +visible to the user in such cases. + +Reported-by: Matthias Gerstner <mgerstner@suse.de> + +This reads the /proc/<pid>/auxv file and attaches it to the process metadata as +PROC_AUXV. Before the coredump is submitted, it is parsed and if either +at_secure was set (which the kernel will do for processes that are setuid, +setgid, or setcap), or if the effective uid/gid don't match uid/gid, the file +is not made accessible to the user. If we can't access this data, we assume the +file should not be made accessible either. In principle we could also access +the auxv data from a note in the core file, but that is much more complex and +it seems better to use the stand-alone file that is provided by the kernel. + +Attaching auxv is both convient for this patch (because this way it's passed +between the stages along with other fields), but I think it makes sense to save +it in general. + +We use the information early in the core file to figure out if the program was +32-bit or 64-bit and its endianness. This way we don't need heuristics to guess +whether the format of the auxv structure. This test might reject some cases on +fringe architecutes. But the impact would be limited: we just won't grant the +user permissions to view the coredump file. If people report that we're missing +some cases, we can always enhance this to support more architectures. + +I tested auxv parsing on amd64, 32-bit program on amd64, arm64, arm32, and +ppc64el, but not the whole coredump handling. + +Conflict:Change 'r = fsync_full(fd);' to 'if (fsync(fd) < 0)'. +Reference:https://github.com/systemd/systemd/commit/3e4d0f6cf99f8677edd6a237382a65bfe758de03 + +--- + src/basic/io-util.h | 9 ++ + src/coredump/coredump.c | 196 +++++++++++++++++++++++++++++++++++++--- + 2 files changed, 192 insertions(+), 13 deletions(-) + +diff --git a/src/basic/io-util.h b/src/basic/io-util.h +index 39728e06bc..3afb134266 100644 +--- a/src/basic/io-util.h ++++ b/src/basic/io-util.h +@@ -91,7 +91,16 @@ struct iovec_wrapper *iovw_new(void); + struct iovec_wrapper *iovw_free(struct iovec_wrapper *iovw); + struct iovec_wrapper *iovw_free_free(struct iovec_wrapper *iovw); + void iovw_free_contents(struct iovec_wrapper *iovw, bool free_vectors); ++ + int iovw_put(struct iovec_wrapper *iovw, void *data, size_t len); ++static inline int iovw_consume(struct iovec_wrapper *iovw, void *data, size_t len) { ++ /* Move data into iovw or free on error */ ++ int r = iovw_put(iovw, data, len); ++ if (r < 0) ++ free(data); ++ return r; ++} ++ + int iovw_put_string_field(struct iovec_wrapper *iovw, const char *field, const char *value); + int iovw_put_string_field_free(struct iovec_wrapper *iovw, const char *field, char *value); + void iovw_rebase(struct iovec_wrapper *iovw, char *old, char *new); +diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c +index 9ce2b92ded..b6f3a2f256 100644 +--- a/src/coredump/coredump.c ++++ b/src/coredump/coredump.c +@@ -4,6 +4,7 @@ + #include <stdio.h> + #include <sys/prctl.h> + #include <sys/statvfs.h> ++#include <sys/auxv.h> + #include <sys/xattr.h> + #include <unistd.h> + +@@ -107,6 +108,7 @@ enum { + + META_EXE = _META_MANDATORY_MAX, + META_UNIT, ++ META_PROC_AUXV, + _META_MAX + }; + +@@ -121,10 +123,12 @@ static const char * const meta_field_names_META_MAX = { + META_COMM = "COREDUMP_COMM=", + META_EXE = "COREDUMP_EXE=", + META_UNIT = "COREDUMP_UNIT=", ++ META_PROC_AUXV = "COREDUMP_PROC_AUXV=", + }; + + typedef struct Context { + const char *meta_META_MAX; ++ size_t meta_size_META_MAX; + pid_t pid; + bool is_pid1; + bool is_journald; +@@ -186,13 +190,16 @@ static uint64_t storage_size_max(void) { + return 0; + } + +-static int fix_acl(int fd, uid_t uid) { ++static int fix_acl(int fd, uid_t uid, bool allow_user) { ++ assert(fd >= 0); ++ assert(uid_is_valid(uid)); + + #if HAVE_ACL + int r; + +- assert(fd >= 0); +- assert(uid_is_valid(uid)); ++ /* We don't allow users to read coredumps if the uid or capabilities were changed. */ ++ if (!allow_user) ++ return 0; + + if (uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY) + return 0; +@@ -252,7 +259,8 @@ static int fix_permissions( + const char *filename, + const char *target, + const Context *context, +- uid_t uid) { ++ uid_t uid, ++ bool allow_user) { + + int r; + +@@ -262,7 +270,7 @@ static int fix_permissions( + + /* Ignore errors on these */ + (void) fchmod(fd, 0640); +- (void) fix_acl(fd, uid); ++ (void) fix_acl(fd, uid, allow_user); + (void) fix_xattr(fd, context); + + if (fsync(fd) < 0) +@@ -332,6 +340,153 @@ static int make_filename(const Context *context, char **ret) { + return 0; + } + ++static int parse_auxv64( ++ const uint64_t *auxv, ++ size_t size_bytes, ++ int *at_secure, ++ uid_t *uid, ++ uid_t *euid, ++ gid_t *gid, ++ gid_t *egid) { ++ ++ assert(auxv || size_bytes == 0); ++ ++ if (size_bytes % (2 * sizeof(uint64_t)) != 0) ++ return log_warning_errno(SYNTHETIC_ERRNO(EIO), "Incomplete auxv structure (%zu bytes).", size_bytes); ++ ++ size_t words = size_bytes / sizeof(uint64_t); ++ ++ /* Note that we set output variables even on error. */ ++ ++ for (size_t i = 0; i + 1 < words; i += 2) ++ switch (auxvi) { ++ case AT_SECURE: ++ *at_secure = auxvi + 1 != 0; ++ break; ++ case AT_UID: ++ *uid = auxvi + 1; ++ break; ++ case AT_EUID: ++ *euid = auxvi + 1; ++ break; ++ case AT_GID: ++ *gid = auxvi + 1; ++ break; ++ case AT_EGID: ++ *egid = auxvi + 1; ++ break; ++ case AT_NULL: ++ if (auxvi + 1 != 0) ++ goto error; ++ return 0; ++ } ++ error: ++ return log_warning_errno(SYNTHETIC_ERRNO(ENODATA), ++ "AT_NULL terminator not found, cannot parse auxv structure."); ++} ++ ++static int parse_auxv32( ++ const uint32_t *auxv, ++ size_t size_bytes, ++ int *at_secure, ++ uid_t *uid, ++ uid_t *euid, ++ gid_t *gid, ++ gid_t *egid) { ++ ++ assert(auxv || size_bytes == 0); ++ ++ size_t words = size_bytes / sizeof(uint32_t); ++
View file
_service:tar_scm:backport-CVE-2022-4415-test-Add-TEST_RET-macro.patch
Added
@@ -0,0 +1,107 @@ +From 4c0acc0761aae0370e20e118b9db3b704e9045cd Mon Sep 17 00:00:00 2001 +From: Jan Janssen <medhefgo@web.de> +Date: Thu, 25 Nov 2021 10:27:51 +0100 +Subject: PATCH test: Add TEST_RET macro + +This declares a test function whose return code will be passed from +main(). The first test that does not return EXIT_SUCCESS wins. + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/4c0acc0761aae0370e20e118b9db3b704e9045cd + +--- + src/shared/tests.h | 54 ++++++++++++++++++++++++++++++++-------------- + 1 file changed, 38 insertions(+), 16 deletions(-) + +diff --git a/src/shared/tests.h b/src/shared/tests.h +index 872b9b2d6c..d1c96ef35b 100644 +--- a/src/shared/tests.h ++++ b/src/shared/tests.h +@@ -46,46 +46,68 @@ bool can_memlock(void); + const char *ci_environment(void); + + typedef struct TestFunc { +- void (*f)(void); +- const char * const n; ++ union f { ++ void (*void_func)(void); ++ int (*int_func)(void); ++ } f; ++ const char * const name; ++ bool has_ret; + } TestFunc; + + /* See static-destruct.h for an explanation of how this works. */ +-#define REGISTER_TEST(func) \ +- static void func(void); \ +- _section_("SYSTEMD_TEST_TABLE") _alignptr_ _used_ _variable_no_sanitize_address_ \ +- static const TestFunc UNIQ_T(static_test_table_entry, UNIQ) = { \ +- .f = &(func), \ +- .n = STRINGIFY(func), \ ++#define REGISTER_TEST(func) \ ++ _section_("SYSTEMD_TEST_TABLE") _alignptr_ _used_ _variable_no_sanitize_address_ \ ++ static const TestFunc UNIQ_T(static_test_table_entry, UNIQ) = { \ ++ .f = (union f) &(func), \ ++ .name = STRINGIFY(func), \ ++ .has_ret = __builtin_types_compatible_p(typeof((union f){}.int_func), typeof(&(func))), \ + } + + extern const TestFunc _weak_ __start_SYSTEMD_TEST_TABLE; + extern const TestFunc _weak_ __stop_SYSTEMD_TEST_TABLE; + +-#define TEST(name) \ +- REGISTER_TEST(test_##name); \ ++#define TEST(name) \ ++ static void test_##name(void); \ ++ REGISTER_TEST(test_##name); \ + static void test_##name(void) + +-static inline void run_test_table(void) { ++#define TEST_RET(name) \ ++ static int test_##name(void); \ ++ REGISTER_TEST(test_##name); \ ++ static int test_##name(void) ++ ++static inline int run_test_table(void) { ++ int r = EXIT_SUCCESS; ++ + if (!__start_SYSTEMD_TEST_TABLE) +- return; ++ return r; + + const TestFunc *t = ALIGN_TO_PTR(__start_SYSTEMD_TEST_TABLE, sizeof(TestFunc*)); + while (t < __stop_SYSTEMD_TEST_TABLE) { +- log_info("/* %s */", t->n); +- t->f(); ++ log_info("/* %s */", t->name); ++ ++ if (t->has_ret) { ++ int r2 = t->f.int_func(); ++ if (r == EXIT_SUCCESS) ++ r = r2; ++ } else ++ t->f.void_func(); ++ + t = ALIGN_TO_PTR(t + 1, sizeof(TestFunc*)); + } ++ ++ return r; + } + + #define DEFINE_CUSTOM_TEST_MAIN(log_level, intro, outro) \ + int main(int argc, char *argv) { \ ++ int _r = EXIT_SUCCESS; \ + test_setup_logging(log_level); \ + save_argc_argv(argc, argv); \ + intro; \ +- run_test_table(); \ ++ _r = run_test_table(); \ + outro; \ +- return EXIT_SUCCESS; \ ++ return _r; \ + } + + #define DEFINE_TEST_MAIN(log_level) DEFINE_CUSTOM_TEST_MAIN(log_level, , ) +-- +2.33.0 +
View file
_service:tar_scm:backport-CVE-2022-4415-test-Add-sd_booted-condition-test-to-TEST-macro.patch
Added
@@ -0,0 +1,102 @@ +From 0578dfe3eb2ceb8571b62a904dec0ddf410f6352 Mon Sep 17 00:00:00 2001 +From: Jan Janssen <medhefgo@web.de> +Date: Thu, 25 Nov 2021 10:45:15 +0100 +Subject: PATCH test: Add sd_booted condition test to TEST macro + +Note that this will only report test skips if they use TEST_RET macro. +Regular TEST macros can still be skipped, but this will not be reported +back to main(); + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/0578dfe3eb2ceb8571b62a904dec0ddf410f6352 + +--- + src/shared/tests.h | 43 ++++++++++++++++++++++++++----------------- + 1 file changed, 26 insertions(+), 17 deletions(-) + +diff --git a/src/shared/tests.h b/src/shared/tests.h +index d1c96ef35b..95283e2829 100644 +--- a/src/shared/tests.h ++++ b/src/shared/tests.h +@@ -39,7 +39,7 @@ bool can_memlock(void); + if (sd_booted() > 0) { \ + x; \ + } else { \ +- printf("systemd not booted skipping '%s'\n", #x); \ ++ printf("systemd not booted, skipping '%s'\n", #x); \ + } + + /* Provide a convenient way to check if we're running in CI. */ +@@ -51,29 +51,31 @@ typedef struct TestFunc { + int (*int_func)(void); + } f; + const char * const name; +- bool has_ret; ++ bool has_ret:1; ++ bool sd_booted:1; + } TestFunc; + + /* See static-destruct.h for an explanation of how this works. */ +-#define REGISTER_TEST(func) \ ++#define REGISTER_TEST(func, ...) \ + _section_("SYSTEMD_TEST_TABLE") _alignptr_ _used_ _variable_no_sanitize_address_ \ + static const TestFunc UNIQ_T(static_test_table_entry, UNIQ) = { \ + .f = (union f) &(func), \ + .name = STRINGIFY(func), \ + .has_ret = __builtin_types_compatible_p(typeof((union f){}.int_func), typeof(&(func))), \ ++ ##__VA_ARGS__ \ + } + + extern const TestFunc _weak_ __start_SYSTEMD_TEST_TABLE; + extern const TestFunc _weak_ __stop_SYSTEMD_TEST_TABLE; + +-#define TEST(name) \ +- static void test_##name(void); \ +- REGISTER_TEST(test_##name); \ ++#define TEST(name, ...) \ ++ static void test_##name(void); \ ++ REGISTER_TEST(test_##name, ##__VA_ARGS__); \ + static void test_##name(void) + +-#define TEST_RET(name) \ +- static int test_##name(void); \ +- REGISTER_TEST(test_##name); \ ++#define TEST_RET(name, ...) \ ++ static int test_##name(void); \ ++ REGISTER_TEST(test_##name, ##__VA_ARGS__); \ + static int test_##name(void) + + static inline int run_test_table(void) { +@@ -84,14 +86,21 @@ static inline int run_test_table(void) { + + const TestFunc *t = ALIGN_TO_PTR(__start_SYSTEMD_TEST_TABLE, sizeof(TestFunc*)); + while (t < __stop_SYSTEMD_TEST_TABLE) { +- log_info("/* %s */", t->name); +- +- if (t->has_ret) { +- int r2 = t->f.int_func(); +- if (r == EXIT_SUCCESS) +- r = r2; +- } else +- t->f.void_func(); ++ ++ if (t->sd_booted && sd_booted() <= 0) { ++ log_info("/* systemd not booted, skipping %s */", t->name); ++ if (t->has_ret && r == EXIT_SUCCESS) ++ r = EXIT_TEST_SKIP; ++ } else { ++ log_info("/* %s */", t->name); ++ ++ if (t->has_ret) { ++ int r2 = t->f.int_func(); ++ if (r == EXIT_SUCCESS) ++ r = r2; ++ } else ++ t->f.void_func(); ++ } + + t = ALIGN_TO_PTR(t + 1, sizeof(TestFunc*)); + } +-- +2.33.0 +
View file
_service:tar_scm:backport-CVE-2022-4415-test-Create-convenience-macros-to-declare-tests.patch
Added
@@ -0,0 +1,70 @@ +From 9cc615460830afdb51ad23e594906bbe60a3b25a Mon Sep 17 00:00:00 2001 +From: Jan Janssen <medhefgo@web.de> +Date: Fri, 12 Nov 2021 10:54:44 +0100 +Subject: PATCH test: Create convenience macros to declare tests + +Conflict:Delete all contents in test-macro.c. +Reference:https://github.com/systemd/systemd/commit/9cc615460830afdb51ad23e594906bbe60a3b25a + +--- + src/shared/tests.h | 47 ++++++++++++++++++++++++++++++++++++++ + 1 file changed, 47 insertions(+) + +diff --git a/src/shared/tests.h b/src/shared/tests.h +index c1350763ad..f333ebd842 100644 +--- a/src/shared/tests.h ++++ b/src/shared/tests.h +@@ -43,3 +43,50 @@ bool can_memlock(void); + + /* Provide a convenient way to check if we're running in CI. */ + const char *ci_environment(void); ++ ++typedef struct TestFunc { ++ void (*f)(void); ++ const char * const n; ++} TestFunc; ++ ++/* See static-destruct.h for an explanation of how this works. */ ++#define REGISTER_TEST(func) \ ++ static void func(void); \ ++ _section_("SYSTEMD_TEST_TABLE") _alignptr_ _used_ _variable_no_sanitize_address_ \ ++ static const TestFunc UNIQ_T(static_test_table_entry, UNIQ) = { \ ++ .f = &(func), \ ++ .n = STRINGIFY(func), \ ++ } ++ ++extern const TestFunc _weak_ __start_SYSTEMD_TEST_TABLE; ++extern const TestFunc _weak_ __stop_SYSTEMD_TEST_TABLE; ++ ++#define TEST(name) \ ++ REGISTER_TEST(test_##name); \ ++ static void test_##name(void) ++ ++static inline void run_test_table(void) { ++ if (!__start_SYSTEMD_TEST_TABLE) ++ return; ++ ++ const TestFunc *t = ALIGN_TO_PTR(__start_SYSTEMD_TEST_TABLE, sizeof(TestFunc*)); ++ while (t < __stop_SYSTEMD_TEST_TABLE) { ++ log_info("/* %s */", t->n); ++ t->f(); ++ t = ALIGN_TO_PTR(t + 1, sizeof(TestFunc*)); ++ } ++} ++ ++#define DEFINE_TEST_MAIN \ ++ int main(int argc, char *argv) { \ ++ test_setup_logging(LOG_INFO); \ ++ run_test_table(); \ ++ return EXIT_SUCCESS; \ ++ } ++ ++#define DEFINE_CUSTOM_TEST_MAIN(impl) \ ++ int main(int argc, char *argv) { \ ++ test_setup_logging(LOG_INFO); \ ++ run_test_table(); \ ++ return impl(); \ ++ } +-- +2.33.0 +
View file
_service:tar_scm:backport-CVE-2022-4415-test-Slightly-rework-DEFINE_TEST_MAIN-macros.patch
Added
@@ -0,0 +1,57 @@ +From a40b728e1172cc07a09e12dd56089ab37c8c5924 Mon Sep 17 00:00:00 2001 +From: Jan Janssen <medhefgo@web.de> +Date: Tue, 23 Nov 2021 13:40:27 +0100 +Subject: PATCH test: Slightly rework DEFINE_TEST_MAIN macros + +- A lot of tests want a different log level +- Provides saved_argc/saved_argv to tests +- Separate intro/outro is more flexible + +Conflict:Delete content in test-macro.c. +Reference:https://github.com/systemd/systemd/commit/a40b728e1172cc07a09e12dd56089ab37c8c5924 + +--- + src/shared/tests.h | 21 ++++++++++----------- + 1 file changed, 10 insertions(+), 11 deletions(-) + +diff --git a/src/shared/tests.h b/src/shared/tests.h +index f333ebd842..872b9b2d6c 100644 +--- a/src/shared/tests.h ++++ b/src/shared/tests.h +@@ -6,6 +6,7 @@ + #include "sd-daemon.h" + + #include "macro.h" ++#include "util.h" + + static inline bool manager_errno_skip_test(int r) { + return IN_SET(abs(r), +@@ -77,16 +78,14 @@ static inline void run_test_table(void) { + } + } + +-#define DEFINE_TEST_MAIN \ +- int main(int argc, char *argv) { \ +- test_setup_logging(LOG_INFO); \ +- run_test_table(); \ +- return EXIT_SUCCESS; \ ++#define DEFINE_CUSTOM_TEST_MAIN(log_level, intro, outro) \ ++ int main(int argc, char *argv) { \ ++ test_setup_logging(log_level); \ ++ save_argc_argv(argc, argv); \ ++ intro; \ ++ run_test_table(); \ ++ outro; \ ++ return EXIT_SUCCESS; \ + } + +-#define DEFINE_CUSTOM_TEST_MAIN(impl) \ +- int main(int argc, char *argv) { \ +- test_setup_logging(LOG_INFO); \ +- run_test_table(); \ +- return impl(); \ +- } ++#define DEFINE_TEST_MAIN(log_level) DEFINE_CUSTOM_TEST_MAIN(log_level, , ) +-- +2.33.0 +
View file
_service:tar_scm:backport-CVE-2022-4415-tree-wide-define-and-use-STRERROR_OR_EOF.patch
Added
@@ -0,0 +1,105 @@ +From f69ae8585f5ce6cd8d1e6f3ccd6c9c2cf153e846 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Mon, 10 Oct 2022 21:19:43 +0200 +Subject: PATCH tree-wide: define and use STRERROR_OR_EOF() + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/f69ae8585f5ce6cd8d1e6f3ccd6c9c2cf153e846 + +--- + src/basic/errno-util.h | 5 +++++ + src/journal-remote/journal-gatewayd.c | 4 ++-- + src/libsystemd/sd-bus/test-bus-chat.c | 2 +- + src/login/logind-seat.c | 8 ++++---- + src/test/test-errno-util.c | 6 ++++++ + 5 files changed, 18 insertions(+), 7 deletions(-) + +diff --git a/src/basic/errno-util.h b/src/basic/errno-util.h +index f0d24d95cb..1e2e5b9f15 100644 +--- a/src/basic/errno-util.h ++++ b/src/basic/errno-util.h +@@ -16,6 +16,11 @@ + * Note that we use the GNU variant of strerror_r() here. */ + #define STRERROR(errnum) strerror_r(abs(errnum), (charERRNO_BUF_LEN){}, ERRNO_BUF_LEN) + ++/* A helper to print an error message or message for functions that return 0 on EOF. ++ * Note that we can't use ({ … }) to define a temporary variable, so errnum is ++ * evaluated twice. */ ++#define STRERROR_OR_EOF(errnum) ((errnum) != 0 ? STRERROR(errnum) : "Unexpected EOF") ++ + static inline void _reset_errno_(int *saved_errno) { + if (*saved_errno < 0) /* Invalidated by UNPROTECT_ERRNO? */ + return; +diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c +index 3e2a85ce29..34def4670e 100644 +--- a/src/journal-remote/journal-gatewayd.c ++++ b/src/journal-remote/journal-gatewayd.c +@@ -256,7 +256,7 @@ static ssize_t request_reader_entries( + errno = 0; + k = fread(buf, 1, n, m->tmp); + if (k != n) { +- log_error("Failed to read from file: %s", errno != 0 ? strerror_safe(errno) : "Premature EOF"); ++ log_error("Failed to read from file: %s", STRERROR_OR_EOF(errno)); + return MHD_CONTENT_READER_END_WITH_ERROR; + } + +@@ -600,7 +600,7 @@ static ssize_t request_reader_fields( + errno = 0; + k = fread(buf, 1, n, m->tmp); + if (k != n) { +- log_error("Failed to read from file: %s", errno != 0 ? strerror_safe(errno) : "Premature EOF"); ++ log_error("Failed to read from file: %s", STRERROR_OR_EOF(errno)); + return MHD_CONTENT_READER_END_WITH_ERROR; + } + +diff --git a/src/libsystemd/sd-bus/test-bus-chat.c b/src/libsystemd/sd-bus/test-bus-chat.c +index df6dd62151..93e8ebfb1b 100644 +--- a/src/libsystemd/sd-bus/test-bus-chat.c ++++ b/src/libsystemd/sd-bus/test-bus-chat.c +@@ -308,7 +308,7 @@ static void* client1(void *p) { + + errno = 0; + if (read(pp0, &x, 1) <= 0) { +- log_error("Failed to read from pipe: %s", errno != 0 ? strerror_safe(errno) : "early read"); ++ log_error("Failed to read from pipe: %s", STRERROR_OR_EOF(errno)); + goto finish; + } + +diff --git a/src/login/logind-seat.c b/src/login/logind-seat.c +index 43c72da11f..d8ad424bfe 100644 +--- a/src/login/logind-seat.c ++++ b/src/login/logind-seat.c +@@ -389,11 +389,11 @@ int seat_read_active_vt(Seat *s) { + if (lseek(s->manager->console_active_fd, SEEK_SET, 0) < 0) + return log_error_errno(errno, "lseek on console_active_fd failed: %m"); + ++ errno = 0; + k = read(s->manager->console_active_fd, t, sizeof(t)-1); +- if (k <= 0) { +- log_error("Failed to read current console: %s", k < 0 ? strerror_safe(errno) : "EOF"); +- return k < 0 ? -errno : -EIO; +- } ++ if (k <= 0) ++ return log_error_errno(errno ?: EIO, ++ "Failed to read current console: %s", STRERROR_OR_EOF(errno)); + + tk = 0; + truncate_nl(t); +diff --git a/src/test/test-errno-util.c b/src/test/test-errno-util.c +index 284f451002..f858927c92 100644 +--- a/src/test/test-errno-util.c ++++ b/src/test/test-errno-util.c +@@ -41,4 +41,10 @@ TEST(STRERROR) { + assert_se(strstr(c, buf)); + } + ++TEST(STRERROR_OR_ELSE) { ++ log_info("STRERROR_OR_ELSE(0, \"EOF\") → %s", STRERROR_OR_EOF(0)); ++ log_info("STRERROR_OR_ELSE(EPERM, \"EOF\") → %s", STRERROR_OR_EOF(EPERM)); ++ log_info("STRERROR_OR_ELSE(-EPERM, \"EOF\") → %s", STRERROR_OR_EOF(-EPERM)); ++} ++ + DEFINE_TEST_MAIN(LOG_INFO); +-- +2.33.0 +
View file
_service:tar_scm:backport-Change-gendered-terms-to-be-gender-neutral-21325.patch
Added
@@ -0,0 +1,131 @@ +From 3ba07929636e1a55c71767e40e23bf639b7a8db5 Mon Sep 17 00:00:00 2001 +From: Emily Gonyer <emilyyrose@gmail.com> +Date: Fri, 12 Nov 2021 10:09:56 -0500 +Subject: PATCH Change gendered terms to be gender-neutral (#21325) + +Some typos are also fixed. + +(cherry picked from commit be7148ebed5d73c4a76bc6089ebe2e82d8fa33e0) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/3ba07929636e1a55c71767e40e23bf639b7a8db5 +--- + docs/CODING_STYLE.md | 2 +- + docs/PREDICTABLE_INTERFACE_NAMES.md | 2 +- + man/sd_bus_add_object.xml | 2 +- + src/core/manager.h | 2 +- + src/hostname/hostnamectl.c | 2 +- + src/libsystemd/sd-bus/bus-socket.c | 4 ++-- + src/libsystemd/sd-bus/sd-bus.c | 2 +- + src/udev/dmi_memory_id/dmi_memory_id.c | 2 +- + 8 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/docs/CODING_STYLE.md b/docs/CODING_STYLE.md +index 54150e1ee7..05fbb2ac9e 100644 +--- a/docs/CODING_STYLE.md ++++ b/docs/CODING_STYLE.md +@@ -287,7 +287,7 @@ layout: default + with a more brutal `assert()`. We are more forgiving to public users than for + ourselves! Note that `assert()` and `assert_return()` really only should be + used for detecting programming errors, not for runtime errors. `assert()` and +- `assert_return()` by usage of `_likely_()` inform the compiler that he should ++ `assert_return()` by usage of `_likely_()` inform the compiler that it should + not expect these checks to fail, and they inform fellow programmers about the + expected validity and range of parameters. + +diff --git a/docs/PREDICTABLE_INTERFACE_NAMES.md b/docs/PREDICTABLE_INTERFACE_NAMES.md +index 07529e7a70..890bd3935c 100644 +--- a/docs/PREDICTABLE_INTERFACE_NAMES.md ++++ b/docs/PREDICTABLE_INTERFACE_NAMES.md +@@ -53,7 +53,7 @@ With this new scheme you now get: + * The same on all distributions that adopted systemd/udev + * It's easy to opt out of the scheme (see below) + +-Does this have any drawbacks? Yes, it does. Previously it was practically guaranteed that hosts equipped with a single ethernet card only had a single `eth0` interface. With this new scheme in place, an administrator now has to check first what the local interface name is before he can invoke commands on it where previously he had a good chance that `eth0` was the right name. ++Does this have any drawbacks? Yes, it does. Previously it was practically guaranteed that hosts equipped with a single ethernet card only had a single `eth0` interface. With this new scheme in place, an administrator now has to check first what the local interface name is before they can invoke commands on it, where previously they had a good chance that `eth0` was the right name. + + + ## I don't like this, how do I disable this? +diff --git a/man/sd_bus_add_object.xml b/man/sd_bus_add_object.xml +index 31a3344bbd..54683e4f11 100644 +--- a/man/sd_bus_add_object.xml ++++ b/man/sd_bus_add_object.xml +@@ -508,7 +508,7 @@ + <varlistentry> + <term><constant>SD_BUS_VTABLE_METHOD_NO_REPLY</constant></term> + +- <listitem><para>Mark his vtable entry as a method that will not return a reply using the ++ <listitem><para>Mark this vtable entry as a method that will not return a reply using the + <constant>org.freedesktop.DBus.Method.NoReply</constant> annotation in introspection data. + </para></listitem> + </varlistentry> +diff --git a/src/core/manager.h b/src/core/manager.h +index b3e7c68e6d..14a80b396e 100644 +--- a/src/core/manager.h ++++ b/src/core/manager.h +@@ -195,7 +195,7 @@ struct Manager { + + sd_event *event; + +- /* This maps PIDs we care about to units that are interested in. We allow multiple units to he interested in ++ /* This maps PIDs we care about to units that are interested in. We allow multiple units to be interested in + * the same PID and multiple PIDs to be relevant to the same unit. Since in most cases only a single unit will + * be interested in the same PID we use a somewhat special encoding here: the first unit interested in a PID is + * stored directly in the hashmap, keyed by the PID unmodified. If there are other units interested too they'll +diff --git a/src/hostname/hostnamectl.c b/src/hostname/hostnamectl.c +index 283038c7cb..2eca5feaca 100644 +--- a/src/hostname/hostnamectl.c ++++ b/src/hostname/hostnamectl.c +@@ -442,7 +442,7 @@ static int set_hostname(int argc, char **argv, void *userdata) { + * dot if there is one. If it was not valid, then it will be made fully valid by truncating, dropping + * multiple dots, and dropping weird chars. Note that we clean the name up only if we also are + * supposed to set the pretty name. If the pretty name is not being set we assume the user knows what +- * he does and pass the name as-is. */ ++ * they are doing and pass the name as-is. */ + h = strdup(hostname); + if (!h) + return log_oom(); +diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c +index 378774fe8b..09eb49c37f 100644 +--- a/src/libsystemd/sd-bus/bus-socket.c ++++ b/src/libsystemd/sd-bus/bus-socket.c +@@ -300,8 +300,8 @@ static int verify_external_token(sd_bus *b, const char *p, size_t l) { + uid_t u; + int r; + +- /* We don't do any real authentication here. Instead, we if +- * the owner of this bus wanted authentication he should have ++ /* We don't do any real authentication here. Instead, if ++ * the owner of this bus wanted authentication they should have + * checked SO_PEERCRED before even creating the bus object. */ + + if (!b->anonymous_auth && !b->ucred_valid) +diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c +index 79c24fe703..ab8d4e4a60 100644 +--- a/src/libsystemd/sd-bus/sd-bus.c ++++ b/src/libsystemd/sd-bus/sd-bus.c +@@ -3274,7 +3274,7 @@ static int bus_poll(sd_bus *bus, bool need_more, uint64_t timeout_usec) { + return e; + + if (need_more) +- /* The caller really needs some more data, he doesn't ++ /* The caller really needs some more data, they don't + * care about what's already read, or any timeouts + * except its own. */ + e |= POLLIN; +diff --git a/src/udev/dmi_memory_id/dmi_memory_id.c b/src/udev/dmi_memory_id/dmi_memory_id.c +index 64eba0d314..00e46f8b9e 100644 +--- a/src/udev/dmi_memory_id/dmi_memory_id.c ++++ b/src/udev/dmi_memory_id/dmi_memory_id.c +@@ -539,7 +539,7 @@ static void dmi_table_decode(const uint8_t *buf, size_t len, uint16_t num) { + + /* If a short entry is found (less than 4 bytes), not only it + * is invalid, but we cannot reliably locate the next entry. +- * Better stop at this point, and let the user know his/her ++ * Better stop at this point, and let the user know their + * table is broken. */ + if (h.length < 4) + break; +-- +2.33.0 +
View file
_service:tar_scm:backport-Don-t-open-var-journals-in-volatile-mode-when-runtim.patch
Added
@@ -0,0 +1,35 @@ +From 00e7f0994a39852ab1adabfb7e19ff2634e916a0 Mon Sep 17 00:00:00 2001 +From: Milo Turner <mturner@starry.com> +Date: Fri, 13 Aug 2021 10:28:58 -0400 +Subject: PATCH Don't open /var journals in volatile mode when + runtime_journal==NULL + +(cherry picked from commit d64441b669932ab97fbbfc71cb143045f690039e) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/00e7f0994a39852ab1adabfb7e19ff2634e916a0 +--- + src/journal/journald-server.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c +index 30f04f5383..a0695ec519 100644 +--- a/src/journal/journald-server.c ++++ b/src/journal/journald-server.c +@@ -415,6 +415,13 @@ static JournalFile* find_journal(Server *s, uid_t uid) { + if (s->runtime_journal) + return s->runtime_journal; + ++ /* If we are not in persistent mode, then we need return NULL immediately rather than opening a ++ * persistent journal of any sort. ++ * ++ * Fixes https://github.com/systemd/systemd/issues/20390 */ ++ if (!IN_SET(s->storage, STORAGE_AUTO, STORAGE_PERSISTENT)) ++ return NULL; ++ + if (uid_for_system_journal(uid)) + return s->system_journal; + +-- +2.33.0 +
View file
_service:tar_scm:backport-Drop-bundled-copy-of-linux-if_arp.h.patch
Added
@@ -0,0 +1,227 @@ +From f27585b58a308454bf3409a77c8b1dd12fc64816 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Wed, 15 Sep 2021 16:33:05 +0200 +Subject: PATCH Drop bundled copy of linux/if_arp.h +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +As far as I can see, we use this to get a list of ARPHRD_* defines (used in +particular for Type= in .link files). If we drop our copy, and build against +old kernel headers, the user will have a shorter list of types available. This +seems OK, and I don't think it's worth carrying our own version of this file +just to have newest possible entries. + +7c5b9952c4f6e2b72f90edbe439982528b7cf223 recently updated this file, but we'd +have to update it every time the kernel adds new entries. But if we look at +the failure carefully: + +src/basic/arphrd-from-name.gperf:65:16: error: ‘ARPHRD_MCTP’ undeclared (first use in this function); did you mean ‘ARPHRD_FCPP’? + 65 | MCTP, ARPHRD_MCTP + | ^~ + | ARPHRD_FCPP + +we see that the list we were generating was from the system headers, so it was +only as good as the system headers anyway, without the newer entries in our +bundled copy, if there were any. So let's make things simpler by always using +system headers. + +And if somebody wants to fix things so that we always have the newest list, +then we should just generate and store the converted list, not the full header. + +(cherry picked from commit e7f46ee3ae1cc66a94b293957721d68dc09d7449) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/f27585b58a308454bf3409a77c8b1dd12fc64816 +--- + src/basic/linux/if_arp.h | 165 --------------------------------------- + src/basic/meson.build | 1 - + 2 files changed, 166 deletions(-) + delete mode 100644 src/basic/linux/if_arp.h + +diff --git a/src/basic/linux/if_arp.h b/src/basic/linux/if_arp.h +deleted file mode 100644 +index 4783af9fe5..0000000000 +--- a/src/basic/linux/if_arp.h ++++ /dev/null +@@ -1,165 +0,0 @@ +-/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */ +-/* +- * INET An implementation of the TCP/IP protocol suite for the LINUX +- * operating system. INET is implemented using the BSD Socket +- * interface as the means of communication with the user level. +- * +- * Global definitions for the ARP (RFC 826) protocol. +- * +- * Version: @(#)if_arp.h 1.0.1 04/16/93 +- * +- * Authors: Original taken from Berkeley UNIX 4.3, (c) UCB 1986-1988 +- * Portions taken from the KA9Q/NOS (v2.00m PA0GRI) source. +- * Ross Biro +- * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG> +- * Florian La Roche, +- * Jonathan Layes <layes@loran.com> +- * Arnaldo Carvalho de Melo <acme@conectiva.com.br> ARPHRD_HWX25 +- * +- * This program is free software; you can redistribute it and/or +- * modify it under the terms of the GNU General Public License +- * as published by the Free Software Foundation; either version +- * 2 of the License, or (at your option) any later version. +- */ +-#ifndef _UAPI_LINUX_IF_ARP_H +-#define _UAPI_LINUX_IF_ARP_H +- +-#include <linux/netdevice.h> +- +-/* ARP protocol HARDWARE identifiers. */ +-#define ARPHRD_NETROM 0 /* from KA9Q: NET/ROM pseudo */ +-#define ARPHRD_ETHER 1 /* Ethernet 10Mbps */ +-#define ARPHRD_EETHER 2 /* Experimental Ethernet */ +-#define ARPHRD_AX25 3 /* AX.25 Level 2 */ +-#define ARPHRD_PRONET 4 /* PROnet token ring */ +-#define ARPHRD_CHAOS 5 /* Chaosnet */ +-#define ARPHRD_IEEE802 6 /* IEEE 802.2 Ethernet/TR/TB */ +-#define ARPHRD_ARCNET 7 /* ARCnet */ +-#define ARPHRD_APPLETLK 8 /* APPLEtalk */ +-#define ARPHRD_DLCI 15 /* Frame Relay DLCI */ +-#define ARPHRD_ATM 19 /* ATM */ +-#define ARPHRD_METRICOM 23 /* Metricom STRIP (new IANA id) */ +-#define ARPHRD_IEEE1394 24 /* IEEE 1394 IPv4 - RFC 2734 */ +-#define ARPHRD_EUI64 27 /* EUI-64 */ +-#define ARPHRD_INFINIBAND 32 /* InfiniBand */ +- +-/* Dummy types for non ARP hardware */ +-#define ARPHRD_SLIP 256 +-#define ARPHRD_CSLIP 257 +-#define ARPHRD_SLIP6 258 +-#define ARPHRD_CSLIP6 259 +-#define ARPHRD_RSRVD 260 /* Notional KISS type */ +-#define ARPHRD_ADAPT 264 +-#define ARPHRD_ROSE 270 +-#define ARPHRD_X25 271 /* CCITT X.25 */ +-#define ARPHRD_HWX25 272 /* Boards with X.25 in firmware */ +-#define ARPHRD_CAN 280 /* Controller Area Network */ +-#define ARPHRD_MCTP 290 +-#define ARPHRD_PPP 512 +-#define ARPHRD_CISCO 513 /* Cisco HDLC */ +-#define ARPHRD_HDLC ARPHRD_CISCO +-#define ARPHRD_LAPB 516 /* LAPB */ +-#define ARPHRD_DDCMP 517 /* Digital's DDCMP protocol */ +-#define ARPHRD_RAWHDLC 518 /* Raw HDLC */ +-#define ARPHRD_RAWIP 519 /* Raw IP */ +- +-#define ARPHRD_TUNNEL 768 /* IPIP tunnel */ +-#define ARPHRD_TUNNEL6 769 /* IP6IP6 tunnel */ +-#define ARPHRD_FRAD 770 /* Frame Relay Access Device */ +-#define ARPHRD_SKIP 771 /* SKIP vif */ +-#define ARPHRD_LOOPBACK 772 /* Loopback device */ +-#define ARPHRD_LOCALTLK 773 /* Localtalk device */ +-#define ARPHRD_FDDI 774 /* Fiber Distributed Data Interface */ +-#define ARPHRD_BIF 775 /* AP1000 BIF */ +-#define ARPHRD_SIT 776 /* sit0 device - IPv6-in-IPv4 */ +-#define ARPHRD_IPDDP 777 /* IP over DDP tunneller */ +-#define ARPHRD_IPGRE 778 /* GRE over IP */ +-#define ARPHRD_PIMREG 779 /* PIMSM register interface */ +-#define ARPHRD_HIPPI 780 /* High Performance Parallel Interface */ +-#define ARPHRD_ASH 781 /* Nexus 64Mbps Ash */ +-#define ARPHRD_ECONET 782 /* Acorn Econet */ +-#define ARPHRD_IRDA 783 /* Linux-IrDA */ +-/* ARP works differently on different FC media .. so */ +-#define ARPHRD_FCPP 784 /* Point to point fibrechannel */ +-#define ARPHRD_FCAL 785 /* Fibrechannel arbitrated loop */ +-#define ARPHRD_FCPL 786 /* Fibrechannel public loop */ +-#define ARPHRD_FCFABRIC 787 /* Fibrechannel fabric */ +- /* 787->799 reserved for fibrechannel media types */ +-#define ARPHRD_IEEE802_TR 800 /* Magic type ident for TR */ +-#define ARPHRD_IEEE80211 801 /* IEEE 802.11 */ +-#define ARPHRD_IEEE80211_PRISM 802 /* IEEE 802.11 + Prism2 header */ +-#define ARPHRD_IEEE80211_RADIOTAP 803 /* IEEE 802.11 + radiotap header */ +-#define ARPHRD_IEEE802154 804 +-#define ARPHRD_IEEE802154_MONITOR 805 /* IEEE 802.15.4 network monitor */ +- +-#define ARPHRD_PHONET 820 /* PhoNet media type */ +-#define ARPHRD_PHONET_PIPE 821 /* PhoNet pipe header */ +-#define ARPHRD_CAIF 822 /* CAIF media type */ +-#define ARPHRD_IP6GRE 823 /* GRE over IPv6 */ +-#define ARPHRD_NETLINK 824 /* Netlink header */ +-#define ARPHRD_6LOWPAN 825 /* IPv6 over LoWPAN */ +-#define ARPHRD_VSOCKMON 826 /* Vsock monitor header */ +- +-#define ARPHRD_VOID 0xFFFF /* Void type, nothing is known */ +-#define ARPHRD_NONE 0xFFFE /* zero header length */ +- +-/* ARP protocol opcodes. */ +-#define ARPOP_REQUEST 1 /* ARP request */ +-#define ARPOP_REPLY 2 /* ARP reply */ +-#define ARPOP_RREQUEST 3 /* RARP request */ +-#define ARPOP_RREPLY 4 /* RARP reply */ +-#define ARPOP_InREQUEST 8 /* InARP request */ +-#define ARPOP_InREPLY 9 /* InARP reply */ +-#define ARPOP_NAK 10 /* (ATM)ARP NAK */ +- +- +-/* ARP ioctl request. */ +-struct arpreq { +- struct sockaddr arp_pa; /* protocol address */ +- struct sockaddr arp_ha; /* hardware address */ +- int arp_flags; /* flags */ +- struct sockaddr arp_netmask; /* netmask (only for proxy arps) */ +- char arp_devIFNAMSIZ; +-}; +- +-struct arpreq_old { +- struct sockaddr arp_pa; /* protocol address */ +- struct sockaddr arp_ha; /* hardware address */ +- int arp_flags; /* flags */ +- struct sockaddr arp_netmask; /* netmask (only for proxy arps) */ +-}; +- +-/* ARP Flag values. */ +-#define ATF_COM 0x02 /* completed entry (ha valid) */ +-#define ATF_PERM 0x04 /* permanent entry */ +-#define ATF_PUBL 0x08 /* publish entry */ +-#define ATF_USETRAILERS 0x10 /* has requested trailers */ +-#define ATF_NETMASK 0x20 /* want to use a netmask (only +- for proxy entries) */ +-#define ATF_DONTPUB 0x40 /* don't answer this addresses */ +- +-/* +- * This structure defines an ethernet arp header. +- */ +- +-struct arphdr { +- __be16 ar_hrd; /* format of hardware address */ +- __be16 ar_pro; /* format of protocol address */ +- unsigned char ar_hln; /* length of hardware address */ +- unsigned char ar_pln; /* length of protocol address */ +- __be16 ar_op; /* ARP opcode (command) */ +- +-#if 0
View file
_service:tar_scm:backport-Fix-another-crash-due-to-missing-NHDR.patch
Added
@@ -0,0 +1,29 @@ +From 60630b5e812ce103e9625bcc87778165374a455e Mon Sep 17 00:00:00 2001 +From: Kevin Orr <kevinorr54@gmail.com> +Date: Thu, 26 Aug 2021 17:04:53 -0400 +Subject: PATCH Fix another crash due to missing NHDR + +(cherry picked from commit a3a5446b7675696f43c2d8a2a0b898d72228a53d) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/60630b5e812ce103e9625bcc87778165374a455e +--- + src/coredump/stacktrace.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/coredump/stacktrace.c b/src/coredump/stacktrace.c +index e46b324cdf..f855a370ff 100644 +--- a/src/coredump/stacktrace.c ++++ b/src/coredump/stacktrace.c +@@ -299,6 +299,8 @@ static int module_callback(Dwfl_Module *mod, void **userdata, const char *name, + program_header->p_offset, + program_header->p_filesz, + ELF_T_NHDR); ++ if (!data) ++ continue; + + Elf *memelf = elf_memory(data->d_buf, data->d_size); + if (!memelf) +-- +2.33.0 +
View file
_service:tar_scm:backport-Fix-error-building-repart-with-no-libcryptsetup-2073.patch
Added
@@ -0,0 +1,33 @@ +From d3dfc9afa2297e2e15019adf974da8fb0ab7270c Mon Sep 17 00:00:00 2001 +From: Marcus Harrison <marcus@harrisonland.co.uk> +Date: Wed, 15 Sep 2021 03:55:07 +0200 +Subject: PATCH Fix error building repart with no libcryptsetup (#20739) + +(cherry picked from commit 2709d02906dd3ab5ecc2b3e19e2846b1714a7e5a) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/d3dfc9afa2297e2e15019adf974da8fb0ab7270c +--- + src/partition/repart.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/partition/repart.c b/src/partition/repart.c +index 589acaa49d..851c68cc4b 100644 +--- a/src/partition/repart.c ++++ b/src/partition/repart.c +@@ -206,7 +206,12 @@ static const char *encrypt_mode_table_ENCRYPT_MODE_MAX = { + ENCRYPT_KEY_FILE_TPM2 = "key-file+tpm2", + }; + ++#if HAVE_LIBCRYPTSETUP + DEFINE_PRIVATE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(encrypt_mode, EncryptMode, ENCRYPT_KEY_FILE); ++#else ++DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING_WITH_BOOLEAN(encrypt_mode, EncryptMode, ENCRYPT_KEY_FILE); ++#endif ++ + + static uint64_t round_down_size(uint64_t v, uint64_t p) { + return (v / p) * p; +-- +2.33.0 +
View file
_service:tar_scm:backport-Fix-the-Failed-to-open-random-seed-.-message.patch
Added
@@ -0,0 +1,33 @@ +From c1b4ee2e0fd28a0c802a3694107613e1689d1c96 Mon Sep 17 00:00:00 2001 +From: longpanda <59477474+ventoy@users.noreply.github.com> +Date: Thu, 5 Aug 2021 09:31:44 +0800 +Subject: PATCH Fix the "Failed to open random seed ..." message. + +When boot ArchLinux from Ventoy, it always print `Failed to open random seed file: write protected.` +As Ventoy emulate the ISO file as a read-only CDROM, I didn't test with a real physical CDROM drive, but maybe it also has such problem. +As we use `EFI_FILE_MODE_WRITE` to open the `loader\random-seed` file, so I think it's better to check the result with both `EFI_WRITE_PROTECTED` and `EFI_NOT_FOUND`. + +(cherry picked from commit 2846007ecfb1fc84005b942167d394294c707d7b) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/c1b4ee2e0fd28a0c802a3694107613e1689d1c96 +--- + src/boot/efi/random-seed.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/boot/efi/random-seed.c b/src/boot/efi/random-seed.c +index ff364695f3..3e179851b0 100644 +--- a/src/boot/efi/random-seed.c ++++ b/src/boot/efi/random-seed.c +@@ -245,7 +245,7 @@ EFI_STATUS process_random_seed(EFI_FILE *root_dir, RandomSeedMode mode) { + + err = uefi_call_wrapper(root_dir->Open, 5, root_dir, &handle, (CHAR16*) L"\\loader\\random-seed", EFI_FILE_MODE_READ|EFI_FILE_MODE_WRITE, 0ULL); + if (EFI_ERROR(err)) { +- if (err != EFI_NOT_FOUND) ++ if (err != EFI_NOT_FOUND && err != EFI_WRITE_PROTECTED) + Print(L"Failed to open random seed file: %r\n", err); + return err; + } +-- +2.33.0 +
View file
_service:tar_scm:backport-Get-rid-of-dangling-setutxent.patch
Added
@@ -0,0 +1,55 @@ +From 540389a690b1d6cb00620d8ad6f54077a90e15f8 Mon Sep 17 00:00:00 2001 +From: MertsA <mertsa@fb.com> +Date: Tue, 10 Aug 2021 20:54:50 -0700 +Subject: PATCH Get rid of dangling setutxent() + +utmp_wall() and utmp_put_dead_process() called setutxent() directly instead of the stub in utmp-wtmp.h and never called endutxent(). This would leave /run/utmp left open by PID 1 or journald. This can be reproduced by e.g. lsof /run/utmp and systemd-cat -p 0 echo test. For utmp_put_dead_process() it would only leave it open if it returned early before calling write_utmp_wtmp() + +(cherry picked from commit bbd239f67a683fe63ee3698896fa503ff25031ed) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/540389a690b1d6cb00620d8ad6f54077a90e15f8 +--- + src/shared/utmp-wtmp.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/shared/utmp-wtmp.c b/src/shared/utmp-wtmp.c +index 3eeee24693..784aad2943 100644 +--- a/src/shared/utmp-wtmp.c ++++ b/src/shared/utmp-wtmp.c +@@ -215,13 +215,14 @@ int utmp_put_init_process(const char *id, pid_t pid, pid_t sid, const char *line + } + + int utmp_put_dead_process(const char *id, pid_t pid, int code, int status) { ++ _cleanup_(utxent_cleanup) bool utmpx = false; + struct utmpx lookup = { + .ut_type = INIT_PROCESS /* looks for DEAD_PROCESS, LOGIN_PROCESS, USER_PROCESS, too */ + }, store, store_wtmp, *found; + + assert(id); + +- setutxent(); ++ utmpx = utxent_start(); + + /* Copy the whole string if it fits, or just the suffix without the terminating NUL. */ + copy_suffix(store.ut_id, sizeof(store.ut_id), id); +@@ -339,6 +340,7 @@ int utmp_wall( + bool (*match_tty)(const char *tty, void *userdata), + void *userdata) { + ++ _cleanup_(utxent_cleanup) bool utmpx = false; + _cleanup_free_ char *text = NULL, *hn = NULL, *un = NULL, *stdin_tty = NULL; + char dateFORMAT_TIMESTAMP_MAX; + struct utmpx *u; +@@ -368,7 +370,7 @@ int utmp_wall( + message) < 0) + return -ENOMEM; + +- setutxent(); ++ utmpx = utxent_start(); + + r = 0; + +-- +2.33.0 +
View file
_service:tar_scm:backport-Respect-install_sysconfdir.patch
Added
@@ -0,0 +1,61 @@ +From 0062322638aa36df8190326a6afd38780fb7a271 Mon Sep 17 00:00:00 2001 +From: Kai Wohlfahrt <kai.wohlfahrt@gmail.com> +Date: Tue, 14 Sep 2021 00:32:52 +0100 +Subject: PATCH Respect install_sysconfdir + +This was lost e11a25cadbe and c900d89faa0 while adding jinja2 +templating. Breaks builds on NixOS. + +(cherry picked from commit 679de141122ca30388bba6d132f8c0dddcdddd15) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/0062322638aa36df8190326a6afd38780fb7a271 +--- + src/core/meson.build | 2 +- + src/login/meson.build | 8 +++++--- + 2 files changed, 6 insertions(+), 4 deletions(-) + +diff --git a/src/core/meson.build b/src/core/meson.build +index c66538eab1..367c085027 100644 +--- a/src/core/meson.build ++++ b/src/core/meson.build +@@ -193,7 +193,7 @@ foreach item : in_files + output: file, + command : meson_render_jinja2, config_h, '@INPUT@', + capture : true, +- install : (dir == pkgsysconfdir and install_sysconfdir_samples) or (dir != pkgsysconfdir and dir != 'no'), ++ install : (dir == pkgsysconfdir) ? install_sysconfdir_samples : (dir != 'no'), + install_dir : dir) + endforeach + +diff --git a/src/login/meson.build b/src/login/meson.build +index b637adc9a2..da704d238f 100644 +--- a/src/login/meson.build ++++ b/src/login/meson.build +@@ -71,18 +71,20 @@ in_files = + '70-uaccess.rules', udevrulesdir, enable_logind and conf.get('HAVE_ACL') == 1, + '71-seat.rules', udevrulesdir, enable_logind, + '73-seat-late.rules', udevrulesdir, enable_logind, +- 'systemd-user', pamconfdir, enable_logind and pamconfdir != 'no' ++ 'systemd-user', pamconfdir, enable_logind + + foreach tuple : in_files + file = tuple0 ++ dir = tuple1 ++ install = (dir == pkgsysconfdir) ? install_sysconfdir_samples : (dir != 'no') + custom_target( + file, + input : file + '.in', + output: file, + command : meson_render_jinja2, config_h, '@INPUT@', + capture : true, +- install : tuple2, +- install_dir : tuple1) ++ install : tuple2 and install, ++ install_dir : dir) + endforeach + + if enable_logind +-- +2.33.0 +
View file
_service:tar_scm:backport-Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch
Added
@@ -0,0 +1,35 @@ +From 47b256d63ac092137fe44e27560a14ee4aa5b7c8 Mon Sep 17 00:00:00 2001 +From: Lukas Nykryn <lnykryn@redhat.com> +Date: Fri, 8 Feb 2019 10:54:34 +0100 +Subject: Revert "sysctl.d: switch net.ipv4.conf.all.rp_filter + from 1 to 2" + +Conflict:according def94437934 and 5d4fc0e665a, modify default.rp_filter +and *.rp_filter +Reference:https://github.com/systemd/systemd/commit/230450d4e4f1f5fc9fa4295ed9185eea5b6ea16e + +This reverts commit 75c9af80cf3529c76988451e63f98010c86f48f1. + +Resolves: #1653824 +--- + sysctl.d/50-default.conf | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf +index 1b76b9d..2717a4d 100644 +--- a/sysctl.d/50-default.conf ++++ b/sysctl.d/50-default.conf +@@ -26,8 +26,8 @@ kernel.core_uses_pid = 1 + kernel.core_uses_pid = 1 + + # Source route verification +-net.ipv4.conf.default.rp_filter = 2 +-net.ipv4.conf.*.rp_filter = 2 ++net.ipv4.conf.default.rp_filter = 1 ++net.ipv4.conf.*.rp_filter = 1 + -net.ipv4.conf.all.rp_filter + + # Do not accept source routing +-- +2.23.0 +
View file
_service:tar_scm:backport-Use-correct-fcntl.h-include.patch
Added
@@ -0,0 +1,35 @@ +From 3450d8dc8ddb582816c6c481b6a9b7378706ab3b Mon Sep 17 00:00:00 2001 +From: David Seifert <soap@gentoo.org> +Date: Mon, 2 Aug 2021 12:41:38 +0200 +Subject: PATCH Use correct `<fcntl.h>` include + +* `<sys/fcntl.h>` is not specified in POSIX + +(cherry picked from commit f8d54f7810aeea5ff27a5db03e1aab7ea54c8268) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/3450d8dc8ddb582816c6c481b6a9b7378706ab3b +--- + src/basic/fileio.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/fileio.h b/src/basic/fileio.h +index c28b17fef5..9bd2037f5b 100644 +--- a/src/basic/fileio.h ++++ b/src/basic/fileio.h +@@ -2,11 +2,11 @@ + #pragma once + + #include <dirent.h> ++#include <fcntl.h> + #include <stdbool.h> + #include <stddef.h> + #include <stdio.h> + #include <sys/stat.h> +-#include <sys/fcntl.h> + #include <sys/types.h> + + #include "macro.h" +-- +2.33.0 +
View file
_service:tar_scm:backport-Use-correct-poll.h-include.patch
Added
@@ -0,0 +1,43 @@ +From fba9fd963bb3b5fafdb123788b3fabe6ed0830c9 Mon Sep 17 00:00:00 2001 +From: David Seifert <soap@gentoo.org> +Date: Mon, 2 Aug 2021 16:09:10 +0200 +Subject: PATCH Use correct `<poll.h>` include + +* `<sys/poll.h>` is not specified in POSIX + +(cherry picked from commit 2b6c0bb2a341c95223ce672249e43c743b03d78c) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/fba9fd963bb3b5fafdb123788b3fabe6ed0830c9 +--- + src/shared/nscd-flush.c | 2 +- + src/shared/varlink.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/shared/nscd-flush.c b/src/shared/nscd-flush.c +index dfc47c4234..19e16d9345 100644 +--- a/src/shared/nscd-flush.c ++++ b/src/shared/nscd-flush.c +@@ -1,5 +1,5 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ +-#include <sys/poll.h> ++#include <poll.h> + + #include "fd-util.h" + #include "io-util.h" +diff --git a/src/shared/varlink.c b/src/shared/varlink.c +index 6b0b343ae9..8da568e208 100644 +--- a/src/shared/varlink.c ++++ b/src/shared/varlink.c +@@ -1,7 +1,7 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + + #include <malloc.h> +-#include <sys/poll.h> ++#include <poll.h> + + #include "alloc-util.h" + #include "errno-util.h" +-- +2.33.0 +
View file
_service:tar_scm:backport-analyze-add-forgotten-return-statement.patch
Added
@@ -0,0 +1,33 @@ +From 53fd101c2144cb104d34aea8e68c7c24443107bd Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Fri, 7 Oct 2022 15:52:33 +0200 +Subject: PATCH analyze: add forgotten return statement + +We would fail with an assert in sd_bus_message_enter_container() afterwards. + +(cherry picked from commit 5475e963c5e6ade35404384ba03caf79cb1bc2e5) +(cherry picked from commit e0ba044985ac33d5eb2fb0d09fc2ff1b2f9b73dc) +(cherry picked from commit 1316666e98accf6b8ab8cb0fb5ef73d275049a34) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/53fd101c2144cb104d34aea8e68c7c24443107bd +--- + src/analyze/analyze.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c +index 62c0ccbdfe..6452d23331 100644 +--- a/src/analyze/analyze.c ++++ b/src/analyze/analyze.c +@@ -1274,7 +1274,7 @@ static int dot(int argc, char *argv, void *userdata) { + + r = bus_call_method(bus, bus_systemd_mgr, "ListUnits", &error, &reply, NULL); + if (r < 0) +- log_error_errno(r, "Failed to list units: %s", bus_error_message(&error, r)); ++ return log_error_errno(r, "Failed to list units: %s", bus_error_message(&error, r)); + + r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "(ssssssouso)"); + if (r < 0) +-- +2.27.0 +
View file
_service:tar_scm:backport-analyze-fix-printing-config-when-there-is-no-main-co.patch
Added
@@ -0,0 +1,91 @@ +From 8621f957b6e3a7eed1c5965d332ad1c4c594f26e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Sat, 20 Nov 2021 11:42:31 +0100 +Subject: PATCH analyze: fix printing config when there is no main config + file + +Since 8b8024f1c231c166f5c450905c8fd91d11704ae7 and the follow-up commits, the +main config file may be located in /usr or in other paths. But the code in +analyze.c was still assuming that it must be in /etc. Things mostly worked for +our own config files because we usually install a comments-only file in /etc, +but was not correct in the general case. + +This fixes in particular 'systemd-analyze cat-config systemd/zram-generator.conf'. +In Fedora we distribute a config file in zram-generator-defaults.rpm that is in +/usr/lib, and 'cat-config' would refuse to show it because +/etc/systemd/zram-generator.conf does not exist. + +The main config file is optional, but let's print an informative message +because this is a slightly unusual case. + +The file paths that we printed were missing the root prefix. + +(cherry picked from commit 0895e87348e5fc02f50498cad5922eb3eb172323) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/8621f957b6e3a7eed1c5965d332ad1c4c594f26e +--- + src/shared/pretty-print.c | 43 ++++++++++++++++++++++++++------------- + 1 file changed, 29 insertions(+), 14 deletions(-) + +diff --git a/src/shared/pretty-print.c b/src/shared/pretty-print.c +index 137ba77b3a..97baeda401 100644 +--- a/src/shared/pretty-print.c ++++ b/src/shared/pretty-print.c +@@ -300,24 +300,39 @@ int conf_files_cat(const char *root, const char *name) { + return log_error_errno(r, "Failed to build directory list: %m"); + } + +- r = conf_files_list_strv(&files, extension, root, 0, (const char* const*) dirs); +- if (r < 0) +- return log_error_errno(r, "Failed to query file list: %m"); ++ if (DEBUG_LOGGING) { ++ log_debug("Looking for configuration in:"); ++ if (!is_collection) ++ STRV_FOREACH(prefix, prefixes) ++ log_debug(" %s%s%s", strempty(root), *prefix, name); + ++ STRV_FOREACH(t, dirs) ++ log_debug(" %s%s/*%s", strempty(root), *t, extension); ++ } ++ ++ /* First locate the main config file, if any */ + if (!is_collection) { +- path = path_join(root, "/etc", name); ++ STRV_FOREACH(prefix, prefixes) { ++ path = path_join(root, *prefix, name); ++ if (!path) ++ return log_oom(); ++ if (access(path, F_OK) == 0) ++ break; ++ path = mfree(path); ++ } ++ + if (!path) +- return log_oom(); ++ printf("%s# Main configuration file %s not found%s\n", ++ ansi_highlight_magenta(), ++ name, ++ ansi_normal()); + } + +- if (DEBUG_LOGGING) { +- log_debug("Looking for configuration in:"); +- if (path) +- log_debug(" %s", path); +- STRV_FOREACH(t, dirs) +- log_debug(" %s/*%s", *t, extension); +- } ++ /* Then locate the drop-ins, if any */ ++ r = conf_files_list_strv(&files, extension, root, 0, (const char* const*) dirs); ++ if (r < 0) ++ return log_error_errno(r, "Failed to query file list: %m"); + +- /* show */ +- return cat_files(path, files, CAT_FLAGS_MAIN_FILE_OPTIONAL); ++ /* Show */ ++ return cat_files(path, files, 0); + } +-- +2.33.0 +
View file
_service:tar_scm:backport-argv-util-also-update-program_invocation_short_name.patch
Added
@@ -0,0 +1,35 @@ +From 73be22c6f245ad86ef33d95bd4ab0a8e9fd121be Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 3 Feb 2023 18:29:36 +0900 +Subject: PATCH argv-util: also update program_invocation_short_name + +Our logging uses program_invocation_short_name. Without this patch, +logs from forked client may become broken; spuriously truncated or +the short invocation name is not completely shown in the log. + +(cherry picked from commit dd15e4cb57129b915e01495e113696bfe0b70214) +(cherry picked from commit ce4726468dc02bd7383cd7d90c8769576c6973e3) +(cherry picked from commit 7a862d9d1a7196a5576720959849f45fc68b041c) +(cherry picked from commit 9fbbd7bf28e5362b786e152a9ce4e8bd40621759) +--- + src/basic/process-util.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/basic/process-util.c b/src/basic/process-util.c +index b76ca6f7c5..10651a4564 100644 +--- a/src/basic/process-util.c ++++ b/src/basic/process-util.c +@@ -371,6 +371,10 @@ int rename_process(const char name) { + strncpy(program_invocation_name, name, k); + if (l > k) + truncated = true; ++ ++ /* Also update the short name. */ ++ char *p = strrchr(program_invocation_name, '/'); ++ program_invocation_short_name = p ? p + 1 : program_invocation_name; + } + + /* Third step, completely replace the argv array the kernel maintains for us. This requires privileges, but +-- +2.27.0 +
View file
_service:tar_scm:backport-backlight-ignore-error-if-the-backlight-device-is-al.patch
Added
@@ -0,0 +1,43 @@ +From a69c240157e2ca066130c12bb061e0065f2c2425 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 5 Jan 2022 18:26:46 +0900 +Subject: PATCH backlight: ignore error if the backlight device is already + removed + +Fixes #21997. + +(cherry picked from commit f0f65087834198d4dabf8b389ddc34223400aab7) +(cherry picked from commit b4c57e1b1c249f28f13a86637d8854c920bcf26d) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/a69c240157e2ca066130c12bb061e0065f2c2425 +--- + src/backlight/backlight.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/backlight/backlight.c b/src/backlight/backlight.c +index 7c0970a60c..5aeee0de47 100644 +--- a/src/backlight/backlight.c ++++ b/src/backlight/backlight.c +@@ -395,8 +395,16 @@ static int run(int argc, char *argv) { + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Not a backlight or LED device: '%s:%s'", ss, sysname); + + r = sd_device_new_from_subsystem_sysname(&device, ss, sysname); +- if (r < 0) +- return log_error_errno(r, "Failed to get backlight or LED device '%s:%s': %m", ss, sysname); ++ if (r < 0) { ++ bool ignore = r == -ENODEV; ++ ++ /* Some drivers, e.g. for AMD GPU, removes acpi backlight device soon after it is added. ++ * See issue #21997. */ ++ log_full_errno(ignore ? LOG_DEBUG : LOG_ERR, r, ++ "Failed to get backlight or LED device '%s:%s'%s: %m", ++ ss, sysname, ignore ? ", ignoring" : ""); ++ return ignore ? 0 : r; ++ } + + /* If max_brightness is 0, then there is no actual backlight device. This happens on desktops + * with Asus mainboards that load the eeepc-wmi module. */ +-- +2.33.0 +
View file
_service:tar_scm:backport-basic-env-util-correctly-parse-extended-vars-after-n.patch
Added
@@ -0,0 +1,53 @@ +From 74583cad5a3bf4051b879b8b1ac53934027ef485 Mon Sep 17 00:00:00 2001 +From: Andrew Soutar <andrew@andrewsoutar.com> +Date: Tue, 5 Oct 2021 22:55:27 -0400 +Subject: PATCH basic/env-util: correctly parse extended vars after + non-extended vars (#20941) + +(cherry picked from commit 5ef97a712236f0ddddec52665c0aea7d4e6d3c13) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/74583cad5a3bf4051b879b8b1ac53934027ef485 +--- + src/basic/env-util.c | 1 + + src/test/test-env-util.c | 5 ++++- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/basic/env-util.c b/src/basic/env-util.c +index 81b1e3f10e..1ca445dab4 100644 +--- a/src/basic/env-util.c ++++ b/src/basic/env-util.c +@@ -577,6 +577,7 @@ char *replace_env_n(const char *format, size_t n, char **env, unsigned flags) { + + word = e+1; + state = WORD; ++ nest--; + } else if (*e == ':') { + if (flags & REPLACE_ENV_ALLOW_EXTENDED) { + len = e - word - 2; +diff --git a/src/test/test-env-util.c b/src/test/test-env-util.c +index ed4580e4af..3d5951c46e 100644 +--- a/src/test/test-env-util.c ++++ b/src/test/test-env-util.c +@@ -198,7 +198,7 @@ static void test_replace_env2(bool extended) { + "BAR=bar", + NULL + }; +- _cleanup_free_ char *t = NULL, *s = NULL, *q = NULL, *r = NULL, *p = NULL, *x = NULL; ++ _cleanup_free_ char *t = NULL, *s = NULL, *q = NULL, *r = NULL, *p = NULL, *x = NULL, *y = NULL; + unsigned flags = REPLACE_ENV_ALLOW_EXTENDED*extended; + + t = replace_env("FOO=${FOO:-${BAR}}", (char**) env, flags); +@@ -218,6 +218,9 @@ static void test_replace_env2(bool extended) { + + x = replace_env("XXX=${XXX:+${BAR}post}", (char**) env, flags); + assert_se(streq(x, extended ? "XXX=" : "XXX=${XXX:+barpost}")); ++ ++ y = replace_env("FOO=${FOO}between${BAR:-baz}", (char**) env, flags); ++ assert_se(streq(y, extended ? "FOO=foobetweenbar" : "FOO=foobetween${BAR:-baz}")); + } + + static void test_replace_env_argv(void) { +-- +2.33.0 +
View file
_service:tar_scm:backport-basic-escape-add-helper-for-quoting-command-lines.patch
Added
@@ -0,0 +1,105 @@ +From 17d1b0d2dd109c5e413d8ef1eb5835344f9314b9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Wed, 7 Jul 2021 16:27:51 +0200 +Subject: PATCH basic/escape: add helper for quoting command lines + +(cherry picked from commit eeb91d29b0279d6bf8a3f1c4da54c9e9c0881a19) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/17d1b0d2dd109c5e413d8ef1eb5835344f9314b9 +--- + src/basic/escape.c | 21 +++++++++++++++++++++ + src/basic/escape.h | 1 + + src/test/test-escape.c | 24 ++++++++++++++++++++++++ + 3 files changed, 46 insertions(+) + +diff --git a/src/basic/escape.c b/src/basic/escape.c +index 2a3a0e31a1..fcade5a1b4 100644 +--- a/src/basic/escape.c ++++ b/src/basic/escape.c +@@ -8,6 +8,7 @@ + #include "escape.h" + #include "hexdecoct.h" + #include "macro.h" ++#include "strv.h" + #include "utf8.h" + + int cescape_char(char c, char *buf) { +@@ -542,3 +543,23 @@ char* shell_maybe_quote(const char *s, ShellEscapeFlags flags) { + + return str_realloc(buf); + } ++ ++char* quote_command_line(char **argv) { ++ _cleanup_free_ char *result = NULL; ++ ++ assert(argv); ++ ++ char **a; ++ STRV_FOREACH(a, argv) { ++ _cleanup_free_ char *t = NULL; ++ ++ t = shell_maybe_quote(*a, SHELL_ESCAPE_EMPTY); ++ if (!t) ++ return NULL; ++ ++ if (!strextend_with_separator(&result, " ", t)) ++ return NULL; ++ } ++ ++ return TAKE_PTR(result); ++} +diff --git a/src/basic/escape.h b/src/basic/escape.h +index 907b572bd4..e9d48d227a 100644 +--- a/src/basic/escape.h ++++ b/src/basic/escape.h +@@ -68,3 +68,4 @@ char* escape_non_printable_full(const char *str, size_t console_width, XEscapeFl + + char* shell_escape(const char *s, const char *bad); + char* shell_maybe_quote(const char *s, ShellEscapeFlags flags); ++char* quote_command_line(char **argv); +diff --git a/src/test/test-escape.c b/src/test/test-escape.c +index 991b135a33..8bda9cdc8d 100644 +--- a/src/test/test-escape.c ++++ b/src/test/test-escape.c +@@ -192,6 +192,29 @@ static void test_shell_maybe_quote(void) { + test_shell_maybe_quote_one("głąb\002\003rząd", SHELL_ESCAPE_POSIX, "$'głąb\\002\\003rząd'"); + } + ++static void test_quote_command_line_one(char **argv, const char *expected) { ++ _cleanup_free_ char *s; ++ ++ assert_se(s = quote_command_line(argv)); ++ log_info("%s", s); ++ assert_se(streq(s, expected)); ++} ++ ++static void test_quote_command_line(void) { ++ log_info("/* %s */", __func__); ++ ++ test_quote_command_line_one(STRV_MAKE("true", "true"), ++ "true true"); ++ test_quote_command_line_one(STRV_MAKE("true", "with a space"), ++ "true \"with a space\""); ++ test_quote_command_line_one(STRV_MAKE("true", "with a 'quote'"), ++ "true \"with a 'quote'\""); ++ test_quote_command_line_one(STRV_MAKE("true", "with a \"quote\""), ++ "true \"with a \\\"quote\\\"\""); ++ test_quote_command_line_one(STRV_MAKE("true", "$dollar"), ++ "true \"\\$dollar\""); ++} ++ + int main(int argc, char *argv) { + test_setup_logging(LOG_DEBUG); + +@@ -202,6 +225,7 @@ int main(int argc, char *argv) { + test_cunescape(); + test_shell_escape(); + test_shell_maybe_quote(); ++ test_quote_command_line(); + + return 0; + } +-- +2.33.0 +
View file
_service:tar_scm:backport-basic-linux-Sync-if_arp.h-with-Linux-5.14.patch
Added
@@ -0,0 +1,32 @@ +From 6674c65c74dcf52b6887e76642683b593d86cb69 Mon Sep 17 00:00:00 2001 +From: Chris Packham <chris.packham@alliedtelesis.co.nz> +Date: Fri, 10 Sep 2021 09:51:36 +1200 +Subject: PATCH basic/linux: Sync if_arp.h with Linux 5.14 + +ARPHRD_MCTP was added in 5.14. Sync if_arp.h to pick up the definition + +Fixes #20694 + +(cherry picked from commit 7c5b9952c4f6e2b72f90edbe439982528b7cf223) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/6674c65c74dcf52b6887e76642683b593d86cb69 +--- + src/basic/linux/if_arp.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/basic/linux/if_arp.h b/src/basic/linux/if_arp.h +index c3cc5a9e5e..4783af9fe5 100644 +--- a/src/basic/linux/if_arp.h ++++ b/src/basic/linux/if_arp.h +@@ -54,6 +54,7 @@ + #define ARPHRD_X25 271 /* CCITT X.25 */ + #define ARPHRD_HWX25 272 /* Boards with X.25 in firmware */ + #define ARPHRD_CAN 280 /* Controller Area Network */ ++#define ARPHRD_MCTP 290 + #define ARPHRD_PPP 512 + #define ARPHRD_CISCO 513 /* Cisco HDLC */ + #define ARPHRD_HDLC ARPHRD_CISCO +-- +2.33.0 +
View file
_service:tar_scm:backport-basic-log-allow-errno-values-higher-than-255.patch
Added
@@ -0,0 +1,48 @@ +From fb824c90e5a83218e4252a2c21c7f365d0167458 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Mon, 3 Jan 2022 17:53:29 +0100 +Subject: PATCH basic/log: allow errno values higher than 255 + +When the support for "synthetic errno" was added, we started truncating +the errno value to just the least significant byte. This is generally OK, +because errno values are defined up to ~130. + +The docs don't really say what the maximum value is. But at least in principle +higher values could be added in the future. So let's stop truncating +the values needlessly. + +The kernel (or libbpf?) have an error where they return 524 as an errno +value (https://bugzilla.redhat.com/show_bug.cgi?id=2036145). We would +confusingly truncate this to 12 (ENOMEM). It seems much nicer to let +strerror() give us "Unknown error 524" rather than to print the bogus +message about ENOMEM. + +(cherry picked from commit 5f74fcd41cb1a1b26c23e0f2ab405ae9cf6bcc93) +(cherry picked from commit cd686fe4c719bfb894bd24d673c51f19cea64643) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/fb824c90e5a83218e4252a2c21c7f365d0167458 +--- + src/basic/log.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/basic/log.h b/src/basic/log.h +index 738c181070..8bfae8e0e5 100644 +--- a/src/basic/log.h ++++ b/src/basic/log.h +@@ -27,10 +27,10 @@ typedef enum LogTarget{ + _LOG_TARGET_INVALID = -EINVAL, + } LogTarget; + +-/* Note to readers: << and >> have lower precedence than & and | */ ++/* Note to readers: << and >> have lower precedence (are evaluated earlier) than & and | */ + #define SYNTHETIC_ERRNO(num) (1 << 30 | (num)) + #define IS_SYNTHETIC_ERRNO(val) ((val) >> 30 & 1) +-#define ERRNO_VALUE(val) (abs(val) & 255) ++#define ERRNO_VALUE(val) (abs(val) & ~(1 << 30)) + + const char *log_target_to_string(LogTarget target) _const_; + LogTarget log_target_from_string(const char *s) _pure_; +-- +2.33.0 +
View file
_service:tar_scm:backport-basic-mac_-selinux-smack-_apply_fd-does-not-work-whe.patch
Added
@@ -0,0 +1,76 @@ +From fdb86800e854d5079c13d3a4597f73617db991f6 Mon Sep 17 00:00:00 2001 +From: Donald Chan <hoiho@amazon.com> +Date: Fri, 28 Jan 2022 22:53:46 +0000 +Subject: PATCH basic: mac_selinux,smack_apply_fd does not work when + applying labels + +Commit a7fdc6c introduced a regression where file descriptors are opened +using O_PATH option. mac_smack_apply_fd() calls fsetxattr() and would fail +with a -EBADF (Bad file descriptor) error. + +Use FORMAT_PROC_FD_PATH(fd) to convert the fd back into a full path and +call setxattr() or setfilecon() instead. + +Signed-off-by: Donald Chan <hoiho@amazon.com> +(cherry picked from commit a718364e9d9242cc2111c9860f2ab5bb9bb26db9) +(cherry picked from commit 9f596964f6e403b089450dc083724b48fb4b4bb1) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/fdb86800e854d5079c13d3a4597f73617db991f6 +--- + src/shared/selinux-util.c | 6 +++++- + src/shared/smack-util.c | 7 +++++-- + 2 files changed, 10 insertions(+), 3 deletions(-) + +diff --git a/src/shared/selinux-util.c b/src/shared/selinux-util.c +index 03cee76f64..832c29435d 100644 +--- a/src/shared/selinux-util.c ++++ b/src/shared/selinux-util.c +@@ -344,12 +344,16 @@ int mac_selinux_apply_fd(int fd, const char *path, const char *label) { + assert(fd >= 0); + + #if HAVE_SELINUX ++ char procfs_pathSTRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int) + 1; ++ + if (!mac_selinux_use()) + return 0; + + assert(label); + +- if (fsetfilecon(fd, label) < 0) ++ xsprintf(procfs_path, "/proc/self/fd/%i", fd); ++ ++ if (setfilecon(procfs_path, label) < 0) + return log_enforcing_errno(errno, "Failed to set SELinux security context %s on path %s: %m", label, strna(path)); + #endif + return 0; +diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c +index 3362ee3924..8d88a7b49a 100644 +--- a/src/shared/smack-util.c ++++ b/src/shared/smack-util.c +@@ -86,6 +86,7 @@ int mac_smack_apply(const char *path, SmackAttr attr, const char *label) { + } + + int mac_smack_apply_fd(int fd, SmackAttr attr, const char *label) { ++ char procfs_pathSTRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int) + 1; + int r; + + assert(fd >= 0); +@@ -94,10 +95,12 @@ int mac_smack_apply_fd(int fd, SmackAttr attr, const char *label) { + if (!mac_smack_use()) + return 0; + ++ xsprintf(procfs_path, "/proc/self/fd/%i", fd); ++ + if (label) +- r = fsetxattr(fd, smack_attr_to_string(attr), label, strlen(label), 0); ++ r = setxattr(procfs_path, smack_attr_to_string(attr), label, strlen(label), 0); + else +- r = fremovexattr(fd, smack_attr_to_string(attr)); ++ r = removexattr(procfs_path, smack_attr_to_string(attr)); + if (r < 0) + return -errno; + +-- +2.33.0 +
View file
_service:tar_scm:backport-basic-mountpoint-util-detect-erofs-as-a-read-only-FS.patch
Added
@@ -0,0 +1,28 @@ +From 74af5a3696cd3747fa814a21eb1b3d7cae3dea56 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi <luca.boccassi@microsoft.com> +Date: Thu, 4 Nov 2021 20:29:43 +0000 +Subject: PATCH basic/mountpoint-util: detect erofs as a read-only FS + +(cherry picked from commit fac2c3e97d80fb356eb50abb429bdb5ed36afcf1) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/74af5a3696cd3747fa814a21eb1b3d7cae3dea56 +--- + src/basic/mountpoint-util.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/basic/mountpoint-util.c b/src/basic/mountpoint-util.c +index e7a5a99551..7e57d9a226 100644 +--- a/src/basic/mountpoint-util.c ++++ b/src/basic/mountpoint-util.c +@@ -424,6 +424,7 @@ bool fstype_is_ro(const char *fstype) { + return STR_IN_SET(fstype, + "DM_verity_hash", + "iso9660", ++ "erofs", + "squashfs"); + } + +-- +2.33.0 +
View file
_service:tar_scm:backport-basic-unit-file-don-t-filter-out-names-starting-with.patch
Added
@@ -0,0 +1,32 @@ +From d21bfe5c06688a5b6aa0a0b4eae0b05bc45475fb Mon Sep 17 00:00:00 2001 +From: Anita Zhang <the.anitazha@gmail.com> +Date: Tue, 28 Sep 2021 23:52:39 -0700 +Subject: PATCH basic/unit-file: don't filter out names starting with dot + +Fixes #20859 +Reverts 3796bdc55d6ba499d1049f749072218879e619a7 + +(cherry picked from commit 14bb72953458caace048b55ead7ea06a592b864f) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/d21bfe5c06688a5b6aa0a0b4eae0b05bc45475fb +--- + src/basic/unit-file.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/unit-file.c b/src/basic/unit-file.c +index 884a0674a9..0d58b1c4fe 100644 +--- a/src/basic/unit-file.c ++++ b/src/basic/unit-file.c +@@ -284,7 +284,7 @@ int unit_file_build_name_map( + continue; + } + +- FOREACH_DIRENT(de, d, log_warning_errno(errno, "Failed to read \"%s\", ignoring: %m", *dir)) { ++ FOREACH_DIRENT_ALL(de, d, log_warning_errno(errno, "Failed to read \"%s\", ignoring: %m", *dir)) { + char *filename; + _cleanup_free_ char *_filename_free = NULL, *simplified = NULL; + const char *suffix, *dst = NULL; +-- +2.33.0 +
View file
_service:tar_scm:backport-binfmt-fix-exit-value.patch
Added
@@ -0,0 +1,32 @@ +From d4406e94a32d423d8a73deb7757fb09890afe2c4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Wed, 10 Nov 2021 13:58:32 +0100 +Subject: PATCH binfmt: fix exit value + +Positive values are mapped to 0 by DEFINE_MAIN_FUNCTION(), so e.g. +systemd-binfmt --foobar would "succeed". + +(cherry picked from commit 52707598d5c0dbbc8a967e4874b0b08ee2486772) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/d4406e94a32d423d8a73deb7757fb09890afe2c4 +--- + src/binfmt/binfmt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/binfmt/binfmt.c b/src/binfmt/binfmt.c +index 29530bb691..981218f52f 100644 +--- a/src/binfmt/binfmt.c ++++ b/src/binfmt/binfmt.c +@@ -189,7 +189,7 @@ static int run(int argc, char *argv) { + + r = parse_argv(argc, argv); + if (r <= 0) +- return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS; ++ return r; + + log_setup(); + +-- +2.33.0 +
View file
_service:tar_scm:backport-boot-timestamps-Discard-firmware-init-time-when-runn.patch
Added
@@ -0,0 +1,68 @@ +From 9ee300a0b6429b7af73f40edfb2330cbbd7828f3 Mon Sep 17 00:00:00 2001 +From: Jan Janssen <medhefgo@web.de> +Date: Sun, 9 Jan 2022 14:22:15 +0100 +Subject: PATCH boot-timestamps: Discard firmware init time when running in a + VM + +Fixes: #22060 +(cherry picked from commit f699bd81e8e18da2d2fc11e7fb7dce95f8bb3f9e) +(cherry picked from commit 3c5c13f82c760c7067bb189484e1f672ff6713f6) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/9ee300a0b6429b7af73f40edfb2330cbbd7828f3 +--- + src/shared/boot-timestamps.c | 18 +++++++++++++----- + 1 file changed, 13 insertions(+), 5 deletions(-) + +diff --git a/src/shared/boot-timestamps.c b/src/shared/boot-timestamps.c +index 8786e89c0e..e00b37aa32 100644 +--- a/src/shared/boot-timestamps.c ++++ b/src/shared/boot-timestamps.c +@@ -5,11 +5,13 @@ + #include "efi-loader.h" + #include "macro.h" + #include "time-util.h" ++#include "virt.h" + + int boot_timestamps(const dual_timestamp *n, dual_timestamp *firmware, dual_timestamp *loader) { + usec_t x = 0, y = 0, a; + int r; + dual_timestamp _n; ++ bool use_firmware = true; + + assert(firmware); + assert(loader); +@@ -24,6 +26,10 @@ int boot_timestamps(const dual_timestamp *n, dual_timestamp *firmware, dual_time + r = efi_loader_get_boot_usec(&x, &y); + if (r < 0) + return r; ++ ++ /* If we are running in a VM, the init timestamp would ++ * be equivalent to the host uptime. */ ++ use_firmware = detect_vm() <= 0; + } + + /* Let's convert this to timestamps where the firmware +@@ -33,12 +39,14 @@ int boot_timestamps(const dual_timestamp *n, dual_timestamp *firmware, dual_time + * the monotonic timestamps here as negative of the actual + * value. */ + +- firmware->monotonic = y; +- loader->monotonic = y - x; +- +- a = n->monotonic + firmware->monotonic; +- firmware->realtime = n->realtime > a ? n->realtime - a : 0; ++ if (use_firmware) { ++ firmware->monotonic = y; ++ a = n->monotonic + firmware->monotonic; ++ firmware->realtime = n->realtime > a ? n->realtime - a : 0; ++ } else ++ firmware->monotonic = firmware->realtime = 0; + ++ loader->monotonic = y - x; + a = n->monotonic + loader->monotonic; + loader->realtime = n->realtime > a ? n->realtime - a : 0; + +-- +2.33.0 +
View file
_service:tar_scm:backport-bootctl-Fix-update-not-adding-EFI-entry-if-Boot-IDs-.patch
Added
@@ -0,0 +1,45 @@ +From 0028a3eb976dfa7209433dfa3a24b785f05fd352 Mon Sep 17 00:00:00 2001 +From: Anssi Hannula <anssi.hannula@bitwise.fi> +Date: Thu, 23 Sep 2021 12:08:05 +0300 +Subject: PATCH bootctl: Fix update not adding EFI entry if Boot IDs are + non-consecutive + +"bootctl update" tries to add sd-boot to the EFI boot loader list if it +is not already there. To do so, it uses find_slot() which finds the +proper BootXXXX slot ID to use and also returns 1 if an existing sd-boot +entry was found at this ID or 0 if it is a new unused ID. In "update" +case install_variables() only writes the entry in case 0 (no existing +entry). + +However, find_slot() erroneously returns 1 if it finds a gap in the Boot +IDs (i.e. when not resorting to max(ids) + 1). This causes +"bootctl update" to not add a missing systemd-boot boot entry if the +existing BootXXXX entry IDs are not consecutive. + +Fix that by returning 0 in find_slot() when an empty gap ID is selected +to make it match the behavior when selecting an empty non-gap ID. + +(cherry picked from commit 26d54e1263dcb58daa6578595cc6ab1037315593) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/0028a3eb976dfa7209433dfa3a24b785f05fd352 +--- + src/boot/bootctl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c +index fa8c600321..bd96812246 100644 +--- a/src/boot/bootctl.c ++++ b/src/boot/bootctl.c +@@ -711,7 +711,7 @@ static int find_slot(sd_id128_t uuid, const char *path, uint16_t *id) { + for (i = 0; i < n; i++) + if (i != optionsi) { + *id = i; +- return 1; ++ return 0; + } + + /* use the next one */ +-- +2.33.0 +
View file
_service:tar_scm:backport-bus-util-retrieve-bus-error-from-message.patch
Added
@@ -0,0 +1,57 @@ +From 443f25f3cd34ce504a4850373babcde5d572335f Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sun, 30 Jan 2022 05:36:56 +0900 +Subject: PATCH bus-util: retrieve bus error from message + +The error in argument is not input, but used for output. + +(cherry picked from commit 853b94863cf26d084454edd63ce987cc7ab0505a) +(cherry picked from commit b9e144629bdb7c3d4535fb0a0ad8639140a25034) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/443f25f3cd34ce504a4850373babcde5d572335f +--- + src/shared/bus-wait-for-units.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/src/shared/bus-wait-for-units.c b/src/shared/bus-wait-for-units.c +index 29620e0d1b..c867f1cbfd 100644 +--- a/src/shared/bus-wait-for-units.c ++++ b/src/shared/bus-wait-for-units.c +@@ -1,5 +1,6 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + ++#include "bus-error.h" + #include "bus-map-properties.h" + #include "bus-wait-for-units.h" + #include "hashmap.h" +@@ -288,19 +289,22 @@ static int on_properties_changed(sd_bus_message *m, void *userdata, sd_bus_error + return 0; + } + +-static int on_get_all_properties(sd_bus_message *m, void *userdata, sd_bus_error *error) { ++static int on_get_all_properties(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) { + WaitForItem *item = userdata; ++ const sd_bus_error *e; + int r; + + assert(item); + +- if (sd_bus_error_is_set(error)) { ++ e = sd_bus_message_get_error(m); ++ if (e) { + BusWaitForUnits *d = item->parent; + + d->has_failed = true; + +- log_debug_errno(sd_bus_error_get_errno(error), "GetAll() failed for %s: %s", +- item->bus_path, error->message); ++ r = sd_bus_error_get_errno(e); ++ log_debug_errno(r, "GetAll() failed for %s: %s", ++ item->bus_path, bus_error_message(e, r)); + + call_unit_callback_and_wait(d, item, false); + bus_wait_for_units_check_ready(d); +-- +2.33.0 +
View file
_service:tar_scm:backport-calendarspec-fix-possibly-skips-next-elapse.patch
Added
@@ -0,0 +1,82 @@ +From bce3b46aaf8c7ad7ff7eeaafbf4b321ffdad9c07 Mon Sep 17 00:00:00 2001 +From: Gibeom Gwon <gb.gwon@stackframe.dev> +Date: Sun, 6 Mar 2022 09:45:38 +0900 +Subject: PATCH calendarspec: fix possibly skips next elapse + +If the time unit changes after adding the repetition value, the +timer may skip the next elapse. This patch reset sub time units +to minimum value when upper unit is changed. + +Fixes #22665. + +(cherry picked from commit 1e582ede3b04d12aae11fc5378a446a392054f1c) +(cherry picked from commit 8d4c0d2383e72f30753bf33f206387bc03879ff8) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/bce3b46aaf8c7ad7ff7eeaafbf4b321ffdad9c07 +--- + src/shared/calendarspec.c | 27 ++++++++++++++++++++------- + src/test/test-calendarspec.c | 2 ++ + 2 files changed, 22 insertions(+), 7 deletions(-) + +diff --git a/src/shared/calendarspec.c b/src/shared/calendarspec.c +index bf24d8d5bb..238766c96a 100644 +--- a/src/shared/calendarspec.c ++++ b/src/shared/calendarspec.c +@@ -1180,6 +1180,7 @@ static int find_matching_component( + + static int tm_within_bounds(struct tm *tm, bool utc) { + struct tm t; ++ int cmp; + assert(tm); + + /* +@@ -1194,13 +1195,25 @@ static int tm_within_bounds(struct tm *tm, bool utc) { + if (mktime_or_timegm(&t, utc) < 0) + return negative_errno(); + +- /* Did any normalization take place? If so, it was out of bounds before */ +- int cmp = CMP(t.tm_year, tm->tm_year) ?: +- CMP(t.tm_mon, tm->tm_mon) ?: +- CMP(t.tm_mday, tm->tm_mday) ?: +- CMP(t.tm_hour, tm->tm_hour) ?: +- CMP(t.tm_min, tm->tm_min) ?: +- CMP(t.tm_sec, tm->tm_sec); ++ /* ++ * Did any normalization take place? If so, it was out of bounds before. ++ * Normalization could skip next elapse, e.g. result of normalizing 3-33 ++ * is 4-2. This skips 4-1. So reset the sub time unit if upper unit was ++ * out of bounds. Normalization has occurred implies find_matching_component() > 0, ++ * other sub time units are already reset in find_next(). ++ */ ++ if ((cmp = CMP(t.tm_year, tm->tm_year)) != 0) ++ t.tm_mon = 0; ++ else if ((cmp = CMP(t.tm_mon, tm->tm_mon)) != 0) ++ t.tm_mday = 1; ++ else if ((cmp = CMP(t.tm_mday, tm->tm_mday)) != 0) ++ t.tm_hour = 0; ++ else if ((cmp = CMP(t.tm_hour, tm->tm_hour)) != 0) ++ t.tm_min = 0; ++ else if ((cmp = CMP(t.tm_min, tm->tm_min)) != 0) ++ t.tm_sec = 0; ++ else ++ cmp = CMP(t.tm_sec, tm->tm_sec); + + if (cmp < 0) + return -EDEADLK; /* Refuse to go backward */ +diff --git a/src/test/test-calendarspec.c b/src/test/test-calendarspec.c +index 4f1d0f64d5..bc5e56a238 100644 +--- a/src/test/test-calendarspec.c ++++ b/src/test/test-calendarspec.c +@@ -201,6 +201,8 @@ int main(int argc, char* argv) { + test_next("2016-02~01 UTC", "", 12345, 1456704000000000); + test_next("Mon 2017-05~01..07 UTC", "", 12345, 1496016000000000); + test_next("Mon 2017-05~07/1 UTC", "", 12345, 1496016000000000); ++ test_next("*-*-01/5 04:00:00 UTC", "", 1646010000000000, 1646107200000000); ++ test_next("*-01/7-01 04:00:00 UTC", "", 1664607600000000, 1672545600000000); + test_next("2017-08-06 9,11,13,15,17:00 UTC", "", 1502029800000000, 1502031600000000); + test_next("2017-08-06 9..17/2:00 UTC", "", 1502029800000000, 1502031600000000); + test_next("2016-12-* 3..21/6:00 UTC", "", 1482613200000001, 1482634800000000); +-- +2.33.0 +
View file
_service:tar_scm:backport-cgroup-do-catchup-for-unit-cgroup-inotify-watch-file.patch
Added
@@ -0,0 +1,84 @@ +From 52ab3b8f534eafeed86908ad38f4cd0f169e23ff Mon Sep 17 00:00:00 2001 +From: Dan Streetman <ddstreet@canonical.com> +Date: Sun, 11 Jul 2021 16:59:27 -0400 +Subject: PATCH cgroup: do 'catchup' for unit cgroup inotify watch files + +While reexec/reload, we drop the inotify watch on cgroup file(s), so +we need to re-check them in case they changed and we missed the event. + +Fixes: #20198 +(cherry picked from commit 869f52f21831b611160c4937bef822ca94c802ba) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/52ab3b8f534eafeed86908ad38f4cd0f169e23ff +--- + src/core/cgroup.c | 18 ++++++++++++++++++ + src/core/cgroup.h | 2 ++ + src/core/unit.c | 2 ++ + 3 files changed, 22 insertions(+) + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 3a6f768c60..5c07aa71d1 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -3039,6 +3039,9 @@ static int unit_check_cgroup_events(Unit *u) { + + assert(u); + ++ if (!u->cgroup_path) ++ return 0; ++ + r = cg_get_keyed_attribute_graceful(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, "cgroup.events", + STRV_MAKE("populated", "frozen"), values); + if (r < 0) +@@ -3871,6 +3874,21 @@ void unit_invalidate_cgroup_bpf(Unit *u) { + } + } + ++void unit_cgroup_catchup(Unit *u) { ++ assert(u); ++ ++ if (!UNIT_HAS_CGROUP_CONTEXT(u)) ++ return; ++ ++ /* We dropped the inotify watch during reexec/reload, so we need to ++ * check these as they may have changed. ++ * Note that (currently) the kernel doesn't actually update cgroup ++ * file modification times, so we can't just serialize and then check ++ * the mtime for file(s) we are interested in. */ ++ (void) unit_check_cgroup_events(u); ++ unit_add_to_cgroup_oom_queue(u); ++} ++ + bool unit_cgroup_delegate(Unit *u) { + CGroupContext *c; + +diff --git a/src/core/cgroup.h b/src/core/cgroup.h +index ea929368cb..3f8cad899d 100644 +--- a/src/core/cgroup.h ++++ b/src/core/cgroup.h +@@ -313,6 +313,8 @@ void manager_invalidate_startup_units(Manager *m); + const char* cgroup_device_policy_to_string(CGroupDevicePolicy i) _const_; + CGroupDevicePolicy cgroup_device_policy_from_string(const char *s) _pure_; + ++void unit_cgroup_catchup(Unit *u); ++ + bool unit_cgroup_delegate(Unit *u); + + int compare_job_priority(const void *a, const void *b); +diff --git a/src/core/unit.c b/src/core/unit.c +index 47966bcf0d..7e3bd7505e 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -3616,6 +3616,8 @@ void unit_catchup(Unit *u) { + + if (UNIT_VTABLE(u)->catchup) + UNIT_VTABLE(u)->catchup(u); ++ ++ unit_cgroup_catchup(u); + } + + static bool fragment_mtime_newer(const char *path, usec_t mtime, bool path_masked) { +-- +2.33.0 +
View file
_service:tar_scm:backport-cgroup-don-t-emit-BPF-firewall-warning-when-manager-.patch
Added
@@ -0,0 +1,45 @@ +From f4472e406eaa1087534066d09a4b7f2fd1de2a06 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi <luca.boccassi@microsoft.com> +Date: Tue, 30 Nov 2021 23:49:33 +0000 +Subject: PATCH cgroup: don't emit BPF firewall warning when manager is in + test mode + +Support for BPF might not have been checked, since it's not necessary +in test mode (eg: running offline analysis of units). This causes an +assert: + +Assertion '(_error) != 0' failed at src/core/bpf-firewall.c:914, function emit_bpf_firewall_warning(). Aborting. + +Export SYSTEMD_LOG_LEVEl=debug in TEST-65-ANALYZE is enough to trigger +this assert while doing an offline analysis of a unit that has some +firewall/network restrictions set. + +Skip the warning if the manager is in test mode. + +(cherry picked from commit a42232a18c5716f69efc67c779dd2ef6c4b9d6c2) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/f4472e406eaa1087534066d09a4b7f2fd1de2a06 +--- + src/core/bpf-firewall.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/core/bpf-firewall.c b/src/core/bpf-firewall.c +index 4a92052925..c4989a3ea6 100644 +--- a/src/core/bpf-firewall.c ++++ b/src/core/bpf-firewall.c +@@ -911,7 +911,10 @@ int bpf_firewall_supported(void) { + void emit_bpf_firewall_warning(Unit *u) { + static bool warned = false; + +- if (!warned) { ++ assert(u); ++ assert(u->manager); ++ ++ if (!warned && !MANAGER_IS_TEST_RUN(u->manager)) { + bool quiet = bpf_firewall_unsupported_reason == -EPERM && detect_container() > 0; + + log_unit_full_errno(u, quiet ? LOG_DEBUG : LOG_WARNING, bpf_firewall_unsupported_reason, +-- +2.33.0 +
View file
_service:tar_scm:backport-cgroups-agent-connect-stdin-stdout-stderr-to-dev-nul.patch
Added
@@ -0,0 +1,41 @@ +From a59a7227a29a73e8e1b0d80153f258e20354c0d7 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Fri, 15 Jul 2022 11:02:40 +0200 +Subject: PATCH cgroups-agent: connect stdin/stdout/stderr to /dev/null + +Inspired by https://github.com/systemd/systemd/pull/24024 this is +another user mode helper, where this might be an issue. hence let's +rather be safe than sorry, and also connect stdin/stdout/stderr +explicitly with /dev/null. + +(cherry picked from commit 50492ce81589773df2d82b4fc8047778e86c6edf) +(cherry picked from commit 689487785f776815e71642f89685ff01f0bc4fde) +(cherry picked from commit d8464304f03e6644bfc6ed42e13fb3a460b9ff60) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/a59a7227a29a73e8e1b0d80153f258e20354c0d7 +--- + src/cgroups-agent/cgroups-agent.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/cgroups-agent/cgroups-agent.c b/src/cgroups-agent/cgroups-agent.c +index 071cba3099..9126736235 100644 +--- a/src/cgroups-agent/cgroups-agent.c ++++ b/src/cgroups-agent/cgroups-agent.c +@@ -16,6 +16,13 @@ int main(int argc, char *argv) { + _cleanup_close_ int fd = -1; + ssize_t n; + size_t l; ++ int r; ++ ++ r = rearrange_stdio(-1, -1, -1); ++ if (r < 0) { ++ log_error_errno(r, "Failed to connect stdin/stdout/stderr with /dev/null: %m"); ++ return EXIT_FAILURE; ++ } + + if (argc != 2) { + log_error("Incorrect number of arguments."); +-- +2.27.0 +
View file
_service:tar_scm:backport-change-indicator-used-for-later-versions-of-VirtualB.patch
Added
@@ -0,0 +1,54 @@ +From 7459b7f4a63de87a6e76e9187893c65291b7931f Mon Sep 17 00:00:00 2001 +From: Greg Zuro <gregzuro@users.noreply.github.com> +Date: Tue, 26 Oct 2021 21:02:37 -0700 +Subject: PATCH change indicator used for later versions of VirtualBox + (#21127) + +Detection of VirtualBox is accomplished in the existing code by *either* `innotek GmbH` +or `Oracle Corporation` existing in any of: + +- /sys/class/dmi/id/product_name +- /sys/class/dmi/id/sys_vendor +- /sys/class/dmi/id/board_vendor +- /sys/class/dmi/id/bios_vendor + +With Oracle's physical servers, both `/sys/class/dmi/id/sys_vendor` and +`/sys/class/dmi/id/board_vendor` contain `Oracle Corporation`, so those +servers are detected as `oracle` (VirtualBox). + +VirtualBox has the following values in the latest versions: + +- /sys/class/dmi/id/product_name: `VirtualBox` +- /sys/class/dmi/id/sys_vendor: `innotek GmbH` +- /sys/class/dmi/id/board_vendor: `Oracle Corporation` +- /sys/class/dmi/id/bios_vendor: `innotek GmbH` + +Presumably the existing check for `innotek GmbH` is meant to detect +older versions of VirtualBox, while changing the second checked value +from `Oracle Corporation` to `VirtualBox` will reliably detect later and future +versions. + +(cherry picked from commit cfee6b955154c30be31ffcf0e3b7b89374a52fff) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/7459b7f4a63de87a6e76e9187893c65291b7931f +--- + src/basic/virt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/virt.c b/src/basic/virt.c +index 0243b2d2a8..cc123a286f 100644 +--- a/src/basic/virt.c ++++ b/src/basic/virt.c +@@ -159,7 +159,7 @@ static int detect_vm_dmi_vendor(void) { + { "VMware", VIRTUALIZATION_VMWARE }, /* https://kb.vmware.com/s/article/1009458 */ + { "VMW", VIRTUALIZATION_VMWARE }, + { "innotek GmbH", VIRTUALIZATION_ORACLE }, +- { "Oracle Corporation", VIRTUALIZATION_ORACLE }, ++ { "VirtualBox", VIRTUALIZATION_ORACLE }, + { "Xen", VIRTUALIZATION_XEN }, + { "Bochs", VIRTUALIZATION_BOCHS }, + { "Parallels", VIRTUALIZATION_PARALLELS }, +-- +2.33.0 +
View file
_service:tar_scm:backport-ci-cancel-previous-jobs-on-ref-update.patch
Added
@@ -0,0 +1,79 @@ +From 47b12629b47d9dfc857874a1b680f60ffc0af0bd Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal <frantisek@sumsal.cz> +Date: Wed, 10 Nov 2021 16:45:12 +0100 +Subject: PATCH ci: cancel previous jobs on ref update + +Let's save the environment (and reduce the number of jobs in GH Actions +queues) by cancelling old jobs on a ref update (force push). + +See: https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#concurrency +(cherry picked from commit 3884837610168e6fb69fc2d5709f6c017a30beb9) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/47b12629b47d9dfc857874a1b680f60ffc0af0bd +--- + .github/workflows/build_test.yml | 3 +++ + .github/workflows/cifuzz.yml | 3 +++ + .github/workflows/mkosi.yml | 3 +++ + .github/workflows/unit_tests.yml | 3 +++ + 4 files changed, 12 insertions(+) + +diff --git a/.github/workflows/build_test.yml b/.github/workflows/build_test.yml +index 486016abc1..fa86236c2a 100644 +--- a/.github/workflows/build_test.yml ++++ b/.github/workflows/build_test.yml +@@ -14,6 +14,9 @@ on: + jobs: + build: + runs-on: ubuntu-20.04 ++ concurrency: ++ group: ${{ github.workflow }}-${{ matrix.env.COMPILER }}-${{ matrix.env.COMPILER_VERSION }}-${{ github.ref }} ++ cancel-in-progress: true + strategy: + fail-fast: false + matrix: +diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml +index 5296dc7069..df1fb15ace 100644 +--- a/.github/workflows/cifuzz.yml ++++ b/.github/workflows/cifuzz.yml +@@ -19,6 +19,9 @@ jobs: + Fuzzing: + runs-on: ubuntu-latest + if: github.repository == 'systemd/systemd' ++ concurrency: ++ group: ${{ github.workflow }}-${{ github.ref }} ++ cancel-in-progress: true + strategy: + fail-fast: false + matrix: +diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml +index babdf7ae6e..f67fd23b1c 100644 +--- a/.github/workflows/mkosi.yml ++++ b/.github/workflows/mkosi.yml +@@ -13,6 +13,9 @@ on: + jobs: + ci: + runs-on: ubuntu-20.04 ++ concurrency: ++ group: ${{ github.workflow }}-${{ matrix.distro }}-${{ github.ref }} ++ cancel-in-progress: true + strategy: + fail-fast: false + matrix: +diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml +index ca1e6e0c30..aaf8fcad3d 100644 +--- a/.github/workflows/unit_tests.yml ++++ b/.github/workflows/unit_tests.yml +@@ -10,6 +10,9 @@ on: + jobs: + build: + runs-on: ubuntu-20.04 ++ concurrency: ++ group: ${{ github.workflow }}-${{ matrix.run_phase }}-${{ github.ref }} ++ cancel-in-progress: true + strategy: + fail-fast: false + matrix: +-- +2.33.0 +
View file
_service:tar_scm:backport-ci-fix-clang-13-installation.patch
Added
@@ -0,0 +1,59 @@ +From eaa74c30212d62f546692731ec3cef498f3edb08 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal <frantisek@sumsal.cz> +Date: Tue, 22 Feb 2022 14:43:40 +0100 +Subject: PATCH ci: fix clang-13 installation + +For some reason Ubuntu Focal repositories now have `llvm-13` virtual +package which can't be installed, but successfully fools our check, +resulting in no clang/llvm being installed... + +``` +$ apt show llvm-13 +Package: llvm-13 +State: not a real package (virtual) +N: Can't select candidate version from package llvm-13 as it has no candidate +N: Can't select versions from package 'llvm-13' as it is purely virtual +N: No packages found + +$ apt install --dry-run llvm-13 +Reading package lists... Done +Building dependency tree +Reading state information... Done +Package llvm-13 is not available, but is referred to by another package. +This may mean that the package is missing, has been obsoleted, or +is only available from another source + +E: Package 'llvm-13' has no installation candidate +``` + +(cherry picked from commit b491d74064f9d5e17a71b38b014434237169a077) +(cherry picked from commit fa6e263273905cfc9e4528e8175ace3d19d881e3) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/eaa74c30212d62f546692731ec3cef498f3edb08 +--- + .github/workflows/build_test.sh | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh +index db38554d97..1200fa23f3 100755 +--- a/.github/workflows/build_test.sh ++++ b/.github/workflows/build_test.sh +@@ -75,12 +75,12 @@ if "$COMPILER" == clang ; then + # ATTOW llvm-11 got into focal-updates, which conflicts with llvm-11 + # provided by the apt.llvm.org repositories. Let's use the system + # llvm package if available in such cases to avoid that. +- if ! apt show --quiet "llvm-$COMPILER_VERSION" &>/dev/null; then ++ if ! apt install --dry-run "llvm-$COMPILER_VERSION" >/dev/null; then + # Latest LLVM stack deb packages provided by https://apt.llvm.org/ + # Following snippet was partly borrowed from https://apt.llvm.org/llvm.sh + wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --yes --dearmor --output /usr/share/keyrings/apt-llvm-org.gpg + printf "deb signed-by=/usr/share/keyrings/apt-llvm-org.gpg http://apt.llvm.org/%s/ llvm-toolchain-%s-%s main\n" \ +- "$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list ++ "$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list + PACKAGES+=("clang-$COMPILER_VERSION" "lldb-$COMPILER_VERSION" "lld-$COMPILER_VERSION" "clangd-$COMPILER_VERSION") + fi + elif "$COMPILER" == gcc ; then +-- +2.33.0 +
View file
_service:tar_scm:backport-ci-fix-indentation.patch
Added
@@ -0,0 +1,82 @@ +From 6db77b2c9f31c8246ec920a189fe44873111566f Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal <frantisek@sumsal.cz> +Date: Wed, 10 Nov 2021 16:42:07 +0100 +Subject: PATCH ci: fix indentation + +(cherry picked from commit 46573ee1319ee8ae5b292a0a737740eca1a68184) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/6db77b2c9f31c8246ec920a189fe44873111566f +--- + .github/workflows/cifuzz.yml | 58 ++++++++++++++++++------------------ + 1 file changed, 29 insertions(+), 29 deletions(-) + +diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml +index 14d81a67ff..5296dc7069 100644 +--- a/.github/workflows/cifuzz.yml ++++ b/.github/workflows/cifuzz.yml +@@ -16,32 +16,32 @@ on: + branches: + - main + jobs: +- Fuzzing: +- runs-on: ubuntu-latest +- if: github.repository == 'systemd/systemd' +- strategy: +- fail-fast: false +- matrix: +- sanitizer: address, undefined, memory +- steps: +- - name: Build Fuzzers (${{ matrix.sanitizer }}) +- id: build +- uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master +- with: +- oss-fuzz-project-name: 'systemd' +- dry-run: false +- allowed-broken-targets-percentage: 0 +- sanitizer: ${{ matrix.sanitizer }} +- - name: Run Fuzzers (${{ matrix.sanitizer }}) +- uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master +- with: +- oss-fuzz-project-name: 'systemd' +- fuzz-seconds: 600 +- dry-run: false +- sanitizer: ${{ matrix.sanitizer }} +- - name: Upload Crash +- uses: actions/upload-artifact@v1 +- if: failure() && steps.build.outcome == 'success' +- with: +- name: ${{ matrix.sanitizer }}-artifacts +- path: ./out/artifacts ++ Fuzzing: ++ runs-on: ubuntu-latest ++ if: github.repository == 'systemd/systemd' ++ strategy: ++ fail-fast: false ++ matrix: ++ sanitizer: address, undefined, memory ++ steps: ++ - name: Build Fuzzers (${{ matrix.sanitizer }}) ++ id: build ++ uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master ++ with: ++ oss-fuzz-project-name: 'systemd' ++ dry-run: false ++ allowed-broken-targets-percentage: 0 ++ sanitizer: ${{ matrix.sanitizer }} ++ - name: Run Fuzzers (${{ matrix.sanitizer }}) ++ uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master ++ with: ++ oss-fuzz-project-name: 'systemd' ++ fuzz-seconds: 600 ++ dry-run: false ++ sanitizer: ${{ matrix.sanitizer }} ++ - name: Upload Crash ++ uses: actions/upload-artifact@v1 ++ if: failure() && steps.build.outcome == 'success' ++ with: ++ name: ${{ matrix.sanitizer }}-artifacts ++ path: ./out/artifacts +-- +2.33.0 +
View file
_service:tar_scm:backport-ci-pin-the-debian-systemd-repo-to-a-specific-revisio.patch
Added
@@ -0,0 +1,32 @@ +From cdc1cd4eb3f86f3100d6d04b1b5d12a2d87b8704 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal <frantisek@sumsal.cz> +Date: Sun, 14 Nov 2021 12:28:21 +0100 +Subject: PATCH ci: pin the debian systemd repo to a specific revision + +to work around missing systemd/systemd#20056 in pre-v250 stable +branches. + +v249-stable-only + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/cdc1cd4eb3f86f3100d6d04b1b5d12a2d87b8704 +--- + .semaphore/semaphore.yml | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml +index 06f162007e..7fc38a553d 100644 +--- a/.semaphore/semaphore.yml ++++ b/.semaphore/semaphore.yml +@@ -25,3 +25,8 @@ blocks: + - checkout --use-cache + - .semaphore/semaphore-runner.sh SETUP + - .semaphore/semaphore-runner.sh RUN ++ env_vars: ++ # Pin the debian systemd repo to a specific revision, to work around ++ # missing systemd/systemd#20056 in pre-v250 stable branches ++ - name: BRANCH ++ value: e138f8573a14f8f094bd6c9582bc26ed62c1347f +-- +2.33.0 +
View file
_service:tar_scm:backport-ci-replace-apt-key-with-signed-by.patch
Added
@@ -0,0 +1,39 @@ +From 84230ae4e3a10fccfb4750b832d2c70fe56df128 Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin <evvers@ya.ru> +Date: Sun, 26 Dec 2021 01:11:00 +0000 +Subject: PATCH ci: replace apt-key with signed-by + +to limit the scope of the key to apt.llvm.org only. + +This is mostly inspired by https://blog.cloudflare.com/dont-use-apt-key/ + +(cherry picked from commit bfa6bd1be098adc4710e1819b9cd34d65b3855da) +(cherry picked from commit c92297a20c13b7e15b0026b1f36ebe99d86cfce8) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/84230ae4e3a10fccfb4750b832d2c70fe56df128 +--- + .github/workflows/build_test.sh | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh +index 10fa1ea9b0..db38554d97 100755 +--- a/.github/workflows/build_test.sh ++++ b/.github/workflows/build_test.sh +@@ -77,9 +77,10 @@ if "$COMPILER" == clang ; then + # llvm package if available in such cases to avoid that. + if ! apt show --quiet "llvm-$COMPILER_VERSION" &>/dev/null; then + # Latest LLVM stack deb packages provided by https://apt.llvm.org/ +- # Following snippet was borrowed from https://apt.llvm.org/llvm.sh +- wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add - +- add-apt-repository -y "deb http://apt.llvm.org/$RELEASE/ llvm-toolchain-$RELEASE-$COMPILER_VERSION main" ++ # Following snippet was partly borrowed from https://apt.llvm.org/llvm.sh ++ wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --yes --dearmor --output /usr/share/keyrings/apt-llvm-org.gpg ++ printf "deb signed-by=/usr/share/keyrings/apt-llvm-org.gpg http://apt.llvm.org/%s/ llvm-toolchain-%s-%s main\n" \ ++ "$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list + PACKAGES+=("clang-$COMPILER_VERSION" "lldb-$COMPILER_VERSION" "lld-$COMPILER_VERSION" "clangd-$COMPILER_VERSION") + fi + elif "$COMPILER" == gcc ; then +-- +2.33.0 +
View file
_service:tar_scm:backport-ci-run-the-unit_tests-and-mkosi-jobs-on-stable-branc.patch
Added
@@ -0,0 +1,49 @@ +From 9d08ba9b3fa7542037e0522c10d63517366afda6 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal <frantisek@sumsal.cz> +Date: Fri, 12 Nov 2021 17:37:15 +0100 +Subject: PATCH ci: run the unit_tests and mkosi jobs on stable branches as + well + +To provide more coverage for the systemd-stable repo. + +See: https://github.com/systemd/systemd-stable/issues/24 +(cherry picked from commit c76a83858996148fea36d1018b4707ce5334363b) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/9d08ba9b3fa7542037e0522c10d63517366afda6 +--- + .github/workflows/mkosi.yml | 2 ++ + .github/workflows/unit_tests.yml | 1 + + 2 files changed, 3 insertions(+) + +diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml +index f67fd23b1c..489eb01880 100644 +--- a/.github/workflows/mkosi.yml ++++ b/.github/workflows/mkosi.yml +@@ -6,9 +6,11 @@ on: + push: + branches: + - main ++ - v0-9+-stable + pull_request: + branches: + - main ++ - v0-9+-stable + + jobs: + ci: +diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml +index aaf8fcad3d..4a19a6a1c8 100644 +--- a/.github/workflows/unit_tests.yml ++++ b/.github/workflows/unit_tests.yml +@@ -6,6 +6,7 @@ on: + pull_request: + branches: + - main ++ - v0-9+-stable + + jobs: + build: +-- +2.33.0 +
View file
_service:tar_scm:backport-ci-take-CIFuzz-s-matrix-into-consideration.patch
Added
@@ -0,0 +1,33 @@ +From 428d4988d2bc68e189481f7b46ffd1f84090aadd Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal <frantisek@sumsal.cz> +Date: Wed, 10 Nov 2021 20:15:41 +0100 +Subject: PATCH ci: take CIFuzz's matrix into consideration + +Otherwise the jobs will try to cancel each other out. + +Follow-up to 3884837610168e6fb69fc2d5709f6c017a30beb9. + +(cherry picked from commit 8b212f3596d03f8e1025cd151d17f9a82433844a) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/428d4988d2bc68e189481f7b46ffd1f84090aadd +--- + .github/workflows/cifuzz.yml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml +index df1fb15ace..8ab2a4cf55 100644 +--- a/.github/workflows/cifuzz.yml ++++ b/.github/workflows/cifuzz.yml +@@ -20,7 +20,7 @@ jobs: + runs-on: ubuntu-latest + if: github.repository == 'systemd/systemd' + concurrency: +- group: ${{ github.workflow }}-${{ github.ref }} ++ group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }} + cancel-in-progress: true + strategy: + fail-fast: false +-- +2.33.0 +
View file
_service:tar_scm:backport-ci-use-the-system-llvm-11-package-on-Focal.patch
Added
@@ -0,0 +1,47 @@ +From 441c959460217ba81591ada9185bed2665cdc994 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal <frantisek@sumsal.cz> +Date: Mon, 11 Oct 2021 21:12:42 +0200 +Subject: PATCH ci: use the system llvm-11 package on Focal + +ATTOW llvm-11 got into focal-updates, which conflicts with llvm-11 +provided by the apt.llvm.org repositories. Let's use the system +llvm package if available in such cases to avoid that. + +(cherry picked from commit 1c71302f70c7d0712d49b5214f5f29b4d6a2c73e) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/441c959460217ba81591ada9185bed2665cdc994 +--- + .github/workflows/build_test.sh | 16 +++++++++++----- + 1 file changed, 11 insertions(+), 5 deletions(-) + +diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh +index bdcb71ba9c..10fa1ea9b0 100755 +--- a/.github/workflows/build_test.sh ++++ b/.github/workflows/build_test.sh +@@ -71,11 +71,17 @@ if "$COMPILER" == clang ; then + CC="clang-$COMPILER_VERSION" + CXX="clang++-$COMPILER_VERSION" + AR="llvm-ar-$COMPILER_VERSION" +- # Latest LLVM stack deb packages provided by https://apt.llvm.org/ +- # Following snippet was borrowed from https://apt.llvm.org/llvm.sh +- wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add - +- add-apt-repository -y "deb http://apt.llvm.org/$RELEASE/ llvm-toolchain-$RELEASE-$COMPILER_VERSION main" +- PACKAGES+=(clang-$COMPILER_VERSION lldb-$COMPILER_VERSION lld-$COMPILER_VERSION clangd-$COMPILER_VERSION) ++ ++ # ATTOW llvm-11 got into focal-updates, which conflicts with llvm-11 ++ # provided by the apt.llvm.org repositories. Let's use the system ++ # llvm package if available in such cases to avoid that. ++ if ! apt show --quiet "llvm-$COMPILER_VERSION" &>/dev/null; then ++ # Latest LLVM stack deb packages provided by https://apt.llvm.org/ ++ # Following snippet was borrowed from https://apt.llvm.org/llvm.sh ++ wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add - ++ add-apt-repository -y "deb http://apt.llvm.org/$RELEASE/ llvm-toolchain-$RELEASE-$COMPILER_VERSION main" ++ PACKAGES+=("clang-$COMPILER_VERSION" "lldb-$COMPILER_VERSION" "lld-$COMPILER_VERSION" "clangd-$COMPILER_VERSION") ++ fi + elif "$COMPILER" == gcc ; then + CC="gcc-$COMPILER_VERSION" + CXX="g++-$COMPILER_VERSION" +-- +2.33.0 +
View file
_service:tar_scm:backport-clang-format-we-actually-typically-use-16ch-continua.patch
Added
@@ -0,0 +1,34 @@ +From 8282cc686bedb0cf3702ea4ac2856b39ae351ef3 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Tue, 22 Feb 2022 16:51:58 +0100 +Subject: PATCH clang-format: we actually typically use 16ch continuation + indentation + +We use 8 for blocks, and 16 for continuation in most cases afaics, hence +say so in .clang-format too + +(cherry picked from commit 92148fb77766767fdb6ad6e52747317dae2aae85) +(cherry picked from commit 4a90c12f4f09f23e071e649422754f04eda6d273) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/8282cc686bedb0cf3702ea4ac2856b39ae351ef3 +--- + .clang-format | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/.clang-format b/.clang-format +index 651249c701..c94866fcd5 100644 +--- a/.clang-format ++++ b/.clang-format +@@ -46,7 +46,7 @@ ColumnLimit: 109 + CompactNamespaces: true + ConstructorInitializerAllOnOneLineOrOnePerLine: true + ConstructorInitializerIndentWidth: 8 +-ContinuationIndentWidth: 8 ++ContinuationIndentWidth: 16 + Cpp11BracedListStyle: false + ForEachMacros: + - BITMAP_FOREACH +-- +2.33.0 +
View file
_service:tar_scm:backport-condition-fix-device-tree-firmware-path.patch
Added
@@ -0,0 +1,41 @@ +From 2065d03c1592ff0e9027e1c06b40f55fb3e1d1ae Mon Sep 17 00:00:00 2001 +From: Daniel Braunwarth <daniel@braunwarth.dev> +Date: Sun, 28 Aug 2022 20:02:50 +0200 +Subject: PATCH condition: fix device-tree firmware path + +The path /sys/firmware/device-tree doesn't exist. This should be either +/proc/device-tree or /sys/firmware/devicetree. + +The first path is only a link. So lets use the second path. + +See https://github.com/torvalds/linux/blob/v4.14/drivers/of/base.c#L218. + +(cherry picked from commit 1037178acfd093fb10d8f5e74f3072f78afdf7e8) +(cherry picked from commit 254b77e73cb81265146de653563a7fe3f9936b56) +(cherry picked from commit ba29bb342deb4eeb55debfa7abb4ba97d50df076) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/2065d03c1592ff0e9027e1c06b40f55fb3e1d1ae +--- + src/shared/condition.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/shared/condition.c b/src/shared/condition.c +index 6645f771dd..b0520566ed 100644 +--- a/src/shared/condition.c ++++ b/src/shared/condition.c +@@ -555,9 +555,9 @@ static int condition_test_firmware(Condition *c, char **env) { + assert(c->type == CONDITION_FIRMWARE); + + if (streq(c->parameter, "device-tree")) { +- if (access("/sys/firmware/device-tree/", F_OK) < 0) { ++ if (access("/sys/firmware/devicetree/", F_OK) < 0) { + if (errno != ENOENT) +- log_debug_errno(errno, "Unexpected error when checking for /sys/firmware/device-tree/: %m"); ++ log_debug_errno(errno, "Unexpected error when checking for /sys/firmware/devicetree/: %m"); + return false; + } else + return true; +-- +2.27.0 +
View file
_service:tar_scm:backport-core-Make-sure-cgroup_oom_queue-is-flushed-on-manage.patch
Added
@@ -0,0 +1,66 @@ +From 59894983693d36c6017ad995864b5541d7132563 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Michal=20Koutn=C3=BD?= <mkoutny@suse.com> +Date: Wed, 4 Aug 2021 18:59:35 +0200 +Subject: PATCH core: Make sure cgroup_oom_queue is flushed on manager exit + +The unit queues are not serialized/deserialized (they are recreated +after reexec/reload instead). The destroyed units are not removed from +the cgroup_oom_queue. That means the queue may contain possibly invalid +pointers to released units. + +Fix this by removing the units from cgroup_oom_queue as we do for +others. When at it, sync assert checks with currently existing queues +and put them in order in the manager cleanup code. + +(cherry picked from commit 13e721036bf4ba15eb255d8f0a14800f969ac0d7) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/59894983693d36c6017ad995864b5541d7132563 +--- + src/core/manager.c | 4 ++++ + src/core/unit.c | 7 +++++-- + 2 files changed, 9 insertions(+), 2 deletions(-) + +diff --git a/src/core/manager.c b/src/core/manager.c +index 8884437347..34891a8754 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -1410,6 +1410,10 @@ static void manager_clear_jobs_and_units(Manager *m) { + assert(!m->cleanup_queue); + assert(!m->gc_unit_queue); + assert(!m->gc_job_queue); ++ assert(!m->cgroup_realize_queue); ++ assert(!m->cgroup_empty_queue); ++ assert(!m->cgroup_oom_queue); ++ assert(!m->target_deps_queue); + assert(!m->stop_when_unneeded_queue); + assert(!m->start_when_upheld_queue); + assert(!m->stop_when_bound_queue); +diff --git a/src/core/unit.c b/src/core/unit.c +index 7e3bd7505e..e469beb534 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -733,6 +733,9 @@ Unit* unit_free(Unit *u) { + if (u->in_dbus_queue) + LIST_REMOVE(dbus_queue, u->manager->dbus_unit_queue, u); + ++ if (u->in_cleanup_queue) ++ LIST_REMOVE(cleanup_queue, u->manager->cleanup_queue, u); ++ + if (u->in_gc_queue) + LIST_REMOVE(gc_queue, u->manager->gc_unit_queue, u); + +@@ -742,8 +745,8 @@ Unit* unit_free(Unit *u) { + if (u->in_cgroup_empty_queue) + LIST_REMOVE(cgroup_empty_queue, u->manager->cgroup_empty_queue, u); + +- if (u->in_cleanup_queue) +- LIST_REMOVE(cleanup_queue, u->manager->cleanup_queue, u); ++ if (u->in_cgroup_oom_queue) ++ LIST_REMOVE(cgroup_oom_queue, u->manager->cgroup_oom_queue, u); + + if (u->in_target_deps_queue) + LIST_REMOVE(target_deps_queue, u->manager->target_deps_queue, u); +-- +2.33.0 +
View file
_service:tar_scm:backport-core-Parse-log-environment-settings-again-after-appl.patch
Added
@@ -0,0 +1,36 @@ +From b246b5370e95756e9597d8ec967ae030b442e73f Mon Sep 17 00:00:00 2001 +From: Daan De Meyer <daan.j.demeyer@gmail.com> +Date: Tue, 7 Sep 2021 16:13:56 +0100 +Subject: PATCH core: Parse log environment settings again after applying + manager environment + +Currently, SYSTEMD_LOG_LEVEL set in the ManagerEnvironment property in system.conf +or user.conf doesn't affect the manager's logging level. Parsing the logging environment +variables again after pushing the manager environment into the process environment +block makes sure any new environment changes also get taken into account for logging. + +(cherry picked from commit a4303b4096d9a75acd09c5b897ed3d20c9bca6de) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/b246b5370e95756e9597d8ec967ae030b442e73f +--- + src/core/main.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/core/main.c b/src/core/main.c +index b32a19a1d8..c64c73883e 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -2454,6 +2454,9 @@ static int parse_configuration(const struct rlimit *saved_rlimit_nofile, + /* Push variables into the manager environment block */ + setenv_manager_environment(); + ++ /* Parse log environment variables again to take into account any new environment variables. */ ++ log_parse_environment(); ++ + return 0; + } + +-- +2.33.0 +
View file
_service:tar_scm:backport-core-Remove-circular-include.patch
Added
@@ -0,0 +1,45 @@ +From a203879ae5914fa1a676dbd480a7ad41ca0d8e40 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer <daan.j.demeyer@gmail.com> +Date: Tue, 24 Aug 2021 16:19:03 +0100 +Subject: PATCH core: Remove circular include + +service.h includes socket.h and socket.h includes service.h. Move +service.h include from socket.h to socket.c to remove the circular +dependency. + +(cherry picked from commit a243128d1fcfc378df9fce1b4997148a17ef23a5) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/a203879ae5914fa1a676dbd480a7ad41ca0d8e40 +--- + src/core/socket.c | 1 + + src/core/socket.h | 1 - + 2 files changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/socket.c b/src/core/socket.c +index 8144780bf8..f362a5baa8 100644 +--- a/src/core/socket.c ++++ b/src/core/socket.c +@@ -34,6 +34,7 @@ + #include "process-util.h" + #include "selinux-util.h" + #include "serialize.h" ++#include "service.h" + #include "signal-util.h" + #include "smack-util.h" + #include "socket.h" +diff --git a/src/core/socket.h b/src/core/socket.h +index a65195f2aa..6813bdcf8c 100644 +--- a/src/core/socket.h ++++ b/src/core/socket.h +@@ -5,7 +5,6 @@ typedef struct Socket Socket; + typedef struct SocketPeer SocketPeer; + + #include "mount.h" +-#include "service.h" + #include "socket-util.h" + #include "unit.h" + +-- +2.33.0 +
View file
_service:tar_scm:backport-core-bpf-firewall-make-bpf_firewall_supported-always.patch
Added
@@ -0,0 +1,48 @@ +From 27028ef0f0bc128d14f41e233ad256687fd7e379 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 1 Dec 2021 21:07:22 +0900 +Subject: PATCH core/bpf-firewall: make bpf_firewall_supported() always set + unsupported reason when BPF_FIREWALL_UNSUPPORTED is returned + +Otherwise, log_unit_full_errno() in emit_bpf_firewall_warning() will +trigger an assertion. + +(cherry picked from commit 8751bb6f5e89562d438566c374b9c3a1059c9211) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/27028ef0f0bc128d14f41e233ad256687fd7e379 +--- + src/core/bpf-firewall.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/core/bpf-firewall.c b/src/core/bpf-firewall.c +index 9317edeb4c..4a92052925 100644 +--- a/src/core/bpf-firewall.c ++++ b/src/core/bpf-firewall.c +@@ -869,7 +869,10 @@ int bpf_firewall_supported(void) { + + /* YAY! */ + } else { +- log_debug("Wut? Kernel accepted our invalid BPF_PROG_DETACH call? Something is weird, assuming BPF firewalling is broken and hence not supported."); ++ bpf_firewall_unsupported_reason = ++ log_debug_errno(SYNTHETIC_ERRNO(EBADE), ++ "Wut? Kernel accepted our invalid BPF_PROG_DETACH call? " ++ "Something is weird, assuming BPF firewalling is broken and hence not supported."); + return supported = BPF_FIREWALL_UNSUPPORTED; + } + +@@ -897,7 +900,10 @@ int bpf_firewall_supported(void) { + + return supported = BPF_FIREWALL_SUPPORTED; + } else { +- log_debug("Wut? Kernel accepted our invalid BPF_PROG_ATTACH+BPF_F_ALLOW_MULTI call? Something is weird, assuming BPF firewalling is broken and hence not supported."); ++ bpf_firewall_unsupported_reason = ++ log_debug_errno(SYNTHETIC_ERRNO(EBADE), ++ "Wut? Kernel accepted our invalid BPF_PROG_ATTACH+BPF_F_ALLOW_MULTI call? " ++ "Something is weird, assuming BPF firewalling is broken and hence not supported."); + return supported = BPF_FIREWALL_UNSUPPORTED; + } + } +-- +2.33.0 +
View file
_service:tar_scm:backport-core-cgroup-fix-error-handling-of-cg_remove_xattr.patch
Changed
@@ -1,17 +1,21 @@ -From 0cddb53c85588fbfb8043f622895c7bd15819198 Mon Sep 17 00:00:00 2001 +From 7e79bfce0674c58068d2a125ed666986544e790f Mon Sep 17 00:00:00 2001 From: Yu Watanabe <watanabe.yu+github@gmail.com> Date: Thu, 5 Aug 2021 03:13:48 +0900 -Subject: PATCH 1/2 core/cgroup: fix error handling of cg_remove_xattr() +Subject: PATCH core/cgroup: fix error handling of cg_remove_xattr() +(cherry picked from commit 0cddb53c85588fbfb8043f622895c7bd15819198) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/7e79bfce0674c58068d2a125ed666986544e790f --- src/core/cgroup.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index e5fd6672bb..83bd97327d 100644 +index 2cbb789978..eab0929dc5 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c -@@ -717,13 +717,13 @@ void cgroup_oomd_xattr_apply(Unit *u, const char *cgroup_path) { +@@ -724,13 +724,13 @@ void cgroup_oomd_xattr_apply(Unit *u, const char *cgroup_path) { if (c->moom_preference != MANAGED_OOM_PREFERENCE_AVOID) { r = cg_remove_xattr(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, "user.oomd_avoid"); @@ -27,7 +31,7 @@ log_unit_debug_errno(u, r, "Failed to remove oomd_omit flag on control group %s, ignoring: %m", cgroup_path); } } -@@ -755,7 +755,7 @@ static void cgroup_xattr_apply(Unit *u) { +@@ -762,7 +762,7 @@ static void cgroup_xattr_apply(Unit *u) { log_unit_debug_errno(u, r, "Failed to set delegate flag on control group %s, ignoring: %m", u->cgroup_path); } else { r = cg_remove_xattr(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, "trusted.delegate"); @@ -37,5 +41,5 @@ } -- -2.27.0 +2.33.0
View file
_service:tar_scm:backport-core-cgroup-set-bfq.weight-first-and-fixes-blkio.wei.patch
Added
@@ -0,0 +1,119 @@ +From 55af1d4ce32a32ebd3106cbdf1ef8b6cda55175f Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 25 Aug 2021 01:28:47 +0900 +Subject: PATCH core/cgroup: set bfq.weight first, and fixes blkio.weight + value + +Fixes issues introduced by 29eb0eefd14afc9a2424781a28b376db47c3c570. + +This also fixes the value sets to blkio.weight, that is, "default" is dropped. + +Moreover, This also changes the logic for mapping weight -> bfq.weight, +to always matches the min, max, and default values. + +Fixes #20519 and #21187. + +(cherry picked from commit 17283ce7b6035775f125585d1b228226942daf4b) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/55af1d4ce32a32ebd3106cbdf1ef8b6cda55175f +--- + src/core/cgroup.c | 55 +++++++++++++++++++++++++++++++++++++---------- + 1 file changed, 44 insertions(+), 11 deletions(-) + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 79e10ca3c0..8b5b403ae8 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -37,6 +37,12 @@ + + #define CGROUP_CPU_QUOTA_DEFAULT_PERIOD_USEC ((usec_t) 100 * USEC_PER_MSEC) + ++/* Special values for the bfq.weight attribute */ ++#define CGROUP_BFQ_WEIGHT_INVALID UINT64_MAX ++#define CGROUP_BFQ_WEIGHT_MIN UINT64_C(1) ++#define CGROUP_BFQ_WEIGHT_MAX UINT64_C(1000) ++#define CGROUP_BFQ_WEIGHT_DEFAULT UINT64_C(100) ++ + /* Returns the log level to use when cgroup attribute writes fail. When an attribute is missing or we have access + * problems we downgrade to LOG_DEBUG. This is supposed to be nice to container managers and kernels which want to mask + * out specific attributes from us. */ +@@ -1194,21 +1200,48 @@ static int cgroup_apply_devices(Unit *u) { + return r; + } + +-static void set_io_weight(Unit *u, const char *controller, uint64_t weight) { +- char buf8+DECIMAL_STR_MAX(uint64_t)+1; +- const char *p; ++static void set_io_weight(Unit *u, uint64_t weight) { ++ char bufSTRLEN("default \n")+DECIMAL_STR_MAX(uint64_t); ++ uint64_t bfq_weight; ++ ++ assert(u); ++ ++ /* FIXME: drop this when distro kernels properly support BFQ through "io.weight" ++ * See also: https://github.com/systemd/systemd/pull/13335 and ++ * https://github.com/torvalds/linux/commit/65752aef0a407e1ef17ec78a7fc31ba4e0b360f9. ++ * The range is 1..1000 apparently, and the default is 100. */ ++ if (weight <= CGROUP_WEIGHT_DEFAULT) ++ bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT - (CGROUP_WEIGHT_DEFAULT - weight) * (CGROUP_BFQ_WEIGHT_DEFAULT - CGROUP_BFQ_WEIGHT_MIN) / (CGROUP_WEIGHT_DEFAULT - CGROUP_WEIGHT_MIN); ++ else ++ bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT + (weight - CGROUP_WEIGHT_DEFAULT) * (CGROUP_BFQ_WEIGHT_MAX - CGROUP_BFQ_WEIGHT_DEFAULT) / (CGROUP_WEIGHT_MAX - CGROUP_WEIGHT_DEFAULT); ++ ++ xsprintf(buf, "%" PRIu64 "\n", bfq_weight); ++ (void) set_attribute_and_warn(u, "io", "io.bfq.weight", buf); + +- p = strjoina(controller, ".weight"); + xsprintf(buf, "default %" PRIu64 "\n", weight); +- (void) set_attribute_and_warn(u, controller, p, buf); ++ (void) set_attribute_and_warn(u, "io", "io.weight", buf); ++} ++ ++static void set_blkio_weight(Unit *u, uint64_t weight) { ++ char bufSTRLEN("\n")+DECIMAL_STR_MAX(uint64_t); ++ uint64_t bfq_weight; ++ ++ assert(u); + + /* FIXME: drop this when distro kernels properly support BFQ through "io.weight" + * See also: https://github.com/systemd/systemd/pull/13335 and + * https://github.com/torvalds/linux/commit/65752aef0a407e1ef17ec78a7fc31ba4e0b360f9. +- * The range is 1..1000 apparently. */ +- p = strjoina(controller, ".bfq.weight"); +- xsprintf(buf, "%" PRIu64 "\n", (weight + 9) / 10); +- (void) set_attribute_and_warn(u, controller, p, buf); ++ * The range is 1..1000 apparently, and the default is 100. */ ++ if (weight <= CGROUP_BLKIO_WEIGHT_DEFAULT) ++ bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT - (CGROUP_BLKIO_WEIGHT_DEFAULT - weight) * (CGROUP_BFQ_WEIGHT_DEFAULT - CGROUP_BFQ_WEIGHT_MIN) / (CGROUP_BLKIO_WEIGHT_DEFAULT - CGROUP_BLKIO_WEIGHT_MIN); ++ else ++ bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT + (weight - CGROUP_BLKIO_WEIGHT_DEFAULT) * (CGROUP_BFQ_WEIGHT_MAX - CGROUP_BFQ_WEIGHT_DEFAULT) / (CGROUP_BLKIO_WEIGHT_MAX - CGROUP_BLKIO_WEIGHT_DEFAULT); ++ ++ xsprintf(buf, "%" PRIu64 "\n", bfq_weight); ++ (void) set_attribute_and_warn(u, "blkio", "blkio.bfq.weight", buf); ++ ++ xsprintf(buf, "%" PRIu64 "\n", weight); ++ (void) set_attribute_and_warn(u, "blkio", "blkio.weight", buf); + } + + static void cgroup_apply_bpf_foreign_program(Unit *u) { +@@ -1322,7 +1355,7 @@ static void cgroup_context_apply( + } else + weight = CGROUP_WEIGHT_DEFAULT; + +- set_io_weight(u, "io", weight); ++ set_io_weight(u, weight); + + if (has_io) { + CGroupIODeviceLatency *latency; +@@ -1392,7 +1425,7 @@ static void cgroup_context_apply( + else + weight = CGROUP_BLKIO_WEIGHT_DEFAULT; + +- set_io_weight(u, "blkio", weight); ++ set_blkio_weight(u, weight); + + if (has_io) { + CGroupIODeviceWeight *w; +-- +2.33.0 +
View file
_service:tar_scm:backport-core-cgroup-use-helper-macro-for-bfq-conversion.patch
Added
@@ -0,0 +1,82 @@ +From d98169555c07668d999ac8ad62718da0ae9eec0f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Wed, 10 Nov 2021 11:37:15 +0100 +Subject: PATCH core/cgroup: use helper macro for bfq conversion + +As suggested in https://github.com/systemd/systemd/pull/20522#discussion_r696699984. + +(cherry picked from commit 311822ac28c99e2fb0e25286bdb72c9188314a66) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/d98169555c07668d999ac8ad62718da0ae9eec0f +--- + src/core/cgroup.c | 34 ++++++++++++++++------------------ + 1 file changed, 16 insertions(+), 18 deletions(-) + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 8b5b403ae8..6e4780f2f6 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -1200,9 +1200,21 @@ static int cgroup_apply_devices(Unit *u) { + return r; + } + ++/* Convert the normal io.weight value to io.bfq.weight */ ++#define BFQ_WEIGHT(weight) \ ++ (weight <= CGROUP_WEIGHT_DEFAULT ? \ ++ CGROUP_BFQ_WEIGHT_DEFAULT - (CGROUP_WEIGHT_DEFAULT - weight) * (CGROUP_BFQ_WEIGHT_DEFAULT - CGROUP_BFQ_WEIGHT_MIN) / (CGROUP_WEIGHT_DEFAULT - CGROUP_WEIGHT_MIN) : \ ++ CGROUP_BFQ_WEIGHT_DEFAULT + (weight - CGROUP_WEIGHT_DEFAULT) * (CGROUP_BFQ_WEIGHT_MAX - CGROUP_BFQ_WEIGHT_DEFAULT) / (CGROUP_WEIGHT_MAX - CGROUP_WEIGHT_DEFAULT)) ++ ++assert_cc(BFQ_WEIGHT(1) == 1); ++assert_cc(BFQ_WEIGHT(50) == 50); ++assert_cc(BFQ_WEIGHT(100) == 100); ++assert_cc(BFQ_WEIGHT(500) == 136); ++assert_cc(BFQ_WEIGHT(5000) == 545); ++assert_cc(BFQ_WEIGHT(10000) == 1000); ++ + static void set_io_weight(Unit *u, uint64_t weight) { + char bufSTRLEN("default \n")+DECIMAL_STR_MAX(uint64_t); +- uint64_t bfq_weight; + + assert(u); + +@@ -1210,12 +1222,7 @@ static void set_io_weight(Unit *u, uint64_t weight) { + * See also: https://github.com/systemd/systemd/pull/13335 and + * https://github.com/torvalds/linux/commit/65752aef0a407e1ef17ec78a7fc31ba4e0b360f9. + * The range is 1..1000 apparently, and the default is 100. */ +- if (weight <= CGROUP_WEIGHT_DEFAULT) +- bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT - (CGROUP_WEIGHT_DEFAULT - weight) * (CGROUP_BFQ_WEIGHT_DEFAULT - CGROUP_BFQ_WEIGHT_MIN) / (CGROUP_WEIGHT_DEFAULT - CGROUP_WEIGHT_MIN); +- else +- bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT + (weight - CGROUP_WEIGHT_DEFAULT) * (CGROUP_BFQ_WEIGHT_MAX - CGROUP_BFQ_WEIGHT_DEFAULT) / (CGROUP_WEIGHT_MAX - CGROUP_WEIGHT_DEFAULT); +- +- xsprintf(buf, "%" PRIu64 "\n", bfq_weight); ++ xsprintf(buf, "%" PRIu64 "\n", BFQ_WEIGHT(weight)); + (void) set_attribute_and_warn(u, "io", "io.bfq.weight", buf); + + xsprintf(buf, "default %" PRIu64 "\n", weight); +@@ -1224,20 +1231,11 @@ static void set_io_weight(Unit *u, uint64_t weight) { + + static void set_blkio_weight(Unit *u, uint64_t weight) { + char bufSTRLEN("\n")+DECIMAL_STR_MAX(uint64_t); +- uint64_t bfq_weight; + + assert(u); + +- /* FIXME: drop this when distro kernels properly support BFQ through "io.weight" +- * See also: https://github.com/systemd/systemd/pull/13335 and +- * https://github.com/torvalds/linux/commit/65752aef0a407e1ef17ec78a7fc31ba4e0b360f9. +- * The range is 1..1000 apparently, and the default is 100. */ +- if (weight <= CGROUP_BLKIO_WEIGHT_DEFAULT) +- bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT - (CGROUP_BLKIO_WEIGHT_DEFAULT - weight) * (CGROUP_BFQ_WEIGHT_DEFAULT - CGROUP_BFQ_WEIGHT_MIN) / (CGROUP_BLKIO_WEIGHT_DEFAULT - CGROUP_BLKIO_WEIGHT_MIN); +- else +- bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT + (weight - CGROUP_BLKIO_WEIGHT_DEFAULT) * (CGROUP_BFQ_WEIGHT_MAX - CGROUP_BFQ_WEIGHT_DEFAULT) / (CGROUP_BLKIO_WEIGHT_MAX - CGROUP_BLKIO_WEIGHT_DEFAULT); +- +- xsprintf(buf, "%" PRIu64 "\n", bfq_weight); ++ /* FIXME: see comment in set_io_weight(). */ ++ xsprintf(buf, "%" PRIu64 "\n", BFQ_WEIGHT(weight)); + (void) set_attribute_and_warn(u, "blkio", "blkio.bfq.weight", buf); + + xsprintf(buf, "%" PRIu64 "\n", weight); +-- +2.33.0 +
View file
_service:tar_scm:backport-core-check-size-before-mmap.patch
Added
@@ -0,0 +1,148 @@ +From d7ff7e3b6e2bd9eee809880d3632b293097e22e7 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann <tobias@stoeckmann.org> +Date: Wed, 2 Mar 2022 22:03:26 +0100 +Subject: PATCH core: check size before mmap + +The data type off_t can be 64 on 32 bit systems if they have large +file support. Since mmap expects a size_t with 32 bits as second +argument truncation could occur. At worst these huge files could +lead to mmaps smaller than the previous check for small files. + +This in turn shouldn't have a lot of impact because mmap allocates +at page size boundaries. This also made the PAGE_ALIGN call in +open_mmap unneeded. In fact it was neither in sync with other mmap +calls nor with its own munmap counterpart in error path. + +If such large files are encountered, which is very unlikely in these +code paths, treat them with the same error as if they are too small. + +(cherry picked from commit 1a823cdeb9faea3849843e0b3dae0fbdd607e8b7) +(cherry picked from commit 6b37adf4a16c8f7e917dfd9f19dab259cda878b2) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/d7ff7e3b6e2bd9eee809880d3632b293097e22e7 +--- + src/basic/fileio.h | 6 ++++++ + src/basic/locale-util.c | 4 ++++ + src/boot/bootctl.c | 2 +- + src/libsystemd/sd-hwdb/sd-hwdb.c | 4 ++++ + src/libsystemd/sd-journal/catalog.c | 4 ++-- + src/libsystemd/sd-journal/compress.c | 4 ++++ + 6 files changed, 21 insertions(+), 3 deletions(-) + +diff --git a/src/basic/fileio.h b/src/basic/fileio.h +index 9bd2037f5b..ee356ddb02 100644 +--- a/src/basic/fileio.h ++++ b/src/basic/fileio.h +@@ -112,6 +112,12 @@ typedef enum ReadLineFlags { + + int read_line_full(FILE *f, size_t limit, ReadLineFlags flags, char **ret); + ++static inline bool file_offset_beyond_memory_size(off_t x) { ++ if (x < 0) /* off_t is signed, filter that out */ ++ return false; ++ return (uint64_t) x > (uint64_t) SIZE_MAX; ++} ++ + static inline int read_line(FILE *f, size_t limit, char **ret) { + return read_line_full(f, limit, 0, ret); + } +diff --git a/src/basic/locale-util.c b/src/basic/locale-util.c +index fd6b01cfaa..b181646abe 100644 +--- a/src/basic/locale-util.c ++++ b/src/basic/locale-util.c +@@ -15,6 +15,7 @@ + #include "dirent-util.h" + #include "env-util.h" + #include "fd-util.h" ++#include "fileio.h" + #include "hashmap.h" + #include "locale-util.h" + #include "path-util.h" +@@ -113,6 +114,9 @@ static int add_locales_from_archive(Set *locales) { + if (st.st_size < (off_t) sizeof(struct locarhead)) + return -EBADMSG; + ++ if (file_offset_beyond_memory_size(st.st_size)) ++ return -EFBIG; ++ + p = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0); + if (p == MAP_FAILED) + return -errno; +diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c +index bd96812246..d6eb6d00a5 100644 +--- a/src/boot/bootctl.c ++++ b/src/boot/bootctl.c +@@ -145,7 +145,7 @@ static int get_file_version(int fd, char **v) { + if (r < 0) + return log_error_errno(r, "EFI binary is not a regular file: %m"); + +- if (st.st_size < 27) { ++ if (st.st_size < 27 || file_offset_beyond_memory_size(st.st_size)) { + *v = NULL; + return 0; + } +diff --git a/src/libsystemd/sd-hwdb/sd-hwdb.c b/src/libsystemd/sd-hwdb/sd-hwdb.c +index 53601765fe..748cf26934 100644 +--- a/src/libsystemd/sd-hwdb/sd-hwdb.c ++++ b/src/libsystemd/sd-hwdb/sd-hwdb.c +@@ -15,6 +15,7 @@ + + #include "alloc-util.h" + #include "fd-util.h" ++#include "fileio.h" + #include "hashmap.h" + #include "hwdb-internal.h" + #include "nulstr-util.h" +@@ -312,6 +313,9 @@ _public_ int sd_hwdb_new(sd_hwdb **ret) { + if (hwdb->st.st_size < (off_t) offsetof(struct trie_header_f, strings_len) + 8) + return log_debug_errno(SYNTHETIC_ERRNO(EIO), + "File %s is too short: %m", hwdb_bin_path); ++ if (file_offset_beyond_memory_size(hwdb->st.st_size)) ++ return log_debug_errno(SYNTHETIC_ERRNO(EFBIG), ++ "File %s is too long: %m", hwdb_bin_path); + + hwdb->map = mmap(0, hwdb->st.st_size, PROT_READ, MAP_SHARED, fileno(hwdb->f), 0); + if (hwdb->map == MAP_FAILED) +diff --git a/src/libsystemd/sd-journal/catalog.c b/src/libsystemd/sd-journal/catalog.c +index ce8d47ccc3..f2ad1a2039 100644 +--- a/src/libsystemd/sd-journal/catalog.c ++++ b/src/libsystemd/sd-journal/catalog.c +@@ -524,10 +524,10 @@ static int open_mmap(const char *database, int *_fd, struct stat *_st, void **_p + if (fstat(fd, &st) < 0) + return -errno; + +- if (st.st_size < (off_t) sizeof(CatalogHeader)) ++ if (st.st_size < (off_t) sizeof(CatalogHeader) || file_offset_beyond_memory_size(st.st_size)) + return -EINVAL; + +- p = mmap(NULL, PAGE_ALIGN(st.st_size), PROT_READ, MAP_SHARED, fd, 0); ++ p = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0); + if (p == MAP_FAILED) + return -errno; + +diff --git a/src/libsystemd/sd-journal/compress.c b/src/libsystemd/sd-journal/compress.c +index 837abab76c..cb2e82667f 100644 +--- a/src/libsystemd/sd-journal/compress.c ++++ b/src/libsystemd/sd-journal/compress.c +@@ -25,6 +25,7 @@ + #include "alloc-util.h" + #include "compress.h" + #include "fd-util.h" ++#include "fileio.h" + #include "io-util.h" + #include "journal-def.h" + #include "macro.h" +@@ -807,6 +808,9 @@ int decompress_stream_lz4(int in, int out, uint64_t max_bytes) { + if (fstat(in, &st) < 0) + return log_debug_errno(errno, "fstat() failed: %m"); + ++ if (file_offset_beyond_memory_size(st.st_size)) ++ return -EFBIG; ++ + buf = malloc(LZ4_BUFSIZE); + if (!buf) + return -ENOMEM; +-- +2.33.0 +
View file
_service:tar_scm:backport-core-command-argument-can-be-longer-than-PATH_MAX.patch
Added
@@ -0,0 +1,69 @@ +From a8a4d9a65902b8bfb15395479451070e9644560a Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Tue, 5 Apr 2022 21:47:46 +0900 +Subject: PATCH core: command argument can be longer than PATH_MAX + +Fixes a bug introduced by 065364920281e1cf59cab989e17aff21790505c4. + +Fixes #22957. + +(cherry picked from commit 58dd4999dcc81a0ed92fbd78bce3592c3e3afe9e) +(cherry picked from commit 9727b9ee7b90afb8fa0e6328dcb6c34b1522d4fd) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/a8a4d9a65902b8bfb15395479451070e9644560a +--- + src/core/load-fragment.c | 2 +- + src/test/test-load-fragment.c | 16 ++++++++++++++++ + 2 files changed, 17 insertions(+), 1 deletion(-) + +diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c +index 399a759ad0..cd07f3e60d 100644 +--- a/src/core/load-fragment.c ++++ b/src/core/load-fragment.c +@@ -849,7 +849,7 @@ int config_parse_exec( + if (r < 0) + return ignore ? 0 : -ENOEXEC; + +- r = unit_path_printf(u, word, &resolved); ++ r = unit_full_printf(u, word, &resolved); + if (r < 0) { + log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r, + "Failed to resolve unit specifiers in %s%s: %m", +diff --git a/src/test/test-load-fragment.c b/src/test/test-load-fragment.c +index b41a8abf7b..1a0a0579b2 100644 +--- a/src/test/test-load-fragment.c ++++ b/src/test/test-load-fragment.c +@@ -10,6 +10,7 @@ + #include "capability-util.h" + #include "conf-parser.h" + #include "fd-util.h" ++#include "fileio.h" + #include "format-util.h" + #include "fs-util.h" + #include "hashmap.h" +@@ -412,6 +413,21 @@ static void test_config_parse_exec(void) { + assert_se(r == 0); + assert_se(c1->command_next == NULL); + ++ log_info("/* long arg */"); /* See issue #22957. */ ++ ++ char xLONG_LINE_MAX-100, *y; ++ y = mempcpy(x, "/bin/echo ", STRLEN("/bin/echo ")); ++ memset(y, 'x', sizeof(x) - STRLEN("/bin/echo ") - 1); ++ xsizeof(x) - 1 = '\0'; ++ ++ r = config_parse_exec(NULL, "fake", 5, "section", 1, ++ "LValue", 0, x, ++ &c, u); ++ assert_se(r >= 0); ++ c1 = c1->command_next; ++ check_execcommand(c1, ++ "/bin/echo", NULL, y, NULL, false); ++ + log_info("/* empty argument, reset */"); + r = config_parse_exec(NULL, "fake", 4, "section", 1, + "LValue", 0, "", +-- +2.33.0 +
View file
_service:tar_scm:backport-core-don-t-fail-on-EEXIST-when-creating-mount-point.patch
Added
@@ -0,0 +1,33 @@ +From 37e8b3a312e64886c6fb1401c741dee7c8c102f4 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi <luca.boccassi@microsoft.com> +Date: Fri, 28 Jan 2022 22:56:10 +0000 +Subject: PATCH core: don't fail on EEXIST when creating mount point + +systemd1016: Failed to mount /tmp/app1 (type n/a) on /run/systemd/unit-extensions/1 (MS_BIND ): No such file or directory +systemd1016: Failed to create destination mount point node '/run/systemd/unit-extensions/1': File exists + +(cherry picked from commit 9d6d4c305ab8d65aab7f546450d7331f760b7259) +(cherry picked from commit ae8bc570a81e1286eb5b59a77ef179a500b95f9d) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/37e8b3a312e64886c6fb1401c741dee7c8c102f4 +--- + src/core/namespace.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/namespace.c b/src/core/namespace.c +index a6c6963bb7..19942d912f 100644 +--- a/src/core/namespace.c ++++ b/src/core/namespace.c +@@ -1380,7 +1380,7 @@ static int apply_one_mount( + (void) mkdir_parents(mount_entry_path(m), 0755); + + q = make_mount_point_inode_from_path(what, mount_entry_path(m), 0755); +- if (q < 0) ++ if (q < 0 && q != -EEXIST) + log_error_errno(q, "Failed to create destination mount point node '%s': %m", + mount_entry_path(m)); + else +-- +2.33.0 +
View file
_service:tar_scm:backport-core-fix-SIGABRT-on-empty-exec-command-argv.patch
Changed
@@ -1,7 +1,7 @@ -From 29500cf8c47e6eb0518d171d62aa8213020c9152 Mon Sep 17 00:00:00 2001 +From 7a58bf7aac8b2c812ee0531b0cc426e0067edd35 Mon Sep 17 00:00:00 2001 From: Henri Chain <henri.chain@enioka.com> Date: Tue, 5 Oct 2021 13:10:31 +0200 -Subject: PATCH 1/2 core: fix SIGABRT on empty exec command argv +Subject: PATCH core: fix SIGABRT on empty exec command argv This verifies that the argv part of any exec_command parameters that are sent through dbus is not empty at deserialization time. @@ -11,6 +11,11 @@ has been loaded, whether through dbus or otherwise. Fixes #20933. + +(cherry picked from commit 29500cf8c47e6eb0518d171d62aa8213020c9152) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/7a58bf7aac8b2c812ee0531b0cc426e0067edd35 --- src/core/dbus-execute.c | 4 ++++ src/core/service.c | 10 ++++++++++ @@ -18,10 +23,10 @@ 3 files changed, 45 insertions(+) diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c -index 488de1242a..5665656b7b 100644 +index 50daef6702..902e074bd2 100644 --- a/src/core/dbus-execute.c +++ b/src/core/dbus-execute.c -@@ -1423,6 +1423,10 @@ int bus_set_transient_exec_command( +@@ -1421,6 +1421,10 @@ int bus_set_transient_exec_command( if (r < 0) return r; @@ -33,10 +38,10 @@ if (r < 0) return r; diff --git a/src/core/service.c b/src/core/service.c -index 9299813d45..4c75819a8f 100644 +index b7cfc04c84..e061d488c7 100644 --- a/src/core/service.c +++ b/src/core/service.c -@@ -564,6 +564,16 @@ static int service_verify(Service *s) { +@@ -548,6 +548,16 @@ static int service_verify(Service *s) { assert(s); assert(UNIT(s)->load_state == UNIT_LOADED); @@ -96,5 +101,5 @@ echo OK >/testok -- -2.27.0 +2.33.0
View file
_service:tar_scm:backport-core-fix-free-undefined-pointer-when-strdup-failed-i.patch
Changed
@@ -1,15 +1,19 @@ -From 1509274359979079e3e61899ce12fc8b0f0958d9 Mon Sep 17 00:00:00 2001 +From b5162039b2309b78a9c1feb6cc1355988e02b6c3 Mon Sep 17 00:00:00 2001 From: xujing <17826839720@163.com> Date: Wed, 8 Sep 2021 14:26:20 +0800 Subject: PATCH core: fix free undefined pointer when strdup failed in the first loop +(cherry picked from commit 1509274359979079e3e61899ce12fc8b0f0958d9) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/b5162039b2309b78a9c1feb6cc1355988e02b6c3 --- src/core/load-fragment.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c -index 92815b1dbaea..1c8159a23550 100644 +index 8fb3c378ee..399a759ad0 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -800,7 +800,7 @@ int config_parse_exec( @@ -30,4 +34,6 @@ return log_oom(); w = strdup(";"); +-- +2.33.0
View file
_service:tar_scm:backport-core-ignore-failure-on-setting-smack-process-label-w.patch
Added
@@ -0,0 +1,30 @@ +From 4e057fc39be6ce27afcf0371ebcb7e224a7eeb2d Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Mon, 1 Nov 2021 13:48:32 +0900 +Subject: PATCH core: ignore failure on setting smack process label when + allowed + +(cherry picked from commit 29ff62473b119c0e1d3467148eddcdccc2c9b732) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/4e057fc39be6ce27afcf0371ebcb7e224a7eeb2d +--- + src/core/execute.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/execute.c b/src/core/execute.c +index e324db87cc..2f2de4d9cf 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -4408,7 +4408,7 @@ static int exec_child( + * process. This is the latest place before dropping capabilities. Other MAC context are set later. */ + if (use_smack) { + r = setup_smack(context, executable_fd); +- if (r < 0) { ++ if (r < 0 && !context->smack_process_label_ignore) { + *exit_status = EXIT_SMACK_PROCESS_LABEL; + return log_unit_error_errno(unit, r, "Failed to set SMACK process label: %m"); + } +-- +2.33.0 +
View file
_service:tar_scm:backport-core-mount-add-implicit-unit-dependencies-even-if-wh.patch
Added
@@ -0,0 +1,34 @@ +From 1bb8af46d1181a407cbc858025b85392f3af7812 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sun, 29 Aug 2021 21:20:43 +0900 +Subject: PATCH core/mount: add implicit unit dependencies even if when mount + unit is generated from /proc/self/mountinfo + +Hopefully fixes #20566. + +(cherry picked from commit aebff2e7ce209fc2d75b894a3ae8b80f6f36ec11) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/1bb8af46d1181a407cbc858025b85392f3af7812 +--- + src/core/mount.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/core/mount.c b/src/core/mount.c +index cde4b52731..9bec190cb6 100644 +--- a/src/core/mount.c ++++ b/src/core/mount.c +@@ -1576,6 +1576,10 @@ static int mount_setup_new_unit( + if (r < 0) + return r; + ++ r = mount_add_non_exec_dependencies(MOUNT(u)); ++ if (r < 0) ++ return r; ++ + /* This unit was generated because /proc/self/mountinfo reported it. Remember this, so that by the time we load + * the unit file for it (and thus add in extra deps right after) we know what source to attributes the deps + * to. */ +-- +2.33.0 +
View file
_service:tar_scm:backport-core-namespace-allow-using-ProtectSubset-pid-and-Pro.patch
Added
@@ -0,0 +1,53 @@ +From eeb50421761e3ac562e96c47fb5f0f6ed622cfe1 Mon Sep 17 00:00:00 2001 +From: Christian Brauner <brauner@kernel.org> +Date: Fri, 21 Jan 2022 13:08:19 +0100 +Subject: PATCH core/namespace: allow using ProtectSubset=pid and + ProtectHostname=true together + +If a service requests both ProtectSubset=pid and ProtectHostname=true +then it will currently fail to start. The ProcSubset=pid option +instructs systemd to mount procfs for the service with subset=pid which +hides all entries other than /proc/<pid>. Consequently trying to +interact with the two files /proc/sys/kernel/{hostname,domainname} +covered by ProtectHostname=true will fail. + +Fix this by only performing this check when ProtectSubset=pid is not +requested. Essentially ProtectSubset=pid implies/provides +ProtectHostname=true. + +(cherry picked from commit 1361f015773e3b4d74e382edf1565f3315a3396b) +(cherry picked from commit a727941affa7821592d503c8a5033c92d615f64c) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/eeb50421761e3ac562e96c47fb5f0f6ed622cfe1 +--- + src/core/namespace.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/core/namespace.c b/src/core/namespace.c +index e3aebe8b5e..5961b14f98 100644 +--- a/src/core/namespace.c ++++ b/src/core/namespace.c +@@ -2115,14 +2115,19 @@ int setup_namespace( + goto finish; + } + ++ /* Note, if proc is mounted with subset=pid then neither of the ++ * two paths will exist, i.e. they are implicitly protected by ++ * the mount option. */ + if (ns_info->protect_hostname) { + *(m++) = (MountEntry) { + .path_const = "/proc/sys/kernel/hostname", + .mode = READONLY, ++ .ignore = ignore_protect_proc, + }; + *(m++) = (MountEntry) { + .path_const = "/proc/sys/kernel/domainname", + .mode = READONLY, ++ .ignore = ignore_protect_proc, + }; + } + +-- +2.33.0 +
View file
_service:tar_scm:backport-core-namespace-s-normalize_mounts-drop_unused_mounts.patch
Added
@@ -0,0 +1,65 @@ +From 2540b0e3e0aa3e9bc4eef39723aa869f235923dd Mon Sep 17 00:00:00 2001 +From: Christian Brauner <brauner@kernel.org> +Date: Mon, 24 Jan 2022 10:12:57 +0100 +Subject: PATCH core/namespace: s/normalize_mounts()/drop_unused_mounts() + +Rename the normalize_mounts() helper to drop_unused_mounts. All the +helpers called in there get rid of mounts that are unused for a variety +of reasons. And whereas the helpers are aptly prefixed with "drop" the +overall helper isn't and instead uses "normalize". + +Make it more obvious what the helper actually does by renaming it from +normalize_mounts() to drop_unused_mounts(). Readers of code calling this +helper will immediately see that it will get rid of unused mounts. + +Link: https://github.com/systemd/systemd/issues/22206 +(cherry picked from commit fbf90c0d5cadc5d1e95485f770f45a7d4cd39daa) +(cherry picked from commit 09936a7ec92c859b3c4c9520ecd49c2909a8b35c) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/2540b0e3e0aa3e9bc4eef39723aa869f235923dd +--- + src/core/namespace.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/src/core/namespace.c b/src/core/namespace.c +index 5961b14f98..a6c6963bb7 100644 +--- a/src/core/namespace.c ++++ b/src/core/namespace.c +@@ -1578,7 +1578,14 @@ static size_t namespace_calculate_mounts( + ns_info->private_ipc; /* /dev/mqueue */ + } + +-static void normalize_mounts(const char *root_directory, MountEntry *mounts, size_t *n_mounts) { ++/* Walk all mount entries and dropping any unused mounts. This affects all ++ * mounts: ++ * - that are implicitly protected by a path that has been rendered inaccessible ++ * - whose immediate parent requests the same protection mode as the mount itself ++ * - that are outside of the relevant root directory ++ * - which are duplicates ++ */ ++static void drop_unused_mounts(const char *root_directory, MountEntry *mounts, size_t *n_mounts) { + assert(root_directory); + assert(n_mounts); + assert(mounts || *n_mounts == 0); +@@ -1659,7 +1666,7 @@ static int apply_mounts( + if (!again) + break; + +- normalize_mounts(root, mounts, n_mounts); ++ drop_unused_mounts(root, mounts, n_mounts); + } + + /* Create a deny list we can pass to bind_mount_recursive() */ +@@ -2208,7 +2215,7 @@ int setup_namespace( + if (r < 0) + goto finish; + +- normalize_mounts(root, mounts, &n_mounts); ++ drop_unused_mounts(root, mounts, &n_mounts); + } + + /* All above is just preparation, figuring out what to do. Let's now actually start doing something. */ +-- +2.33.0 +
View file
_service:tar_scm:backport-core-normalize-r-variable-handling-in-unit_attach_pi.patch
Added
@@ -0,0 +1,125 @@ +From 84ec6a0043f7a447157753fb12e991ebce6e14b7 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Wed, 27 Oct 2021 23:08:58 +0200 +Subject: PATCH core: normalize 'r' variable handling in + unit_attach_pids_to_cgroup() a bit + +The 'r' variable is our "go-to" variable for error return codes, all +across our codebase. In unit_attach_pids_to_cgroup() it was so far used +in a strange way for most of the function: instead of directly storing +the error codes of functions we call we'd store it in a local variable +'q' instead, and propagate it to 'r' only in some cases finally we'd +return the ultimate result of 'r'. + +Let's normalize this a bit: let's always store error return values in +'r', and then use 'ret' as the variable to sometimes propagate errors +to, and then return that. + +This also allows us to get rid of one local variable. + +No actual codeflow changes, just some renaming of variables that allows +us to remove one. + +(cherry picked from commit db4229d12f48663400802171b336c7cadbbe04ef) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/84ec6a0043f7a447157753fb12e991ebce6e14b7 +--- + src/core/cgroup.c | 38 +++++++++++++++++++------------------- + 1 file changed, 19 insertions(+), 19 deletions(-) + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 5c07aa71d1..1551d57e90 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -2137,7 +2137,7 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { + CGroupMask delegated_mask; + const char *p; + void *pidp; +- int r, q; ++ int ret, r; + + assert(u); + +@@ -2164,16 +2164,16 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { + + delegated_mask = unit_get_delegate_mask(u); + +- r = 0; ++ ret = 0; + SET_FOREACH(pidp, pids) { + pid_t pid = PTR_TO_PID(pidp); + + /* First, attach the PID to the main cgroup hierarchy */ +- q = cg_attach(SYSTEMD_CGROUP_CONTROLLER, p, pid); +- if (q < 0) { +- bool again = MANAGER_IS_USER(u->manager) && ERRNO_IS_PRIVILEGE(q); ++ r = cg_attach(SYSTEMD_CGROUP_CONTROLLER, p, pid); ++ if (r < 0) { ++ bool again = MANAGER_IS_USER(u->manager) && ERRNO_IS_PRIVILEGE(r); + +- log_unit_full_errno(u, again ? LOG_DEBUG : LOG_INFO, q, ++ log_unit_full_errno(u, again ? LOG_DEBUG : LOG_INFO, r, + "Couldn't move process "PID_FMT" to%s requested cgroup '%s': %m", + pid, again ? " directly" : "", empty_to_root(p)); + +@@ -2192,16 +2192,16 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { + continue; /* When the bus thing worked via the bus we are fully done for this PID. */ + } + +- if (r >= 0) +- r = q; /* Remember first error */ ++ if (ret >= 0) ++ ret = r; /* Remember first error */ + + continue; + } + +- q = cg_all_unified(); +- if (q < 0) +- return q; +- if (q > 0) ++ r = cg_all_unified(); ++ if (r < 0) ++ return r; ++ if (r > 0) + continue; + + /* In the legacy hierarchy, attach the process to the request cgroup if possible, and if not to the +@@ -2216,11 +2216,11 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { + + /* If this controller is delegated and realized, honour the caller's request for the cgroup suffix. */ + if (delegated_mask & u->cgroup_realized_mask & bit) { +- q = cg_attach(cgroup_controller_to_string(c), p, pid); +- if (q >= 0) ++ r = cg_attach(cgroup_controller_to_string(c), p, pid); ++ if (r >= 0) + continue; /* Success! */ + +- log_unit_debug_errno(u, q, "Failed to attach PID " PID_FMT " to requested cgroup %s in controller %s, falling back to unit's cgroup: %m", ++ log_unit_debug_errno(u, r, "Failed to attach PID " PID_FMT " to requested cgroup %s in controller %s, falling back to unit's cgroup: %m", + pid, empty_to_root(p), cgroup_controller_to_string(c)); + } + +@@ -2231,14 +2231,14 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { + if (!realized) + continue; /* Not even realized in the root slice? Then let's not bother */ + +- q = cg_attach(cgroup_controller_to_string(c), realized, pid); +- if (q < 0) +- log_unit_debug_errno(u, q, "Failed to attach PID " PID_FMT " to realized cgroup %s in controller %s, ignoring: %m", ++ r = cg_attach(cgroup_controller_to_string(c), realized, pid); ++ if (r < 0) ++ log_unit_debug_errno(u, r, "Failed to attach PID " PID_FMT " to realized cgroup %s in controller %s, ignoring: %m", + pid, realized, cgroup_controller_to_string(c)); + } + } + +- return r; ++ return ret; + } + + static bool unit_has_mask_realized( +-- +2.33.0 +
View file
_service:tar_scm:backport-core-really-skip-automatic-restart-when-a-JOB_STOP-j.patch
Added
@@ -0,0 +1,54 @@ +From b17f9c7c8db6959227cebf1b30ed1698d024382e Mon Sep 17 00:00:00 2001 +From: Franck Bui <fbui@suse.com> +Date: Fri, 18 Feb 2022 10:06:24 +0100 +Subject: PATCH core: really skip automatic restart when a JOB_STOP job is + pending + +It's not clear why we rescheduled a service auto restart while a stop job for +the unit was pending. The comment claims that the unit shouldn't be restarted +but the code did reschedule an auto restart meanwhile. + +In practice that was rarely an issue because the service waited for the next +auto restart to be rescheduled, letting the queued stop job to be proceed and +service_stop() to be called preventing the next restart to complete. + +However when RestartSec=0, the timer expired right away making PID1 to +reschedule the unit again, making the timer expired right away... and so +on. This busy loop prevented PID1 to handle any queued jobs (and hence giving +no chance to the start rate limiting to trigger), which made the busy loop last +forever. + +This patch breaks this loop by skipping the reschedule of the unit auto restart +and hence not depending on the value of u->restart_usec anymore. + +Fixes: #13667 +(cherry picked from commit c972880640ee19e89ce9265d8eae1b3aae190332) +(cherry picked from commit 2198c08d0786c5cec1b39283831969b2cc1adf40) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/b17f9c7c8db6959227cebf1b30ed1698d024382e +--- + src/core/service.c | 7 +------ + 1 file changed, 1 insertion(+), 6 deletions(-) + +diff --git a/src/core/service.c b/src/core/service.c +index a480edc439..21bf3dc28c 100644 +--- a/src/core/service.c ++++ b/src/core/service.c +@@ -2267,12 +2267,7 @@ static void service_enter_restart(Service *s) { + + if (unit_has_job_type(UNIT(s), JOB_STOP)) { + /* Don't restart things if we are going down anyway */ +- log_unit_info(UNIT(s), "Stop job pending for unit, delaying automatic restart."); +- +- r = service_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->restart_usec)); +- if (r < 0) +- goto fail; +- ++ log_unit_info(UNIT(s), "Stop job pending for unit, skipping automatic restart."); + return; + } + +-- +2.33.0 +
View file
_service:tar_scm:backport-core-refuse-to-mount-ExtensionImages-if-the-base-lay.patch
Added
@@ -0,0 +1,34 @@ +From af8d87d6bc8506629f1e73599ccdc4b8f8eaa6c8 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi <luca.boccassi@microsoft.com> +Date: Wed, 19 Jan 2022 00:08:57 +0000 +Subject: PATCH core: refuse to mount ExtensionImages if the base layer + doesn't at least have ID in os-release + +We can't match an extension if we don't at least have an ID, +so refuse to continue + +(cherry picked from commit 78ab2b5064a0f87579ce5430f9cb83bba0db069a) +(cherry picked from commit 179bd47f04c538ed1f2c1de2cf2c18f17b027a51) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/af8d87d6bc8506629f1e73599ccdc4b8f8eaa6c8 +--- + src/core/namespace.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/core/namespace.c b/src/core/namespace.c +index b933d46cf6..e3aebe8b5e 100644 +--- a/src/core/namespace.c ++++ b/src/core/namespace.c +@@ -1151,6 +1151,8 @@ static int mount_image(const MountEntry *m, const char *root_directory) { + NULL); + if (r < 0) + return log_debug_errno(r, "Failed to acquire 'os-release' data of OS tree '%s': %m", empty_to_root(root_directory)); ++ if (isempty(host_os_release_id)) ++ return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "'ID' field not found or empty in 'os-release' data of OS tree '%s': %m", empty_to_root(root_directory)); + } + + r = verity_dissect_and_mount( +-- +2.33.0 +
View file
_service:tar_scm:backport-core-replace-slice-dependencies-as-they-get-added.patch
Added
@@ -0,0 +1,178 @@ +From b68731eeb692a4cfcdf5790ae118ebf21d827301 Mon Sep 17 00:00:00 2001 +From: Anita Zhang <the.anitazha@gmail.com> +Date: Tue, 9 Nov 2021 15:26:28 -0800 +Subject: PATCH core: replace slice dependencies as they get added + +Defines a "UNIT_DEPENDENCY_SLICE_PROPERTY" UnitDependencyMask type that +is used when adding slices to the dependencies hashmap. This type is +used to remove slice dependencies when they get overridden by new ones. + +Fixes #20182 + +Reference:https://github.com/systemd/systemd/commit/899acf5c2d4b89caa891d05ccfa4be828a999c2d +Conflict: NA +--- + src/core/dbus-unit.c | 2 +- + src/core/load-fragment.c | 2 +- + src/core/unit-serialize.c | 1 + + src/core/unit.c | 10 +++++++--- + src/core/unit.h | 7 +++++-- + src/test/test-engine.c | 31 ++++++++++++++++++++++++++++++- + 6 files changed, 45 insertions(+), 8 deletions(-) + +diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c +index aa10939..c42ae5e 100644 +--- a/src/core/dbus-unit.c ++++ b/src/core/dbus-unit.c +@@ -2272,7 +2272,7 @@ static int bus_unit_set_transient_property( + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Unit name '%s' is not a slice", s); + + if (!UNIT_WRITE_FLAGS_NOOP(flags)) { +- r = unit_set_slice(u, slice, UNIT_DEPENDENCY_FILE); ++ r = unit_set_slice(u, slice); + if (r < 0) + return r; + +diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c +index 399a759..3f5d6d3 100644 +--- a/src/core/load-fragment.c ++++ b/src/core/load-fragment.c +@@ -3575,7 +3575,7 @@ int config_parse_unit_slice( + return 0; + } + +- r = unit_set_slice(u, slice, UNIT_DEPENDENCY_FILE); ++ r = unit_set_slice(u, slice); + if (r < 0) { + log_syntax(unit, LOG_WARNING, filename, line, r, "Failed to assign slice %s to unit %s, ignoring: %m", slice->id, u->id); + return 0; +diff --git a/src/core/unit-serialize.c b/src/core/unit-serialize.c +index 689a536..3544f18 100644 +--- a/src/core/unit-serialize.c ++++ b/src/core/unit-serialize.c +@@ -571,6 +571,7 @@ static void print_unit_dependency_mask(FILE *f, const char *kind, UnitDependency + { UNIT_DEPENDENCY_MOUNTINFO_IMPLICIT, "mountinfo-implicit" }, + { UNIT_DEPENDENCY_MOUNTINFO_DEFAULT, "mountinfo-default" }, + { UNIT_DEPENDENCY_PROC_SWAP, "proc-swap" }, ++ { UNIT_DEPENDENCY_SLICE_PROPERTY, "slice-property" }, + }; + + assert(f); +diff --git a/src/core/unit.c b/src/core/unit.c +index ffcf8eb..bff0527 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -3267,7 +3267,7 @@ reset: + return r; + } + +-int unit_set_slice(Unit *u, Unit *slice, UnitDependencyMask mask) { ++int unit_set_slice(Unit *u, Unit *slice) { + int r; + + assert(u); +@@ -3300,7 +3300,11 @@ int unit_set_slice(Unit *u, Unit *slice, UnitDependencyMask mask) { + if (UNIT_GET_SLICE(u) && u->cgroup_realized) + return -EBUSY; + +- r = unit_add_dependency(u, UNIT_IN_SLICE, slice, true, mask); ++ /* Remove any slices assigned prior; we should only have one UNIT_IN_SLICE dependency */ ++ if (UNIT_GET_SLICE(u)) ++ unit_remove_dependencies(u, UNIT_DEPENDENCY_SLICE_PROPERTY); ++ ++ r = unit_add_dependency(u, UNIT_IN_SLICE, slice, true, UNIT_DEPENDENCY_SLICE_PROPERTY); + if (r < 0) + return r; + +@@ -3353,7 +3357,7 @@ int unit_set_default_slice(Unit *u) { + if (r < 0) + return r; + +- return unit_set_slice(u, slice, UNIT_DEPENDENCY_FILE); ++ return unit_set_slice(u, slice); + } + + const char *unit_slice_name(Unit *u) { +diff --git a/src/core/unit.h b/src/core/unit.h +index 759104f..6dc2bcb 100644 +--- a/src/core/unit.h ++++ b/src/core/unit.h +@@ -88,7 +88,10 @@ typedef enum UnitDependencyMask { + /* A dependency created because of data read from /proc/swaps and no other configuration source */ + UNIT_DEPENDENCY_PROC_SWAP = 1 << 7, + +- _UNIT_DEPENDENCY_MASK_FULL = (1 << 8) - 1, ++ /* A dependency for units in slices assigned by directly setting Slice= */ ++ UNIT_DEPENDENCY_SLICE_PROPERTY = 1 << 8, ++ ++ _UNIT_DEPENDENCY_MASK_FULL = (1 << 9) - 1, + } UnitDependencyMask; + + /* The Unit's dependencies hashmaps use this structure as value. It has the same size as a void pointer, and thus can +@@ -761,7 +764,7 @@ Unit *unit_follow_merge(Unit *u) _pure_; + int unit_load_fragment_and_dropin(Unit *u, bool fragment_required); + int unit_load(Unit *unit); + +-int unit_set_slice(Unit *u, Unit *slice, UnitDependencyMask mask); ++int unit_set_slice(Unit *u, Unit *slice); + int unit_set_default_slice(Unit *u); + + const char *unit_description(Unit *u) _pure_; +diff --git a/src/test/test-engine.c b/src/test/test-engine.c +index 6dc1619..1ac15a8 100644 +--- a/src/test/test-engine.c ++++ b/src/test/test-engine.c +@@ -8,6 +8,7 @@ + #include "manager-dump.h" + #include "rm-rf.h" + #include "service.h" ++#include "slice.h" + #include "special.h" + #include "strv.h" + #include "tests.h" +@@ -75,7 +76,8 @@ int main(int argc, char *argv) { + _cleanup_(sd_bus_error_free) sd_bus_error err = SD_BUS_ERROR_NULL; + _cleanup_(manager_freep) Manager *m = NULL; + Unit *a = NULL, *b = NULL, *c = NULL, *d = NULL, *e = NULL, *g = NULL, +- *h = NULL, *i = NULL, *a_conj = NULL, *unit_with_multiple_dashes = NULL, *stub = NULL; ++ *h = NULL, *i = NULL, *a_conj = NULL, *unit_with_multiple_dashes = NULL, *stub = NULL, ++ *tomato = NULL, *sauce = NULL, *fruit = NULL, *zupa = NULL; + Job *j; + int r; + +@@ -260,5 +262,32 @@ int main(int argc, char *argv) { + + verify_dependency_atoms(); + ++ /* Test adding multiple Slice= dependencies; only the last should remain */ ++ assert_se(unit_new_for_name(m, sizeof(Service), "tomato.service", &tomato) >= 0); ++ assert_se(unit_new_for_name(m, sizeof(Slice), "sauce.slice", &sauce) >= 0); ++ assert_se(unit_new_for_name(m, sizeof(Slice), "fruit.slice", &fruit) >= 0); ++ assert_se(unit_new_for_name(m, sizeof(Slice), "zupa.slice", &zupa) >= 0); ++ ++ unit_set_slice(tomato, sauce); ++ unit_set_slice(tomato, fruit); ++ unit_set_slice(tomato, zupa); ++ ++ assert_se(UNIT_GET_SLICE(tomato) == zupa); ++ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_IN_SLICE, sauce)); ++ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_IN_SLICE, fruit)); ++ assert_se(unit_has_dependency(tomato, UNIT_ATOM_IN_SLICE, zupa)); ++ ++ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_REFERENCES, sauce)); ++ assert_se(!unit_has_dependency(tomato, UNIT_ATOM_REFERENCES, fruit)); ++ assert_se(unit_has_dependency(tomato, UNIT_ATOM_REFERENCES, zupa)); ++ ++ assert_se(!unit_has_dependency(sauce, UNIT_ATOM_SLICE_OF, tomato)); ++ assert_se(!unit_has_dependency(fruit, UNIT_ATOM_SLICE_OF, tomato)); ++ assert_se(unit_has_dependency(zupa, UNIT_ATOM_SLICE_OF, tomato)); ++ ++ assert_se(!unit_has_dependency(sauce, UNIT_ATOM_REFERENCED_BY, tomato)); ++ assert_se(!unit_has_dependency(fruit, UNIT_ATOM_REFERENCED_BY, tomato)); ++ assert_se(unit_has_dependency(zupa, UNIT_ATOM_REFERENCED_BY, tomato)); ++ + return 0; + } +-- +1.8.3.1 +
View file
_service:tar_scm:backport-core-respect-install_sysconfdir_samples-in-meson-fil.patch
Added
@@ -0,0 +1,34 @@ +From d36785b19b10ec04ae7b87cdb402de4126e17bca Mon Sep 17 00:00:00 2001 +From: Andreas Rammhold <andreas@rammhold.de> +Date: Mon, 26 Jul 2021 16:57:43 +0200 +Subject: PATCH core: respect install_sysconfdir_samples in meson file + +The refactoring done in e11a25cadbe caused the configuration files to be +installed into the pkgsysconfdir regardless of the state of the +install_sysconfdir_samples boolean that indicates whether or not the +sample files should be installed. + +(cherry picked from commit cfd760b6a77808d0b9451ed618a23b6259fe525f) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/d36785b19b10ec04ae7b87cdb402de4126e17bca +--- + src/core/meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/meson.build b/src/core/meson.build +index f0d2c6f642..c66538eab1 100644 +--- a/src/core/meson.build ++++ b/src/core/meson.build +@@ -193,7 +193,7 @@ foreach item : in_files + output: file, + command : meson_render_jinja2, config_h, '@INPUT@', + capture : true, +- install : dir != 'no', ++ install : (dir == pkgsysconfdir and install_sysconfdir_samples) or (dir != pkgsysconfdir and dir != 'no'), + install_dir : dir) + endforeach + +-- +2.33.0 +
View file
_service:tar_scm:backport-core-service-also-check-path-in-exec-commands.patch
Changed
@@ -1,17 +1,21 @@ -From 8688a389cabdff61efe187bb85cc1776de03c460 Mon Sep 17 00:00:00 2001 +From b3978cf401306a793c7531299a5e9b3c63e53a27 Mon Sep 17 00:00:00 2001 From: Yu Watanabe <watanabe.yu+github@gmail.com> Date: Wed, 6 Oct 2021 00:19:41 +0900 -Subject: PATCH 2/2 core/service: also check path in exec commands +Subject: PATCH core/service: also check path in exec commands +(cherry picked from commit 8688a389cabdff61efe187bb85cc1776de03c460) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/b3978cf401306a793c7531299a5e9b3c63e53a27 --- src/core/service.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/core/service.c b/src/core/service.c -index 4c75819a8f..54d8d0c760 100644 +index e061d488c7..701c145565 100644 --- a/src/core/service.c +++ b/src/core/service.c -@@ -567,11 +567,17 @@ static int service_verify(Service *s) { +@@ -551,11 +551,17 @@ static int service_verify(Service *s) { for (ServiceExecCommand c = 0; c < _SERVICE_EXEC_COMMAND_MAX; c++) { ExecCommand *command; @@ -31,5 +35,5 @@ if (!s->exec_commandSERVICE_EXEC_START && !s->exec_commandSERVICE_EXEC_STOP && -- -2.27.0 +2.33.0
View file
_service:tar_scm:backport-core-unit-drop-dependency-to-the-unit-being-merged.patch
Added
@@ -0,0 +1,65 @@ +From c8b3b524134539846917269ddd644ee93a35623f Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 16 Nov 2022 03:08:22 +0900 +Subject: PATCH core/unit: drop dependency to the unit being merged + +Fixes a bug in 15ed3c3a188cf7fa5a60ae508fc7a3ed048d2220. + +Fixes #24990. Also, hopefully fixes #24577. +--- + src/core/unit.c | 21 +++++++++++++-------- + 1 file changed, 13 insertions(+), 8 deletions(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index 36e3afd7fb..1a580157af 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -1044,10 +1044,10 @@ static int unit_add_dependency_hashmap( + return unit_per_dependency_type_hashmap_update(per_type, other, origin_mask, destination_mask); + } + +-static void unit_merge_dependencies( +- Unit *u, +- Unit *other) { +- ++static void unit_merge_dependencies(Unit *u, Unit *other) { ++ Hashmap *deps; ++ void *dt; /* Actually of type UnitDependency, except that we don't bother casting it here, ++ * since the hashmaps all want it as void pointer. */ + int r; + + assert(u); +@@ -1056,12 +1056,19 @@ static void unit_merge_dependencies( + if (u == other) + return; + ++ /* First, remove dependency to other. */ ++ HASHMAP_FOREACH_KEY(deps, dt, u->dependencies) { ++ if (hashmap_remove(deps, other)) ++ unit_maybe_warn_about_dependency(u, other->id, UNIT_DEPENDENCY_FROM_PTR(dt)); ++ ++ if (hashmap_isempty(deps)) ++ hashmap_free(hashmap_remove(u->dependencies, dt)); ++ } ++ + for (;;) { + _cleanup_(hashmap_freep) Hashmap *other_deps = NULL; + UnitDependencyInfo di_back; + Unit *back; +- void *dt; /* Actually of type UnitDependency, except that we don't bother casting it here, +- * since the hashmaps all want it as void pointer. */ + + /* Let's focus on one dependency type at a time, that 'other' has defined. */ + other_deps = hashmap_steal_first_key_and_value(other->dependencies, &dt); +@@ -1103,8 +1110,6 @@ static void unit_merge_dependencies( + * them per type wholesale. */ + r = hashmap_put(u->dependencies, dt, other_deps); + if (r == -EEXIST) { +- Hashmap *deps; +- + /* The target unit already has dependencies of this type, let's then merge this individually. */ + + assert_se(deps = hashmap_get(u->dependencies, dt)); +-- +2.27.0 +
View file
_service:tar_scm:backport-core-unit-fix-log-message.patch
Added
@@ -0,0 +1,112 @@ +From ed9911630e4bca844381d7caeb850dad9a9fa122 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Tue, 15 Nov 2022 22:59:01 +0900 +Subject: PATCH core/unit: fix log message + +As you can see in the below, the dropped dependency Before=issue-24990.service +is not logged, but the dependency Before=test1.service which is not owned by +the units generated by the TEST-26 is logged. + +Before: +systemd1: issue-24990.service: Dependency After=test1.service dropped, merged into issue-24990.service +systemd1: issue-24990.service: Dependency Before=test1.service dropped, merged into issue-24990.service + +After: +systemd1: issue-24990.service: Dependency After=test1.service is dropped, as test1.service is merged into issue-24990.service. +systemd1: issue-24990.service: Dependency Before=issue-24990.service in test1.service is dropped, as test1.service is merged into issue-24990.service. +--- + src/core/unit.c | 49 ++++++++++++++++++++++--------------------------- + 1 file changed, 22 insertions(+), 27 deletions(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index ea09416be5..988ba8e34a 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -937,29 +937,17 @@ static int unit_reserve_dependencies(Unit *u, Unit *other) { + return 0; + } + +-static void unit_maybe_warn_about_dependency( +- Unit *u, +- const char *other_id, +- UnitDependency dependency) { +- +- assert(u); +- ++static bool unit_should_warn_about_dependency(UnitDependency dependency) { + /* Only warn about some unit types */ +- if (!IN_SET(dependency, +- UNIT_CONFLICTS, +- UNIT_CONFLICTED_BY, +- UNIT_BEFORE, +- UNIT_AFTER, +- UNIT_ON_SUCCESS, +- UNIT_ON_FAILURE, +- UNIT_TRIGGERS, +- UNIT_TRIGGERED_BY)) +- return; +- +- if (streq_ptr(u->id, other_id)) +- log_unit_warning(u, "Dependency %s=%s dropped", unit_dependency_to_string(dependency), u->id); +- else +- log_unit_warning(u, "Dependency %s=%s dropped, merged into %s", unit_dependency_to_string(dependency), strna(other_id), u->id); ++ return IN_SET(dependency, ++ UNIT_CONFLICTS, ++ UNIT_CONFLICTED_BY, ++ UNIT_BEFORE, ++ UNIT_AFTER, ++ UNIT_ON_SUCCESS, ++ UNIT_ON_FAILURE, ++ UNIT_TRIGGERS, ++ UNIT_TRIGGERED_BY); + } + + static int unit_per_dependency_type_hashmap_update( +@@ -1057,8 +1045,10 @@ static void unit_merge_dependencies(Unit *u, Unit *other) { + + /* First, remove dependency to other. */ + HASHMAP_FOREACH_KEY(deps, dt, u->dependencies) { +- if (hashmap_remove(deps, other)) +- unit_maybe_warn_about_dependency(u, other->id, UNIT_DEPENDENCY_FROM_PTR(dt)); ++ if (hashmap_remove(deps, other) && unit_should_warn_about_dependency(UNIT_DEPENDENCY_FROM_PTR(dt))) ++ log_unit_warning(u, "Dependency %s=%s is dropped, as %s is merged into %s.", ++ unit_dependency_to_string(UNIT_DEPENDENCY_FROM_PTR(dt)), ++ other->id, other->id, u->id); + + if (hashmap_isempty(deps)) + hashmap_free(hashmap_remove(u->dependencies, dt)); +@@ -1085,7 +1075,11 @@ static void unit_merge_dependencies(Unit *u, Unit *other) { + if (back == u) { + /* This is a dependency pointing back to the unit we want to merge with? + * Suppress it (but warn) */ +- unit_maybe_warn_about_dependency(u, other->id, UNIT_DEPENDENCY_FROM_PTR(dt)); ++ if (unit_should_warn_about_dependency(UNIT_DEPENDENCY_FROM_PTR(dt))) ++ log_unit_warning(u, "Dependency %s=%s in %s is dropped, as %s is merged into %s.", ++ unit_dependency_to_string(UNIT_DEPENDENCY_FROM_PTR(dt)), ++ u->id, other->id, other->id, u->id); ++ + hashmap_remove(other_deps, back); + continue; + } +@@ -3055,7 +3049,6 @@ int unit_add_dependency( + UNIT_IN_SLICE = UNIT_SLICE_OF, + UNIT_SLICE_OF = UNIT_IN_SLICE, + }; +- Unit *original_u = u, *original_other = other; + UnitDependencyAtom a; + int r; + +@@ -3074,7 +3067,9 @@ int unit_add_dependency( + + /* We won't allow dependencies on ourselves. We will not consider them an error however. */ + if (u == other) { +- unit_maybe_warn_about_dependency(original_u, original_other->id, d); ++ if (unit_should_warn_about_dependency(d)) ++ log_unit_warning(u, "Dependency %s=%s is dropped.", ++ unit_dependency_to_string(d), u->id); + return 0; + } + +-- +2.27.0 +
View file
_service:tar_scm:backport-core-unit-fix-logic-of-dropping-self-referencing-dep.patch
Added
@@ -0,0 +1,31 @@ +From 53e0e6ef0eea396bb432cbfc1f2f6ea1272ff1f1 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Tue, 15 Nov 2022 23:08:35 +0900 +Subject: PATCH core/unit: fix logic of dropping self-referencing + dependencies + +Fixes a bug in 15ed3c3a188cf7fa5a60ae508fc7a3ed048d2220. +--- + src/core/unit.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index 1a580157af..a9052428e4 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -1131,10 +1131,11 @@ static void unit_merge_dependencies(Unit *u, Unit *other) { + } + } else { + assert_se(r >= 0); +- TAKE_PTR(other_deps); + + if (hashmap_remove(other_deps, u)) + unit_maybe_warn_about_dependency(u, other->id, UNIT_DEPENDENCY_FROM_PTR(dt)); ++ ++ TAKE_PTR(other_deps); + } + } + +-- +2.27.0 +
View file
_service:tar_scm:backport-core-unit-merge-two-loops-into-one.patch
Added
@@ -0,0 +1,95 @@ +From 4b7918a65cc2571a2b3fc166229e1b8db463e217 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Thu, 17 Nov 2022 12:46:45 +0900 +Subject: PATCH core/unit: merge two loops into one + +No functional change, just refactoring. +--- + src/core/unit.c | 47 +++++++++++++++-------------------------------- + 1 file changed, 15 insertions(+), 32 deletions(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index a9052428e4..0d52e4bf1a 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -1048,7 +1048,6 @@ static void unit_merge_dependencies(Unit *u, Unit *other) { + Hashmap *deps; + void *dt; /* Actually of type UnitDependency, except that we don't bother casting it here, + * since the hashmaps all want it as void pointer. */ +- int r; + + assert(u); + assert(other); +@@ -1075,6 +1074,8 @@ static void unit_merge_dependencies(Unit *u, Unit *other) { + if (!other_deps) + break; /* done! */ + ++ deps = hashmap_get(u->dependencies, dt); ++ + /* Now iterate through all dependencies of this dependency type, of 'other'. We refer to the + * referenced units as 'back'. */ + HASHMAP_FOREACH_KEY(di_back.data, back, other_deps) { +@@ -1085,6 +1086,7 @@ static void unit_merge_dependencies(Unit *u, Unit *other) { + /* This is a dependency pointing back to the unit we want to merge with? + * Suppress it (but warn) */ + unit_maybe_warn_about_dependency(u, other->id, UNIT_DEPENDENCY_FROM_PTR(dt)); ++ hashmap_remove(other_deps, back); + continue; + } + +@@ -1103,40 +1105,21 @@ static void unit_merge_dependencies(Unit *u, Unit *other) { + di_move.origin_mask, + di_move.destination_mask) >= 0); + } +- } + +- /* Now all references towards 'other' of the current type 'dt' are corrected to point to +- * 'u'. Lets's now move the deps of type 'dt' from 'other' to 'u'. First, let's try to move +- * them per type wholesale. */ +- r = hashmap_put(u->dependencies, dt, other_deps); +- if (r == -EEXIST) { + /* The target unit already has dependencies of this type, let's then merge this individually. */ +- +- assert_se(deps = hashmap_get(u->dependencies, dt)); +- +- for (;;) { +- UnitDependencyInfo di_move; +- +- /* Get first dep */ +- di_move.data = hashmap_steal_first_key_and_value(other_deps, (void**) &back); +- if (!di_move.data) +- break; /* done */ +- if (back == u) { +- /* Would point back to us, ignore */ +- unit_maybe_warn_about_dependency(u, other->id, UNIT_DEPENDENCY_FROM_PTR(dt)); +- continue; +- } +- +- assert_se(unit_per_dependency_type_hashmap_update(deps, back, di_move.origin_mask, di_move.destination_mask) >= 0); +- } +- } else { +- assert_se(r >= 0); +- +- if (hashmap_remove(other_deps, u)) +- unit_maybe_warn_about_dependency(u, other->id, UNIT_DEPENDENCY_FROM_PTR(dt)); +- +- TAKE_PTR(other_deps); ++ if (deps) ++ assert_se(unit_per_dependency_type_hashmap_update( ++ deps, ++ back, ++ di_back.origin_mask, ++ di_back.destination_mask) >= 0); + } ++ ++ /* Now all references towards 'other' of the current type 'dt' are corrected to point to 'u'. ++ * Lets's now move the deps of type 'dt' from 'other' to 'u'. If the unit does not have ++ * dependencies of this type, let's move them per type wholesale. */ ++ if (!deps) ++ assert_se(hashmap_put(u->dependencies, dt, TAKE_PTR(other_deps)) >= 0); + } + + other->dependencies = hashmap_free(other->dependencies); +-- +2.27.0 +
View file
_service:tar_scm:backport-core-unit-merge-unit-names-after-merging-deps.patch
Added
@@ -0,0 +1,44 @@ +From 1d0c81a05b1605a5fc3db44d5a157a1d6876eda9 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 16 Nov 2022 03:18:30 +0900 +Subject: PATCH core/unit: merge unit names after merging deps + +Before: +systemd1: issue-24990.service: Dependency Before=n/a dropped, merged into issue-24990.service +After: +systemd1: issue-24990.service: Dependency Before=test1.service dropped, merged into issue-24990.service +--- + src/core/unit.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index 0d52e4bf1a..ea09416be5 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -1165,11 +1165,6 @@ int unit_merge(Unit *u, Unit *other) { + if (r < 0) + return r; + +- /* Merge names */ +- r = unit_merge_names(u, other); +- if (r < 0) +- return r; +- + /* Redirect all references */ + while (other->refs_by_target) + unit_ref_set(other->refs_by_target, other->refs_by_target->source, u); +@@ -1177,6 +1172,11 @@ int unit_merge(Unit *u, Unit *other) { + /* Merge dependencies */ + unit_merge_dependencies(u, other); + ++ /* Merge names. It is better to do that after merging deps, otherwise the log message contains n/a. */ ++ r = unit_merge_names(u, other); ++ if (r < 0) ++ return r; ++ + other->load_state = UNIT_MERGED; + other->merged_into = u; + +-- +2.27.0 +
View file
_service:tar_scm:backport-core-unit-use-bus_error_message-at-one-more-place.patch
Added
@@ -0,0 +1,36 @@ +From aa25320dbbc2b239d9f551cffac39263814a3dfa Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sun, 30 Jan 2022 05:38:01 +0900 +Subject: PATCH core/unit: use bus_error_message() at one more place + +(cherry picked from commit 33322185554799b08e94aca036dd109aaee52408) +(cherry picked from commit 81e59411161078f4f90d80e2e111755adc16db33) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/aa25320dbbc2b239d9f551cffac39263814a3dfa +--- + src/core/unit.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index dfe200ee20..0e8a01966a 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -3422,8 +3422,12 @@ static int get_name_owner_handler(sd_bus_message *message, void *userdata, sd_bu + + e = sd_bus_message_get_error(message); + if (e) { +- if (!sd_bus_error_has_name(e, "org.freedesktop.DBus.Error.NameHasNoOwner")) +- log_unit_error(u, "Unexpected error response from GetNameOwner(): %s", e->message); ++ if (!sd_bus_error_has_name(e, "org.freedesktop.DBus.Error.NameHasNoOwner")) { ++ r = sd_bus_error_get_errno(e); ++ log_unit_error_errno(u, r, ++ "Unexpected error response from GetNameOwner(): %s", ++ bus_error_message(e, r)); ++ } + + new_owner = NULL; + } else { +-- +2.33.0 +
View file
_service:tar_scm:backport-core-use-correct-level-for-CPU-time-log-message.patch
Added
@@ -0,0 +1,35 @@ +From 034a23c640c74856df76b3af5fdc4af5cb48256b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com> +Date: Mon, 6 Dec 2021 16:57:42 +0100 +Subject: PATCH core: use correct level for CPU time log message + +raise_level() takes the info condition as second argument and the notice +one as third. For the consumed CPU time these conditions are swapped. + +Fixes: 37109b856aeb ("pid1: use LOG_DEBUG/INFO/NOTICE for unit resource consumption message") +(cherry picked from commit ef6bb4dd3e3bb9c210c310026b4d827a46acc762) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/034a23c640c74856df76b3af5fdc4af5cb48256b +--- + src/core/unit.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index c792bd8e82..dfe200ee20 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -2296,8 +2296,8 @@ static int unit_log_resources(Unit *u) { + message_partsn_message_parts++ = t; + + log_level = raise_level(log_level, +- nsec > NOTICEWORTHY_CPU_NSEC, +- nsec > MENTIONWORTHY_CPU_NSEC); ++ nsec > MENTIONWORTHY_CPU_NSEC, ++ nsec > NOTICEWORTHY_CPU_NSEC); + } + + for (CGroupIOAccountingMetric k = 0; k < _CGROUP_IO_ACCOUNTING_METRIC_MAX; k++) { +-- +2.33.0 +
View file
_service:tar_scm:backport-core-use-the-new-quoting-helper.patch
Added
@@ -0,0 +1,133 @@ +From 284781bcb00be27737b52ffb974b66b7d5e990d5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Wed, 7 Jul 2021 16:28:19 +0200 +Subject: PATCH core: use the new quoting helper + +(cherry picked from commit 8a62620ebe23945021075df7e1b0759102c286ae) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/284781bcb00be27737b52ffb974b66b7d5e990d5 +--- + src/core/execute.c | 64 ++++++++++------------------------------------ + 1 file changed, 13 insertions(+), 51 deletions(-) + +diff --git a/src/core/execute.c b/src/core/execute.c +index e24775c150..28efe5c36f 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -51,6 +51,7 @@ + #include "env-file.h" + #include "env-util.h" + #include "errno-list.h" ++#include "escape.h" + #include "execute.h" + #include "exit-status.h" + #include "fd-util.h" +@@ -3596,8 +3597,6 @@ static int compile_suggested_paths(const ExecContext *c, const ExecParameters *p + return 0; + } + +-static char *exec_command_line(char **argv); +- + static int exec_parameters_get_cgroup_path(const ExecParameters *params, char **ret) { + bool using_subcgroup; + char *p; +@@ -3800,7 +3799,7 @@ static int exec_child( + const char *vc = params->confirm_spawn; + _cleanup_free_ char *cmdline = NULL; + +- cmdline = exec_command_line(command->argv); ++ cmdline = quote_command_line(command->argv); + if (!cmdline) { + *exit_status = EXIT_MEMORY; + return log_oom(); +@@ -4650,12 +4649,15 @@ static int exec_child( + if (DEBUG_LOGGING) { + _cleanup_free_ char *line = NULL; + +- line = exec_command_line(final_argv); +- if (line) +- log_unit_struct(unit, LOG_DEBUG, +- "EXECUTABLE=%s", executable, +- LOG_UNIT_MESSAGE(unit, "Executing: %s", line), +- LOG_UNIT_INVOCATION_ID(unit)); ++ line = quote_command_line(final_argv); ++ if (!line) { ++ *exit_status = EXIT_MEMORY; ++ return log_oom(); ++ } ++ ++ log_unit_struct(unit, LOG_DEBUG, ++ "EXECUTABLE=%s", executable, ++ LOG_UNIT_MESSAGE(unit, "Executing: %s", line)); + } + + if (exec_fd >= 0) { +@@ -4739,7 +4741,7 @@ int exec_spawn(Unit *unit, + if (r < 0) + return log_unit_error_errno(unit, r, "Failed to load environment files: %m"); + +- line = exec_command_line(command->argv); ++ line = quote_command_line(command->argv); + if (!line) + return log_oom(); + +@@ -5954,46 +5956,6 @@ void exec_status_dump(const ExecStatus *s, FILE *f, const char *prefix) { + prefix, s->status); + } + +-static char *exec_command_line(char **argv) { +- size_t k; +- char *n, *p, **a; +- bool first = true; +- +- assert(argv); +- +- k = 1; +- STRV_FOREACH(a, argv) +- k += strlen(*a)+3; +- +- n = new(char, k); +- if (!n) +- return NULL; +- +- p = n; +- STRV_FOREACH(a, argv) { +- +- if (!first) +- *(p++) = ' '; +- else +- first = false; +- +- if (strpbrk(*a, WHITESPACE)) { +- *(p++) = '\''; +- p = stpcpy(p, *a); +- *(p++) = '\''; +- } else +- p = stpcpy(p, *a); +- +- } +- +- *p = 0; +- +- /* FIXME: this doesn't really handle arguments that have +- * spaces and ticks in them */ +- +- return n; +-} +- + static void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix) { + _cleanup_free_ char *cmd = NULL; + const char *prefix2; +@@ -6004,7 +5966,7 @@ static void exec_command_dump(ExecCommand *c, FILE *f, const char *prefix) { + prefix = strempty(prefix); + prefix2 = strjoina(prefix, "\t"); + +- cmd = exec_command_line(c->argv); ++ cmd = quote_command_line(c->argv); + fprintf(f, + "%sCommand Line: %s\n", + prefix, cmd ? cmd : strerror_safe(ENOMEM)); +-- +2.33.0 +
View file
_service:tar_scm:backport-core-wrap-cgroup-path-with-empty_to_root-in-log-mess.patch
Changed
@@ -1,13 +1,17 @@ -From 6178e2f88956e1900f445908ed053865cc22e879 Mon Sep 17 00:00:00 2001 +From 24a40953d3d6ad8b1429d19da2f66399ae3f7e0b Mon Sep 17 00:00:00 2001 From: Yu Watanabe <watanabe.yu+github@gmail.com> Date: Thu, 5 Aug 2021 03:14:41 +0900 -Subject: PATCH 2/2 core: wrap cgroup path with empty_to_root() in log - messages +Subject: PATCH core: wrap cgroup path with empty_to_root() in log messages This fixes e.g. the following log message: --- systemd1: -.slice: Failed to migrate controller cgroups from , ignoring: Read-only file system --- + +(cherry picked from commit 6178e2f88956e1900f445908ed053865cc22e879) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/24a40953d3d6ad8b1429d19da2f66399ae3f7e0b --- src/core/bpf-devices.c | 3 ++- src/core/cgroup.c | 46 +++++++++++++++++++++--------------------- @@ -36,7 +40,7 @@ finish: /* Unref the old BPF program (which will implicitly detach it) right before attaching the new program. */ diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index 83bd97327d..da821465da 100644 +index eab0929dc5..3a6f768c60 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -84,7 +84,7 @@ static int set_attribute_and_warn(Unit *u, const char *controller, const char *a @@ -48,7 +52,7 @@ return r; } -@@ -706,25 +706,25 @@ void cgroup_oomd_xattr_apply(Unit *u, const char *cgroup_path) { +@@ -713,25 +713,25 @@ void cgroup_oomd_xattr_apply(Unit *u, const char *cgroup_path) { if (c->moom_preference == MANAGED_OOM_PREFERENCE_OMIT) { r = cg_set_xattr(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, "user.oomd_omit", "1", 1, 0); if (r < 0) @@ -78,7 +82,7 @@ } } -@@ -743,7 +743,7 @@ static void cgroup_xattr_apply(Unit *u) { +@@ -750,7 +750,7 @@ static void cgroup_xattr_apply(Unit *u) { sd_id128_to_string(u->invocation_id, ids), 32, 0); if (r < 0) @@ -87,7 +91,7 @@ } if (unit_cgroup_delegate(u)) { -@@ -752,11 +752,11 @@ static void cgroup_xattr_apply(Unit *u) { +@@ -759,11 +759,11 @@ static void cgroup_xattr_apply(Unit *u) { "1", 1, 0); if (r < 0) @@ -101,7 +105,7 @@ } cgroup_oomd_xattr_apply(u, u->cgroup_path); -@@ -1913,12 +1913,12 @@ int unit_watch_cgroup(Unit *u) { +@@ -1921,12 +1921,12 @@ int unit_watch_cgroup(Unit *u) { * is not an error */ return 0; @@ -116,7 +120,7 @@ return 0; } -@@ -1976,12 +1976,12 @@ int unit_watch_cgroup_memory(Unit *u) { +@@ -1984,12 +1984,12 @@ int unit_watch_cgroup_memory(Unit *u) { * is not an error */ return 0; @@ -131,7 +135,7 @@ return 0; } -@@ -2004,9 +2004,9 @@ int unit_pick_cgroup_path(Unit *u) { +@@ -2012,9 +2012,9 @@ int unit_pick_cgroup_path(Unit *u) { r = unit_set_cgroup_path(u, path); if (r == -EEXIST) @@ -143,7 +147,7 @@ return 0; } -@@ -2034,7 +2034,7 @@ static int unit_update_cgroup( +@@ -2042,7 +2042,7 @@ static int unit_update_cgroup( /* First, create our own group */ r = cg_create_everywhere(u->manager->cgroup_supported, target_mask, u->cgroup_path); if (r < 0) @@ -152,7 +156,7 @@ created = r; /* Start watching it */ -@@ -2050,7 +2050,7 @@ static int unit_update_cgroup( +@@ -2058,7 +2058,7 @@ static int unit_update_cgroup( /* Enable all controllers we need */ r = cg_enable_everywhere(u->manager->cgroup_supported, enable_mask, u->cgroup_path, &result_mask); if (r < 0) @@ -161,7 +165,7 @@ /* Remember what's actually enabled now */ u->cgroup_enabled_mask = result_mask; -@@ -2072,12 +2072,12 @@ static int unit_update_cgroup( +@@ -2080,12 +2080,12 @@ static int unit_update_cgroup( if (cg_all_unified() == 0) { r = cg_migrate_v1_controllers(u->manager->cgroup_supported, migrate_mask, u->cgroup_path, migrate_callback, u); if (r < 0) @@ -176,7 +180,7 @@ } /* Set attributes */ -@@ -2167,7 +2167,7 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { +@@ -2175,7 +2175,7 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { log_unit_full_errno(u, again ? LOG_DEBUG : LOG_INFO, q, "Couldn't move process "PID_FMT" to%s requested cgroup '%s': %m", @@ -185,7 +189,7 @@ if (again) { int z; -@@ -2179,7 +2179,7 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { +@@ -2187,7 +2187,7 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { z = unit_attach_pid_to_cgroup_via_bus(u, pid, suffix_path); if (z < 0) @@ -194,7 +198,7 @@ else continue; /* When the bus thing worked via the bus we are fully done for this PID. */ } -@@ -2213,7 +2213,7 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { +@@ -2221,7 +2221,7 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { continue; /* Success! */ log_unit_debug_errno(u, q, "Failed to attach PID " PID_FMT " to requested cgroup %s in controller %s, falling back to unit's cgroup: %m", @@ -203,7 +207,7 @@ } /* So this controller is either not delegate or realized, or something else weird happened. In -@@ -2648,7 +2648,7 @@ void unit_prune_cgroup(Unit *u) { +@@ -2656,7 +2656,7 @@ void unit_prune_cgroup(Unit *u) { * the containing slice is stopped. So even if we failed now, this unit shouldn't assume * that the cgroup is still realized the next time it is started. Do not return early * on error, continue cleanup. */ @@ -212,7 +216,7 @@ if (is_root_slice) return; -@@ -2861,7 +2861,7 @@ void unit_add_to_cgroup_empty_queue(Unit *u) { +@@ -2869,7 +2869,7 @@ void unit_add_to_cgroup_empty_queue(Unit *u) { r = cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path); if (r < 0) { @@ -222,7 +226,7 @@ } if (r == 0) diff --git a/src/core/unit.c b/src/core/unit.c -index 6273926013..8ce94ccb75 100644 +index 30afd5a776..47966bcf0d 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -427,7 +427,7 @@ bool unit_may_gc(Unit *u) { @@ -234,7 +238,7 @@ if (r <= 0) return false; } -@@ -4548,7 +4548,7 @@ int unit_kill_context( +@@ -4553,7 +4553,7 @@ int unit_kill_context( log_func, u); if (r < 0) { if (!IN_SET(r, -EAGAIN, -ESRCH, -ENOENT)) @@ -243,7 +247,7 @@ } else if (r > 0) { -@@ -5006,7 +5006,7 @@ int unit_fork_helper_process(Unit *u, const char *name, pid_t *ret) { +@@ -5011,7 +5011,7 @@ int unit_fork_helper_process(Unit *u, const char *name, pid_t *ret) { if (u->cgroup_path) { r = cg_attach_everywhere(u->manager->cgroup_supported, u->cgroup_path, 0, NULL, NULL); if (r < 0) { @@ -253,5 +257,5 @@ } } -- -2.27.0 +2.33.0
View file
_service:tar_scm:backport-coredump-Connect-stdout-stderr-to-dev-null-before-do.patch
Added
@@ -0,0 +1,45 @@ +From 098a25754b0835ffe078b12f75a1862cf528a986 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer <daan.j.demeyer@gmail.com> +Date: Fri, 15 Jul 2022 01:49:25 +0200 +Subject: PATCH coredump: Connect stdout/stderr to /dev/null before doing + anything + +When invoked as the coredump handler by the kernel, systemd-coredump's +stdout and stderr streams are closed. This is dangerous as this means +the fd's can get reallocated, leading to hard to debug errors such as +log messages ending up being appended to a compressed coredump file. + +To avoid such issues in the future, let's bind stdout/stderr to +/dev/null so the file descriptors can't get used for anything else. + +(cherry picked from commit 1f9d2a8199c261593aa6a11df9cce5d31e23c714) +(cherry picked from commit fba50bc0fc5a69e5573ceadb5d6224f365d3c3f5) +(cherry picked from commit 3e1224d4ac3f44558c7bc3ceec2d6080afe21dc3) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/098a25754b0835ffe078b12f75a1862cf528a986 +--- + src/coredump/coredump.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c +index c6639c0100..72df958bc3 100644 +--- a/src/coredump/coredump.c ++++ b/src/coredump/coredump.c +@@ -1268,6 +1268,13 @@ static int process_kernel(int argc, char* argv) { + struct iovec_wrapper *iovw; + int r; + ++ /* When we're invoked by the kernel, stdout/stderr are closed which is dangerous because the fds ++ * could get reallocated. To avoid hard to debug issues, let's instead bind stdout/stderr to ++ * /dev/null. */ ++ r = rearrange_stdio(STDIN_FILENO, -1, -1); ++ if (r < 0) ++ return log_error_errno(r, "Failed to connect stdout/stderr to /dev/null: %m"); ++ + log_debug("Processing coredump received from the kernel..."); + + iovw = iovw_new(); +-- +2.27.0 +
View file
_service:tar_scm:backport-coredump-Don-t-log-an-error-if-D-Bus-isn-t-running.patch
Added
@@ -0,0 +1,36 @@ +From 6745eaa6308b835e2c5e68d49e9bece29fd37fa2 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer <daan.j.demeyer@gmail.com> +Date: Wed, 6 Oct 2021 13:20:36 +0100 +Subject: PATCH coredump: Don't log an error if D-Bus isn't running + +coredumpctl could be used in a chroot where D-Bus isn't running. If +that's the case, we shouldn't consider it an error if we can't connect +to the D-Bus daemon so let's reduce the severity of the error we log +when we can't connect to D-Bus because the socket doesn't exist. + +(cherry picked from commit 414bd2e786f9912f51b82e5fe4a1126179a5652a) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/6745eaa6308b835e2c5e68d49e9bece29fd37fa2 +--- + src/coredump/coredumpctl.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/coredump/coredumpctl.c b/src/coredump/coredumpctl.c +index def3650bb4..3d44e51e32 100644 +--- a/src/coredump/coredumpctl.c ++++ b/src/coredump/coredumpctl.c +@@ -1186,6 +1186,10 @@ static int check_units_active(void) { + return false; + + r = sd_bus_default_system(&bus); ++ if (r == -ENOENT) { ++ log_debug("D-Bus is not running, skipping active unit check"); ++ return 0; ++ } + if (r < 0) + return log_error_errno(r, "Failed to acquire bus: %m"); + +-- +2.33.0 +
View file
_service:tar_scm:backport-coredump-Fix-format-string-type-mismatch.patch
Added
@@ -0,0 +1,32 @@ +From 08e86b15fc22a8e9f1ee0a791dfd35b2fc25e4c4 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer <daan.j.demeyer@gmail.com> +Date: Sun, 22 May 2022 14:36:07 +0200 +Subject: PATCH coredump: Fix format string type mismatch + +Fixes #23471 + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/08e86b15fc22a8e9f1ee0a791dfd35b2fc25e4c4 + +--- + src/coredump/coredump.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c +index c9747416ad..994d968d87 100644 +--- a/src/coredump/coredump.c ++++ b/src/coredump/coredump.c +@@ -512,8 +512,8 @@ static int save_external_coredump( + + if (truncated) + log_struct(LOG_INFO, +- LOG_MESSAGE("Core file was truncated to %zu bytes.", max_size), +- "SIZE_LIMIT=%zu", max_size, ++ LOG_MESSAGE("Core file was truncated to %"PRIu64" bytes.", max_size), ++ "SIZE_LIMIT=%"PRIu64, max_size, + "MESSAGE_ID=" SD_MESSAGE_TRUNCATED_CORE_STR); + + r = fix_permissions(fd, tmp, fn, context, uid); +-- +2.33.0 +
View file
_service:tar_scm:backport-coredump-drop-an-unused-variable.patch
Added
@@ -0,0 +1,35 @@ +From 9abe4cfc39579037937c63602ce8fe4f51746d38 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal <frantisek@sumsal.cz> +Date: Sat, 20 Aug 2022 21:04:24 +0200 +Subject: PATCH coredump: drop an unused variable + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/9abe4cfc39579037937c63602ce8fe4f51746d38 + +--- + src/coredump/coredump.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c +index 3ec41a32c3..98e7492811 100644 +--- a/src/coredump/coredump.c ++++ b/src/coredump/coredump.c +@@ -931,7 +931,6 @@ log: + } + + static int save_context(Context *context, const struct iovec_wrapper *iovw) { +- unsigned count = 0; + const char *unit; + int r; + +@@ -955,7 +954,6 @@ static int save_context(Context *context, const struct iovec_wrapper *iovw) { + p = startswith(iovec->iov_base, meta_field_namesi); + if (p) { + context->metai = p; +- count++; + break; + } + } +-- +2.33.0 +
View file
_service:tar_scm:backport-coredump-fix-filename-in-journal-when-not-compressed.patch
Added
@@ -0,0 +1,34 @@ +From 01cf580c235ac4725051e6101ce5bcef1b97cc48 Mon Sep 17 00:00:00 2001 +From: xdavidwu <xdavidwuph@gmail.com> +Date: Fri, 5 Nov 2021 22:37:06 +0800 +Subject: PATCH coredump: fix filename in journal when not compressed + +Since 587f2a5e564cf434c2e0a653f52b8f73e86092d8, filename for +not-compressed coredump is missing from save_external_coredump, making +it write COREDUMP_FILENAME= (empty) in journal, making `coredumpctl` +report it missing but it is actually saved. +This fixes it. + +(cherry picked from commit 0cfb0971f0fcd345cae76f6837d9801b6cbde407) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/01cf580c235ac4725051e6101ce5bcef1b97cc48 +--- + src/coredump/coredump.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c +index 444b9ec374..1e34c4b5be 100644 +--- a/src/coredump/coredump.c ++++ b/src/coredump/coredump.c +@@ -525,6 +525,7 @@ static int save_external_coredump( + if (lseek(fd, 0, SEEK_SET) == (off_t) -1) + return log_error_errno(errno, "Failed to seek on coredump %s: %m", fn); + ++ *ret_filename = TAKE_PTR(fn); + *ret_data_fd = TAKE_FD(fd); + *ret_size = (uint64_t) st.st_size; + *ret_truncated = truncated; +-- +2.33.0 +
View file
_service:tar_scm:backport-coredump-stacktrace.c-avoid-crash-on-binaries-withou.patch
Added
@@ -0,0 +1,55 @@ +From 765c366274db3ff841da237769f2b20a4ec3a045 Mon Sep 17 00:00:00 2001 +From: Sergei Trofimovich <slyfox@gentoo.org> +Date: Sat, 31 Jul 2021 13:07:54 +0100 +Subject: PATCH coredump/stacktrace.c: avoid crash on binaries without NHDR + +Observed as a crash on binaries built with gcc-master: + +``` + 3 0x00005573b8841d6a in parse_package_metadata (name=name@entry=0x5573b901a620 "/a", id_json=0x0, + elf=0x5573b9028730, c=c@entry=0x7fffc688f790) at ../systemd-stable-249.2/src/coredump/stacktrace.c:157 + 4 0x00005573b884209e in module_callback (mod=0x7fffc688f6c0, userdata=<optimized out>, + name=0x5573b901a620 "/a", start=<optimized out>, arg=0x7fffc688f790) + at ../systemd-stable-249.2/src/coredump/stacktrace.c:306 + 5 0x00007f56d60dcbd5 in dwfl_getmodules (dwfl=0x5573b901fda0, + callback=callback@entry=0x5573b8841eb0 <module_callback>, arg=arg@entry=0x7fffc688f790, offset=offset@entry=0) + at ../../elfutils-0.185/libdwfl/dwfl_getmodules.c:86 + 6 0x00005573b884231b in parse_core (ret_package_metadata=0x7fffc688f848, ret=0x7fffc688f850, + executable=0x7fffc688f790 "\200\332\001\271sU", fd=21) at ../systemd-stable-249.2/src/coredump/stacktrace.c:366 + 7 coredump_parse_core (fd=fd@entry=6, executable=0x7fffc688f790 "\200\332\001\271sU", ret=ret@entry=0x7fffc688f850, + ret_package_metadata=ret_package_metadata@entry=0x7fffc688f848) + at ../systemd-stable-249.2/src/coredump/stacktrace.c:406 + 8 0x00005573b883f897 in submit_coredump (context=context@entry=0x7fffc688fa10, iovw=iovw@entry=0x7fffc688f990, + input_fd=input_fd@entry=5) at ../systemd-stable-249.2/src/coredump/coredump.c:827 + 9 0x00005573b883d339 in process_socket (fd=3) at ../systemd-stable-249.2/src/coredump/coredump.c:1041 + 10 run (argv=<optimized out>, argc=-964101648) at ../systemd-stable-249.2/src/coredump/coredump.c:1416 + 11 main (argc=-964101648, argv=<optimized out>) at ../systemd-stable-249.2/src/coredump/coredump.c:1422 +``` + +Happens only on enabled elfutils symbolizer. + +Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> +(cherry picked from commit 1da3eef262078905ec14c707eeab655a17ae8bd2) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/765c366274db3ff841da237769f2b20a4ec3a045 +--- + src/coredump/stacktrace.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/coredump/stacktrace.c b/src/coredump/stacktrace.c +index 0edb1b40a7..e46b324cdf 100644 +--- a/src/coredump/stacktrace.c ++++ b/src/coredump/stacktrace.c +@@ -153,6 +153,8 @@ static int parse_package_metadata(const char *name, JsonVariant *id_json, Elf *e + program_header->p_offset, + program_header->p_filesz, + ELF_T_NHDR); ++ if (!data) ++ continue; + + while (note_offset < data->d_size && + (note_offset = gelf_getnote(data, note_offset, ¬e_header, &name_offset, &desc_offset)) > 0) { +-- +2.33.0 +
View file
_service:tar_scm:backport-coredumpctl-stop-truncating-information-about-coredu.patch
Added
@@ -0,0 +1,37 @@ +From 473627e1c9fcdf8f819ced2bb79cb7e9ff598b0c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Tue, 12 Oct 2021 19:46:25 +0200 +Subject: PATCH coredumpctl: stop truncating information about coredump +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +With the changes to limit that print 'Found module …' over and over, we were +hitting the journal field message limit, effectively truncating the info output. + +Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1998488. + +(cherry picked from commit 384c6207669eb0d92aa0043dbc01957c6c7ff41e) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/473627e1c9fcdf8f819ced2bb79cb7e9ff598b0c +--- + src/coredump/coredumpctl.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/coredump/coredumpctl.c b/src/coredump/coredumpctl.c +index 3d44e51e32..7eba8330d7 100644 +--- a/src/coredump/coredumpctl.c ++++ b/src/coredump/coredumpctl.c +@@ -555,6 +555,8 @@ static int print_info(FILE *file, sd_journal *j, bool need_space) { + assert(file); + assert(j); + ++ (void) sd_journal_set_data_threshold(j, 0); ++ + SD_JOURNAL_FOREACH_DATA(j, d, l) { + RETRIEVE(d, l, "MESSAGE_ID", mid); + RETRIEVE(d, l, "COREDUMP_PID", pid); +-- +2.33.0 +
View file
_service:tar_scm:backport-creds-util-switch-to-OpenSSL-3.0-APIs.patch
Added
@@ -0,0 +1,995 @@ +From 5f4862e5e1cd2a7ef302947b8634f7980e8d6275 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Wed, 29 Sep 2021 09:47:08 +0200 +Subject: PATCH creds-util: switch to OpenSSL 3.0 APIs + +Let's switch from the low-level SHA256 APIs to EVP APIs. The former are +deprecated on OpenSSL 3.0, the latter are supported both by old +OpenSSL and by OpenSSL 3.0, hence are the better choice. + +Fixes: #20775 +(cherry picked from commit 18f568b8e64b48f6aee204cc6384b4796cd27eb0) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/5f4862e5e1cd2a7ef302947b8634f7980e8d6275 +--- + src/shared/creds-util.c | 954 ++++++++++++++++++++++++++++++++++++++ + src/shared/openssl-util.h | 1 + + 2 files changed, 955 insertions(+) + create mode 100644 src/shared/creds-util.c + +diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c +new file mode 100644 +index 0000000000..b764198b76 +--- /dev/null ++++ b/src/shared/creds-util.c +@@ -0,0 +1,954 @@ ++/* SPDX-License-Identifier: LGPL-2.1-or-later */ ++ ++#include <sys/file.h> ++ ++#if HAVE_OPENSSL ++#include <openssl/err.h> ++#endif ++ ++#include "sd-id128.h" ++ ++#include "blockdev-util.h" ++#include "chattr-util.h" ++#include "creds-util.h" ++#include "env-util.h" ++#include "fd-util.h" ++#include "fileio.h" ++#include "fs-util.h" ++#include "io-util.h" ++#include "memory-util.h" ++#include "mkdir.h" ++#include "openssl-util.h" ++#include "path-util.h" ++#include "random-util.h" ++#include "sparse-endian.h" ++#include "stat-util.h" ++#include "tpm2-util.h" ++#include "virt.h" ++ ++bool credential_name_valid(const char *s) { ++ /* We want that credential names are both valid in filenames (since that's our primary way to pass ++ * them around) and as fdnames (which is how we might want to pass them around eventually) */ ++ return filename_is_valid(s) && fdname_is_valid(s); ++} ++ ++int get_credentials_dir(const char **ret) { ++ const char *e; ++ ++ assert(ret); ++ ++ e = secure_getenv("CREDENTIALS_DIRECTORY"); ++ if (!e) ++ return -ENXIO; ++ ++ if (!path_is_absolute(e) || !path_is_normalized(e)) ++ return -EINVAL; ++ ++ *ret = e; ++ return 0; ++} ++ ++int read_credential(const char *name, void **ret, size_t *ret_size) { ++ _cleanup_free_ char *fn = NULL; ++ const char *d; ++ int r; ++ ++ assert(ret); ++ ++ if (!credential_name_valid(name)) ++ return -EINVAL; ++ ++ r = get_credentials_dir(&d); ++ if (r < 0) ++ return r; ++ ++ fn = path_join(d, name); ++ if (!fn) ++ return -ENOMEM; ++ ++ return read_full_file_full( ++ AT_FDCWD, fn, ++ UINT64_MAX, SIZE_MAX, ++ READ_FULL_FILE_SECURE, ++ NULL, ++ (char**) ret, ret_size); ++} ++ ++#if HAVE_OPENSSL ++ ++#define CREDENTIAL_HOST_SECRET_SIZE 4096 ++ ++static const sd_id128_t credential_app_id = ++ SD_ID128_MAKE(d3,ac,ec,ba,0d,ad,4c,df,b8,c9,38,15,28,93,6c,58); ++ ++struct credential_host_secret_format { ++ /* The hashed machine ID of the machine this belongs to. Why? We want to ensure that each machine ++ * gets its own secret, even if people forget to flush out this secret file. Hence we bind it to the ++ * machine ID, for which there's hopefully a better chance it will be flushed out. We use a hashed ++ * machine ID instead of the literal one, because it's trivial to, and it might be a good idea not ++ * being able to directly associate a secret key file with a host. */ ++ sd_id128_t machine_id; ++ ++ /* The actual secret key */ ++ uint8_t dataCREDENTIAL_HOST_SECRET_SIZE; ++} _packed_; ++ ++static int make_credential_host_secret( ++ int dfd, ++ const sd_id128_t machine_id, ++ const char *fn, ++ void **ret_data, ++ size_t *ret_size) { ++ ++ struct credential_host_secret_format buf; ++ _cleanup_free_ char *t = NULL; ++ _cleanup_close_ int fd = -1; ++ int r; ++ ++ assert(dfd >= 0); ++ assert(fn); ++ ++ fd = openat(dfd, ".", O_CLOEXEC|O_WRONLY|O_TMPFILE, 0400); ++ if (fd < 0) { ++ log_debug_errno(errno, "Failed to create temporary credential file with O_TMPFILE, proceeding without: %m"); ++ ++ if (asprintf(&t, "credential.secret.%016" PRIx64, random_u64()) < 0) ++ return -ENOMEM; ++ ++ fd = openat(dfd, t, O_CLOEXEC|O_WRONLY|O_CREAT|O_EXCL|O_NOFOLLOW, 0400); ++ if (fd < 0) ++ return -errno; ++ } ++ ++ r = chattr_secret(fd, 0); ++ if (r < 0) ++ log_debug_errno(r, "Failed to set file attributes for secrets file, ignoring: %m"); ++ ++ buf = (struct credential_host_secret_format) { ++ .machine_id = machine_id, ++ }; ++ ++ r = genuine_random_bytes(buf.data, sizeof(buf.data), RANDOM_BLOCK); ++ if (r < 0) ++ goto finish; ++ ++ r = loop_write(fd, &buf, sizeof(buf), false); ++ if (r < 0) ++ goto finish; ++ ++ if (fsync(fd) < 0) { ++ r = -errno; ++ goto finish; ++ } ++ ++ if (t) { ++ r = rename_noreplace(dfd, t, dfd, fn); ++ if (r < 0) ++ goto finish; ++ ++ t = mfree(t); ++ } else if (linkat(fd, "", dfd, fn, AT_EMPTY_PATH) < 0) { ++ r = -errno; ++ goto finish; ++ } ++ ++ if (fsync(dfd) < 0) { ++ r = -errno; ++ goto finish; ++ } ++ ++ if (ret_data) { ++ void *copy; ++ ++ copy = memdup(buf.data, sizeof(buf.data)); ++ if (!copy) { ++ r = -ENOMEM; ++ goto finish; ++ } ++ ++ *ret_data = copy; ++ } ++ ++ if (ret_size) ++ *ret_size = sizeof(buf.data);
View file
_service:tar_scm:backport-cryptenroll-fix-wrong-error-messages.patch
Added
@@ -0,0 +1,40 @@ +From a9149ef71dbfafd964b4e509690418be602c6eb6 Mon Sep 17 00:00:00 2001 +From: Gibeom Gwon <gb.gwon@stackframe.dev> +Date: Fri, 3 Dec 2021 15:10:50 +0900 +Subject: PATCH cryptenroll: fix wrong error messages + +PKCS#11 -> FIDO2 in cryptenroll-fido2.c + +(cherry picked from commit 4b9aa29bc9ded35147f9fa77f77e13c3c6fa7fcf) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/a9149ef71dbfafd964b4e509690418be602c6eb6 +--- + src/cryptenroll/cryptenroll-fido2.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/cryptenroll/cryptenroll-fido2.c b/src/cryptenroll/cryptenroll-fido2.c +index fbf76ee586..9e1d94bd16 100644 +--- a/src/cryptenroll/cryptenroll-fido2.c ++++ b/src/cryptenroll/cryptenroll-fido2.c +@@ -67,7 +67,7 @@ int enroll_fido2( + base64_encoded, + strlen(base64_encoded)); + if (keyslot < 0) +- return log_error_errno(keyslot, "Failed to add new PKCS#11 key to %s: %m", node); ++ return log_error_errno(keyslot, "Failed to add new FIDO2 key to %s: %m", node); + + if (asprintf(&keyslot_as_string, "%i", keyslot) < 0) + return log_oom(); +@@ -83,7 +83,7 @@ int enroll_fido2( + JSON_BUILD_PAIR("fido2-up-required", JSON_BUILD_BOOLEAN(FLAGS_SET(lock_with, FIDO2ENROLL_UP))), + JSON_BUILD_PAIR("fido2-uv-required", JSON_BUILD_BOOLEAN(FLAGS_SET(lock_with, FIDO2ENROLL_UV))))); + if (r < 0) +- return log_error_errno(r, "Failed to prepare PKCS#11 JSON token object: %m"); ++ return log_error_errno(r, "Failed to prepare FIDO2 JSON token object: %m"); + + r = cryptsetup_add_token_json(cd, v); + if (r < 0) +-- +2.33.0 +
View file
_service:tar_scm:backport-dbus-wait-for-jobs-add-extra_args-to-bus_wait_for_jo.patch
Added
@@ -0,0 +1,143 @@ +From 84188acc6fe4a2f04c91c2c4d7b20a3166caa63b Mon Sep 17 00:00:00 2001 +From: Luca Boccassi <luca.boccassi@microsoft.com> +Date: Thu, 30 Dec 2021 00:53:29 +0000 +Subject: PATCH dbus-wait-for-jobs: add extra_args to bus_wait_for_jobs_one() + +And pass it through to bus_wait_for_jobs() + +(cherry picked from commit 86980de64bf8c03505eec729808f52f3b3042998) +(cherry picked from commit 0c4fe2e3dcde8225006a36cff643c112bd6c6523) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/84188acc6fe4a2f04c91c2c4d7b20a3166caa63b +--- + src/mount/mount-tool.c | 6 +++--- + src/nspawn/nspawn-register.c | 2 +- + src/run/run.c | 6 +++--- + src/shared/bus-wait-for-jobs.c | 4 ++-- + src/shared/bus-wait-for-jobs.h | 2 +- + src/shared/tests.c | 2 +- + 6 files changed, 11 insertions(+), 11 deletions(-) + +diff --git a/src/mount/mount-tool.c b/src/mount/mount-tool.c +index 70b4c5a765..9659355c33 100644 +--- a/src/mount/mount-tool.c ++++ b/src/mount/mount-tool.c +@@ -600,7 +600,7 @@ static int start_transient_mount( + if (r < 0) + return bus_log_parse_error(r); + +- r = bus_wait_for_jobs_one(w, object, arg_quiet); ++ r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); + if (r < 0) + return r; + } +@@ -709,7 +709,7 @@ static int start_transient_automount( + if (r < 0) + return bus_log_parse_error(r); + +- r = bus_wait_for_jobs_one(w, object, arg_quiet); ++ r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); + if (r < 0) + return r; + } +@@ -875,7 +875,7 @@ static int stop_mount( + if (r < 0) + return bus_log_parse_error(r); + +- r = bus_wait_for_jobs_one(w, object, arg_quiet); ++ r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); + if (r < 0) + return r; + } +diff --git a/src/nspawn/nspawn-register.c b/src/nspawn/nspawn-register.c +index 2e6c12b3b7..c78bead4a4 100644 +--- a/src/nspawn/nspawn-register.c ++++ b/src/nspawn/nspawn-register.c +@@ -313,7 +313,7 @@ int allocate_scope( + if (r < 0) + return bus_log_parse_error(r); + +- r = bus_wait_for_jobs_one(w, object, false); ++ r = bus_wait_for_jobs_one(w, object, false, NULL); + if (r < 0) + return r; + +diff --git a/src/run/run.c b/src/run/run.c +index 1c83e36e4e..9a7e1efaca 100644 +--- a/src/run/run.c ++++ b/src/run/run.c +@@ -1228,7 +1228,7 @@ static int start_transient_service( + if (r < 0) + return bus_log_parse_error(r); + +- r = bus_wait_for_jobs_one(w, object, arg_quiet); ++ r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); + if (r < 0) + return r; + } +@@ -1473,7 +1473,7 @@ static int start_transient_scope(sd_bus *bus) { + if (r < 0) + return bus_log_parse_error(r); + +- r = bus_wait_for_jobs_one(w, object, arg_quiet); ++ r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); + if (r < 0) + return r; + +@@ -1693,7 +1693,7 @@ static int start_transient_trigger( + if (r < 0) + return bus_log_parse_error(r); + +- r = bus_wait_for_jobs_one(w, object, arg_quiet); ++ r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); + if (r < 0) + return r; + +diff --git a/src/shared/bus-wait-for-jobs.c b/src/shared/bus-wait-for-jobs.c +index e4a3ab9a95..0cd47d5787 100644 +--- a/src/shared/bus-wait-for-jobs.c ++++ b/src/shared/bus-wait-for-jobs.c +@@ -323,12 +323,12 @@ int bus_wait_for_jobs_add(BusWaitForJobs *d, const char *path) { + return set_put_strdup(&d->jobs, path); + } + +-int bus_wait_for_jobs_one(BusWaitForJobs *d, const char *path, bool quiet) { ++int bus_wait_for_jobs_one(BusWaitForJobs *d, const char *path, bool quiet, const char* const* extra_args) { + int r; + + r = bus_wait_for_jobs_add(d, path); + if (r < 0) + return log_oom(); + +- return bus_wait_for_jobs(d, quiet, NULL); ++ return bus_wait_for_jobs(d, quiet, extra_args); + } +diff --git a/src/shared/bus-wait-for-jobs.h b/src/shared/bus-wait-for-jobs.h +index 68c9d604ad..5acf8b9241 100644 +--- a/src/shared/bus-wait-for-jobs.h ++++ b/src/shared/bus-wait-for-jobs.h +@@ -11,6 +11,6 @@ int bus_wait_for_jobs_new(sd_bus *bus, BusWaitForJobs **ret); + BusWaitForJobs* bus_wait_for_jobs_free(BusWaitForJobs *d); + int bus_wait_for_jobs_add(BusWaitForJobs *d, const char *path); + int bus_wait_for_jobs(BusWaitForJobs *d, bool quiet, const char* const* extra_args); +-int bus_wait_for_jobs_one(BusWaitForJobs *d, const char *path, bool quiet); ++int bus_wait_for_jobs_one(BusWaitForJobs *d, const char *path, bool quiet, const char* const* extra_args); + + DEFINE_TRIVIAL_CLEANUP_FUNC(BusWaitForJobs*, bus_wait_for_jobs_free); +diff --git a/src/shared/tests.c b/src/shared/tests.c +index ab7d799029..6d35bc6a8d 100644 +--- a/src/shared/tests.c ++++ b/src/shared/tests.c +@@ -247,7 +247,7 @@ static int allocate_scope(void) { + if (r < 0) + return bus_log_parse_error(r); + +- r = bus_wait_for_jobs_one(w, object, false); ++ r = bus_wait_for_jobs_one(w, object, false, NULL); + if (r < 0) + return r; + +-- +2.33.0 +
View file
_service:tar_scm:backport-devnode-acl-use-_cleanup_-to-free-acl_t.patch
Added
@@ -0,0 +1,146 @@ +From 541ada330879dd928b33b55f1fc437ec1bbd349f Mon Sep 17 00:00:00 2001 +From: David Tardon <dtardon@redhat.com> +Date: Thu, 3 Mar 2022 15:58:24 +0100 +Subject: PATCH devnode-acl: use _cleanup_ to free acl_t + +(cherry picked from commit 203ea2c8f158288fea56c5be980715b2b7e002fe) +(cherry picked from commit 543c73300e3b9298e5316555bf4df6ff7dfc210f) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/541ada330879dd928b33b55f1fc437ec1bbd349f +--- + src/shared/devnode-acl.c | 73 ++++++++++++++-------------------------- + 1 file changed, 25 insertions(+), 48 deletions(-) + +diff --git a/src/shared/devnode-acl.c b/src/shared/devnode-acl.c +index 07e29e1019..394422b164 100644 +--- a/src/shared/devnode-acl.c ++++ b/src/shared/devnode-acl.c +@@ -52,8 +52,8 @@ int devnode_acl(const char *path, + bool del, uid_t old_uid, + bool add, uid_t new_uid) { + +- acl_t acl; +- int r = 0; ++ _cleanup_(acl_freep) acl_t acl = NULL; ++ int r; + bool changed = false; + + assert(path); +@@ -66,7 +66,7 @@ int devnode_acl(const char *path, + + r = flush_acl(acl); + if (r < 0) +- goto finish; ++ return r; + if (r > 0) + changed = true; + +@@ -75,13 +75,11 @@ int devnode_acl(const char *path, + + r = acl_find_uid(acl, old_uid, &entry); + if (r < 0) +- goto finish; ++ return r; + + if (r > 0) { +- if (acl_delete_entry(acl, entry) < 0) { +- r = -errno; +- goto finish; +- } ++ if (acl_delete_entry(acl, entry) < 0) ++ return -errno; + + changed = true; + } +@@ -94,68 +92,47 @@ int devnode_acl(const char *path, + + r = acl_find_uid(acl, new_uid, &entry); + if (r < 0) +- goto finish; ++ return r; + + if (r == 0) { +- if (acl_create_entry(&acl, &entry) < 0) { +- r = -errno; +- goto finish; +- } ++ if (acl_create_entry(&acl, &entry) < 0) ++ return -errno; + + if (acl_set_tag_type(entry, ACL_USER) < 0 || +- acl_set_qualifier(entry, &new_uid) < 0) { +- r = -errno; +- goto finish; +- } ++ acl_set_qualifier(entry, &new_uid) < 0) ++ return -errno; + } + +- if (acl_get_permset(entry, &permset) < 0) { +- r = -errno; +- goto finish; +- } ++ if (acl_get_permset(entry, &permset) < 0) ++ return -errno; + + rd = acl_get_perm(permset, ACL_READ); +- if (rd < 0) { +- r = -errno; +- goto finish; +- } ++ if (rd < 0) ++ return -errno; + + wt = acl_get_perm(permset, ACL_WRITE); +- if (wt < 0) { +- r = -errno; +- goto finish; +- } ++ if (wt < 0) ++ return -errno; + + if (!rd || !wt) { + +- if (acl_add_perm(permset, ACL_READ|ACL_WRITE) < 0) { +- r = -errno; +- goto finish; +- } ++ if (acl_add_perm(permset, ACL_READ|ACL_WRITE) < 0) ++ return -errno; + + changed = true; + } + } + + if (!changed) +- goto finish; +- +- if (acl_calc_mask(&acl) < 0) { +- r = -errno; +- goto finish; +- } +- +- if (acl_set_file(path, ACL_TYPE_ACCESS, acl) < 0) { +- r = -errno; +- goto finish; +- } ++ return 0; + +- r = 0; ++ if (acl_calc_mask(&acl) < 0) ++ return -errno; + +-finish: +- acl_free(acl); ++ if (acl_set_file(path, ACL_TYPE_ACCESS, acl) < 0) ++ return -errno; + +- return r; ++ return 0; + } + + int devnode_acl_all(const char *seat, +-- +2.33.0 +
View file
_service:tar_scm:backport-dhcp-fix-assertion-failure.patch
Added
@@ -0,0 +1,31 @@ +From d59f045a9341f33df161a83a0a5428e137381206 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 8 Dec 2021 05:47:11 +0900 +Subject: PATCH dhcp: fix assertion failure + +Fixes #21671. + +(cherry picked from commit 990d0aa98023140d1efc897c3dcd5e0599a60203) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/d59f045a9341f33df161a83a0a5428e137381206 +--- + src/libsystemd-network/sd-dhcp-lease.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c +index 095a4ee683..9a0d7f6fea 100644 +--- a/src/libsystemd-network/sd-dhcp-lease.c ++++ b/src/libsystemd-network/sd-dhcp-lease.c +@@ -691,7 +691,7 @@ int dhcp_lease_parse_options(uint8_t code, uint8_t len, const void *option, void + } + + if (!timezone_is_valid(tz, LOG_DEBUG)) { +- log_debug_errno(r, "Timezone is not valid, ignoring: %m"); ++ log_debug("Timezone is not valid, ignoring."); + return 0; + } + +-- +2.33.0 +
View file
_service:tar_scm:backport-dhcp-fix-potential-buffer-overflow.patch
Added
@@ -0,0 +1,102 @@ +From d903e94e8ea532d2128c5c4686ae440ebf17a07d Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sat, 6 Aug 2022 13:05:59 +0900 +Subject: PATCH dhcp: fix potential buffer overflow + +Fixes a bug introduced by 324f818781a250b60f2fcfa74ff1c9101d2d1315. + +This also renames several macros for DHCP packet size. + +(cherry picked from commit 4473cd7f61b9eb0860f2daab81491ad2145d554b) +(cherry picked from commit 037b1a8acc50cbeeebb82f95594a4909375577c2) +(cherry picked from commit 887837a5a9425945b91488db661122459af94c52) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/d903e94e8ea532d2128c5c4686ae440ebf17a07d +--- + src/libsystemd-network/dhcp-protocol.h | 7 ++++--- + src/libsystemd-network/sd-dhcp-client.c | 11 +++++------ + src/libsystemd-network/sd-dhcp-lease.c | 6 +++--- + 3 files changed, 12 insertions(+), 12 deletions(-) + +diff --git a/src/libsystemd-network/dhcp-protocol.h b/src/libsystemd-network/dhcp-protocol.h +index 11f4201ab2..686cf67e84 100644 +--- a/src/libsystemd-network/dhcp-protocol.h ++++ b/src/libsystemd-network/dhcp-protocol.h +@@ -43,9 +43,10 @@ typedef struct DHCPPacket DHCPPacket; + + #define DHCP_IP_SIZE (int32_t)(sizeof(struct iphdr)) + #define DHCP_IP_UDP_SIZE (int32_t)(sizeof(struct udphdr) + DHCP_IP_SIZE) +-#define DHCP_MESSAGE_SIZE (int32_t)(sizeof(DHCPMessage)) +-#define DHCP_DEFAULT_MIN_SIZE 576 /* the minimum internet hosts must be able to receive */ +-#define DHCP_MIN_OPTIONS_SIZE (DHCP_DEFAULT_MIN_SIZE - DHCP_IP_UDP_SIZE - DHCP_MESSAGE_SIZE) ++#define DHCP_HEADER_SIZE (int32_t)(sizeof(DHCPMessage)) ++#define DHCP_MIN_MESSAGE_SIZE 576 /* the minimum internet hosts must be able to receive, see RFC 2132 Section 9.10 */ ++#define DHCP_MIN_OPTIONS_SIZE (DHCP_MIN_MESSAGE_SIZE - DHCP_HEADER_SIZE) ++#define DHCP_MIN_PACKET_SIZE (DHCP_MIN_MESSAGE_SIZE + DHCP_IP_UDP_SIZE) + #define DHCP_MAGIC_COOKIE (uint32_t)(0x63825363) + + enum { +diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c +index 46191e58f5..b9c5748fed 100644 +--- a/src/libsystemd-network/sd-dhcp-client.c ++++ b/src/libsystemd-network/sd-dhcp-client.c +@@ -637,7 +637,7 @@ int sd_dhcp_client_set_client_port( + + int sd_dhcp_client_set_mtu(sd_dhcp_client *client, uint32_t mtu) { + assert_return(client, -EINVAL); +- assert_return(mtu >= DHCP_DEFAULT_MIN_SIZE, -ERANGE); ++ assert_return(mtu >= DHCP_MIN_PACKET_SIZE, -ERANGE); + + client->mtu = mtu; + +@@ -804,7 +804,6 @@ static int client_message_init( + + _cleanup_free_ DHCPPacket *packet = NULL; + size_t optlen, optoffset, size; +- be16_t max_size; + usec_t time_now; + uint16_t secs; + int r; +@@ -955,9 +954,9 @@ static int client_message_init( + */ + /* RFC7844 section 3: + SHOULD NOT contain any other option. */ +- if (!client->anonymize && type != DHCP_RELEASE) { +- max_size = htobe16(size); +- r = dhcp_option_append(&packet->dhcp, client->mtu, &optoffset, 0, ++ if (!client->anonymize && IN_SET(type, DHCP_DISCOVER, DHCP_REQUEST)) { ++ be16_t max_size = htobe16(MIN(client->mtu - DHCP_IP_UDP_SIZE, (uint32_t) UINT16_MAX)); ++ r = dhcp_option_append(&packet->dhcp, optlen, &optoffset, 0, + SD_DHCP_OPTION_MAXIMUM_MESSAGE_SIZE, + 2, &max_size); + if (r < 0) +@@ -2267,7 +2266,7 @@ int sd_dhcp_client_new(sd_dhcp_client **ret, int anonymize) { + .state = DHCP_STATE_INIT, + .ifindex = -1, + .fd = -1, +- .mtu = DHCP_DEFAULT_MIN_SIZE, ++ .mtu = DHCP_MIN_PACKET_SIZE, + .port = DHCP_PORT_CLIENT, + .anonymize = !!anonymize, + .max_attempts = UINT64_MAX, +diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c +index 89386f6809..b818020589 100644 +--- a/src/libsystemd-network/sd-dhcp-lease.c ++++ b/src/libsystemd-network/sd-dhcp-lease.c +@@ -621,9 +621,9 @@ int dhcp_lease_parse_options(uint8_t code, uint8_t len, const void *option, void + r = lease_parse_u16(option, len, &lease->mtu, 68); + if (r < 0) + log_debug_errno(r, "Failed to parse MTU, ignoring: %m"); +- if (lease->mtu < DHCP_DEFAULT_MIN_SIZE) { +- log_debug("MTU value of %" PRIu16 " too small. Using default MTU value of %d instead.", lease->mtu, DHCP_DEFAULT_MIN_SIZE); +- lease->mtu = DHCP_DEFAULT_MIN_SIZE; ++ if (lease->mtu < DHCP_MIN_PACKET_SIZE) { ++ log_debug("MTU value of %" PRIu16 " too small. Using default MTU value of %d instead.", lease->mtu, DHCP_MIN_PACKET_SIZE); ++ lease->mtu = DHCP_MIN_PACKET_SIZE; + } + + break; +-- +2.27.0 +
View file
_service:tar_scm:backport-discover-image-mount-as-read-only-when-extracting-me.patch
Added
@@ -0,0 +1,30 @@ +From 783b787a3aecbd2c9d6908546f89c9690728aa79 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi <luca.boccassi@microsoft.com> +Date: Thu, 22 Jul 2021 22:21:10 +0100 +Subject: PATCH discover-image: mount as read-only when extracting metadata + +We don't need to modify the image, and the loopback device is already set to read-only. + +(cherry picked from commit f6f4ec7951f429e8a470f8912cbeacde8fa1206e) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/783b787a3aecbd2c9d6908546f89c9690728aa79 +--- + src/shared/discover-image.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/shared/discover-image.c b/src/shared/discover-image.c +index 5c833afc78..521264ec29 100644 +--- a/src/shared/discover-image.c ++++ b/src/shared/discover-image.c +@@ -1208,6 +1208,7 @@ int image_read_metadata(Image *i) { + DISSECT_IMAGE_GENERIC_ROOT | + DISSECT_IMAGE_REQUIRE_ROOT | + DISSECT_IMAGE_RELAX_VAR_CHECK | ++ DISSECT_IMAGE_READ_ONLY | + DISSECT_IMAGE_USR_NO_ROOT, + &m); + if (r < 0) +-- +2.33.0 +
View file
_service:tar_scm:backport-discover-image-pass-the-right-fd-to-fd_getcrtime.patch
Added
@@ -0,0 +1,29 @@ +From 64b025686f36ae4385811be6f81d5f7d94da3437 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Wed, 18 Aug 2021 22:41:08 +0200 +Subject: PATCH discover-image: pass the right fd to fd_getcrtime() + +(cherry picked from commit 12a7f04a2b9135a4751dba71e2f688525d7c93e7) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/64b025686f36ae4385811be6f81d5f7d94da3437 +--- + src/shared/discover-image.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shared/discover-image.c b/src/shared/discover-image.c +index 521264ec29..5f8bf43776 100644 +--- a/src/shared/discover-image.c ++++ b/src/shared/discover-image.c +@@ -305,7 +305,7 @@ static int image_make( + } + + /* Get directory creation time (not available everywhere, but that's OK */ +- (void) fd_getcrtime(dfd, &crtime); ++ (void) fd_getcrtime(fd, &crtime); + + /* If the IMMUTABLE bit is set, we consider the directory read-only. Since the ioctl is not + * supported everywhere we ignore failures. */ +-- +2.33.0 +
View file
_service:tar_scm:backport-dissect-image-add-extension-specific-validation-flag.patch
Added
@@ -0,0 +1,126 @@ +From 1d1b529d7781c7ac28fd6130eeda76bf2d70fe79 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi <luca.boccassi@microsoft.com> +Date: Wed, 18 Aug 2021 16:08:14 +0100 +Subject: PATCH dissect-image: add extension-specific validation flag + +Allows callers to specify which image type they are looking for + +(cherry picked from commit 9ccb531a5f99a7f399f352e79079188957f5a170) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/1d1b529d7781c7ac28fd6130eeda76bf2d70fe79 +--- + src/portable/portable.c | 9 ++++++++- + src/shared/dissect-image.c | 26 +++++++++++++++++++------- + src/shared/dissect-image.h | 23 ++++++++++++----------- + 3 files changed, 39 insertions(+), 19 deletions(-) + +diff --git a/src/portable/portable.c b/src/portable/portable.c +index 4cf5fb4f0a..5ecbeec2de 100644 +--- a/src/portable/portable.c ++++ b/src/portable/portable.c +@@ -424,9 +424,16 @@ static int portable_extract_by_path( + if (r < 0) + return r; + if (r == 0) { ++ DissectImageFlags flags = DISSECT_IMAGE_READ_ONLY; ++ + seq0 = safe_close(seq0); + +- r = dissected_image_mount(m, tmpdir, UID_INVALID, UID_INVALID, DISSECT_IMAGE_READ_ONLY); ++ if (!extract_os_release) ++ flags |= DISSECT_IMAGE_VALIDATE_OS_EXT; ++ else ++ flags |= DISSECT_IMAGE_VALIDATE_OS; ++ ++ r = dissected_image_mount(m, tmpdir, UID_INVALID, UID_INVALID, flags); + if (r < 0) { + log_debug_errno(r, "Failed to mount dissected image: %m"); + goto child_finish; +diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c +index 9b30c86a53..3a24f5041f 100644 +--- a/src/shared/dissect-image.c ++++ b/src/shared/dissect-image.c +@@ -1725,17 +1725,28 @@ int dissected_image_mount( + if (r < 0) + return r; + +- if (flags & DISSECT_IMAGE_VALIDATE_OS) { +- r = path_is_os_tree(where); +- if (r < 0) +- return r; +- if (r == 0) { ++ if ((flags & (DISSECT_IMAGE_VALIDATE_OS|DISSECT_IMAGE_VALIDATE_OS_EXT)) != 0) { ++ /* If either one of the validation flags are set, ensure that the image qualifies ++ * as one or the other (or both). */ ++ bool ok = false; ++ ++ if (FLAGS_SET(flags, DISSECT_IMAGE_VALIDATE_OS)) { ++ r = path_is_os_tree(where); ++ if (r < 0) ++ return r; ++ if (r > 0) ++ ok = true; ++ } ++ if (!ok && FLAGS_SET(flags, DISSECT_IMAGE_VALIDATE_OS_EXT)) { + r = path_is_extension_tree(where, m->image_name); + if (r < 0) + return r; +- if (r == 0) +- return -EMEDIUMTYPE; ++ if (r > 0) ++ ok = true; + } ++ ++ if (!ok) ++ return -ENOMEDIUM; + } + } + +@@ -2617,6 +2628,7 @@ int dissected_image_acquire_metadata(DissectedImage *m) { + DISSECT_IMAGE_READ_ONLY| + DISSECT_IMAGE_MOUNT_ROOT_ONLY| + DISSECT_IMAGE_VALIDATE_OS| ++ DISSECT_IMAGE_VALIDATE_OS_EXT| + DISSECT_IMAGE_USR_NO_ROOT); + if (r < 0) { + /* Let parent know the error */ +diff --git a/src/shared/dissect-image.h b/src/shared/dissect-image.h +index 1ce14e915e..9db2719afb 100644 +--- a/src/shared/dissect-image.h ++++ b/src/shared/dissect-image.h +@@ -100,19 +100,20 @@ typedef enum DissectImageFlags { + DISSECT_IMAGE_MOUNT_ROOT_ONLY = 1 << 6, /* Mount only the root and /usr partitions */ + DISSECT_IMAGE_MOUNT_NON_ROOT_ONLY = 1 << 7, /* Mount only the non-root and non-/usr partitions */ + DISSECT_IMAGE_VALIDATE_OS = 1 << 8, /* Refuse mounting images that aren't identifiable as OS images */ +- DISSECT_IMAGE_NO_UDEV = 1 << 9, /* Don't wait for udev initializing things */ +- DISSECT_IMAGE_RELAX_VAR_CHECK = 1 << 10, /* Don't insist that the UUID of /var is hashed from /etc/machine-id */ +- DISSECT_IMAGE_FSCK = 1 << 11, /* File system check the partition before mounting (no effect when combined with DISSECT_IMAGE_READ_ONLY) */ +- DISSECT_IMAGE_NO_PARTITION_TABLE = 1 << 12, /* Only recognize single file system images */ +- DISSECT_IMAGE_VERITY_SHARE = 1 << 13, /* When activating a verity device, reuse existing one if already open */ +- DISSECT_IMAGE_MKDIR = 1 << 14, /* Make top-level directory to mount right before mounting, if missing */ +- DISSECT_IMAGE_USR_NO_ROOT = 1 << 15, /* If no root fs is in the image, but /usr is, then allow this (so that we can mount the rootfs as tmpfs or so */ +- DISSECT_IMAGE_REQUIRE_ROOT = 1 << 16, /* Don't accept disks without root partition (or at least /usr partition if DISSECT_IMAGE_USR_NO_ROOT is set) */ +- DISSECT_IMAGE_MOUNT_READ_ONLY = 1 << 17, /* Make mounts read-only */ ++ DISSECT_IMAGE_VALIDATE_OS_EXT = 1 << 9, /* Refuse mounting images that aren't identifiable as OS extension images */ ++ DISSECT_IMAGE_NO_UDEV = 1 << 10, /* Don't wait for udev initializing things */ ++ DISSECT_IMAGE_RELAX_VAR_CHECK = 1 << 11, /* Don't insist that the UUID of /var is hashed from /etc/machine-id */ ++ DISSECT_IMAGE_FSCK = 1 << 12, /* File system check the partition before mounting (no effect when combined with DISSECT_IMAGE_READ_ONLY) */ ++ DISSECT_IMAGE_NO_PARTITION_TABLE = 1 << 13, /* Only recognize single file system images */ ++ DISSECT_IMAGE_VERITY_SHARE = 1 << 14, /* When activating a verity device, reuse existing one if already open */ ++ DISSECT_IMAGE_MKDIR = 1 << 15, /* Make top-level directory to mount right before mounting, if missing */ ++ DISSECT_IMAGE_USR_NO_ROOT = 1 << 16, /* If no root fs is in the image, but /usr is, then allow this (so that we can mount the rootfs as tmpfs or so */ ++ DISSECT_IMAGE_REQUIRE_ROOT = 1 << 17, /* Don't accept disks without root partition (or at least /usr partition if DISSECT_IMAGE_USR_NO_ROOT is set) */ ++ DISSECT_IMAGE_MOUNT_READ_ONLY = 1 << 18, /* Make mounts read-only */ + DISSECT_IMAGE_READ_ONLY = DISSECT_IMAGE_DEVICE_READ_ONLY | + DISSECT_IMAGE_MOUNT_READ_ONLY, +- DISSECT_IMAGE_GROWFS = 1 << 18, /* Grow file systems in partitions marked for that to the size of the partitions after mount */ +- DISSECT_IMAGE_MOUNT_IDMAPPED = 1 << 19, /* Mount mounts with kernel 5.12-style userns ID mapping, if file system type doesn't support uid=/gid= */ ++ DISSECT_IMAGE_GROWFS = 1 << 19, /* Grow file systems in partitions marked for that to the size of the partitions after mount */ ++ DISSECT_IMAGE_MOUNT_IDMAPPED = 1 << 20, /* Mount mounts with kernel 5.12-style userns ID mapping, if file system type doesn't support uid=/gid= */ + } DissectImageFlags; + + struct DissectedImage { +-- +2.33.0 +
View file
_service:tar_scm:backport-dissect-image-validate-extension-release-even-if-the.patch
Added
@@ -0,0 +1,42 @@ +From 4b14a6aafe45270b50b4a0b75d0cce11a9ac738d Mon Sep 17 00:00:00 2001 +From: Luca Boccassi <luca.boccassi@microsoft.com> +Date: Wed, 19 Jan 2022 00:01:48 +0000 +Subject: PATCH dissect-image: validate extension-release even if the host + has only ID in os-release + +A rolling distro won't set VERSION_ID or SYSEXT_LEVEL in os-release, +which means we skip validation of ExtensionImages. +Validate even with just an ID, the lower level helper already +recognizes and accepts this use case. + +Fixes https://github.com/systemd/systemd/issues/22146 + +(cherry picked from commit 37361f46d571ad0b71ef99dec6a9b76edbab38bb) +(cherry picked from commit 0dab9e5f057380322755e90ee4d35716d5bf6232) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/4b14a6aafe45270b50b4a0b75d0cce11a9ac738d +--- + src/shared/dissect-image.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c +index 714baa8572..9b30c86a53 100644 +--- a/src/shared/dissect-image.c ++++ b/src/shared/dissect-image.c +@@ -3015,9 +3015,9 @@ int verity_dissect_and_mount( + /* If we got os-release values from the caller, then we need to match them with the image's + * extension-release.d/ content. Return -EINVAL if there's any mismatch. + * First, check the distro ID. If that matches, then check the new SYSEXT_LEVEL value if +- * available, or else fallback to VERSION_ID. */ +- if (required_host_os_release_id && +- (required_host_os_release_version_id || required_host_os_release_sysext_level)) { ++ * available, or else fallback to VERSION_ID. If neither is present (eg: rolling release), ++ * then a simple match on the ID will be performed. */ ++ if (required_host_os_release_id) { + _cleanup_strv_free_ char **extension_release = NULL; + + r = load_extension_release_pairs(dest, dissected_image->image_name, &extension_release); +-- +2.33.0 +
View file
_service:tar_scm:backport-dns-domain-make-each-label-nul-terminated.patch
Added
@@ -0,0 +1,50 @@ +From ec5a6e5a3011f095e739fa0636c3273fe868f2cf Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sat, 11 Jun 2022 05:51:03 +0900 +Subject: PATCH dns-domain: make each label nul-terminated + +dns_label_unescape() does not nul-terminate the buffer if it does not +have enough space. Hence, if a lable is enough long, then strjoin() +triggers buffer-overflow. + +Fixes #23705. + +(cherry picked from commit 9db01ca5b0322bc035e1ccd6b8a0d98a26533b4a) +(cherry picked from commit 25158b294482f793f962e8ee5f34e99a01214321) +(cherry picked from commit ac4e64939d05ed81739028c0a45c3f99d2f91ba4) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/ec5a6e5a3011f095e739fa0636c3273fe868f2cf +--- + src/shared/dns-domain.c | 2 +- + src/test/test-dns-domain.c | 1 + + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c +index 787bb8fec9..517fe85600 100644 +--- a/src/shared/dns-domain.c ++++ b/src/shared/dns-domain.c +@@ -1035,7 +1035,7 @@ static bool dns_service_name_label_is_valid(const char *label, size_t n) { + int dns_service_split(const char *joined, char **_name, char **_type, char **_domain) { + _cleanup_free_ char *name = NULL, *type = NULL, *domain = NULL; + const char *p = joined, *q = NULL, *d = NULL; +- char aDNS_LABEL_MAX, bDNS_LABEL_MAX, cDNS_LABEL_MAX; ++ char aDNS_LABEL_MAX+1, bDNS_LABEL_MAX+1, cDNS_LABEL_MAX+1; + int an, bn, cn, r; + unsigned x = 0; + +diff --git a/src/test/test-dns-domain.c b/src/test/test-dns-domain.c +index 2df2380de4..10916dd057 100644 +--- a/src/test/test-dns-domain.c ++++ b/src/test/test-dns-domain.c +@@ -560,6 +560,7 @@ static void test_dns_service_split(void) { + test_dns_service_split_one("_foo._bar", NULL, "_foo._bar", ".", 0); + test_dns_service_split_one("_meh._foo._bar", "_meh", "_foo._bar", ".", 0); + test_dns_service_split_one("Wuff\\032Wuff._foo._bar.waldo.com", "Wuff Wuff", "_foo._bar", "waldo.com", 0); ++ test_dns_service_split_one("_Q._Q-------------------------------------------------------------", NULL, "_Q._Q-------------------------------------------------------------", ".", 0); + } + + static void test_dns_name_change_suffix_one(const char *name, const char *old_suffix, const char *new_suffix, int r, const char *result) { +-- +2.27.0 +
View file
_service:tar_scm:backport-dns-domain-re-introduce-dns_name_is_empty.patch
Added
@@ -0,0 +1,32 @@ +From 435a9af906c02d8024811311b012c9d7a2400009 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Mon, 24 Jan 2022 06:06:55 +0900 +Subject: PATCH dns-domain: re-introduce dns_name_is_empty() + +(cherry picked from commit 7bdf41983044268b4bc2f9d34462db7f89ba284a) +(cherry picked from commit df08c12062dfd9903edec371598412a47a3055e0) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/435a9af906c02d8024811311b012c9d7a2400009 +--- + src/shared/dns-domain.h | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/shared/dns-domain.h b/src/shared/dns-domain.h +index c25fcaacc2..24bf00bd58 100644 +--- a/src/shared/dns-domain.h ++++ b/src/shared/dns-domain.h +@@ -60,6 +60,10 @@ static inline int dns_name_is_valid_ldh(const char *s) { + return 1; + } + ++static inline bool dns_name_is_empty(const char *s) { ++ return isempty(s) || streq(s, "."); ++} ++ + void dns_name_hash_func(const char *s, struct siphash *state); + int dns_name_compare_func(const char *a, const char *b); + extern const struct hash_ops dns_name_hash_ops; +-- +2.33.0 +
View file
_service:tar_scm:backport-docs-SYSTEMD_NSS_BYPASS_BUS-is-not-honoured-anymore-.patch
Added
@@ -0,0 +1,37 @@ +From a7cfaa555379f19ab229c024027a74a5d22991d6 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Thu, 17 Feb 2022 14:47:34 +0100 +Subject: PATCH docs: $SYSTEMD_NSS_BYPASS_BUS is not honoured anymore, don't + document it + +It was removed back in 1684c56f40f020e685e70b3d1785d596ff16f892 + +Follow-up for: 1684c56f40f020e685e70b3d1785d596ff16f892 + +(cherry picked from commit cec16155e3dab4f123ba073223477a4ef2cf10f9) +(cherry picked from commit 4ec9aec4b695e1f0a26dc9cd55719c2f91ebdd6a) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/a7cfaa555379f19ab229c024027a74a5d22991d6 +--- + docs/ENVIRONMENT.md | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md +index 2cec3bdc16..efb360f0a4 100644 +--- a/docs/ENVIRONMENT.md ++++ b/docs/ENVIRONMENT.md +@@ -208,10 +208,6 @@ All tools: + user/group records for dynamically registered service users (i.e. users + registered through `DynamicUser=1`). + +-* `$SYSTEMD_NSS_BYPASS_BUS=1` — if set, `nss-systemd` won't use D-Bus to do +- dynamic user lookups. This is primarily useful to make `nss-systemd` work +- safely from within `dbus-daemon`. +- + `systemd-timedated`: + + * `$SYSTEMD_TIMEDATED_NTP_SERVICES=…` — colon-separated list of unit names of +-- +2.33.0 +
View file
_service:tar_scm:backport-docs-improve-wording-when-mentioning-the-acronym-ESP.patch
Added
@@ -0,0 +1,97 @@ +From 6822cfa5f066fcbf79ded85419d59a97decc67b9 Mon Sep 17 00:00:00 2001 +From: nl6720 <nl6720@gmail.com> +Date: Fri, 9 Jul 2021 12:56:54 +0300 +Subject: PATCH docs: improve wording when mentioning the acronym "ESP" + +"ESP" is "EFI system partition", so "ESP partition" is redundant. + +(cherry picked from commit 250db1bf02b9fd73f2e0604acddbc20937c67d19) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/6822cfa5f066fcbf79ded85419d59a97decc67b9 +--- + docs/BOOT_LOADER_INTERFACE.md | 8 ++++---- + docs/BOOT_LOADER_SPECIFICATION.md | 4 ++-- + man/systemd-boot.xml | 4 ++-- + src/boot/bootctl.c | 2 +- + src/systemctl/systemctl-start-special.c | 2 +- + 5 files changed, 10 insertions(+), 10 deletions(-) + +diff --git a/docs/BOOT_LOADER_INTERFACE.md b/docs/BOOT_LOADER_INTERFACE.md +index be3b6e401d..e9155117b9 100644 +--- a/docs/BOOT_LOADER_INTERFACE.md ++++ b/docs/BOOT_LOADER_INTERFACE.md +@@ -76,10 +76,10 @@ variables. All EFI variables use the vendor UUID + * `1 << 6` → The boot loader supports passing a random seed to the OS. + + * The EFI variable `LoaderRandomSeed` contains a binary random seed if set. It +- is set by the boot loader to pass an entropy seed read from the ESP partition +- to the OS. The system manager then credits this seed to the kernel's entropy +- pool. It is the responsibility of the boot loader to ensure the quality and +- integrity of the random seed. ++ is set by the boot loader to pass an entropy seed read from the ESP to the OS. ++ The system manager then credits this seed to the kernel's entropy pool. It is ++ the responsibility of the boot loader to ensure the quality and integrity of ++ the random seed. + + * The EFI variable `LoaderSystemToken` contains binary random data, + persistently set by the OS installer. Boot loaders that support passing +diff --git a/docs/BOOT_LOADER_SPECIFICATION.md b/docs/BOOT_LOADER_SPECIFICATION.md +index b87246ede1..7b5b19700a 100644 +--- a/docs/BOOT_LOADER_SPECIFICATION.md ++++ b/docs/BOOT_LOADER_SPECIFICATION.md +@@ -61,8 +61,8 @@ Everything described below is located on a placeholder file system `$BOOT`. The + * On disks with GPT (GUID Partition Table) + * If the OS is installed on a disk with GPT, and an Extended Boot Loader Partition or XBOOTLDR partition for short, i.e. a partition with GPT type GUID of `bc13c2ff-59e6-4262-a352-b275fd6f7172`, already exists, it should be used as `$BOOT`. + * Otherwise, if the OS is installed on a disk with GPT, and an EFI System Partition or ESP for short, i.e. a partition with GPT type UID of `c12a7328-f81f-11d2-ba4b-00a0c93ec93b`) already exists and is large enough (let's say 250MB) and otherwise qualifies, it should be used as `$BOOT`. +- * Otherwise, if the OS is installed on a disk with GPT, and if the ESP partition already exists but is too small, a new suitably sized (let's say 500MB) XBOOTLDR partition shall be created and used as `$BOOT`. +- * Otherwise, if the OS is installed on a disk with GPT, and no ESP partition exists yet, a new suitably sized (let's say 500MB) ESP should be created and used as `$BOOT`. ++ * Otherwise, if the OS is installed on a disk with GPT, and if the ESP already exists but is too small, a new suitably sized (let's say 500MB) XBOOTLDR partition shall be created and used as `$BOOT`. ++ * Otherwise, if the OS is installed on a disk with GPT, and no ESP exists yet, a new suitably sized (let's say 500MB) ESP should be created and used as `$BOOT`. + + This placeholder file system shall be determined during _installation time_, and an fstab entry may be created. It should be mounted to either `/boot/` or `/efi/`. Additional locations like `/boot/efi/`, with `/boot/` being a separate file system, might be supported by implementations. This is not recommended because the mounting of `$BOOT` is then dependent on and requires the mounting of the intermediate file system. + +diff --git a/man/systemd-boot.xml b/man/systemd-boot.xml +index 139f79fa6b..2135d9eb36 100644 +--- a/man/systemd-boot.xml ++++ b/man/systemd-boot.xml +@@ -73,8 +73,8 @@ + <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> for + details.</para></listitem> + +- <listitem><para>An EFI variable set by the boot loader informs the OS about the ESP partition used +- during boot. This is then used to automatically mount the correct ESP partition to ++ <listitem><para>An EFI variable set by the boot loader informs the OS about the EFI System Partition used ++ during boot. This is then used to automatically mount the correct EFI System Partition to + <filename>/efi/</filename> or <filename>/boot/</filename> during OS runtime. See + <citerefentry><refentrytitle>systemd-gpt-auto-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry> + for details.</para></listitem> +diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c +index df8b0542c9..fa8c600321 100644 +--- a/src/boot/bootctl.c ++++ b/src/boot/bootctl.c +@@ -1337,7 +1337,7 @@ static int verb_status(int argc, char *argv, void *userdata) { + sd_id128_t bootloader_esp_uuid; + bool have_bootloader_esp_uuid = efi_loader_get_device_part_uuid(&bootloader_esp_uuid) >= 0; + +- print_yes_no_line(false, have_bootloader_esp_uuid, "Boot loader sets ESP partition information"); ++ print_yes_no_line(false, have_bootloader_esp_uuid, "Boot loader sets ESP information"); + if (have_bootloader_esp_uuid && !sd_id128_equal(esp_uuid, bootloader_esp_uuid)) + printf("WARNING: The boot loader reports a different ESP UUID than detected!\n"); + +diff --git a/src/systemctl/systemctl-start-special.c b/src/systemctl/systemctl-start-special.c +index 3edb65be61..56068d25f5 100644 +--- a/src/systemctl/systemctl-start-special.c ++++ b/src/systemctl/systemctl-start-special.c +@@ -36,7 +36,7 @@ static int load_kexec_kernel(void) { + return log_error_errno(r, + "No kexec kernel loaded and autodetection failed.\n%s", + is_efi_boot() +- ? "Cannot automatically load kernel: ESP partition mount point not found." ++ ? "Cannot automatically load kernel: ESP mount point not found." + : "Automatic loading works only on systems booted with EFI."); + if (r < 0) + return r; +-- +2.33.0 +
View file
_service:tar_scm:backport-docs-portablectl-is-in-bin.patch
Added
@@ -0,0 +1,40 @@ +From b4221cca108f46f58cc15d83a298714b4de0bebf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Tue, 7 Sep 2021 18:43:58 +0200 +Subject: PATCH docs: portablectl is in bin/ + +Follow-up for 80f39b81f3876ed3816061f1093db991f72269ec. + +(cherry picked from commit a00ff6717b98580136d46cde0e8f9543e60c8f76) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/b4221cca108f46f58cc15d83a298714b4de0bebf +--- + docs/PORTABLE_SERVICES.md | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/docs/PORTABLE_SERVICES.md b/docs/PORTABLE_SERVICES.md +index d9171c7b65..ec4a50373c 100644 +--- a/docs/PORTABLE_SERVICES.md ++++ b/docs/PORTABLE_SERVICES.md +@@ -86,7 +86,7 @@ If you have a portable service image, maybe in a raw disk image called + `foobar_0.7.23.raw`, then attaching the services to the host is as easy as: + + ``` +-# /usr/lib/systemd/portablectl attach foobar_0.7.23.raw ++# portablectl attach foobar_0.7.23.raw + ``` + + This command does the following: +@@ -268,7 +268,7 @@ include template units such as `foobar@.service`, so that instantiation is as + simple as: + + ``` +-# /usr/lib/systemd/portablectl attach foobar_0.7.23.raw ++# portablectl attach foobar_0.7.23.raw + # systemctl enable --now foobar@instancea.service + # systemctl enable --now foobar@instanceb.service + … +-- +2.33.0 +
View file
_service:tar_scm:backport-ether-addr-util-make-hw_addr_to_string-return-valid-.patch
Added
@@ -0,0 +1,52 @@ +From 798baafc027d829bdf6fc41163e6d12085a2c620 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 15 Sep 2021 22:59:52 +0900 +Subject: PATCH ether-addr-util: make hw_addr_to_string() return valid string + even if hardware address is null + +Previously, when the length of the hardware address is zero, then the +buffer was not nul-terminated. + +This also replaces sprintf() with hexchar(). + +(cherry picked from commit 914ac555cd40f9c09e655a737214bfb7de21b8d9) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/798baafc027d829bdf6fc41163e6d12085a2c620 +--- + src/basic/ether-addr-util.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/src/basic/ether-addr-util.c b/src/basic/ether-addr-util.c +index e660ac2c6f..dc5b5b833d 100644 +--- a/src/basic/ether-addr-util.c ++++ b/src/basic/ether-addr-util.c +@@ -7,6 +7,7 @@ + #include <sys/types.h> + + #include "ether-addr-util.h" ++#include "hexdecoct.h" + #include "macro.h" + #include "string-util.h" + +@@ -15,12 +16,13 @@ char* hw_addr_to_string(const struct hw_addr_data *addr, char bufferHW_ADDR_TO_ + assert(buffer); + assert(addr->length <= HW_ADDR_MAX_SIZE); + +- for (size_t i = 0; i < addr->length; i++) { +- sprintf(&buffer3*i, "%02"PRIx8, addr->bytesi); +- if (i < addr->length - 1) +- buffer3*i + 2 = ':'; ++ for (size_t i = 0, j = 0; i < addr->length; i++) { ++ bufferj++ = hexchar(addr->bytesi >> 4); ++ bufferj++ = hexchar(addr->bytesi & 0x0f); ++ bufferj++ = ':'; + } + ++ bufferaddr->length > 0 ? addr->length * 3 - 1 : 0 = '\0'; + return buffer; + } + +-- +2.33.0 +
View file
_service:tar_scm:backport-execute-document-that-the-env-param-is-input-and-out.patch
Added
@@ -0,0 +1,30 @@ +From 5c8437361d54bd6c04d613619f71c161df32024f Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Tue, 1 Feb 2022 13:50:28 +0100 +Subject: PATCH execute: document that the 'env' param is input *and* output + +(cherry picked from commit 421bb42d1b366c00392ef5bbab6a67412295b6dc) +(cherry picked from commit c4357f31da66b1917d3612d02c28adb300d4b0c6) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/5c8437361d54bd6c04d613619f71c161df32024f +--- + src/core/execute.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/execute.c b/src/core/execute.c +index 1129905b61..e24775c150 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -1152,7 +1152,7 @@ static int setup_pam( + uid_t uid, + gid_t gid, + const char *tty, +- char ***env, ++ char ***env, /* updated on success */ + const int fds, size_t n_fds) { + + #if HAVE_PAM +-- +2.33.0 +
View file
_service:tar_scm:backport-execute-line-break-comments-a-bit-less-aggressively.patch
Added
@@ -0,0 +1,107 @@ +From ee7db04c13f5b46ad2437762caa7b4c239780de5 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Tue, 1 Feb 2022 13:50:13 +0100 +Subject: PATCH execute: line break comments a bit less aggressively + +(cherry picked from commit cafc5ca147cb05b90bd731661d8594c299601f79) +(cherry picked from commit 14567dc93d5c498bfaadd28478f59952f6da320c) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/ee7db04c13f5b46ad2437762caa7b4c239780de5 +--- + src/core/execute.c | 41 +++++++++++++++++------------------------ + 1 file changed, 17 insertions(+), 24 deletions(-) + +diff --git a/src/core/execute.c b/src/core/execute.c +index b6c54493d3..1129905b61 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -1238,8 +1238,7 @@ static int setup_pam( + goto fail; + } + +- /* Block SIGTERM, so that we know that it won't get lost in +- * the child */ ++ /* Block SIGTERM, so that we know that it won't get lost in the child */ + + assert_se(sigprocmask_many(SIG_BLOCK, &old_ss, SIGTERM, -1) >= 0); + +@@ -1251,18 +1250,16 @@ static int setup_pam( + if (r == 0) { + int sig, ret = EXIT_PAM; + +- /* The child's job is to reset the PAM session on +- * termination */ ++ /* The child's job is to reset the PAM session on termination */ + barrier_set_role(&barrier, BARRIER_CHILD); + + /* Make sure we don't keep open the passed fds in this child. We assume that otherwise only + * those fds are open here that have been opened by PAM. */ + (void) close_many(fds, n_fds); + +- /* Drop privileges - we don't need any to pam_close_session +- * and this will make PR_SET_PDEATHSIG work in most cases. +- * If this fails, ignore the error - but expect sd-pam threads +- * to fail to exit normally */ ++ /* Drop privileges - we don't need any to pam_close_session and this will make ++ * PR_SET_PDEATHSIG work in most cases. If this fails, ignore the error - but expect sd-pam ++ * threads to fail to exit normally */ + + r = maybe_setgroups(0, NULL); + if (r < 0) +@@ -1274,20 +1271,16 @@ static int setup_pam( + + (void) ignore_signals(SIGPIPE); + +- /* Wait until our parent died. This will only work if +- * the above setresuid() succeeds, otherwise the kernel +- * will not allow unprivileged parents kill their privileged +- * children this way. We rely on the control groups kill logic +- * to do the rest for us. */ ++ /* Wait until our parent died. This will only work if the above setresuid() succeeds, ++ * otherwise the kernel will not allow unprivileged parents kill their privileged children ++ * this way. We rely on the control groups kill logic to do the rest for us. */ + if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0) + goto child_finish; + +- /* Tell the parent that our setup is done. This is especially +- * important regarding dropping privileges. Otherwise, unit +- * setup might race against our setresuid(2) call. ++ /* Tell the parent that our setup is done. This is especially important regarding dropping ++ * privileges. Otherwise, unit setup might race against our setresuid(2) call. + * +- * If the parent aborted, we'll detect this below, hence ignore +- * return failure here. */ ++ * If the parent aborted, we'll detect this below, hence ignore return failure here. */ + (void) barrier_place(&barrier); + + /* Check if our parent process might already have died? */ +@@ -1332,19 +1325,19 @@ static int setup_pam( + + barrier_set_role(&barrier, BARRIER_PARENT); + +- /* If the child was forked off successfully it will do all the +- * cleanups, so forget about the handle here. */ ++ /* If the child was forked off successfully it will do all the cleanups, so forget about the handle ++ * here. */ + handle = NULL; + + /* Unblock SIGTERM again in the parent */ + assert_se(sigprocmask(SIG_SETMASK, &old_ss, NULL) >= 0); + +- /* We close the log explicitly here, since the PAM modules +- * might have opened it, but we don't want this fd around. */ ++ /* We close the log explicitly here, since the PAM modules might have opened it, but we don't want ++ * this fd around. */ + closelog(); + +- /* Synchronously wait for the child to initialize. We don't care for +- * errors as we cannot recover. However, warn loudly if it happens. */ ++ /* Synchronously wait for the child to initialize. We don't care for errors as we cannot ++ * recover. However, warn loudly if it happens. */ + if (!barrier_place_and_sync(&barrier)) + log_error("PAM initialization failed"); + +-- +2.33.0 +
View file
_service:tar_scm:backport-execute-respect-selinux_context_ignore.patch
Added
@@ -0,0 +1,45 @@ +From 38d0d41e0fc5d559cff5a1bcf46482aec9d6f5ef Mon Sep 17 00:00:00 2001 +From: Topi Miettinen <toiwoton@gmail.com> +Date: Sat, 30 Oct 2021 19:58:41 +0300 +Subject: PATCH execute: respect selinux_context_ignore + +When `SELinuxContext=` parameter is prefixed with `-`, the documentation states +that any errors determining or changing context should be ignored, but this +doesn't actually happen and the service may fail with `229/SELINUX_CONTEXT`. + +Fix by adding checks to `context->selinux_context_ignore`. + +Closes: #21057 +(cherry picked from commit 2ad2925de5f258d128ec8cdb07f10f3c52fa4fcf) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/38d0d41e0fc5d559cff5a1bcf46482aec9d6f5ef +--- + src/core/execute.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/core/execute.c b/src/core/execute.c +index 6ff757ff04..e324db87cc 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -4361,7 +4361,7 @@ static int exec_child( + + if (fd >= 0) { + r = mac_selinux_get_child_mls_label(fd, executable, context->selinux_context, &mac_selinux_context_net); +- if (r < 0) { ++ if (r < 0 && !context->selinux_context_ignore) { + *exit_status = EXIT_SELINUX_CONTEXT; + return log_unit_error_errno(unit, r, "Failed to determine SELinux context: %m"); + } +@@ -4495,7 +4495,7 @@ static int exec_child( + + if (exec_context) { + r = setexeccon(exec_context); +- if (r < 0) { ++ if (r < 0 && !context->selinux_context_ignore) { + *exit_status = EXIT_SELINUX_CONTEXT; + return log_unit_error_errno(unit, r, "Failed to change SELinux context to %s: %m", exec_context); + } +-- +2.33.0 +
View file
_service:tar_scm:backport-execute-use-_cleanup_-logic-where-appropriate.patch
Added
@@ -0,0 +1,44 @@ +From 1fa6abd4ae2445b08e3c3fc3d4eade1e833f43da Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Tue, 1 Feb 2022 13:49:56 +0100 +Subject: PATCH execute: use _cleanup_ logic where appropriate + +(cherry picked from commit 46e5bbab5895b7137b03453dee08bd1c89c710e9) +(cherry picked from commit 9b2954b79435eaf54be208acdce8026b83bdc249) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/1fa6abd4ae2445b08e3c3fc3d4eade1e833f43da +--- + src/core/execute.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/src/core/execute.c b/src/core/execute.c +index 04c0513453..b6c54493d3 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -1163,10 +1163,11 @@ static int setup_pam( + }; + + _cleanup_(barrier_destroy) Barrier barrier = BARRIER_NULL; ++ _cleanup_strv_free_ char **e = NULL; + pam_handle_t *handle = NULL; + sigset_t old_ss; + int pam_code = PAM_SUCCESS, r; +- char **nv, **e = NULL; ++ char **nv; + bool close_session = false; + pid_t pam_pid = 0, parent_pid; + int flags = 0; +@@ -1363,9 +1364,7 @@ fail: + (void) pam_end(handle, pam_code | flags); + } + +- strv_free(e); + closelog(); +- + return r; + #else + return 0; +-- +2.33.0 +
View file
_service:tar_scm:backport-explicitly-close-FIDO2-devices.patch
Added
@@ -0,0 +1,66 @@ +From d6e4920b10c3da1665cb44f4686893b865003d12 Mon Sep 17 00:00:00 2001 +From: pedro martelletto <pedro@yubico.com> +Date: Wed, 8 Sep 2021 10:42:56 +0200 +Subject: PATCH explicitly close FIDO2 devices + +FIDO2 device access is serialised by libfido2 using flock(). +Therefore, make sure to close a FIDO2 device once we are done +with it, or we risk opening it again at a later point and +deadlocking. Fixes #20664. + +(cherry picked from commit b6aa89b0a399992c8ea762e6ec4f30cff90618f2) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/d6e4920b10c3da1665cb44f4686893b865003d12 +--- + src/shared/libfido2-util.c | 2 ++ + src/shared/libfido2-util.h | 5 ++++- + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/shared/libfido2-util.c b/src/shared/libfido2-util.c +index 12c644dcfc..6d18178b68 100644 +--- a/src/shared/libfido2-util.c ++++ b/src/shared/libfido2-util.c +@@ -58,6 +58,7 @@ bool (*sym_fido_dev_is_fido2)(const fido_dev_t *) = NULL; + int (*sym_fido_dev_make_cred)(fido_dev_t *, fido_cred_t *, const char *) = NULL; + fido_dev_t* (*sym_fido_dev_new)(void) = NULL; + int (*sym_fido_dev_open)(fido_dev_t *, const char *) = NULL; ++int (*sym_fido_dev_close)(fido_dev_t *) = NULL; + const char* (*sym_fido_strerr)(int) = NULL; + + int dlopen_libfido2(void) { +@@ -106,6 +107,7 @@ int dlopen_libfido2(void) { + DLSYM_ARG(fido_dev_make_cred), + DLSYM_ARG(fido_dev_new), + DLSYM_ARG(fido_dev_open), ++ DLSYM_ARG(fido_dev_close), + DLSYM_ARG(fido_strerr)); + } + +diff --git a/src/shared/libfido2-util.h b/src/shared/libfido2-util.h +index 5640cca5e3..4ebf8ab775 100644 +--- a/src/shared/libfido2-util.h ++++ b/src/shared/libfido2-util.h +@@ -60,6 +60,7 @@ extern bool (*sym_fido_dev_is_fido2)(const fido_dev_t *); + extern int (*sym_fido_dev_make_cred)(fido_dev_t *, fido_cred_t *, const char *); + extern fido_dev_t* (*sym_fido_dev_new)(void); + extern int (*sym_fido_dev_open)(fido_dev_t *, const char *); ++extern int (*sym_fido_dev_close)(fido_dev_t *); + extern const char* (*sym_fido_strerr)(int); + + int dlopen_libfido2(void); +@@ -75,8 +76,10 @@ static inline void fido_assert_free_wrapper(fido_assert_t **p) { + } + + static inline void fido_dev_free_wrapper(fido_dev_t **p) { +- if (*p) ++ if (*p) { ++ sym_fido_dev_close(*p); + sym_fido_dev_free(p); ++ } + } + + static inline void fido_cred_free_wrapper(fido_cred_t **p) { +-- +2.33.0 +
View file
_service:tar_scm:backport-fileio-fix-truncated-read-handling-in-read_virtual_f.patch
Added
@@ -0,0 +1,44 @@ +From c9e0daf821b3e1e6504ca4c4e3a8b73513e28fa7 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Thu, 16 Sep 2021 12:20:09 +0200 +Subject: PATCH fileio: fix truncated read handling in read_virtual_file() + +We mishandled the case where the size we read from the file actually +matched the maximum size fully. In that case we cannot really make a +determination whether the file was fully read or only partially. In that +case let's do another loop, so that we operate with a buffer, and +we can detect the EOF (which will be signalled to us via a short read). + +(cherry picked from commit 00bd9a4a82ed57bc0c7f158da4564fc1eab808b4) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/c9e0daf821b3e1e6504ca4c4e3a8b73513e28fa7 +--- + src/basic/fileio.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/basic/fileio.c b/src/basic/fileio.c +index 1046e5b9b4..6c8ebe63e0 100644 +--- a/src/basic/fileio.c ++++ b/src/basic/fileio.c +@@ -470,9 +470,14 @@ int read_virtual_file(const char *filename, size_t max_size, char **ret_contents + if (n <= size) + break; + +- /* If a maximum size is specified and we already read as much, no need to try again */ +- if (max_size != SIZE_MAX && n >= max_size) { +- n = max_size; ++ /* If a maximum size is specified and we already read more we know the file is larger, and ++ * can handle this as truncation case. Note that if the size of what we read equals the ++ * maximum size then this doesn't mean truncation, the file might or might not end on that ++ * byte. We need to rerun the loop in that case, with a larger buffer size, so that we read ++ * at least one more byte to be able to distinguish EOF from truncation. */ ++ if (max_size != SIZE_MAX && n > max_size) { ++ n = size; /* Make sure we never use more than what we sized the buffer for (so that ++ * we have one free byte in it for the trailing NUL we add below).*/ + truncated = true; + break; + } +-- +2.33.0 +
View file
_service:tar_scm:backport-fileio-lower-maximum-virtual-file-buffer-size-by-one.patch
Added
@@ -0,0 +1,71 @@ +From feb68f6aad36930f0b0c6c70164287c5bc46b64c Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Tue, 14 Sep 2021 23:03:37 +0200 +Subject: PATCH fileio: lower maximum virtual file buffer size by one byte +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When reading virtual files (i.e. procfs, sysfs, …) we currently put a +limit of 4M-1 on that. We have to pick something, and we have to read +these files in a single read() (since the kernel generally doesn't +support continuation read()s for them). 4M-1 is actually the maximum +size the kernel allows for reads from files in /proc/sys/, all larger +reads will result in an ENOMEM error (which is really weird, but the +kernel does what the kernel does). Hence 4M-1 sounds like a smart +choice. + +However, we made one mistake here: in order to be able to detect EOFs +properly we actually read one byte more than we actually intend to +return: if that extra byte can be read, then we know the file is +actually larger than our limit and we can generate an EFBIG error from +that. However, if it cannot be read then we know EOF was hit, and we are +good. So ultimately after all we issued a single 4M read, which the +kernel then responds with ENOMEM to. And that means read_virtual_file() +actually doesn't work properly right now on /proc/sys/. Let's fix that. + +The fix is simple, lower the limit of the the buffer we intend to return +by one, i.e. 4M-2. That way, the read() we'll issue is exactly as large +as the limit the kernel allows, and we still get safely detect EOF from +it. + +(cherry picked from commit 7ab7547a40d456d34120b2f44b26385ac1338ebd) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/feb68f6aad36930f0b0c6c70164287c5bc46b64c +--- + src/basic/fileio.c | 18 ++++++++++-------- + 1 file changed, 10 insertions(+), 8 deletions(-) + +diff --git a/src/basic/fileio.c b/src/basic/fileio.c +index 99a44fdea2..ba0ca98d72 100644 +--- a/src/basic/fileio.c ++++ b/src/basic/fileio.c +@@ -30,14 +30,16 @@ + /* The maximum size of the file we'll read in one go in read_full_file() (64M). */ + #define READ_FULL_BYTES_MAX (64U*1024U*1024U - 1U) + +-/* The maximum size of virtual files we'll read in one go in read_virtual_file() (4M). Note that this limit +- * is different (and much lower) than the READ_FULL_BYTES_MAX limit. This reflects the fact that we use +- * different strategies for reading virtual and regular files: virtual files are generally size constrained: +- * there we allocate the full buffer size in advance. Regular files OTOH can be much larger, and here we grow +- * the allocations exponentially in a loop. In glibc large allocations are immediately backed by mmap() +- * making them relatively slow (measurably so). Thus, when allocating the full buffer in advance the large +- * limit is a problem. When allocating piecemeal it's not. Hence pick two distinct limits. */ +-#define READ_VIRTUAL_BYTES_MAX (4U*1024U*1024U - 1U) ++/* The maximum size of virtual files (i.e. procfs, sysfs, and other virtual "API" files) we'll read in one go ++ * in read_virtual_file(). Note that this limit is different (and much lower) than the READ_FULL_BYTES_MAX ++ * limit. This reflects the fact that we use different strategies for reading virtual and regular files: ++ * virtual files we generally have to read in a single read() syscall since the kernel doesn't support ++ * continuation read()s for them. Thankfully they are somewhat size constrained. Thus we can allocate the ++ * full potential buffer in advance. Regular files OTOH can be much larger, and there we grow the allocations ++ * exponentially in a loop. We use a size limit of 4M-2 because 4M-1 is the maximum buffer that /proc/sys/ ++ * allows us to read() (larger reads will fail with ENOMEM), and we want to read one extra byte so that we ++ * can detect EOFs. */ ++#define READ_VIRTUAL_BYTES_MAX (4U*1024U*1024U - 2U) + + int fopen_unlocked(const char *path, const char *options, FILE **ret) { + assert(ret); +-- +2.33.0 +
View file
_service:tar_scm:backport-fileio-set-O_NOCTTY-when-reading-virtual-files.patch
Added
@@ -0,0 +1,32 @@ +From ca6c93956879e368e40bbf5a742fcb1689712d81 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Tue, 14 Sep 2021 23:11:55 +0200 +Subject: PATCH fileio: set O_NOCTTY when reading virtual files + +Better be safe than sorry, maybe someone points this call to a TTY one +day, and we'd rather not make it our controlling TTY in that case. + +(cherry picked from commit be991d7678c35aa037ef79672c0c70781eebed9c) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/ca6c93956879e368e40bbf5a742fcb1689712d81 +--- + src/basic/fileio.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/fileio.c b/src/basic/fileio.c +index ba0ca98d72..39abf985eb 100644 +--- a/src/basic/fileio.c ++++ b/src/basic/fileio.c +@@ -395,7 +395,7 @@ int read_virtual_file(const char *filename, size_t max_size, char **ret_contents + * contents* may be returned. (Though the read is still done using one syscall.) Returns 0 on + * partial success, 1 if untruncated contents were read. */ + +- fd = open(filename, O_RDONLY|O_CLOEXEC); ++ fd = open(filename, O_RDONLY|O_NOCTTY|O_CLOEXEC); + if (fd < 0) + return -errno; + +-- +2.33.0 +
View file
_service:tar_scm:backport-fileio-start-with-4k-buffer-for-procfs.patch
Added
@@ -0,0 +1,46 @@ +From b3f5d2f4044751a4a741e033a9bc621ede573cb2 Mon Sep 17 00:00:00 2001 +From: Anita Zhang <the.anitazha@gmail.com> +Date: Tue, 14 Sep 2021 16:33:10 -0700 +Subject: PATCH fileio: start with 4k buffer for procfs + +There's a very gradual increase of anonymous memory in systemd-journald that +blames to 2ac67221bb6270f0fbe7cbd0076653832cd49de2. + +systemd-journald makes many calls to read /proc/PID/cmdline and +/proc/PID/status, both of which tend to be well under 4K. However the +combination of allocating 4M read buffers, then using `realloc()` to +shrink the buffer in `read_virtual_file()` appears to be creating +fragmentation in the heap (when combined with the other allocations +systemd-journald is doing). + +To help mitigate this, try reading /proc with a 4K buffer as +`read_virtual_file()` did before 2ac67221bb6270f0fbe7cbd0076653832cd49de2. +If it isn't big enough then try again with the larger buffers. + +(cherry picked from commit 5aaa55d841249f057fd69e50cf12a52e9781a6ce) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/b3f5d2f4044751a4a741e033a9bc621ede573cb2 +--- + src/basic/fileio.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/basic/fileio.c b/src/basic/fileio.c +index 39abf985eb..1046e5b9b4 100644 +--- a/src/basic/fileio.c ++++ b/src/basic/fileio.c +@@ -433,6 +433,11 @@ int read_virtual_file(const char *filename, size_t max_size, char **ret_contents + } + + n_retries--; ++ } else if (n_retries > 1) { ++ /* Files in /proc are generally smaller than the page size so let's start with a page size ++ * buffer from malloc and only use the max buffer on the final try. */ ++ size = MIN3(page_size() - 1, READ_VIRTUAL_BYTES_MAX, max_size); ++ n_retries = 1; + } else { + size = MIN(READ_VIRTUAL_BYTES_MAX, max_size); + n_retries = 0; +-- +2.33.0 +
View file
_service:tar_scm:backport-fix-CVE-2021-33910.patch
Changed
@@ -1,4 +1,4 @@ -From 441e0115646d54f080e5c3bb0ba477c892861ab9 Mon Sep 17 00:00:00 2001 +From 764b74113e36ac5219a4b82a05f311b5a92136ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> Date: Wed, 23 Jun 2021 11:46:41 +0200 Subject: PATCH basic/unit-name: do not use strdupa() on a path @@ -20,13 +20,16 @@ Hence the most obvious solution is to switch back to strdup(), as before 7410616cd9dbbec97cf98d75324da5cda2b2f7a2. -https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9 +(cherry picked from commit 441e0115646d54f080e5c3bb0ba477c892861ab9) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/764b74113e36ac5219a4b82a05f311b5a92136ce --- src/basic/unit-name.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/src/basic/unit-name.c b/src/basic/unit-name.c -index 532f8fa..024b8a5 100644 +index 284a773483..a22763443f 100644 --- a/src/basic/unit-name.c +++ b/src/basic/unit-name.c @@ -378,12 +378,13 @@ int unit_name_unescape(const char *f, char **ret) { @@ -62,5 +65,5 @@ if (!s) return -ENOMEM; -- -2.23.0 +2.33.0
View file
_service:tar_scm:backport-fix-CVE-2022-3821.patch
Added
@@ -0,0 +1,45 @@ +From 8d2d0895229cfbe39c1c5c16e61e426812a72e8b Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Thu, 7 Jul 2022 18:27:02 +0900 +Subject: PATCH time-util: fix buffer-over-run + +Fixes #23928. +Conflict:adapt test context +Reference:https://github.com/systemd/systemd/pull/23933/commits/8d2d0895229cfbe39c1c5c16e61e426812a72e8b +--- + src/basic/time-util.c | 2 +- + src/test/test-time-util.c | 5 +++++ + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/basic/time-util.c b/src/basic/time-util.c +index 5d162e8..2cc0b92 100644 +--- a/src/basic/time-util.c ++++ b/src/basic/time-util.c +@@ -590,7 +590,7 @@ char *format_timespan(char *buf, size_t l, usec_t t, usec_t accuracy) { + t = b; + } + +- n = MIN((size_t) k, l); ++ n = MIN((size_t) k, l-1); + + l -= n; + p += n; +diff --git a/src/test/test-time-util.c b/src/test/test-time-util.c +index 6f4675a..d7cb71c 100644 +--- a/src/test/test-time-util.c ++++ b/src/test/test-time-util.c +@@ -241,6 +241,11 @@ static void test_format_timespan(usec_t accuracy) { + test_format_timespan_one(500 * USEC_PER_MSEC, accuracy); + test_format_timespan_one(9*USEC_PER_YEAR/5 - 23, accuracy); + test_format_timespan_one(USEC_INFINITY, accuracy); ++ ++ /* See issue #23928. */ ++ _cleanup_free_ char *buf; ++ assert_se(buf = new(char, 5)); ++ assert_se(buf == format_timespan(buf, 5, 100005, 1000)); + } + + static void test_verify_timezone(void) { +-- +2.27.0 +
View file
_service:tar_scm:backport-fix-ConditionDirectoryNotEmpty-when-it-comes-to-a-No.patch
Changed
@@ -1,18 +1,22 @@ -From 193105f2d0408e2d96265935174b3cf0f100ef2e Mon Sep 17 00:00:00 2001 +From 10fc8b7775a8cfd9519a1c6628d813b1aa315a33 Mon Sep 17 00:00:00 2001 From: jiangchuangang <jiangchuangang@huawei.com> Date: Mon, 29 Nov 2021 22:30:37 +0800 Subject: PATCH fix ConditionDirectoryNotEmpty when it comes to a Non-directory file +(cherry picked from commit 193105f2d0408e2d96265935174b3cf0f100ef2e) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/10fc8b7775a8cfd9519a1c6628d813b1aa315a33 --- src/shared/condition.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/shared/condition.c b/src/shared/condition.c -index 6e769e9d59..a86f2b9ffb 100644 +index ec9d57b292..163ddc1208 100644 --- a/src/shared/condition.c +++ b/src/shared/condition.c -@@ -931,7 +931,7 @@ static int condition_test_directory_not_empty(Condition *c, char **env) { +@@ -934,7 +934,7 @@ static int condition_test_directory_not_empty(Condition *c, char **env) { assert(c->type == CONDITION_DIRECTORY_NOT_EMPTY); r = dir_is_empty(c->parameter); @@ -22,5 +26,5 @@ static int condition_test_file_not_empty(Condition *c, char **env) { -- -2.27.0 +2.33.0
View file
_service:tar_scm:backport-fix-ConditionPathIsReadWrite-when-path-does-not-exis.patch
Changed
@@ -1,17 +1,21 @@ -From 7c4c9948d02ceda903ed4e4deea0d0084612625a Mon Sep 17 00:00:00 2001 +From 80b7a4276abb832b6af1d1d060affb0988ab7fa0 Mon Sep 17 00:00:00 2001 From: jiangchuangang <jiangchuangang@huawei.com> Date: Tue, 30 Nov 2021 15:25:27 +0800 Subject: PATCH fix ConditionPathIsReadWrite when path does not exist. +(cherry picked from commit 7c4c9948d02ceda903ed4e4deea0d0084612625a) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/80b7a4276abb832b6af1d1d060affb0988ab7fa0 --- src/shared/condition.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/shared/condition.c b/src/shared/condition.c -index a86f2b9ffb..dae75a5bf5 100644 +index 163ddc1208..6645f771dd 100644 --- a/src/shared/condition.c +++ b/src/shared/condition.c -@@ -894,11 +894,15 @@ static int condition_test_path_is_mount_point(Condition *c, char **env) { +@@ -897,11 +897,15 @@ static int condition_test_path_is_mount_point(Condition *c, char **env) { } static int condition_test_path_is_read_write(Condition *c, char **env) { @@ -29,5 +33,5 @@ static int condition_test_cpufeature(Condition *c, char **env) { -- -2.27.0 +2.33.0
View file
_service:tar_scm:backport-fix-DirectoryNotEmpty-when-it-comes-to-a-Non-directo.patch
Changed
@@ -1,14 +1,18 @@ -From 5896a9ebdbe4d38c01390d0a5e82f9fcb4971059 Mon Sep 17 00:00:00 2001 +From 0fdcae09c44486e30e4fe0469606c02d034577be Mon Sep 17 00:00:00 2001 From: yangmingtai <961612727@qq.com> Date: Mon, 6 Dec 2021 17:06:13 +0800 Subject: PATCH fix DirectoryNotEmpty when it comes to a Non-directory file +(cherry picked from commit 5896a9ebdbe4d38c01390d0a5e82f9fcb4971059) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/0fdcae09c44486e30e4fe0469606c02d034577be --- src/core/path.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/path.c b/src/core/path.c -index 29ec66fd4d..bcd922901b 100644 +index e098e83a31..684e17f433 100644 --- a/src/core/path.c +++ b/src/core/path.c @@ -215,7 +215,7 @@ static bool path_spec_check_good(PathSpec *s, bool initial, bool from_trigger_no @@ -21,5 +25,5 @@ } -- -2.27.0 +2.33.0
View file
_service:tar_scm:backport-fix-test-string-util-failed-when-locale-is-not-utf8.patch
Added
@@ -0,0 +1,71 @@ +From bad124022e97195191d3dd1ea2b5b9aa9df57aea Mon Sep 17 00:00:00 2001 +From: yangmingtai <961612727@qq.com> +Date: Tue, 11 Jan 2022 20:22:11 +0800 +Subject: PATCH fix test-string-util failed when locale is not utf8 + +(cherry picked from commit 647082cf7f07a87c65601626e86c3ed9f78fb387) +(cherry picked from commit 32f33c9474ab89061d799a92a1273b106468e8c6) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/bad124022e97195191d3dd1ea2b5b9aa9df57aea +--- + src/test/test-string-util.c | 32 ++++++++++++++++---------------- + 1 file changed, 16 insertions(+), 16 deletions(-) + +diff --git a/src/test/test-string-util.c b/src/test/test-string-util.c +index 4d9d0260c9..266aee9115 100644 +--- a/src/test/test-string-util.c ++++ b/src/test/test-string-util.c +@@ -176,33 +176,33 @@ static void test_cellescape(void) { + assert_se(streq(cellescape(buf, 1, "\020"), "")); + assert_se(streq(cellescape(buf, 2, "\020"), ".")); + assert_se(streq(cellescape(buf, 3, "\020"), "..")); +- assert_se(streq(cellescape(buf, 4, "\020"), "…")); ++ assert_se(streq(cellescape(buf, 4, "\020"), is_locale_utf8() ? "…" : "...")); + assert_se(streq(cellescape(buf, 5, "\020"), "\\020")); + +- assert_se(streq(cellescape(buf, 5, "1234\020"), "1…")); +- assert_se(streq(cellescape(buf, 6, "1234\020"), "12…")); +- assert_se(streq(cellescape(buf, 7, "1234\020"), "123…")); +- assert_se(streq(cellescape(buf, 8, "1234\020"), "1234…")); ++ assert_se(streq(cellescape(buf, 5, "1234\020"), is_locale_utf8() ? "1…" : "1...")); ++ assert_se(streq(cellescape(buf, 6, "1234\020"), is_locale_utf8() ? "12…" : "12...")); ++ assert_se(streq(cellescape(buf, 7, "1234\020"), is_locale_utf8() ? "123…" : "123...")); ++ assert_se(streq(cellescape(buf, 8, "1234\020"), is_locale_utf8() ? "1234…" : "1234...")); + assert_se(streq(cellescape(buf, 9, "1234\020"), "1234\\020")); + + assert_se(streq(cellescape(buf, 1, "\t\n"), "")); + assert_se(streq(cellescape(buf, 2, "\t\n"), ".")); + assert_se(streq(cellescape(buf, 3, "\t\n"), "..")); +- assert_se(streq(cellescape(buf, 4, "\t\n"), "…")); ++ assert_se(streq(cellescape(buf, 4, "\t\n"), is_locale_utf8() ? "…" : "...")); + assert_se(streq(cellescape(buf, 5, "\t\n"), "\\t\\n")); + +- assert_se(streq(cellescape(buf, 5, "1234\t\n"), "1…")); +- assert_se(streq(cellescape(buf, 6, "1234\t\n"), "12…")); +- assert_se(streq(cellescape(buf, 7, "1234\t\n"), "123…")); +- assert_se(streq(cellescape(buf, 8, "1234\t\n"), "1234…")); ++ assert_se(streq(cellescape(buf, 5, "1234\t\n"), is_locale_utf8() ? "1…" : "1...")); ++ assert_se(streq(cellescape(buf, 6, "1234\t\n"), is_locale_utf8() ? "12…" : "12...")); ++ assert_se(streq(cellescape(buf, 7, "1234\t\n"), is_locale_utf8() ? "123…" : "123...")); ++ assert_se(streq(cellescape(buf, 8, "1234\t\n"), is_locale_utf8() ? "1234…" : "1234...")); + assert_se(streq(cellescape(buf, 9, "1234\t\n"), "1234\\t\\n")); + +- assert_se(streq(cellescape(buf, 4, "x\t\020\n"), "…")); +- assert_se(streq(cellescape(buf, 5, "x\t\020\n"), "x…")); +- assert_se(streq(cellescape(buf, 6, "x\t\020\n"), "x…")); +- assert_se(streq(cellescape(buf, 7, "x\t\020\n"), "x\\t…")); +- assert_se(streq(cellescape(buf, 8, "x\t\020\n"), "x\\t…")); +- assert_se(streq(cellescape(buf, 9, "x\t\020\n"), "x\\t…")); ++ assert_se(streq(cellescape(buf, 4, "x\t\020\n"), is_locale_utf8() ? "…" : "...")); ++ assert_se(streq(cellescape(buf, 5, "x\t\020\n"), is_locale_utf8() ? "x…" : "x...")); ++ assert_se(streq(cellescape(buf, 6, "x\t\020\n"), is_locale_utf8() ? "x…" : "x...")); ++ assert_se(streq(cellescape(buf, 7, "x\t\020\n"), is_locale_utf8() ? "x\\t…" : "x\\t...")); ++ assert_se(streq(cellescape(buf, 8, "x\t\020\n"), is_locale_utf8() ? "x\\t…" : "x\\t...")); ++ assert_se(streq(cellescape(buf, 9, "x\t\020\n"), is_locale_utf8() ? "x\\t…" : "x\\t...")); + assert_se(streq(cellescape(buf, 10, "x\t\020\n"), "x\\t\\020\\n")); + + assert_se(streq(cellescape(buf, 6, "1\011"), "1\\t")); +-- +2.33.0 +
View file
_service:tar_scm:backport-fstab-generator-Respect-nofail-when-ordering.patch
Added
@@ -0,0 +1,30 @@ +From efd98964fb9202451293043dcffb3898b176a7d0 Mon Sep 17 00:00:00 2001 +From: Vladimir Panteleev <git@cy.md> +Date: Tue, 17 Aug 2021 18:30:29 +0000 +Subject: PATCH fstab-generator: Respect nofail when ordering + +(cherry picked from commit e9aee932409754c9f709a8ea3ad13caf39fce7d2) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/efd98964fb9202451293043dcffb3898b176a7d0 +--- + src/fstab-generator/fstab-generator.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c +index a4e3ea5311..b6582c9538 100644 +--- a/src/fstab-generator/fstab-generator.c ++++ b/src/fstab-generator/fstab-generator.c +@@ -435,7 +435,8 @@ static int add_mount( + + /* Order the mount unit we generate relative to the post unit, so that DefaultDependencies= on the + * target unit won't affect us. */ +- if (post && !FLAGS_SET(flags, MOUNT_AUTOMOUNT) && !FLAGS_SET(flags, MOUNT_NOAUTO)) ++ if (post && !FLAGS_SET(flags, MOUNT_AUTOMOUNT) && !FLAGS_SET(flags, MOUNT_NOAUTO) && ++ !FLAGS_SET(flags, MOUNT_NOFAIL)) + fprintf(f, "Before=%s\n", post); + + if (passno != 0) { +-- +2.33.0 +
View file
_service:tar_scm:backport-fstab-generator-do-not-remount-sys-when-running-in-a.patch
Added
@@ -0,0 +1,43 @@ +From cee7e40200b5eba60a5fed04fe006e8b48944fb2 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sun, 12 Dec 2021 11:43:21 +0900 +Subject: PATCH fstab-generator: do not remount /sys when running in a + container + +Closes #21744. + +(cherry picked from commit 18f0eaafd7f180f5d0d2d65349835374146efdb3) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/cee7e40200b5eba60a5fed04fe006e8b48944fb2 +--- + src/fstab-generator/fstab-generator.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c +index b6582c9538..1dee728233 100644 +--- a/src/fstab-generator/fstab-generator.c ++++ b/src/fstab-generator/fstab-generator.c +@@ -601,9 +601,16 @@ static int parse_fstab(bool initrd) { + if (!what) + return log_oom(); + +- if (is_device_path(what) && path_is_read_only_fs("/sys") > 0) { +- log_info("Running in a container, ignoring fstab device entry for %s.", what); +- continue; ++ if (path_is_read_only_fs("/sys") > 0) { ++ if (streq(what, "sysfs")) { ++ log_info("Running in a container, ignoring fstab entry for %s.", what); ++ continue; ++ } ++ ++ if (is_device_path(what)) { ++ log_info("Running in a container, ignoring fstab device entry for %s.", what); ++ continue; ++ } + } + + where = strdup(me->mnt_dir); +-- +2.33.0 +
View file
_service:tar_scm:backport-fstab-generator-skip-root-directory-handling-when-nf.patch
Added
@@ -0,0 +1,105 @@ +From 60d4ac20d8b02dd8f67150aaf55a4e0d019f58d2 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 5 Jan 2022 19:24:46 +0900 +Subject: PATCH fstab-generator: skip root directory handling when nfsroot is + requested + +Fixes RHBZ#2037233 (https://bugzilla.redhat.com/show_bug.cgi?id=2037233). + +(cherry picked from commit 77b8e92de8264c0b656a7d2fb437dd8d598ab597) +(cherry picked from commit 7ca41c509e6549abbfc753e560c822b5e32a63cc) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/60d4ac20d8b02dd8f67150aaf55a4e0d019f58d2 +--- + src/fstab-generator/fstab-generator.c | 59 ++++++++++++++++++++++++++- + 1 file changed, 57 insertions(+), 2 deletions(-) + +diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c +index 1dee728233..0f3892789f 100644 +--- a/src/fstab-generator/fstab-generator.c ++++ b/src/fstab-generator/fstab-generator.c +@@ -10,6 +10,7 @@ + #include "fs-util.h" + #include "fstab-util.h" + #include "generator.h" ++#include "in-addr-util.h" + #include "log.h" + #include "main-func.h" + #include "mkdir.h" +@@ -691,6 +692,57 @@ static int parse_fstab(bool initrd) { + return r; + } + ++static int sysroot_is_nfsroot(void) { ++ union in_addr_union u; ++ const char *sep, *a; ++ int r; ++ ++ assert(arg_root_what); ++ ++ /* From dracut.cmdline(7). ++ * ++ * root=<server-ip>:<root-dir>:<nfs-options> ++ * root=nfs:<server-ip>:<root-dir>:<nfs-options>, ++ * root=nfs4:<server-ip>:<root-dir>:<nfs-options>, ++ * root={dhcp|dhcp6} ++ * ++ * mount nfs share from <server-ip>:/<root-dir>, if no server-ip is given, use dhcp next_server. ++ * If server-ip is an IPv6 address it has to be put in brackets, e.g. 2001:DB8::1. NFS options ++ * can be appended with the prefix ":" or "," and are separated by ",". */ ++ ++ if (path_equal(arg_root_what, "/dev/nfs") || ++ STR_IN_SET(arg_root_what, "dhcp", "dhcp6") || ++ STARTSWITH_SET(arg_root_what, "nfs:", "nfs4:")) ++ return true; ++ ++ /* IPv6 address */ ++ if (arg_root_what0 == '') { ++ sep = strchr(arg_root_what + 1, ''); ++ if (!sep) ++ return -EINVAL; ++ ++ a = strndupa(arg_root_what + 1, sep - arg_root_what - 1); ++ ++ r = in_addr_from_string(AF_INET6, a, &u); ++ if (r < 0) ++ return r; ++ ++ return true; ++ } ++ ++ /* IPv4 address */ ++ sep = strchr(arg_root_what, ':'); ++ if (sep) { ++ a = strndupa(arg_root_what, sep - arg_root_what); ++ ++ if (in_addr_from_string(AF_INET, a, &u) >= 0) ++ return true; ++ } ++ ++ /* root directory without address */ ++ return path_is_absolute(arg_root_what) && !path_startswith(arg_root_what, "/dev"); ++} ++ + static int add_sysroot_mount(void) { + _cleanup_free_ char *what = NULL; + const char *opts, *fstype; +@@ -708,9 +760,12 @@ static int add_sysroot_mount(void) { + return 0; + } + +- if (path_equal(arg_root_what, "/dev/nfs")) { ++ r = sysroot_is_nfsroot(); ++ if (r < 0) ++ log_debug_errno(r, "Failed to determine if the root directory is on NFS, assuming not: %m"); ++ else if (r > 0) { + /* This is handled by the kernel or the initrd */ +- log_debug("Skipping root directory handling, as /dev/nfs was requested."); ++ log_debug("Skipping root directory handling, as root on NFS was requested."); + return 0; + } + +-- +2.33.0 +
View file
_service:tar_scm:backport-growfs-don-t-actually-resize-on-dry-run.patch
Added
@@ -0,0 +1,37 @@ +From e9a1f6237f281b4bf05386bd9b2c921ea999232f Mon Sep 17 00:00:00 2001 +From: undef <gitlab@undef.tools> +Date: Thu, 14 Jul 2022 05:53:15 +0000 +Subject: PATCH growfs: don't actually resize on dry-run + +This causes systemd-growfs to exit before resizing the partition when +`--dry-run` is passed. Resizing during a dry run of a change breaks the +users expectations. + +(cherry picked from commit d26c0f7243a709cfa7b8bdc87e8131746bb0e2d0) +(cherry picked from commit 00c6c62845c560ef09f845aeedabdc9027be5678) +(cherry picked from commit e39019fd1065c8e2eb078b72359c5e755b013493) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/e9a1f6237f281b4bf05386bd9b2c921ea999232f +--- + src/partition/growfs.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/partition/growfs.c b/src/partition/growfs.c +index 15c56d0584..a7e745208b 100644 +--- a/src/partition/growfs.c ++++ b/src/partition/growfs.c +@@ -241,6 +241,10 @@ static int run(int argc, char *argv) { + return log_error_errno(errno, "Failed to query size of \"%s\": %m", devpath); + + log_debug("Resizing \"%s\" to %"PRIu64" bytes...", arg_target, size); ++ ++ if (arg_dry_run) ++ return 0; ++ + r = resize_fs(mountfd, size, &newsize); + if (r < 0) + return log_error_errno(r, "Failed to resize \"%s\" to %"PRIu64" bytes: %m", +-- +2.27.0 +
View file
_service:tar_scm:backport-home-fix-heap-use-after-free.patch
Added
@@ -0,0 +1,38 @@ +From 5ed20345db356121bc72e0092c17b74e2de67ff7 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Tue, 14 Dec 2021 15:38:12 +0900 +Subject: PATCH home: fix heap-use-after-free + +`bus_home_emit_remove()` may be called from manager_free() -> home_free(). +In that case, manager->bus is already unref()ed. + +Fixes #21767. + +(cherry picked from commit 2ff457720bd3bc59985e807b748f6305bdf27826) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/5ed20345db356121bc72e0092c17b74e2de67ff7 +--- + src/home/homed-home-bus.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/home/homed-home-bus.c b/src/home/homed-home-bus.c +index c71256d15e..601ecc5cf5 100644 +--- a/src/home/homed-home-bus.c ++++ b/src/home/homed-home-bus.c +@@ -940,6 +940,12 @@ int bus_home_emit_remove(Home *h) { + if (!h->announced) + return 0; + ++ if (!h->manager) ++ return 0; ++ ++ if (!h->manager->bus) ++ return 0; ++ + r = bus_home_path(h, &path); + if (r < 0) + return r; +-- +2.33.0 +
View file
_service:tar_scm:backport-home-secret-argument-of-handle_generic_user_record_e.patch
Added
@@ -0,0 +1,114 @@ +From 5179b3a071535610be2b55efa77f174c87c3c2b6 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sun, 5 Sep 2021 11:16:26 +0900 +Subject: PATCH home: 'secret' argument of handle_generic_user_record_error + may be null + +When RefHome() bus method is called in acquire_home(), secret is NULL. + +Fixes #20639. + +(cherry picked from commit 6a09dbb89507449d158af6c7097d2c51ce83205f) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/5179b3a071535610be2b55efa77f174c87c3c2b6 +--- + src/home/pam_systemd_home.c | 19 ++++++++++++++++++- + 1 file changed, 18 insertions(+), 1 deletion(-) + +diff --git a/src/home/pam_systemd_home.c b/src/home/pam_systemd_home.c +index b7db39dab9..27b292f460 100644 +--- a/src/home/pam_systemd_home.c ++++ b/src/home/pam_systemd_home.c +@@ -281,7 +281,6 @@ static int handle_generic_user_record_error( + const sd_bus_error *error) { + + assert(user_name); +- assert(secret); + assert(error); + + int r; +@@ -301,6 +300,8 @@ static int handle_generic_user_record_error( + } else if (sd_bus_error_has_name(error, BUS_ERROR_BAD_PASSWORD)) { + _cleanup_(erase_and_freep) char *newp = NULL; + ++ assert(secret); ++ + /* This didn't work? Ask for an (additional?) password */ + + if (strv_isempty(secret->password)) +@@ -326,6 +327,8 @@ static int handle_generic_user_record_error( + } else if (sd_bus_error_has_name(error, BUS_ERROR_BAD_PASSWORD_AND_NO_TOKEN)) { + _cleanup_(erase_and_freep) char *newp = NULL; + ++ assert(secret); ++ + if (strv_isempty(secret->password)) { + (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token of user %s not inserted.", user_name); + r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Try again with password: "); +@@ -350,6 +353,8 @@ static int handle_generic_user_record_error( + } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_PIN_NEEDED)) { + _cleanup_(erase_and_freep) char *newp = NULL; + ++ assert(secret); ++ + r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Security token PIN: "); + if (r != PAM_SUCCESS) + return PAM_CONV_ERR; /* no logging here */ +@@ -367,6 +372,8 @@ static int handle_generic_user_record_error( + + } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_PROTECTED_AUTHENTICATION_PATH_NEEDED)) { + ++ assert(secret); ++ + (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please authenticate physically on security token of user %s.", user_name); + + r = user_record_set_pkcs11_protected_authentication_path_permitted(secret, true); +@@ -377,6 +384,8 @@ static int handle_generic_user_record_error( + + } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_USER_PRESENCE_NEEDED)) { + ++ assert(secret); ++ + (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please confirm presence on security token of user %s.", user_name); + + r = user_record_set_fido2_user_presence_permitted(secret, true); +@@ -387,6 +396,8 @@ static int handle_generic_user_record_error( + + } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_USER_VERIFICATION_NEEDED)) { + ++ assert(secret); ++ + (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Please verify user on security token of user %s.", user_name); + + r = user_record_set_fido2_user_verification_permitted(secret, true); +@@ -403,6 +414,8 @@ static int handle_generic_user_record_error( + } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN)) { + _cleanup_(erase_and_freep) char *newp = NULL; + ++ assert(secret); ++ + (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN incorrect for user %s.", user_name); + r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: "); + if (r != PAM_SUCCESS) +@@ -422,6 +435,8 @@ static int handle_generic_user_record_error( + } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN_FEW_TRIES_LEFT)) { + _cleanup_(erase_and_freep) char *newp = NULL; + ++ assert(secret); ++ + (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN of user %s incorrect (only a few tries left!)", user_name); + r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: "); + if (r != PAM_SUCCESS) +@@ -441,6 +456,8 @@ static int handle_generic_user_record_error( + } else if (sd_bus_error_has_name(error, BUS_ERROR_TOKEN_BAD_PIN_ONE_TRY_LEFT)) { + _cleanup_(erase_and_freep) char *newp = NULL; + ++ assert(secret); ++ + (void) pam_prompt(handle, PAM_ERROR_MSG, NULL, "Security token PIN of user %s incorrect (only one try left!)", user_name); + r = pam_prompt(handle, PAM_PROMPT_ECHO_OFF, &newp, "Sorry, retry security token PIN: "); + if (r != PAM_SUCCESS) +-- +2.33.0 +
View file
_service:tar_scm:backport-homed-add-missing-SYNTHETIC_ERRNO.patch
Added
@@ -0,0 +1,30 @@ +From 00eff1d423d2cb336d1e378cc8f348d2d19c2ed4 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Tue, 31 Aug 2021 10:47:29 +0200 +Subject: PATCH homed: add missing SYNTHETIC_ERRNO() + +(cherry picked from commit 9191142ddfb3ccd2007245c01197d3f42943815c) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/00eff1d423d2cb336d1e378cc8f348d2d19c2ed4 +--- + src/home/homework-cifs.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/home/homework-cifs.c b/src/home/homework-cifs.c +index a697f7e5ee..04a4db8a94 100644 +--- a/src/home/homework-cifs.c ++++ b/src/home/homework-cifs.c +@@ -86,7 +86,8 @@ int home_prepare_cifs( + } + + if (!mounted) +- return log_error_errno(ENOKEY, "Failed to mount home directory with supplied password."); ++ return log_error_errno(SYNTHETIC_ERRNO(ENOKEY), ++ "Failed to mount home directory with supplied password."); + + setup->root_fd = open("/run/systemd/user-home-mount", O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW); + } +-- +2.33.0 +
View file
_service:tar_scm:backport-homed-fix-log-message-referring-to-fsck-when-we-actu.patch
Added
@@ -0,0 +1,30 @@ +From f41b77e9788541244ad6d6bafe3e130fbabace84 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Tue, 31 Aug 2021 10:47:02 +0200 +Subject: PATCH homed: fix log message referring to fsck, when we actually + mean mount + +(cherry picked from commit e070b9eac92993422db25c72ebdbdcc1cf424a0f) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/f41b77e9788541244ad6d6bafe3e130fbabace84 +--- + src/home/homework-cifs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/home/homework-cifs.c b/src/home/homework-cifs.c +index cf3c58431a..a697f7e5ee 100644 +--- a/src/home/homework-cifs.c ++++ b/src/home/homework-cifs.c +@@ -71,7 +71,7 @@ int home_prepare_cifs( + h->cifs_service, "/run/systemd/user-home-mount", + "-o", options, NULL); + +- log_error_errno(errno, "Failed to execute fsck: %m"); ++ log_error_errno(errno, "Failed to execute mount: %m"); + _exit(EXIT_FAILURE); + } + +-- +2.33.0 +
View file
_service:tar_scm:backport-homed-make-sure-to-use-right-asssesors-for-GID-acces.patch
Added
@@ -0,0 +1,34 @@ +From b2420e2f911455b57edbb67e16883485ba75a638 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Tue, 31 Aug 2021 10:46:06 +0200 +Subject: PATCH homed: make sure to use right asssesors for GID + access mode + +Don't reach directly into the UserRecord struct, but use the right +assessors, so that the "unspecified" case is covered. + +(cherry picked from commit 279e060e2549183101ebf94e9739b70ed499c4c1) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/b2420e2f911455b57edbb67e16883485ba75a638 +--- + src/home/homework-cifs.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/home/homework-cifs.c b/src/home/homework-cifs.c +index 2254eb59cd..cf3c58431a 100644 +--- a/src/home/homework-cifs.c ++++ b/src/home/homework-cifs.c +@@ -58,8 +58,8 @@ int home_prepare_cifs( + + f = safe_fclose(f); + +- if (asprintf(&options, "credentials=%s,uid=" UID_FMT ",forceuid,gid=" UID_FMT ",forcegid,file_mode=0%3o,dir_mode=0%3o", +- p, h->uid, h->uid, h->access_mode, h->access_mode) < 0) ++ if (asprintf(&options, "credentials=%s,uid=" UID_FMT ",forceuid,gid=" GID_FMT ",forcegid,file_mode=0%3o,dir_mode=0%3o", ++ p, h->uid, user_record_gid(h), user_record_access_mode(h), user_record_access_mode(h)) < 0) + return log_oom(); + + r = safe_fork("(mount)", FORK_RESET_SIGNALS|FORK_RLIMIT_NOFILE_SAFE|FORK_DEATHSIG|FORK_LOG|FORK_STDOUT_TO_STDERR, &mount_pid); +-- +2.33.0 +
View file
_service:tar_scm:backport-homed-remove-misplaced-assert.patch
Added
@@ -0,0 +1,32 @@ +From 3c8240a44dc28a4c7c60c1599799383776f9e6dc Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Tue, 31 Aug 2021 10:47:40 +0200 +Subject: PATCH homed: remove misplaced assert() + +(cherry picked from commit 67f9bf897c762ecb61872a5e8e0707a97c8ccd3d) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/3c8240a44dc28a4c7c60c1599799383776f9e6dc +--- + src/home/homework-mount.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/home/homework-mount.c b/src/home/homework-mount.c +index 5e737687d1..da4f14e08d 100644 +--- a/src/home/homework-mount.c ++++ b/src/home/homework-mount.c +@@ -69,9 +69,10 @@ int home_move_mount(const char *user_name_and_realm, const char *target) { + const char *d; + int r; + +- assert(user_name_and_realm); + assert(target); + ++ /* If user_name_and_realm is set, then we'll mount a subdir of the source mount into the host. If ++ * it's NULL we'll move the mount itself */ + if (user_name_and_realm) { + subdir = path_join("/run/systemd/user-home-mount/", user_name_and_realm); + if (!subdir) +-- +2.33.0 +
View file
_service:tar_scm:backport-homed-shutdown-call-valgrind-magic-after-LOOP_GET_ST.patch
Added
@@ -0,0 +1,84 @@ +From bf6bd21f7c887ffa4591ed0cee00b234835ca2be Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Fri, 15 Oct 2021 17:58:13 +0200 +Subject: PATCH homed,shutdown: call valgrind magic after LOOP_GET_STATUS64 + +valgrind doesn't understand LOOP_GET_STATUS64. We already work around +this in various placed, via VALGRIND_MAKE_MEM_DEFINE(), but we forgot +three places. Let's fix that. + +(cherry picked from commit 48f462547d63e1d03bee612e1c77073263e71293) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/bf6bd21f7c887ffa4591ed0cee00b234835ca2be +--- + src/home/homework-luks.c | 8 ++++++++ + src/shutdown/umount.c | 12 ++++++++++++ + 2 files changed, 20 insertions(+) + +diff --git a/src/home/homework-luks.c b/src/home/homework-luks.c +index 38d7d7cc70..05a0ed861e 100644 +--- a/src/home/homework-luks.c ++++ b/src/home/homework-luks.c +@@ -8,6 +8,10 @@ + #include <sys/mount.h> + #include <sys/xattr.h> + ++#if HAVE_VALGRIND_MEMCHECK_H ++#include <valgrind/memcheck.h> ++#endif ++ + #include "blkid-util.h" + #include "blockdev-util.h" + #include "btrfs-util.h" +@@ -1136,6 +1140,10 @@ int home_prepare_luks( + offset *= 512U; + } + } else { ++#if HAVE_VALGRIND_MEMCHECK_H ++ VALGRIND_MAKE_MEM_DEFINED(&info, sizeof(info)); ++#endif ++ + offset = info.lo_offset; + size = info.lo_sizelimit; + } +diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c +index c2a26242c0..1f945b7875 100644 +--- a/src/shutdown/umount.c ++++ b/src/shutdown/umount.c +@@ -15,6 +15,10 @@ + #include <sys/types.h> + #include <unistd.h> + ++#if HAVE_VALGRIND_MEMCHECK_H ++#include <valgrind/memcheck.h> ++#endif ++ + #include "sd-device.h" + + #include "alloc-util.h" +@@ -409,6 +413,10 @@ static int delete_loopback(const char *device) { + return -EBUSY; /* propagate original error */ + } + ++#if HAVE_VALGRIND_MEMCHECK_H ++ VALGRIND_MAKE_MEM_DEFINED(&info, sizeof(info)); ++#endif ++ + if (FLAGS_SET(info.lo_flags, LO_FLAGS_AUTOCLEAR)) /* someone else already set LO_FLAGS_AUTOCLEAR for us? fine by us */ + return -EBUSY; /* propagate original error */ + +@@ -434,6 +442,10 @@ static int delete_loopback(const char *device) { + return 1; + } + ++#if HAVE_VALGRIND_MEMCHECK_H ++ VALGRIND_MAKE_MEM_DEFINED(&info, sizeof(info)); ++#endif ++ + /* Linux makes LOOP_CLR_FD succeed whenever LO_FLAGS_AUTOCLEAR is set without actually doing + * anything. Very confusing. Let's hence not claim we did anything in this case. */ + if (FLAGS_SET(info.lo_flags, LO_FLAGS_AUTOCLEAR)) +-- +2.33.0 +
View file
_service:tar_scm:backport-homework-don-t-bother-with-BLKRRPART-on-images-that-.patch
Added
@@ -0,0 +1,43 @@ +From 7b3ff9a957630535ec58aeca7e41e6c63fa99114 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Fri, 15 Oct 2021 11:23:00 +0200 +Subject: PATCH homework: don't bother with BLKRRPART on images that aren't + block devices + +We currently call this ioctl even if we are backed by a regular file, +which is actually the common case. While this doesn't really hurt, it +does result in very confusing logs. + +(cherry picked from commit 6a1301d8c97dc650e4355bb7c193f5821b3383a8) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/7b3ff9a957630535ec58aeca7e41e6c63fa99114 +--- + src/home/homework-luks.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/home/homework-luks.c b/src/home/homework-luks.c +index 64bbfe3c77..38d7d7cc70 100644 +--- a/src/home/homework-luks.c ++++ b/src/home/homework-luks.c +@@ -2813,7 +2813,7 @@ int home_resize_luks( + if (r > 0) + log_info("Growing of partition completed."); + +- if (ioctl(image_fd, BLKRRPART, 0) < 0) ++ if (S_ISBLK(st.st_mode) && ioctl(image_fd, BLKRRPART, 0) < 0) + log_debug_errno(errno, "BLKRRPART failed on block device, ignoring: %m"); + + /* Tell LUKS about the new bigger size too */ +@@ -2887,7 +2887,7 @@ int home_resize_luks( + if (r > 0) + log_info("Shrinking of partition completed."); + +- if (ioctl(image_fd, BLKRRPART, 0) < 0) ++ if (S_ISBLK(st.st_mode) && ioctl(image_fd, BLKRRPART, 0) < 0) + log_debug_errno(errno, "BLKRRPART failed on block device, ignoring: %m"); + } else { + r = home_store_embedded_identity(new_home, setup->root_fd, h->uid, embedded_home); +-- +2.33.0 +
View file
_service:tar_scm:backport-homework-fix-a-bad-error-propagation.patch
Added
@@ -0,0 +1,29 @@ +From e05915315fdf21ee51ec1501e02d04ba1e9af045 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Wed, 24 Nov 2021 18:36:00 +0100 +Subject: PATCH homework: fix a bad error propagation + +(cherry picked from commit b05f4495bd374dc28d39ea43ac7cec3f0fea4071) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/e05915315fdf21ee51ec1501e02d04ba1e9af045 +--- + src/home/homework.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/home/homework.c b/src/home/homework.c +index b20b4bdf3e..32a42c5d09 100644 +--- a/src/home/homework.c ++++ b/src/home/homework.c +@@ -485,7 +485,7 @@ static int write_identity_file(int root_fd, JsonVariant *v, uid_t uid) { + } + + if (fchown(fileno(identity_file), uid, uid) < 0) { +- log_error_errno(r, "Failed to change ownership of identity file: %m"); ++ r = log_error_errno(errno, "Failed to change ownership of identity file: %m"); + goto fail; + } + +-- +2.33.0 +
View file
_service:tar_scm:backport-homework-fix-incorrect-error-variable-use.patch
Added
@@ -0,0 +1,38 @@ +From 3e9dbda7d5efbe642e6254cc086b4cf54c862618 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Thu, 14 Oct 2021 15:40:59 +0200 +Subject: PATCH homework: fix incorrect error variable use + +(cherry picked from commit 82fb0911fc0aa2aaf39428ef36e78898ece2b4ea) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/3e9dbda7d5efbe642e6254cc086b4cf54c862618 +--- + src/home/homework-luks.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/home/homework-luks.c b/src/home/homework-luks.c +index 6448883fe0..64bbfe3c77 100644 +--- a/src/home/homework-luks.c ++++ b/src/home/homework-luks.c +@@ -1146,7 +1146,7 @@ int home_prepare_luks( + + root_fd = open(user_record_home_directory(h), O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW); + if (root_fd < 0) { +- r = log_error_errno(r, "Failed to open home directory: %m"); ++ r = log_error_errno(errno, "Failed to open home directory: %m"); + goto fail; + } + } else { +@@ -1233,7 +1233,7 @@ int home_prepare_luks( + + root_fd = open(subdir, O_RDONLY|O_CLOEXEC|O_DIRECTORY|O_NOFOLLOW); + if (root_fd < 0) { +- r = log_error_errno(r, "Failed to open home directory: %m"); ++ r = log_error_errno(errno, "Failed to open home directory: %m"); + goto fail; + } + +-- +2.33.0 +
View file
_service:tar_scm:backport-homework-repart-turn-on-cryptsetup-logging-before-we.patch
Added
@@ -0,0 +1,53 @@ +From 7b49704dfe47474be0d74996db45e6ba42d6b2e1 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Thu, 28 Oct 2021 19:06:52 +0200 +Subject: PATCH homework,repart: turn on cryptsetup logging before we have a + context + +Otherwise we'll miss the log message from allocation of the context. We +already made this change in most of our tools that interface with +libcryptsetup, but we forgot two. + +As suggested: + +https://github.com/systemd/systemd/pull/21135#discussion_r738287504 +(cherry picked from commit 30f194001ff647280ad49b68597c223e57ad7f6e) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/7b49704dfe47474be0d74996db45e6ba42d6b2e1 +--- + src/home/homework.c | 2 ++ + src/partition/repart.c | 4 ++++ + 2 files changed, 6 insertions(+) + +diff --git a/src/home/homework.c b/src/home/homework.c +index bdd9ac649e..b20b4bdf3e 100644 +--- a/src/home/homework.c ++++ b/src/home/homework.c +@@ -1651,6 +1651,8 @@ static int run(int argc, char *argv) { + + log_setup(); + ++ cryptsetup_enable_logging(NULL); ++ + umask(0022); + + if (argc < 2 || argc > 3) +diff --git a/src/partition/repart.c b/src/partition/repart.c +index 3c80d1380a..7602ac6aa8 100644 +--- a/src/partition/repart.c ++++ b/src/partition/repart.c +@@ -4863,6 +4863,10 @@ static int run(int argc, char *argv) { + if (r < 0) + return r; + ++#if HAVE_LIBCRYPTSETUP ++ cryptsetup_enable_logging(NULL); ++#endif ++ + if (arg_image) { + assert(!arg_root); + +-- +2.33.0 +
View file
_service:tar_scm:backport-hostname-fix-off-by-one-issue-in-gethostname.patch
Added
@@ -0,0 +1,52 @@ +From 6a8b886fef4ad101108126cab2125a90f7aa6441 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 11 Aug 2021 00:12:40 +0900 +Subject: PATCH hostname: fix off-by-one issue in gethostname() + +gethostname() returns null-terminated hostname. + +Fixes #20309 and #20417. + +(cherry picked from commit ccdf235464297c2ca4c1dea8733a6bad423084d5) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/6a8b886fef4ad101108126cab2125a90f7aa6441 +--- + src/shared/hostname-setup.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/shared/hostname-setup.c b/src/shared/hostname-setup.c +index 511aa7d031..742174d6c8 100644 +--- a/src/shared/hostname-setup.c ++++ b/src/shared/hostname-setup.c +@@ -20,11 +20,11 @@ + #include "util.h" + + static int sethostname_idempotent_full(const char *s, bool really) { +- char bufHOST_NAME_MAX + 1 = {}; ++ char bufHOST_NAME_MAX + 1; + + assert(s); + +- if (gethostname(buf, sizeof(buf) - 1) < 0) ++ if (gethostname(buf, sizeof(buf)) < 0) + return -errno; + + if (streq(buf, s)) +@@ -42,11 +42,11 @@ int sethostname_idempotent(const char *s) { + } + + bool get_hostname_filtered(char retstatic HOST_NAME_MAX + 1) { +- char bufHOST_NAME_MAX + 1 = {}; ++ char bufHOST_NAME_MAX + 1; + + /* Returns true if we got a good hostname, false otherwise. */ + +- if (gethostname(buf, sizeof(buf) - 1) < 0) ++ if (gethostname(buf, sizeof(buf)) < 0) + return false; /* This can realistically only fail with ENAMETOOLONG. + * Let's treat that case the same as an invalid hostname. */ + +-- +2.33.0 +
View file
_service:tar_scm:backport-hostnamed-correct-variable-with-errno-in-fallback_ch.patch
Added
@@ -0,0 +1,59 @@ +From b873f52871845b769f739e9d6954080ba490200c Mon Sep 17 00:00:00 2001 +From: Jan Palus <jpalus@fastmail.com> +Date: Thu, 8 Jul 2021 00:23:21 +0200 +Subject: PATCH hostnamed: correct variable with errno in fallback_chassis + +fixes assertion failure on arm: + +systemd-hostnamed642: Assertion '(_error) != 0' failed at src/hostname/hostnamed.c:207, function fallback_chassis(). Aborting. + +(cherry picked from commit 105a4245ff13d588e1e848e8ee3cffd6185bd0ae) +(cherry picked from commit 4a44597bdd725f504ebd520b0deef7797dc46daa) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/b873f52871845b769f739e9d6954080ba490200c +--- + src/hostname/hostnamed.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c +index bd535ddc4d..36702f2fb0 100644 +--- a/src/hostname/hostnamed.c ++++ b/src/hostname/hostnamed.c +@@ -204,14 +204,14 @@ static const char* fallback_chassis(void) { + + r = read_one_line_file("/sys/class/dmi/id/chassis_type", &type); + if (r < 0) { +- log_debug_errno(v, "Failed to read DMI chassis type, ignoring: %m"); ++ log_debug_errno(r, "Failed to read DMI chassis type, ignoring: %m"); + goto try_acpi; + } + + r = safe_atou(type, &t); + free(type); + if (r < 0) { +- log_debug_errno(v, "Failed to parse DMI chassis type, ignoring: %m"); ++ log_debug_errno(r, "Failed to parse DMI chassis type, ignoring: %m"); + goto try_acpi; + } + +@@ -260,14 +260,14 @@ static const char* fallback_chassis(void) { + try_acpi: + r = read_one_line_file("/sys/firmware/acpi/pm_profile", &type); + if (r < 0) { +- log_debug_errno(v, "Failed read ACPI PM profile, ignoring: %m"); ++ log_debug_errno(r, "Failed read ACPI PM profile, ignoring: %m"); + return NULL; + } + + r = safe_atou(type, &t); + free(type); + if (r < 0) { +- log_debug_errno(v, "Failed parse ACPI PM profile, ignoring: %m"); ++ log_debug_errno(r, "Failed parse ACPI PM profile, ignoring: %m"); + return NULL; + } + +-- +2.33.0 +
View file
_service:tar_scm:backport-hwdb-Allow-console-users-access-to-media-nodes.patch
Added
@@ -0,0 +1,33 @@ +From 920d0d1b14dfb94788a5b2794860cac583b982c3 Mon Sep 17 00:00:00 2001 +From: Bastien Nocera <hadess@hadess.net> +Date: Tue, 26 Oct 2021 11:57:30 +0200 +Subject: PATCH hwdb: Allow console users access to media* nodes + +Newer webcams and video devices have controls only available through +/dev/media* nodes. Make sure they're accessible in the same way as +/dev/video* nodes. + +Closes: #21054 +(cherry picked from commit 63fbfc598f9f6d3ce34cc00a7687089dab24daff) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/920d0d1b14dfb94788a5b2794860cac583b982c3 +--- + src/login/70-uaccess.rules.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/login/70-uaccess.rules.in b/src/login/70-uaccess.rules.in +index 56e1087fef..1b6be82703 100644 +--- a/src/login/70-uaccess.rules.in ++++ b/src/login/70-uaccess.rules.in +@@ -33,6 +33,7 @@ SUBSYSTEM=="sound", TAG+="uaccess", \ + # Webcams, frame grabber, TV cards + SUBSYSTEM=="video4linux", TAG+="uaccess" + SUBSYSTEM=="dvb", TAG+="uaccess" ++SUBSYSTEM=="media", TAG+="uaccess" + + # industrial cameras, some webcams, camcorders, set-top boxes, TV sets, audio devices, and more + SUBSYSTEM=="firewire", TEST=="units", ENV{IEEE1394_UNIT_FUNCTION_MIDI}=="1", TAG+="uaccess" +-- +2.33.0 +
View file
_service:tar_scm:backport-hwdb-fix-parsing-options.patch
Added
@@ -0,0 +1,34 @@ +From eee4da4d240bef47a6cc8ab60838d6c443ab8ab8 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 6 Apr 2022 01:08:35 +0900 +Subject: PATCH hwdb: fix parsing options + +Fixes #22976. + +(cherry picked from commit 5674b74c4f99e433fd8e7242e9f16f6ddfece94c) +(cherry picked from commit df6253cbda3e5d1b3c694de223cb7899f3aecc74) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/eee4da4d240bef47a6cc8ab60838d6c443ab8ab8 +--- + src/hwdb/hwdb.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/hwdb/hwdb.c b/src/hwdb/hwdb.c +index 50b4cb304a..a3a050530b 100644 +--- a/src/hwdb/hwdb.c ++++ b/src/hwdb/hwdb.c +@@ -73,8 +73,8 @@ static int parse_argv(int argc, char *argv) { + assert(argc >= 0); + assert(argv); + +- while ((c = getopt_long(argc, argv, "ust:r:h", options, NULL)) >= 0) +- switch(c) { ++ while ((c = getopt_long(argc, argv, "sr:h", options, NULL)) >= 0) ++ switch (c) { + + case 'h': + return help(); +-- +2.33.0 +
View file
_service:tar_scm:backport-hwdb-remove-double-empty-line-in-help-text.patch
Added
@@ -0,0 +1,29 @@ +From da61fe147e40ba26ed8cf405dbf0a0e71e060d0b Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Mon, 30 Aug 2021 13:20:59 +0200 +Subject: PATCH hwdb: remove double empty line in --help text + +(cherry picked from commit aecc04f1800c87e0479e74e0225e288a403ba77e) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/da61fe147e40ba26ed8cf405dbf0a0e71e060d0b +--- + src/hwdb/hwdb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/hwdb/hwdb.c b/src/hwdb/hwdb.c +index 26cc83f31b..50b4cb304a 100644 +--- a/src/hwdb/hwdb.c ++++ b/src/hwdb/hwdb.c +@@ -43,7 +43,7 @@ static int help(void) { + " --version Show package version\n" + " -s --strict When updating, return non-zero exit value on any parsing error\n" + " --usr Generate in " UDEVLIBEXECDIR " instead of /etc/udev\n" +- " -r --root=PATH Alternative root path in the filesystem\n\n" ++ " -r --root=PATH Alternative root path in the filesystem\n" + "\nSee the %s for details.\n", + program_invocation_short_name, + ansi_highlight(), +-- +2.33.0 +
View file
_service:tar_scm:backport-icmp6-drop-unnecessary-assertion.patch
Added
@@ -0,0 +1,30 @@ +From aff2bf0465f677ba60e1cc701ae73968991e4a3f Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 20 Aug 2021 08:44:27 +0900 +Subject: PATCH icmp6: drop unnecessary assertion + +Follow-up for 3691bcf3c5eebdcca5b4f1c51c745441c57a6cd1. + +(cherry picked from commit 6da22a2fa592cc908d26c732b537d8b4fc004280) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/aff2bf0465f677ba60e1cc701ae73968991e4a3f +--- + src/libsystemd-network/icmp6-util.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/libsystemd-network/icmp6-util.c b/src/libsystemd-network/icmp6-util.c +index 67c6b55d84..0b8c3e4cc3 100644 +--- a/src/libsystemd-network/icmp6-util.c ++++ b/src/libsystemd-network/icmp6-util.c +@@ -186,7 +186,6 @@ int icmp6_receive(int fd, void *buffer, size_t size, struct in6_addr *ret_dst, + + /* namelen == 0 only happens when running the test-suite over a socketpair */ + +- assert(!(msg.msg_flags & MSG_CTRUNC)); + assert(!(msg.msg_flags & MSG_TRUNC)); + + CMSG_FOREACH(cmsg, &msg) { +-- +2.33.0 +
View file
_service:tar_scm:backport-import-turn-off-weird-protocols-in-curl.patch
Added
@@ -0,0 +1,42 @@ +From 4d8fd88b9641fce81272f60f556543f713175403 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Thu, 19 Aug 2021 18:12:56 +0200 +Subject: PATCH import: turn off weird protocols in curl + +Let's lock things down a bit and now allow curl's weirder protocols to +be used with our use. i.e. stick to http:// + https:// + file:// and +turn everything else off. (Gopher!) + +This is cde that interfaces with the network after all, and we better +shouldn't support protocols needlessly that are much less tested. + +(Given that HTTP redirects (and other redirects) exist, this should give +us a security benefit, since we will then be sure that noone can forward +us to a weird protocol, which we never tested, and other people test +neither) + +(cherry picked from commit 55b90ee00b78a449c8f187a5e8141f8ccb100bf4) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/4d8fd88b9641fce81272f60f556543f713175403 +--- + src/import/curl-util.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/import/curl-util.c b/src/import/curl-util.c +index ed2ac0a654..d6a16b4f57 100644 +--- a/src/import/curl-util.c ++++ b/src/import/curl-util.c +@@ -256,6 +256,9 @@ int curl_glue_make(CURL **ret, const char *url, void *userdata) { + if (curl_easy_setopt(c, CURLOPT_LOW_SPEED_LIMIT, 30L) != CURLE_OK) + return -EIO; + ++ if (curl_easy_setopt(c, CURLOPT_PROTOCOLS, CURLPROTO_HTTP|CURLPROTO_HTTPS|CURLPROTO_FILE) != CURLE_OK) ++ return -EIO; ++ + *ret = TAKE_PTR(c); + return 0; + } +-- +2.33.0 +
View file
_service:tar_scm:backport-journactl-show-info-about-journal-range-only-at-debu.patch
Added
@@ -0,0 +1,51 @@ +From cc9ef67919c33b253bed86db415f5970e96440d9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Tue, 14 Dec 2021 22:30:15 +0100 +Subject: PATCH journactl: show info about journal range only at debug level + (#21775) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The message that the "journal begins … ends …" has been always confusing to +users. (Before b91ae210e62 it was "logs begin … end …" which was arguably even +more confusing, but really the change in b91ae210e62 didn't substantially change +this.) + +When the range shown is limited (by -e, -f, --since, or other options), it +doesn't really matter to the user what the oldest entries are, since they are +purposefully limiting the range. In fact, if we are showing the last few +entries with -e or -f, knowing that many months the oldest entries have is +completely useless. + +And when such options are *not* used, the first entry generally corresponds to +the beginning of the range shown, and the last entry corresponds to the end of +that range. So again, it's not particularly useful, except when debugging +journalctl or such. Let's just treat it as a debug message. + +Fixes #21491. + +(cherry picked from commit a2d7654f99eba250eddf988db262abef96ebbe7a) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/cc9ef67919c33b253bed86db415f5970e96440d9 +--- + src/journal/journalctl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c +index 3eac97510d..decdf14145 100644 +--- a/src/journal/journalctl.c ++++ b/src/journal/journalctl.c +@@ -2598,7 +2598,7 @@ int main(int argc, char *argv) { + if (!arg_follow) + (void) pager_open(arg_pager_flags); + +- if (!arg_quiet && (arg_lines != 0 || arg_follow)) { ++ if (!arg_quiet && (arg_lines != 0 || arg_follow) && DEBUG_LOGGING) { + usec_t start, end; + char start_bufFORMAT_TIMESTAMP_MAX, end_bufFORMAT_TIMESTAMP_MAX; + +-- +2.33.0 +
View file
_service:tar_scm:backport-journal-Deduplicate-entry-items-before-they-are-stor.patch
Added
@@ -0,0 +1,55 @@ +From 71976e91c5a887585b9fb8a162116824b141eecf Mon Sep 17 00:00:00 2001 +From: Daan De Meyer <daan.j.demeyer@gmail.com> +Date: Fri, 12 Nov 2021 14:32:40 +0000 +Subject: PATCH journal: Deduplicate entry items before they are stored in + the entry object + +If the iovec contains the same data more than once, we'll end up with +duplicate offsets in the items array. Let's make sure we remove any +duplicates before we store the items in an entry object. + +(cherry picked from commit 5ec9fbae64bef896368f744a875dd0437a4c42f2) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/71976e91c5a887585b9fb8a162116824b141eecf +--- + src/libsystemd/sd-journal/journal-file.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c +index ae19c1c1f2..a8029c2868 100644 +--- a/src/libsystemd/sd-journal/journal-file.c ++++ b/src/libsystemd/sd-journal/journal-file.c +@@ -2082,6 +2082,21 @@ static int entry_item_cmp(const EntryItem *a, const EntryItem *b) { + return CMP(le64toh(a->object_offset), le64toh(b->object_offset)); + } + ++static size_t remove_duplicate_entry_items(EntryItem items, size_t n) { ++ ++ /* This function relies on the items array being sorted. */ ++ size_t j = 1; ++ ++ if (n <= 1) ++ return n; ++ ++ for (size_t i = 1; i < n; i++) ++ if (itemsi.object_offset != itemsj - 1.object_offset) ++ itemsj++ = itemsi; ++ ++ return j; ++} ++ + int journal_file_append_entry( + JournalFile *f, + const dual_timestamp *ts, +@@ -2151,6 +2166,7 @@ int journal_file_append_entry( + /* Order by the position on disk, in order to improve seek + * times for rotating media. */ + typesafe_qsort(items, n_iovec, entry_item_cmp); ++ n_iovec = remove_duplicate_entry_items(items, n_iovec); + + r = journal_file_append_entry_internal(f, ts, boot_id, xor_hash, items, n_iovec, seqnum, ret, ret_offset); + +-- +2.33.0 +
View file
_service:tar_scm:backport-journal-Only-move-to-objects-when-necessary.patch
Added
@@ -0,0 +1,244 @@ +From 57ba83ddd33d8ed5e8cee6a35f6ee780532a7a0d Mon Sep 17 00:00:00 2001 +From: Daan De Meyer <daan.j.demeyer@gmail.com> +Date: Tue, 25 Jan 2022 11:50:40 +0000 +Subject: PATCH journal: Only move to objects when necessary + +Conflict:don't modify journal_file_read_object because 117e2112 isn't merged; +don't modify generic_array_get because 8d801e35cb isn't merged; adapt context +Reference:https://github.com/systemd/systemd/commit/ded10e3a5f4c9a9fca9a57f5feb7e77db4155dbd + +Let's make sure we only move to objects when it's required. If "ret" +is NULL, the caller isn't interested in the actual object and the +function being called shouldn't move to it unless it has to +inspect/modify the object itself. +--- + src/libsystemd/sd-journal/journal-file.c | 99 +++++++++-------------- + 1 file changed, 39 insertions(+), 60 deletions(-) + +diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c +index e3e926b..efc5018 100644 +--- a/src/libsystemd/sd-journal/journal-file.c ++++ b/src/libsystemd/sd-journal/journal-file.c +@@ -931,7 +931,6 @@ int journal_file_move_to_object(JournalFile *f, ObjectType type, uint64_t offset + uint64_t s; + + assert(f); +- assert(ret); + + /* Objects may only be located at multiple of 64 bit */ + if (!VALID64(offset)) +@@ -986,7 +985,9 @@ int journal_file_move_to_object(JournalFile *f, ObjectType type, uint64_t offset + if (r < 0) + return r; + +- *ret = o; ++ if (ret) ++ *ret = o; ++ + return 0; + } + +@@ -1584,19 +1585,11 @@ static int journal_file_append_field( + + hash = journal_file_hash_data(f, field, size); + +- r = journal_file_find_field_object_with_hash(f, field, size, hash, &o, &p); ++ r = journal_file_find_field_object_with_hash(f, field, size, hash, ret, ret_offset); + if (r < 0) + return r; +- if (r > 0) { +- +- if (ret) +- *ret = o; +- +- if (ret_offset) +- *ret_offset = p; +- ++ if (r > 0) + return 0; +- } + + osize = offsetof(Object, field.payload) + size; + r = journal_file_append_object(f, OBJECT_FIELD, osize, &o, &p); +@@ -1610,20 +1603,20 @@ static int journal_file_append_field( + if (r < 0) + return r; + +- /* The linking might have altered the window, so let's +- * refresh our pointer */ +- r = journal_file_move_to_object(f, OBJECT_FIELD, p, &o); +- if (r < 0) +- return r; ++ /* The linking might have altered the window, so let's only pass the offset to hmac which will ++ * move to the object again if needed. */ + + #if HAVE_GCRYPT +- r = journal_file_hmac_put_object(f, OBJECT_FIELD, o, p); ++ r = journal_file_hmac_put_object(f, OBJECT_FIELD, NULL, p); + if (r < 0) + return r; + #endif + +- if (ret) +- *ret = o; ++ if (ret) { ++ r = journal_file_move_to_object(f, OBJECT_FIELD, p, ret); ++ if (r < 0) ++ return r; ++ } + + if (ret_offset) + *ret_offset = p; +@@ -1647,19 +1640,11 @@ static int journal_file_append_data( + + hash = journal_file_hash_data(f, data, size); + +- r = journal_file_find_data_object_with_hash(f, data, size, hash, &o, &p); ++ r = journal_file_find_data_object_with_hash(f, data, size, hash, ret, ret_offset); + if (r < 0) + return r; +- if (r > 0) { +- +- if (ret) +- *ret = o; +- +- if (ret_offset) +- *ret_offset = p; +- ++ if (r > 0) + return 0; +- } + + osize = offsetof(Object, data.payload) + size; + r = journal_file_append_object(f, OBJECT_DATA, osize, &o, &p); +@@ -1693,17 +1678,16 @@ static int journal_file_append_data( + if (r < 0) + return r; + +-#if HAVE_GCRYPT +- r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p); ++ /* The linking might have altered the window, so let's refresh our pointer. */ ++ r = journal_file_move_to_object(f, OBJECT_DATA, p, &o); + if (r < 0) + return r; +-#endif + +- /* The linking might have altered the window, so let's +- * refresh our pointer */ +- r = journal_file_move_to_object(f, OBJECT_DATA, p, &o); ++#if HAVE_GCRYPT ++ r = journal_file_hmac_put_object(f, OBJECT_DATA, o, p); + if (r < 0) + return r; ++#endif + + if (!data) + eq = NULL; +@@ -2307,20 +2290,15 @@ static int generic_array_get_plus_one( + uint64_t i, + Object **ret, uint64_t *ret_offset) { + +- Object *o; +- + assert(f); + + if (i == 0) { + int r; + +- r = journal_file_move_to_object(f, OBJECT_ENTRY, extra, &o); ++ r = journal_file_move_to_object(f, OBJECT_ENTRY, extra, ret); + if (r < 0) + return r; + +- if (ret) +- *ret = o; +- + if (ret_offset) + *ret_offset = extra; + +@@ -2349,7 +2327,7 @@ static int generic_array_bisect( + + uint64_t a, p, t = 0, i = 0, last_p = 0, last_index = UINT64_MAX; + bool subtract_one = false; +- Object *o, *array = NULL; ++ Object *array = NULL; + int r; + ChainCacheItem *ci; + +@@ -2537,12 +2515,11 @@ found: + else + p = le64toh(array->entry_array.itemsi); + +- r = journal_file_move_to_object(f, OBJECT_ENTRY, p, &o); +- if (r < 0) +- return r; +- +- if (ret) +- *ret = o; ++ if (ret) { ++ r = journal_file_move_to_object(f, OBJECT_ENTRY, p, ret); ++ if (r < 0) ++ return r; ++ } + + if (ret_offset) + *ret_offset = p; +@@ -2567,7 +2544,6 @@ static int generic_array_bisect_plus_one( + + int r; + bool step_back = false; +- Object *o; + + assert(f); + assert(test_object); +@@ -2610,12 +2586,11 @@ static int generic_array_bisect_plus_one( + return r; + + found: +- r = journal_file_move_to_object(f, OBJECT_ENTRY, extra, &o); +- if (r < 0)
View file
_service:tar_scm:backport-journal-Remove-entry-seqnum-revert-logic.patch
Added
@@ -0,0 +1,83 @@ +From 06a0e8283ed87773795f28e58318d5d1b46b1088 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer <daan.j.demeyer@gmail.com> +Date: Fri, 12 Nov 2021 14:29:02 +0000 +Subject: PATCH journal: Remove entry seqnum revert logic + +This actually causes mismatches between the header tail entry seqnum +and the last entry seqnum since when we revert the header seqnum, we +don't remove the entry object we added. If adding the entry object +itself fails, we don't need to revert the seqnum since it's never +incremented so let's remove this logic alltogether. + +(cherry picked from commit b41b682bd6f1290caa4220291b22cae317cb6413) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/06a0e8283ed87773795f28e58318d5d1b46b1088 +--- + src/libsystemd/sd-journal/journal-file.c | 32 ++---------------------- + 1 file changed, 2 insertions(+), 30 deletions(-) + +diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c +index 2c17435de2..ae19c1c1f2 100644 +--- a/src/libsystemd/sd-journal/journal-file.c ++++ b/src/libsystemd/sd-journal/journal-file.c +@@ -1021,30 +1021,6 @@ static uint64_t journal_file_entry_seqnum( + return ret; + } + +-static void journal_file_revert_entry_seqnum( +- JournalFile *f, +- uint64_t *seqnum, +- uint64_t revert_seqnum) { +- +- assert(f); +- assert(f->header); +- +- if (revert_seqnum == 0) /* sequence number 0? can't go back */ +- return; +- +- /* Undoes the effect of journal_file_entry_seqnum() above: if we fail to append an entry to a file, +- * let's revert the seqnum we were about to use, so that we can use it on the next entry. */ +- +- if (le64toh(f->header->tail_entry_seqnum) == revert_seqnum) +- f->header->tail_entry_seqnum = htole64(revert_seqnum - 1); +- +- if (le64toh(f->header->head_entry_seqnum) == revert_seqnum) +- f->header->head_entry_seqnum = 0; +- +- if (seqnum && *seqnum == revert_seqnum) +- *seqnum = revert_seqnum - 1; +-} +- + int journal_file_append_object( + JournalFile *f, + ObjectType type, +@@ -2004,12 +1980,12 @@ static int journal_file_append_entry_internal( + #if HAVE_GCRYPT + r = journal_file_hmac_put_object(f, OBJECT_ENTRY, o, np); + if (r < 0) +- goto fail; ++ return r; + #endif + + r = journal_file_link_entry(f, o, np); + if (r < 0) +- goto fail; ++ return r; + + if (ret) + *ret = o; +@@ -2017,10 +1993,6 @@ static int journal_file_append_entry_internal( + if (ret_offset) + *ret_offset = np; + +- return 0; +- +-fail: +- journal_file_revert_entry_seqnum(f, seqnum, le64toh(o->entry.seqnum)); + return r; + } + +-- +2.33.0 +
View file
_service:tar_scm:backport-journal-Skip-corrupt-Data-objects-in-sd_journal_get_.patch
Added
@@ -0,0 +1,43 @@ +From 2124893b258ffc23ae034bce388b61fb148c805f Mon Sep 17 00:00:00 2001 +From: Daan De Meyer <daan.j.demeyer@gmail.com> +Date: Wed, 17 Nov 2021 16:46:29 +0000 +Subject: PATCH journal: Skip corrupt Data objects in sd_journal_get_data() + +Similar to the change we made for sd_journal_enumerate_data(), let's +skip corrupt entry items and data objects in sd_journal_get_data(). + +(cherry picked from commit 8a799bed4c25be5792acf4d375bd2cdf0a4a3165) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/2124893b258ffc23ae034bce388b61fb148c805f +--- + src/libsystemd/sd-journal/sd-journal.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c +index 18ede19e26..71875a4dc8 100644 +--- a/src/libsystemd/sd-journal/sd-journal.c ++++ b/src/libsystemd/sd-journal/sd-journal.c +@@ -2309,11 +2309,17 @@ _public_ int sd_journal_get_data(sd_journal *j, const char *field, const void ** + p = le64toh(o->entry.itemsi.object_offset); + le_hash = o->entry.itemsi.hash; + r = journal_file_move_to_object(f, OBJECT_DATA, p, &d); ++ if (r == -EBADMSG) { ++ log_debug("Entry item %"PRIu64" data object is bad, skipping over it.", i); ++ continue; ++ } + if (r < 0) + return r; + +- if (le_hash != d->data.hash) +- return -EBADMSG; ++ if (le_hash != d->data.hash) { ++ log_debug("Entry item %"PRIu64" hash is bad, skipping over it.", i); ++ continue; ++ } + + l = le64toh(d->object.size) - offsetof(Object, data.payload); + +-- +2.33.0 +
View file
_service:tar_scm:backport-journal-Skip-data-objects-with-invalid-offsets.patch
Added
@@ -0,0 +1,68 @@ +From bf022f9f4841368bb84372ee5605ce5c0f936c79 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer <daan.j.demeyer@gmail.com> +Date: Wed, 12 Jan 2022 14:44:50 +0000 +Subject: PATCH journal: Skip data objects with invalid offsets +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +We already skip invalid objects, but don't yet skip invalid offsets. +Let's skip these as well to improve robustness when we're dealing with +corrupted journals. + +Before: + +``` +➜ systemd git:(main) build/journalctl -r -n 5 --file ~/Downloads/system@0005d2b275abaaf8-f243a2818cb39b98.journal_ +Failed to get journal fields: Cannot assign requested address +-- No entries -- +``` + +After: + +``` +➜ systemd git:(main) ✗ build/journalctl -r -n 5 --file ~/Downloads/system@0005d2b275abaaf8-f243a2818cb39b98.journal_ +Dec 09 08:32:38 snowball3 NetworkManager911: <info> 1639038758.1464 device (wlp1s0): supplicant interface state: scanning -> authenticating +Dec 09 08:32:38 snowball3 kernel: wlp1s0: send auth to ec:a9:40:79:fb:ad (try 1/3) +Dec 09 08:32:38 snowball3 kernel: wlp1s0: authenticate with ec:a9:40:79:fb:ad +Dec 09 08:32:38 snowball3 wpa_supplicant1003: wlp1s0: SME: Trying to authenticate with ec:a9:40:79:fb:ad (SSID='UPC949397B' freq=5500 MHz) +``` + +(cherry picked from commit df207ccb7be02b1ca6bdd0a2066a898e5b24ee86) +(cherry picked from commit 556f46aa3b17f4ed6768521137405297c8a99d35) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/bf022f9f4841368bb84372ee5605ce5c0f936c79 +--- + src/libsystemd/sd-journal/sd-journal.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c +index dd28b8008f..3cdc629a8d 100644 +--- a/src/libsystemd/sd-journal/sd-journal.c ++++ b/src/libsystemd/sd-journal/sd-journal.c +@@ -2310,8 +2310,8 @@ _public_ int sd_journal_get_data(sd_journal *j, const char *field, const void ** + p = le64toh(o->entry.itemsi.object_offset); + le_hash = o->entry.itemsi.hash; + r = journal_file_move_to_object(f, OBJECT_DATA, p, &d); +- if (r == -EBADMSG) { +- log_debug("Entry item %"PRIu64" data object is bad, skipping over it.", i); ++ if (IN_SET(r, -EADDRNOTAVAIL, -EBADMSG)) { ++ log_debug_errno(r, "Entry item %"PRIu64" data object is bad, skipping over it: %m", i); + continue; + } + if (r < 0) +@@ -2455,8 +2455,8 @@ _public_ int sd_journal_enumerate_data(sd_journal *j, const void **data, size_t + p = le64toh(o->entry.itemsj->current_field.object_offset); + le_hash = o->entry.itemsj->current_field.hash; + r = journal_file_move_to_object(f, OBJECT_DATA, p, &o); +- if (r == -EBADMSG) { +- log_debug("Entry item %"PRIu64" data object is bad, skipping over it.", j->current_field); ++ if (IN_SET(r, -EADDRNOTAVAIL, -EBADMSG)) { ++ log_debug_errno(r, "Entry item %"PRIu64" data object is bad, skipping over it: %m", j->current_field); + continue; + } + if (r < 0) +-- +2.33.0 +
View file
_service:tar_scm:backport-journal-Skip-over-corrupt-entry-items-in-enumerate_d.patch
Added
@@ -0,0 +1,93 @@ +From e8a54526d8a89097742d808a53956a54431ded06 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer <daan.j.demeyer@gmail.com> +Date: Wed, 17 Nov 2021 15:54:35 +0000 +Subject: PATCH journal: Skip over corrupt entry items in enumerate_data() + +Similar to sd_journal_next(), if trying to access an entry item +offset's data results in EBADMSG, skip to the next entry item so +we handle corruption better. + +Fixes #21407 + +(cherry picked from commit 5a94a2bf2b9c9ae362dd4a7c2e6b263c55545036) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/e8a54526d8a89097742d808a53956a54431ded06 +--- + src/libsystemd/sd-journal/sd-journal.c | 47 ++++++++++++++++---------- + 1 file changed, 29 insertions(+), 18 deletions(-) + +diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c +index b3240177cb..02d4582c98 100644 +--- a/src/libsystemd/sd-journal/sd-journal.c ++++ b/src/libsystemd/sd-journal/sd-journal.c +@@ -2425,10 +2425,8 @@ static int return_data( + + _public_ int sd_journal_enumerate_data(sd_journal *j, const void **data, size_t *size) { + JournalFile *f; +- uint64_t p, n; +- le64_t le_hash; +- int r; + Object *o; ++ int r; + + assert_return(j, -EINVAL); + assert_return(!journal_pid_changed(j), -ECHILD); +@@ -2446,26 +2444,39 @@ _public_ int sd_journal_enumerate_data(sd_journal *j, const void **data, size_t + if (r < 0) + return r; + +- n = journal_file_entry_n_items(o); +- if (j->current_field >= n) +- return 0; ++ for (uint64_t n = journal_file_entry_n_items(o); j->current_field < n; j->current_field++) { ++ uint64_t p; ++ le64_t le_hash; + +- p = le64toh(o->entry.itemsj->current_field.object_offset); +- le_hash = o->entry.itemsj->current_field.hash; +- r = journal_file_move_to_object(f, OBJECT_DATA, p, &o); +- if (r < 0) +- return r; ++ p = le64toh(o->entry.itemsj->current_field.object_offset); ++ le_hash = o->entry.itemsj->current_field.hash; ++ r = journal_file_move_to_object(f, OBJECT_DATA, p, &o); ++ if (r == -EBADMSG) { ++ log_debug("Entry item %"PRIu64" data object is bad, skipping over it.", j->current_field); ++ continue; ++ } ++ if (r < 0) ++ return r; + +- if (le_hash != o->data.hash) +- return -EBADMSG; ++ if (le_hash != o->data.hash) { ++ log_debug("Entry item %"PRIu64" hash is bad, skipping over it.", j->current_field); ++ continue; ++ } + +- r = return_data(j, f, o, data, size); +- if (r < 0) +- return r; ++ r = return_data(j, f, o, data, size); ++ if (r == -EBADMSG) { ++ log_debug("Entry item %"PRIu64" data payload is bad, skipping over it.", j->current_field); ++ continue; ++ } ++ if (r < 0) ++ return r; + +- j->current_field++; ++ j->current_field++; + +- return 1; ++ return 1; ++ } ++ ++ return 0; + } + + _public_ int sd_journal_enumerate_available_data(sd_journal *j, const void **data, size_t *size) { +-- +2.33.0 +
View file
_service:tar_scm:backport-journal-Use-separate-variable-for-Data-object-in-sd_.patch
Added
@@ -0,0 +1,95 @@ +From a1ca5320ec74f5112d32338e3061a34f17c4b954 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer <daan.j.demeyer@gmail.com> +Date: Wed, 17 Nov 2021 16:44:21 +0000 +Subject: PATCH journal: Use separate variable for Data object in + sd_journal_get_data() + +A little cleanup to make the next change easier. We're not moving to a +new Entry object in the for loop so there's no danger of changing the +Entry object window. + +(cherry picked from commit 847c7ee8c3c1a6cecd02501562b1afd8dd3c51de) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/a1ca5320ec74f5112d32338e3061a34f17c4b954 +--- + src/libsystemd/sd-journal/sd-journal.c | 23 ++++++++++------------- + 1 file changed, 10 insertions(+), 13 deletions(-) + +diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c +index 02d4582c98..18ede19e26 100644 +--- a/src/libsystemd/sd-journal/sd-journal.c ++++ b/src/libsystemd/sd-journal/sd-journal.c +@@ -2300,6 +2300,7 @@ _public_ int sd_journal_get_data(sd_journal *j, const char *field, const void ** + + n = journal_file_entry_n_items(o); + for (i = 0; i < n; i++) { ++ Object *d; + uint64_t p, l; + le64_t le_hash; + size_t t; +@@ -2307,20 +2308,20 @@ _public_ int sd_journal_get_data(sd_journal *j, const char *field, const void ** + + p = le64toh(o->entry.itemsi.object_offset); + le_hash = o->entry.itemsi.hash; +- r = journal_file_move_to_object(f, OBJECT_DATA, p, &o); ++ r = journal_file_move_to_object(f, OBJECT_DATA, p, &d); + if (r < 0) + return r; + +- if (le_hash != o->data.hash) ++ if (le_hash != d->data.hash) + return -EBADMSG; + +- l = le64toh(o->object.size) - offsetof(Object, data.payload); ++ l = le64toh(d->object.size) - offsetof(Object, data.payload); + +- compression = o->object.flags & OBJECT_COMPRESSION_MASK; ++ compression = d->object.flags & OBJECT_COMPRESSION_MASK; + if (compression) { + #if HAVE_COMPRESSION + r = decompress_startswith(compression, +- o->data.payload, l, ++ d->data.payload, l, + &f->compress_buffer, + field, field_length, '='); + if (r < 0) +@@ -2331,7 +2332,7 @@ _public_ int sd_journal_get_data(sd_journal *j, const char *field, const void ** + size_t rsize; + + r = decompress_blob(compression, +- o->data.payload, l, ++ d->data.payload, l, + &f->compress_buffer, &rsize, + j->data_threshold); + if (r < 0) +@@ -2346,23 +2347,19 @@ _public_ int sd_journal_get_data(sd_journal *j, const char *field, const void ** + return -EPROTONOSUPPORT; + #endif + } else if (l >= field_length+1 && +- memcmp(o->data.payload, field, field_length) == 0 && +- o->data.payloadfield_length == '=') { ++ memcmp(d->data.payload, field, field_length) == 0 && ++ d->data.payloadfield_length == '=') { + + t = (size_t) l; + + if ((uint64_t) t != l) + return -E2BIG; + +- *data = o->data.payload; ++ *data = d->data.payload; + *size = t; + + return 0; + } +- +- r = journal_file_move_to_object(f, OBJECT_ENTRY, f->current_offset, &o); +- if (r < 0) +- return r; + } + + return -ENOENT; +-- +2.33.0 +
View file
_service:tar_scm:backport-journal-file-if-we-are-going-down-don-t-use-event-lo.patch
Added
@@ -0,0 +1,44 @@ +From 88afe98fa9887ba636d5f271c7b9c9b7c5a65960 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Thu, 24 Mar 2022 21:24:23 +0100 +Subject: PATCH journal-file: if we are going down, don't use event loop to + schedule post + +The event loop is already shutting down, hence no point in using it +anymore, it's not going to run any further iteration. + +(cherry picked from commit 47f04c2a69d5a604411f17a2e660021165d09c89) +(cherry picked from commit 6253eb576cdde2230b75f84532f745b4409f71ad) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/88afe98fa9887ba636d5f271c7b9c9b7c5a65960 +--- + src/libsystemd/sd-journal/journal-file.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c +index a8029c2868..e3e926b0f0 100644 +--- a/src/libsystemd/sd-journal/journal-file.c ++++ b/src/libsystemd/sd-journal/journal-file.c +@@ -2022,11 +2022,18 @@ static int post_change_thunk(sd_event_source *timer, uint64_t usec, void *userda + } + + static void schedule_post_change(JournalFile *f) { ++ sd_event *e; + int r; + + assert(f); + assert(f->post_change_timer); + ++ assert_se(e = sd_event_source_get_event(f->post_change_timer)); ++ ++ /* If we are aleady going down, post the change immediately. */ ++ if (IN_SET(sd_event_get_state(e), SD_EVENT_EXITING, SD_EVENT_FINISHED)) ++ goto fail; ++ + r = sd_event_source_get_enabled(f->post_change_timer, NULL); + if (r < 0) { + log_debug_errno(r, "Failed to get ftruncate timer state: %m"); +-- +2.33.0 +
View file
_service:tar_scm:backport-journal-network-timesync-fix-segfault-on-32bit-timev.patch
Added
@@ -0,0 +1,71 @@ +From bacb991ea76b4a8ad41e74273b65549ac926a694 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 15 Sep 2021 23:29:11 +0900 +Subject: PATCH journal,network,timesync: fix segfault on 32bit + timeval/timespec systems + +Fixes #20741. + +(cherry picked from commit f782eee68aea996c68b8cfeba5f288dae7fc876f) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/bacb991ea76b4a8ad41e74273b65549ac926a694 +--- + src/journal/journald-server.c | 7 +++++-- + src/libsystemd-network/icmp6-util.c | 3 ++- + src/timesync/timesyncd-manager.c | 3 ++- + 3 files changed, 9 insertions(+), 4 deletions(-) + +diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c +index abd52f7c14..2d1d9e66d7 100644 +--- a/src/journal/journald-server.c ++++ b/src/journal/journald-server.c +@@ -1275,11 +1275,14 @@ int server_process_datagram( + /* We use NAME_MAX space for the SELinux label here. The kernel currently enforces no limit, but + * according to suggestions from the SELinux people this will change and it will probably be + * identical to NAME_MAX. For now we use that, but this should be updated one day when the final +- * limit is known. */ ++ * limit is known. ++ * ++ * Here, we need to explicitly initialize the buffer with zero, as glibc has a bug in ++ * __convert_scm_timestamps(), which assumes the buffer is initialized. See #20741. */ + CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct ucred)) + + CMSG_SPACE_TIMEVAL + + CMSG_SPACE(sizeof(int)) + /* fd */ +- CMSG_SPACE(NAME_MAX) /* selinux label */) control; ++ CMSG_SPACE(NAME_MAX) /* selinux label */) control = {}; + + union sockaddr_union sa = {}; + +diff --git a/src/libsystemd-network/icmp6-util.c b/src/libsystemd-network/icmp6-util.c +index 823be0f275..3832bbd920 100644 +--- a/src/libsystemd-network/icmp6-util.c ++++ b/src/libsystemd-network/icmp6-util.c +@@ -148,8 +148,9 @@ int icmp6_send_router_solicitation(int s, const struct ether_addr *ether_addr) { + int icmp6_receive(int fd, void *buffer, size_t size, struct in6_addr *ret_dst, + triple_timestamp *ret_timestamp) { + ++ /* This needs to be initialized with zero. See #20741. */ + CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(int)) + /* ttl */ +- CMSG_SPACE_TIMEVAL) control; ++ CMSG_SPACE_TIMEVAL) control = {}; + struct iovec iov = {}; + union sockaddr_union sa = {}; + struct msghdr msg = { +diff --git a/src/timesync/timesyncd-manager.c b/src/timesync/timesyncd-manager.c +index 648e804105..e37db1c570 100644 +--- a/src/timesync/timesyncd-manager.c ++++ b/src/timesync/timesyncd-manager.c +@@ -412,7 +412,8 @@ static int manager_receive_response(sd_event_source *source, int fd, uint32_t re + .iov_base = &ntpmsg, + .iov_len = sizeof(ntpmsg), + }; +- CMSG_BUFFER_TYPE(CMSG_SPACE_TIMESPEC) control; ++ /* This needs to be initialized with zero. See #20741. */ ++ CMSG_BUFFER_TYPE(CMSG_SPACE_TIMESPEC) control = {}; + union sockaddr_union server_addr; + struct msghdr msghdr = { + .msg_iov = &iov, +-- +2.33.0 +
View file
_service:tar_scm:backport-journal-remote-use-MHD_HTTP_CONTENT_TOO_LARGE-as-MHD.patch
Added
@@ -0,0 +1,52 @@ +From c4d12459c6bc065bd255c9f5555ca20bf735e16a Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Mon, 20 Dec 2021 20:48:32 +0900 +Subject: PATCH journal-remote: use MHD_HTTP_CONTENT_TOO_LARGE as + MHD_HTTP_PAYLOAD_TOO_LARGE is deprecated since 0.9.74 + +(cherry picked from commit 30df858f43b14a55c6650b43bea12cbf2cc0bc67) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/c4d12459c6bc065bd255c9f5555ca20bf735e16a +--- + src/journal-remote/journal-remote-main.c | 2 +- + src/journal-remote/microhttpd-util.h | 10 +++++++--- + 2 files changed, 8 insertions(+), 4 deletions(-) + +diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c +index ae1d43756a..9ff31763da 100644 +--- a/src/journal-remote/journal-remote-main.c ++++ b/src/journal-remote/journal-remote-main.c +@@ -319,7 +319,7 @@ static mhd_result request_handler( + /* When serialized, an entry of maximum size might be slightly larger, + * so this does not correspond exactly to the limit in journald. Oh well. + */ +- return mhd_respondf(connection, 0, MHD_HTTP_PAYLOAD_TOO_LARGE, ++ return mhd_respondf(connection, 0, MHD_HTTP_CONTENT_TOO_LARGE, + "Payload larger than maximum size of %u bytes", ENTRY_SIZE_MAX); + } + +diff --git a/src/journal-remote/microhttpd-util.h b/src/journal-remote/microhttpd-util.h +index a92ba57d0f..7e7d1b56b1 100644 +--- a/src/journal-remote/microhttpd-util.h ++++ b/src/journal-remote/microhttpd-util.h +@@ -38,9 +38,13 @@ + # define MHD_HTTP_NOT_ACCEPTABLE MHD_HTTP_METHOD_NOT_ACCEPTABLE + #endif + +-/* Renamed in µhttpd 0.9.53 */ +-#ifndef MHD_HTTP_PAYLOAD_TOO_LARGE +-# define MHD_HTTP_PAYLOAD_TOO_LARGE MHD_HTTP_REQUEST_ENTITY_TOO_LARGE ++/* Renamed in µhttpd 0.9.74 (8c644fc1f4d498ea489add8d40a68f5d3e5899fa) */ ++#ifndef MHD_HTTP_CONTENT_TOO_LARGE ++# ifdef MHD_HTTP_PAYLOAD_TOO_LARGE ++# define MHD_HTTP_CONTENT_TOO_LARGE MHD_HTTP_PAYLOAD_TOO_LARGE /* 0.9.53 or newer */ ++# else ++# define MHD_HTTP_CONTENT_TOO_LARGE MHD_HTTP_REQUEST_ENTITY_TOO_LARGE ++# endif + #endif + + #if MHD_VERSION < 0x00094203 +-- +2.33.0 +
View file
_service:tar_scm:backport-journal-send-close-fd-on-exit-when-running-with-valg.patch
Added
@@ -0,0 +1,132 @@ +From 6e5141ba038c1d8e22933f969b2bfe25bbc031d8 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 23 Feb 2022 02:03:54 +0900 +Subject: PATCH journal-send: close fd on exit when running with valgrind + +Fixes an issue reported in #22576. + +(cherry picked from commit eb9752d2be82d994cd6a17f271be27c4d56423d6) +(cherry picked from commit a7ec2be1509372974f44f1d98bf243a155cd203f) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/6e5141ba038c1d8e22933f969b2bfe25bbc031d8 +--- + src/libsystemd/meson.build | 1 + + src/libsystemd/sd-journal/journal-send.c | 26 +++++++++++++++++-- + src/libsystemd/sd-journal/journal-send.h | 8 ++++++ + src/libsystemd/sd-journal/test-journal-send.c | 3 +++ + 4 files changed, 36 insertions(+), 2 deletions(-) + create mode 100644 src/libsystemd/sd-journal/journal-send.h + +diff --git a/src/libsystemd/meson.build b/src/libsystemd/meson.build +index 489ed12a73..3be5b3ec5e 100644 +--- a/src/libsystemd/meson.build ++++ b/src/libsystemd/meson.build +@@ -12,6 +12,7 @@ sd_journal_sources = files( + 'sd-journal/journal-file.h', + 'sd-journal/journal-internal.h', + 'sd-journal/journal-send.c', ++ 'sd-journal/journal-send.h', + 'sd-journal/journal-vacuum.c', + 'sd-journal/journal-vacuum.h', + 'sd-journal/journal-verify.c', +diff --git a/src/libsystemd/sd-journal/journal-send.c b/src/libsystemd/sd-journal/journal-send.c +index fd3fd7ef9c..d96e422d3b 100644 +--- a/src/libsystemd/sd-journal/journal-send.c ++++ b/src/libsystemd/sd-journal/journal-send.c +@@ -6,6 +6,9 @@ + #include <stddef.h> + #include <sys/un.h> + #include <unistd.h> ++#if HAVE_VALGRIND_VALGRIND_H ++#include <valgrind/valgrind.h> ++#endif + + #define SD_JOURNAL_SUPPRESS_LOCATION + +@@ -14,8 +17,9 @@ + #include "alloc-util.h" + #include "errno-util.h" + #include "fd-util.h" +-#include "io-util.h" + #include "fileio.h" ++#include "io-util.h" ++#include "journal-send.h" + #include "memfd-util.h" + #include "socket-util.h" + #include "stdio-util.h" +@@ -39,10 +43,10 @@ + * all its threads, and all its subprocesses. This means we need to + * initialize it atomically, and need to operate on it atomically + * never assuming we are the only user */ ++static int fd_plus_one = 0; + + static int journal_fd(void) { + int fd; +- static int fd_plus_one = 0; + + retry: + if (fd_plus_one > 0) +@@ -62,6 +66,24 @@ retry: + return fd; + } + ++#if VALGRIND ++void close_journal_fd(void) { ++ /* Be nice to valgrind. This is not atomic. This must be used only in tests. */ ++ ++ if (!RUNNING_ON_VALGRIND) ++ return; ++ ++ if (getpid() != gettid()) ++ return; ++ ++ if (fd_plus_one <= 0) ++ return; ++ ++ safe_close(fd_plus_one - 1); ++ fd_plus_one = 0; ++} ++#endif ++ + _public_ int sd_journal_print(int priority, const char *format, ...) { + int r; + va_list ap; +diff --git a/src/libsystemd/sd-journal/journal-send.h b/src/libsystemd/sd-journal/journal-send.h +new file mode 100644 +index 0000000000..cf8b199297 +--- /dev/null ++++ b/src/libsystemd/sd-journal/journal-send.h +@@ -0,0 +1,8 @@ ++/* SPDX-License-Identifier: LGPL-2.1-or-later */ ++#pragma once ++ ++#if VALGRIND ++void close_journal_fd(void); ++#else ++static inline void close_journal_fd(void) {} ++#endif +diff --git a/src/libsystemd/sd-journal/test-journal-send.c b/src/libsystemd/sd-journal/test-journal-send.c +index b6644e65c1..533b8d91e6 100644 +--- a/src/libsystemd/sd-journal/test-journal-send.c ++++ b/src/libsystemd/sd-journal/test-journal-send.c +@@ -5,7 +5,9 @@ + #include <unistd.h> + + #include "sd-journal.h" ++ + #include "fileio.h" ++#include "journal-send.h" + #include "macro.h" + #include "memory-util.h" + +@@ -103,5 +105,6 @@ int main(int argc, char *argv) { + /* Sleep a bit to make it easy for journald to collect metadata. */ + sleep(1); + ++ close_journal_fd(); + return 0; + } +-- +2.33.0 +
View file
_service:tar_scm:backport-journalctl-never-fail-at-flushing-when-the-flushed-f.patch
Changed
@@ -1,4 +1,4 @@ -From f6fca35e642a112e80cc9bddb9a2b4805ad40df2 Mon Sep 17 00:00:00 2001 +From dc331f4c9268d17a66f4393cfd0dba14c7022d41 Mon Sep 17 00:00:00 2001 From: Franck Bui <fbui@suse.com> Date: Wed, 4 Aug 2021 11:20:07 +0200 Subject: PATCH journalctl: never fail at flushing when the flushed flag is @@ -14,15 +14,20 @@ This patch restores the previous behavior since there's no reason to fail when journalctl can figure out that the flush is not necessary. + +(cherry picked from commit f6fca35e642a112e80cc9bddb9a2b4805ad40df2) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/dc331f4c9268d17a66f4393cfd0dba14c7022d41 --- src/journal/journalctl.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c -index 4a2343a63d..73e4fafdff 100644 +index c8fb726d42..3eac97510d 100644 --- a/src/journal/journalctl.c +++ b/src/journal/journalctl.c -@@ -2064,6 +2064,11 @@ static int simple_varlink_call(const char *option, const char *method) { +@@ -2074,6 +2074,11 @@ static int simple_varlink_call(const char *option, const char *method) { } static int flush_to_var(void) { @@ -35,5 +40,5 @@ } -- -2.27.0 +2.33.0
View file
_service:tar_scm:backport-journald-make-sure-SIGTERM-handling-doesn-t-get-star.patch
Added
@@ -0,0 +1,125 @@ +From a98f2d7a0b017505720477d9fc89de2b56470dfa Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Thu, 24 Mar 2022 20:37:43 +0100 +Subject: PATCH journald: make sure SIGTERM handling doesn't get starved out + +Fixes: #22642 +(cherry picked from commit 19252b254861d8c9b56e2acaeb182812c8f07e52) +(cherry picked from commit c901bc8680d1835737de116f2bf1f522bdb083c2) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/a98f2d7a0b017505720477d9fc89de2b56470dfa +--- + src/journal/journald-server.c | 76 +++++++++++++++++++++++++++++++++-- + 1 file changed, 73 insertions(+), 3 deletions(-) + +diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c +index a212079758..86302e31e3 100644 +--- a/src/journal/journald-server.c ++++ b/src/journal/journald-server.c +@@ -1443,12 +1443,82 @@ static int dispatch_sigusr2(sd_event_source *es, const struct signalfd_siginfo * + } + + static int dispatch_sigterm(sd_event_source *es, const struct signalfd_siginfo *si, void *userdata) { ++ _cleanup_(sd_event_source_disable_unrefp) sd_event_source *news = NULL; + Server *s = userdata; ++ int r; + + assert(s); + + log_received_signal(LOG_INFO, si); + ++ (void) sd_event_source_set_enabled(es, false); /* Make sure this handler is called at most once */ ++ ++ /* So on one hand we want to ensure that SIGTERMs are definitely handled in appropriate, bounded ++ * time. On the other hand we want that everything pending is first comprehensively processed and ++ * written to disk. These goals are incompatible, hence we try to find a middle ground: we'll process ++ * SIGTERM with high priority, but from the handler (this one right here) we'll install two new event ++ * sources: one low priority idle one that will issue the exit once everything else is processed (and ++ * which is hopefully the regular, clean codepath); and one high priority timer that acts as safety ++ * net: if our idle handler isn't run within 10s, we'll exit anyway. ++ * ++ * TLDR: we'll exit either when everything is processed, or after 10s max, depending on what happens ++ * first. ++ * ++ * Note that exiting before the idle event is hit doesn't typically mean that we lose any data, as ++ * messages will remain queued in the sockets they came in from, and thus can be processed when we ++ * start up next – unless we are going down for the final system shutdown, in which case everything ++ * is lost. */ ++ ++ r = sd_event_add_defer(s->event, &news, NULL, NULL); /* NULL handler means → exit when triggered */ ++ if (r < 0) { ++ log_error_errno(r, "Failed to allocate exit idle event handler: %m"); ++ goto fail; ++ } ++ ++ (void) sd_event_source_set_description(news, "exit-idle"); ++ ++ /* Run everything relevant before this. */ ++ r = sd_event_source_set_priority(news, SD_EVENT_PRIORITY_NORMAL+20); ++ if (r < 0) { ++ log_error_errno(r, "Failed to adjust priority of exit idle event handler: %m"); ++ goto fail; ++ } ++ ++ /* Give up ownership, so that this event source is freed automatically when the event loop is freed. */ ++ r = sd_event_source_set_floating(news, true); ++ if (r < 0) { ++ log_error_errno(r, "Failed to make exit idle event handler floating: %m"); ++ goto fail; ++ } ++ ++ news = sd_event_source_unref(news); ++ ++ r = sd_event_add_time_relative(s->event, &news, CLOCK_MONOTONIC, 10 * USEC_PER_SEC, 0, NULL, NULL); ++ if (r < 0) { ++ log_error_errno(r, "Failed to allocate exit timeout event handler: %m"); ++ goto fail; ++ } ++ ++ (void) sd_event_source_set_description(news, "exit-timeout"); ++ ++ r = sd_event_source_set_priority(news, SD_EVENT_PRIORITY_IMPORTANT-20); /* This is a safety net, with highest priority */ ++ if (r < 0) { ++ log_error_errno(r, "Failed to adjust priority of exit timeout event handler: %m"); ++ goto fail; ++ } ++ ++ r = sd_event_source_set_floating(news, true); ++ if (r < 0) { ++ log_error_errno(r, "Failed to make exit timeout event handler floating: %m"); ++ goto fail; ++ } ++ ++ news = sd_event_source_unref(news); ++ ++ log_debug("Exit event sources are now pending."); ++ return 0; ++ ++fail: + sd_event_exit(s->event, 0); + return 0; + } +@@ -1500,8 +1570,8 @@ static int setup_signals(Server *s) { + if (r < 0) + return r; + +- /* Let's process SIGTERM late, so that we flush all queued messages to disk before we exit */ +- r = sd_event_source_set_priority(s->sigterm_event_source, SD_EVENT_PRIORITY_NORMAL+20); ++ /* Let's process SIGTERM early, so that we definitely react to it */ ++ r = sd_event_source_set_priority(s->sigterm_event_source, SD_EVENT_PRIORITY_IMPORTANT-10); + if (r < 0) + return r; + +@@ -1511,7 +1581,7 @@ static int setup_signals(Server *s) { + if (r < 0) + return r; + +- r = sd_event_source_set_priority(s->sigint_event_source, SD_EVENT_PRIORITY_NORMAL+20); ++ r = sd_event_source_set_priority(s->sigint_event_source, SD_EVENT_PRIORITY_IMPORTANT-10); + if (r < 0) + return r; + +-- +2.33.0 +
View file
_service:tar_scm:backport-json-do-something-remotely-reasonable-when-we-see-Na.patch
Added
@@ -0,0 +1,50 @@ +From 06444b314b863facdb173f10f2d1ff11196755d2 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Tue, 26 Oct 2021 15:45:49 +0200 +Subject: PATCH json: do something remotely reasonable when we see + NaN/infinity + +JSON doesn't have NaN/infinity/-infinity concepts in the spec. +Implementations vary what they do with it. JSON5 + Python simply +generate special words "NAN" and "Inifinity" from it. Others generate +"null" for it. + +At this point we never actually want to output this, so let's be +conservative and generate RFC compliant JSON, i.e. convert to null. + +One day should JSON5 actually become a thing we can revisit this, but in +that case we should implement things via a flag, and only optinally +process nan/infinity/-infinity. + +This patch is extremely simple: whenever accepting a +nan/infinity/-infinity from outside it converts it to NULL. I.e. we +convert on input, not output. + +(cherry picked from commit 8f1daefce6e952f2fad9510e5101b5fc675d363f) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/06444b314b863facdb173f10f2d1ff11196755d2 +--- + src/shared/json.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/shared/json.c b/src/shared/json.c +index c52460a3ec..d72b1e3a38 100644 +--- a/src/shared/json.c ++++ b/src/shared/json.c +@@ -359,6 +359,12 @@ int json_variant_new_real(JsonVariant **ret, long double d) { + } + REENABLE_WARNING; + ++ /* JSON doesn't know NaN, +Infinity or -Infinity. Let's silently convert to 'null'. */ ++ if (isnan(d) || isinf(d)) { ++ *ret = JSON_VARIANT_MAGIC_NULL; ++ return 0; ++ } ++ + r = json_variant_new(&v, JSON_VARIANT_REAL, sizeof(d)); + if (r < 0) + return r; +-- +2.33.0 +
View file
_service:tar_scm:backport-kernel-install-also-remove-modules.builtin.alias.bin.patch
Added
@@ -0,0 +1,32 @@ +From 44e060dd1641068752b79d49322d379c2ef2a1c1 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sat, 15 Jan 2022 03:37:40 +0900 +Subject: PATCH kernel-install: also remove modules.builtin.alias.bin + +Fixes RHBZ#2016630. + +(cherry picked from commit 06006691b5c56b6123044179d934b3ed81c237ca) +(cherry picked from commit fdcb1bf67371615f12c4b11283f2bd6a25bda019) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/44e060dd1641068752b79d49322d379c2ef2a1c1 +--- + src/kernel-install/50-depmod.install | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/kernel-install/50-depmod.install b/src/kernel-install/50-depmod.install +index 2fd959865f..fd00c43632 100644 +--- a/src/kernel-install/50-depmod.install ++++ b/src/kernel-install/50-depmod.install +@@ -36,7 +36,7 @@ case "$COMMAND" in + remove) + "$KERNEL_INSTALL_VERBOSE" -gt 0 && \ + echo "Removing /lib/modules/${KERNEL_VERSION}/modules.dep and associated files" +- exec rm -f /lib/modules/"${KERNEL_VERSION}"/modules.{alias{,.bin},builtin.bin,dep{,.bin},devname,softdep,symbols{,.bin}} ++ exec rm -f /lib/modules/"${KERNEL_VERSION}"/modules.{alias{,.bin},builtin{,.alias}.bin,dep{,.bin},devname,softdep,symbols{,.bin}} + ;; + *) + exit 0 +-- +2.33.0 +
View file
_service:tar_scm:backport-libsystemd-network-disable-event-sources-before-unre.patch
Added
@@ -0,0 +1,194 @@ +From 00a2361bb5d3fccfa5b4fdb4d73b7aa7938e2449 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 24 Sep 2021 17:26:35 +0900 +Subject: PATCH libsystemd-network: disable event sources before unref them + +Fixes #20825. + +(cherry picked from commit eb2f750242d6c4c0963887dbd561d8bafa318685) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/00a2361bb5d3fccfa5b4fdb4d73b7aa7938e2449 +--- + src/libsystemd-network/sd-dhcp-client.c | 12 +++++------- + src/libsystemd-network/sd-dhcp-server.c | 4 ++-- + src/libsystemd-network/sd-ipv4acd.c | 5 ++--- + src/libsystemd-network/sd-lldp.c | 7 ++++--- + src/libsystemd-network/sd-ndisc.c | 9 +++++---- + src/libsystemd-network/sd-radv.c | 6 ++---- + 6 files changed, 20 insertions(+), 23 deletions(-) + +diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c +index 030b50cf2a..46191e58f5 100644 +--- a/src/libsystemd-network/sd-dhcp-client.c ++++ b/src/libsystemd-network/sd-dhcp-client.c +@@ -726,7 +726,7 @@ static int client_notify(sd_dhcp_client *client, int event) { + static int client_initialize(sd_dhcp_client *client) { + assert_return(client, -EINVAL); + +- client->receive_message = sd_event_source_unref(client->receive_message); ++ client->receive_message = sd_event_source_disable_unref(client->receive_message); + + client->fd = safe_close(client->fd); + +@@ -1492,7 +1492,7 @@ static int client_timeout_t2(sd_event_source *s, uint64_t usec, void *userdata) + + assert(client); + +- client->receive_message = sd_event_source_unref(client->receive_message); ++ client->receive_message = sd_event_source_disable_unref(client->receive_message); + client->fd = safe_close(client->fd); + + client->state = DHCP_STATE_REBINDING; +@@ -1847,7 +1847,7 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message, i + + client->start_delay = 0; + (void) event_source_disable(client->timeout_resend); +- client->receive_message = sd_event_source_unref(client->receive_message); ++ client->receive_message = sd_event_source_disable_unref(client->receive_message); + client->fd = safe_close(client->fd); + + client->state = DHCP_STATE_BOUND; +@@ -2229,17 +2229,15 @@ static sd_dhcp_client *dhcp_client_free(sd_dhcp_client *client) { + + log_dhcp_client(client, "FREE"); + ++ client_initialize(client); ++ + client->timeout_resend = sd_event_source_unref(client->timeout_resend); + client->timeout_t1 = sd_event_source_unref(client->timeout_t1); + client->timeout_t2 = sd_event_source_unref(client->timeout_t2); + client->timeout_expire = sd_event_source_unref(client->timeout_expire); + +- client_initialize(client); +- + sd_dhcp_client_detach_event(client); + +- sd_dhcp_lease_unref(client->lease); +- + set_free(client->req_opts); + free(client->hostname); + free(client->vendor_class_identifier); +diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c +index 9ae884b0fc..3f4af8440e 100644 +--- a/src/libsystemd-network/sd-dhcp-server.c ++++ b/src/libsystemd-network/sd-dhcp-server.c +@@ -267,8 +267,8 @@ int sd_dhcp_server_stop(sd_dhcp_server *server) { + if (!server) + return 0; + +- server->receive_message = sd_event_source_unref(server->receive_message); +- server->receive_broadcast = sd_event_source_unref(server->receive_broadcast); ++ server->receive_message = sd_event_source_disable_unref(server->receive_message); ++ server->receive_broadcast = sd_event_source_disable_unref(server->receive_broadcast); + + server->fd_raw = safe_close(server->fd_raw); + server->fd = safe_close(server->fd); +diff --git a/src/libsystemd-network/sd-ipv4acd.c b/src/libsystemd-network/sd-ipv4acd.c +index 9a77a33317..ebd4764840 100644 +--- a/src/libsystemd-network/sd-ipv4acd.c ++++ b/src/libsystemd-network/sd-ipv4acd.c +@@ -120,7 +120,7 @@ static void ipv4acd_reset(sd_ipv4acd *acd) { + assert(acd); + + (void) event_source_disable(acd->timer_event_source); +- acd->receive_message_event_source = sd_event_source_unref(acd->receive_message_event_source); ++ acd->receive_message_event_source = sd_event_source_disable_unref(acd->receive_message_event_source); + + acd->fd = safe_close(acd->fd); + +@@ -130,9 +130,8 @@ static void ipv4acd_reset(sd_ipv4acd *acd) { + static sd_ipv4acd *ipv4acd_free(sd_ipv4acd *acd) { + assert(acd); + +- acd->timer_event_source = sd_event_source_unref(acd->timer_event_source); +- + ipv4acd_reset(acd); ++ sd_event_source_unref(acd->timer_event_source); + sd_ipv4acd_detach_event(acd); + free(acd->ifname); + return mfree(acd); +diff --git a/src/libsystemd-network/sd-lldp.c b/src/libsystemd-network/sd-lldp.c +index 49aa876a53..b38d6dbd1e 100644 +--- a/src/libsystemd-network/sd-lldp.c ++++ b/src/libsystemd-network/sd-lldp.c +@@ -239,7 +239,7 @@ static void lldp_reset(sd_lldp *lldp) { + assert(lldp); + + (void) event_source_disable(lldp->timer_event_source); +- lldp->io_event_source = sd_event_source_unref(lldp->io_event_source); ++ lldp->io_event_source = sd_event_source_disable_unref(lldp->io_event_source); + lldp->fd = safe_close(lldp->fd); + } + +@@ -365,10 +365,11 @@ const char *sd_lldp_get_ifname(sd_lldp *lldp) { + static sd_lldp* lldp_free(sd_lldp *lldp) { + assert(lldp); + +- lldp->timer_event_source = sd_event_source_unref(lldp->timer_event_source); +- + lldp_reset(lldp); ++ ++ sd_event_source_unref(lldp->timer_event_source); + sd_lldp_detach_event(lldp); ++ + lldp_flush_neighbors(lldp); + + hashmap_free(lldp->neighbor_by_id); +diff --git a/src/libsystemd-network/sd-ndisc.c b/src/libsystemd-network/sd-ndisc.c +index 4d5f1b54cd..9b3a89378c 100644 +--- a/src/libsystemd-network/sd-ndisc.c ++++ b/src/libsystemd-network/sd-ndisc.c +@@ -133,18 +133,19 @@ static void ndisc_reset(sd_ndisc *nd) { + (void) event_source_disable(nd->timeout_event_source); + (void) event_source_disable(nd->timeout_no_ra); + nd->retransmit_time = 0; +- nd->recv_event_source = sd_event_source_unref(nd->recv_event_source); ++ nd->recv_event_source = sd_event_source_disable_unref(nd->recv_event_source); + nd->fd = safe_close(nd->fd); + } + + static sd_ndisc *ndisc_free(sd_ndisc *nd) { + assert(nd); + +- nd->timeout_event_source = sd_event_source_unref(nd->timeout_event_source); +- nd->timeout_no_ra = sd_event_source_unref(nd->timeout_no_ra); +- + ndisc_reset(nd); ++ ++ sd_event_source_unref(nd->timeout_event_source); ++ sd_event_source_unref(nd->timeout_no_ra); + sd_ndisc_detach_event(nd); ++ + free(nd->ifname); + return mfree(nd); + } +diff --git a/src/libsystemd-network/sd-radv.c b/src/libsystemd-network/sd-radv.c +index 857401bf6e..eac8aa385b 100644 +--- a/src/libsystemd-network/sd-radv.c ++++ b/src/libsystemd-network/sd-radv.c +@@ -89,8 +89,7 @@ static void radv_reset(sd_radv *ra) { + + (void) event_source_disable(ra->timeout_event_source); + +- ra->recv_event_source = +- sd_event_source_unref(ra->recv_event_source); ++ ra->recv_event_source = sd_event_source_disable_unref(ra->recv_event_source); + + ra->ra_sent = 0; + } +@@ -116,10 +115,9 @@ static sd_radv *radv_free(sd_radv *ra) { + free(ra->rdnss); + free(ra->dnssl); + +- ra->timeout_event_source = sd_event_source_unref(ra->timeout_event_source); +- + radv_reset(ra); + ++ sd_event_source_unref(ra->timeout_event_source); + sd_radv_detach_event(ra); + + ra->fd = safe_close(ra->fd); +-- +2.33.0 +
View file
_service:tar_scm:backport-localed-use-PROJECT_FILE-rather-than-__FILE__-for-lo.patch
Added
@@ -0,0 +1,32 @@ +From 00b0393e65252bf631670604f58b844780b08c50 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Mon, 11 Oct 2021 13:56:22 +0200 +Subject: PATCH localed: use PROJECT_FILE rather than __FILE__ for logging + +All our log.h code uses PROJECT_FILE for this, let's hence use it here +too. + +(cherry picked from commit 11c8b1f1031d368358286f4bb26abebd73cd2868) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/00b0393e65252bf631670604f58b844780b08c50 +--- + src/locale/localed.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/locale/localed.c b/src/locale/localed.c +index df0eb030d4..c228385d0e 100644 +--- a/src/locale/localed.c ++++ b/src/locale/localed.c +@@ -560,7 +560,7 @@ static void log_xkb(struct xkb_context *ctx, enum xkb_log_level lvl, const char + + fmt = strjoina("libxkbcommon: ", format); + DISABLE_WARNING_FORMAT_NONLITERAL; +- log_internalv(LOG_DEBUG, 0, __FILE__, __LINE__, __func__, fmt, args); ++ log_internalv(LOG_DEBUG, 0, PROJECT_FILE, __LINE__, __func__, fmt, args); + REENABLE_WARNING; + } + +-- +2.33.0 +
View file
_service:tar_scm:backport-log-don-t-attempt-to-duplicate-closed-fd.patch
Added
@@ -0,0 +1,39 @@ +From 417f37c1455fe770d96559205b864766188d9866 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Fri, 2 Sep 2022 18:35:03 +0200 +Subject: PATCH log: don't attempt to duplicate closed fd +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +if the console fd is not open we shouldn#t try to move it out of the 0…2 +range. + +Fixes: #24535 +Alternative-for: #24537 +(cherry picked from commit f1ee066840eea748ad4074ac2bc859bb897953b9) +(cherry picked from commit e0dde8a14f8b05b88e1add1abdb68c364913346b) +(cherry picked from commit 40cedddab7e5c84c8fa4738de423971997d9aef5) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/417f37c1455fe770d96559205b864766188d9866 +--- + src/basic/log.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/log.c b/src/basic/log.c +index 1d68b49963..4a1d3c0d6d 100644 +--- a/src/basic/log.c ++++ b/src/basic/log.c +@@ -1477,7 +1477,7 @@ int log_dup_console(void) { + /* Duplicate the fd we use for fd logging if it's < 3 and use the copy from now on. This call is useful + * whenever we want to continue logging through the original fd, but want to rearrange stderr. */ + +- if (console_fd >= 3) ++ if (console_fd < 0 || console_fd >= 3) + return 0; + + copy = fcntl(console_fd, F_DUPFD_CLOEXEC, 3); +-- +2.27.0 +
View file
_service:tar_scm:backport-login-drop-non-default-value-for-RuntimeDirectoryIno.patch
Added
@@ -0,0 +1,26 @@ +From 0bc055cf52251a98e41391a7587b7222120c67d2 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Thu, 28 Apr 2022 19:53:12 +0900 +Subject: PATCH login: drop non-default value for RuntimeDirectoryInodesMax= + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/0bc055cf52251a98e41391a7587b7222120c67d2 +--- + src/login/logind.conf.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in +index 8ec979e0e8..08a89c351c 100644 +--- a/src/login/logind.conf.in ++++ b/src/login/logind.conf.in +@@ -42,7 +42,7 @@ + #IdleAction=ignore + #IdleActionSec=30min + #RuntimeDirectorySize=10% +-#RuntimeDirectoryInodesMax=400k ++#RuntimeDirectoryInodesMax= + #RemoveIPC=yes + #InhibitorsMax=8192 + #SessionsMax=8192 +-- +2.33.0 \ No newline at end of file
View file
_service:tar_scm:backport-login-make-RuntimeDirectoryInodesMax-support-K-G-M-s.patch
Added
@@ -0,0 +1,30 @@ +From 08a767f1e03bd59c0960a96ad585dbc3ef0bc78d Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 27 Apr 2022 17:44:46 +0900 +Subject: PATCH login: make RuntimeDirectoryInodesMax= support K, G, M + suffixes + +Fixes #23017. + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/08a767f1e03bd59c0960a96ad585dbc3ef0bc78d +--- + src/login/logind-gperf.gperf | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/login/logind-gperf.gperf b/src/login/logind-gperf.gperf +index 867db36533..f11ab8ada5 100644 +--- a/src/login/logind-gperf.gperf ++++ b/src/login/logind-gperf.gperf +@@ -45,7 +45,7 @@ Login.HoldoffTimeoutSec, config_parse_sec, 0, offse + Login.IdleAction, config_parse_handle_action, 0, offsetof(Manager, idle_action) + Login.IdleActionSec, config_parse_sec, 0, offsetof(Manager, idle_action_usec) + Login.RuntimeDirectorySize, config_parse_tmpfs_size, 0, offsetof(Manager, runtime_dir_size) +-Login.RuntimeDirectoryInodesMax, config_parse_uint64, 0, offsetof(Manager, runtime_dir_inodes) ++Login.RuntimeDirectoryInodesMax, config_parse_iec_uint64, 0, offsetof(Manager, runtime_dir_inodes) + Login.RemoveIPC, config_parse_bool, 0, offsetof(Manager, remove_ipc) + Login.InhibitorsMax, config_parse_uint64, 0, offsetof(Manager, inhibitors_max) + Login.SessionsMax, config_parse_uint64, 0, offsetof(Manager, sessions_max) +-- +2.27.0 +
View file
_service:tar_scm:backport-login-respect-install_sysconfdir_samples-in-meson-fi.patch
Added
@@ -0,0 +1,34 @@ +From 426cd32268f6068b843bc24d54b3f969034ab998 Mon Sep 17 00:00:00 2001 +From: Andreas Rammhold <andreas@rammhold.de> +Date: Mon, 26 Jul 2021 17:20:34 +0200 +Subject: PATCH login: respect install_sysconfdir_samples in meson file + +The refactoring done in c900d89faa0 caused the configuration files to be +installed into the pkgsysconfdir regardless of the state of the +install_sysconfdir_samples boolean that indicates whether or not the +sample files should be installed. + +(cherry picked from commit 72964d047a7a8f79ae12ab41168feb0080eef6c3) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/426cd32268f6068b843bc24d54b3f969034ab998 +--- + src/login/meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/login/meson.build b/src/login/meson.build +index 8c20e6be65..b637adc9a2 100644 +--- a/src/login/meson.build ++++ b/src/login/meson.build +@@ -67,7 +67,7 @@ pam_systemd_c = files('pam_systemd.c') + + enable_logind = conf.get('ENABLE_LOGIND') == 1 + in_files = +- 'logind.conf', pkgsysconfdir, enable_logind, ++ 'logind.conf', pkgsysconfdir, enable_logind and install_sysconfdir_samples, + '70-uaccess.rules', udevrulesdir, enable_logind and conf.get('HAVE_ACL') == 1, + '71-seat.rules', udevrulesdir, enable_logind, + '73-seat-late.rules', udevrulesdir, enable_logind, +-- +2.33.0 +
View file
_service:tar_scm:backport-login-use-bus_error_message-at-one-more-place.patch
Added
@@ -0,0 +1,44 @@ +From 98f8c18db0edda121db05171fbaf35c342fd86b2 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sun, 30 Jan 2022 05:38:35 +0900 +Subject: PATCH login: use bus_error_message() at one more place + +(cherry picked from commit 80c8c786a314bceba180fac5506e72aa48c0764a) +(cherry picked from commit 048487c094a149e99b4067c8cd2d3974a8f17397) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/98f8c18db0edda121db05171fbaf35c342fd86b2 +--- + src/login/logind-user.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/src/login/logind-user.c b/src/login/logind-user.c +index a2c468e8dd..3c65867cb6 100644 +--- a/src/login/logind-user.c ++++ b/src/login/logind-user.c +@@ -358,15 +358,19 @@ static void user_start_service(User *u) { + + static int update_slice_callback(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) { + _cleanup_(user_record_unrefp) UserRecord *ur = userdata; ++ const sd_bus_error *e; ++ int r; + + assert(m); + assert(ur); + +- if (sd_bus_message_is_method_error(m, NULL)) { +- log_warning_errno(sd_bus_message_get_errno(m), ++ e = sd_bus_message_get_error(m); ++ if (e) { ++ r = sd_bus_error_get_errno(e); ++ log_warning_errno(r, + "Failed to update slice of %s, ignoring: %s", + ur->user_name, +- sd_bus_message_get_error(m)->message); ++ bus_error_message(e, r)); + + return 0; + } +-- +2.33.0 +
View file
_service:tar_scm:backport-logind-do-not-propagate-error-in-delayed-action.patch
Added
@@ -0,0 +1,65 @@ +From e6ca5aa8ac8d79217d11240b09dfbdb9364cdb36 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Wed, 5 Jan 2022 15:10:33 +0100 +Subject: PATCH logind: do not propagate error in delayed action + +If the action failed, we should log about the issue, and continue. +Exiting would bring the graphical session down, which of course is not +appreciated by users. + +As documented in previous commits, a non-negative return from the callback +doesn't matter, so the callback is simplified a bit. + +Fixes #21991. + +(cherry picked from commit 8207b8321bbbcbd19a345deb77d455d98e6ffb84) +(cherry picked from commit fb9bbbee6a3c09b75817f9f343176fa2170fdb31) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/e6ca5aa8ac8d79217d11240b09dfbdb9364cdb36 +--- + src/login/logind-dbus.c | 8 ++------ + 1 file changed, 2 insertions(+), 6 deletions(-) + +diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c +index 19c3f9bd6e..b3c204f0b0 100644 +--- a/src/login/logind-dbus.c ++++ b/src/login/logind-dbus.c +@@ -1639,7 +1639,6 @@ error: + } + + int manager_dispatch_delayed(Manager *manager, bool timeout) { +- + _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; + Inhibitor *offending = NULL; + int r; +@@ -1671,10 +1670,9 @@ int manager_dispatch_delayed(Manager *manager, bool timeout) { + + manager->action_unit = NULL; + manager->action_what = 0; +- return r; + } + +- return 1; ++ return 1; /* We did some work. */ + } + + static int manager_inhibit_timeout_handler( +@@ -1683,13 +1681,11 @@ static int manager_inhibit_timeout_handler( + void *userdata) { + + Manager *manager = userdata; +- int r; + + assert(manager); + assert(manager->inhibit_timeout_source == s); + +- r = manager_dispatch_delayed(manager, true); +- return (r < 0) ? r : 0; ++ return manager_dispatch_delayed(manager, true); + } + + static int delay_shutdown_or_sleep( +-- +2.33.0 +
View file
_service:tar_scm:backport-logind-downgrade-message-about-run-utmp-missing-to-L.patch
Added
@@ -0,0 +1,35 @@ +From 5ac75f556c2ff3c28a815414dab92b58c3726dbd Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Mon, 8 Nov 2021 23:08:13 +0100 +Subject: PATCH logind: downgrade message about /run/utmp missing to + LOG_DEBUG + +This isn't really anything to really complain about, let's debug log +about this, and continue quietly as if utmp was empty. + +(cherry picked from commit 9830d716147c4e35026457027af95f303e690ae9) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/5ac75f556c2ff3c28a815414dab92b58c3726dbd +--- + src/login/logind-core.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/login/logind-core.c b/src/login/logind-core.c +index 22031f485a..e08929e52a 100644 +--- a/src/login/logind-core.c ++++ b/src/login/logind-core.c +@@ -707,7 +707,9 @@ int manager_read_utmp(Manager *m) { + errno = 0; + u = getutxent(); + if (!u) { +- if (errno != 0) ++ if (errno == ENOENT) ++ log_debug_errno(errno, _PATH_UTMPX " does not exist, ignoring."); ++ else if (errno != 0) + log_warning_errno(errno, "Failed to read " _PATH_UTMPX ", ignoring: %m"); + return 0; + } +-- +2.33.0 +
View file
_service:tar_scm:backport-logind-fix-getting-property-OnExternalPower-via-D-Bu.patch
Added
@@ -0,0 +1,45 @@ +From 848586f6f46e58c4960c2675102757d8c11ce046 Mon Sep 17 00:00:00 2001 +From: Michael Biebl <biebl@debian.org> +Date: Wed, 12 Oct 2022 11:07:57 +0200 +Subject: PATCH logind: fix getting property OnExternalPower via D-Bus + +The BUS_DEFINE_PROPERTY_GET_GLOBAL macro requires a value as third +argument, so we need to call manager_is_on_external_power(). Otherwise +the function pointer is interpreted as a boolean and always returns +true: + +``` +$ busctl get-property org.freedesktop.login1 /org/freedesktop/login1 org.freedesktop.login1.Manager OnExternalPower +b true +$ /lib/systemd/systemd-ac-power --verbose +no +``` + +Thanks: Helmut Grohne <helmut@subdivi.de> +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021644 +(cherry picked from commit 63168cb517a556b2f4f175b365f5a4b4c7e85150) +(cherry picked from commit 3028e05955f1d1a43d57bbbe05321546d56c70a9) +(cherry picked from commit c622de4c9d474c2b666881ccbf60c7e2bf1fb484) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/848586f6f46e58c4960c2675102757d8c11ce046 +--- + src/login/logind-dbus.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c +index b3c204f0b0..1d0cf904bc 100644 +--- a/src/login/logind-dbus.c ++++ b/src/login/logind-dbus.c +@@ -353,7 +353,7 @@ static int property_get_scheduled_shutdown( + static BUS_DEFINE_PROPERTY_GET_ENUM(property_get_handle_action, handle_action, HandleAction); + static BUS_DEFINE_PROPERTY_GET(property_get_docked, "b", Manager, manager_is_docked_or_external_displays); + static BUS_DEFINE_PROPERTY_GET(property_get_lid_closed, "b", Manager, manager_is_lid_closed); +-static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_on_external_power, "b", manager_is_on_external_power); ++static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_on_external_power, "b", manager_is_on_external_power()); + static BUS_DEFINE_PROPERTY_GET_GLOBAL(property_get_compat_user_tasks_max, "t", CGROUP_LIMIT_MAX); + static BUS_DEFINE_PROPERTY_GET_REF(property_get_hashmap_size, "t", Hashmap *, (uint64_t) hashmap_size); + +-- +2.27.0 +
View file
_service:tar_scm:backport-logind.conf-Fix-name-of-option-RuntimeDirectoryInode.patch
Changed
@@ -1,26 +1,31 @@ -From a42a93830fcc18da073a5ac06f93c386efc9109d Mon Sep 17 00:00:00 2001 +From 927898c86d121a2985bc6c8d261f505197df8e80 Mon Sep 17 00:00:00 2001 From: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> Date: Thu, 27 Jan 2022 00:00:00 +0000 Subject: PATCH logind.conf: Fix name of option: RuntimeDirectoryInodes -> RuntimeDirectoryInodesMax +(cherry picked from commit a42a93830fcc18da073a5ac06f93c386efc9109d) +(cherry picked from commit 5b20a2b19c847b8ad8b354f1b735fbbaf88d2f8f) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/927898c86d121a2985bc6c8d261f505197df8e80 --- src/login/logind.conf.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in -index 2d084e134d..926bd6cfe9 100644 +index 27ba77ce79..be2eb790bf 100644 --- a/src/login/logind.conf.in +++ b/src/login/logind.conf.in -@@ -39,7 +39,7 @@ +@@ -38,7 +38,7 @@ #IdleAction=ignore #IdleActionSec=30min #RuntimeDirectorySize=10% -#RuntimeDirectoryInodes=400k +#RuntimeDirectoryInodesMax=400k - #RemoveIPC=no + #RemoveIPC=yes #InhibitorsMax=8192 #SessionsMax=8192 -- -2.27.0 +2.33.0
View file
_service:tar_scm:backport-machined-set-TTYPath-for-container-shell.patch
Added
@@ -0,0 +1,40 @@ +From 6076f379d6911abd69c9565cbbecc60d34be8ce8 Mon Sep 17 00:00:00 2001 +From: Ludwig Nussel <ludwig.nussel@suse.de> +Date: Tue, 21 Dec 2021 11:38:49 +0100 +Subject: PATCH machined: set TTYPath for container shell + +TTYPath is needed for proper utmp registration of the shell to +receive wall messages. + +(cherry picked from commit a9c97bbbfb271d68b2ca4f3aa346fdf5e9c70c27) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/6076f379d6911abd69c9565cbbecc60d34be8ce8 +--- + src/machine/machine-dbus.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/machine/machine-dbus.c b/src/machine/machine-dbus.c +index 0022a980c5..404ff1ca46 100644 +--- a/src/machine/machine-dbus.c ++++ b/src/machine/machine-dbus.c +@@ -688,7 +688,7 @@ int bus_machine_method_open_shell(sd_bus_message *message, void *userdata, sd_bu + + description = strjoina("Shell for User ", user); + r = sd_bus_message_append(tm, +- "(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)", ++ "(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)(sv)", + "Description", "s", description, + "StandardInputFileDescriptor", "h", slave, + "StandardOutputFileDescriptor", "h", slave, +@@ -696,6 +696,7 @@ int bus_machine_method_open_shell(sd_bus_message *message, void *userdata, sd_bu + "SendSIGHUP", "b", true, + "IgnoreSIGPIPE", "b", false, + "KillMode", "s", "mixed", ++ "TTYPath", "s", pty_name, + "TTYReset", "b", true, + "UtmpIdentifier", "s", utmp_id, + "UtmpMode", "s", "user", +-- +2.33.0 +
View file
_service:tar_scm:backport-machined-varlink-fix-double-free.patch
Added
@@ -0,0 +1,30 @@ +From 1600b38cd2029533547f8c3d4abfa12911ca0630 Mon Sep 17 00:00:00 2001 +From: David Tardon <dtardon@redhat.com> +Date: Mon, 2 Aug 2021 13:31:04 +0200 +Subject: PATCH machined-varlink: fix double free + +Fixes: #18599 +(cherry picked from commit feac9a1d1bf3f59adaa85f58b655ec01a111a29a) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/1600b38cd2029533547f8c3d4abfa12911ca0630 +--- + src/machine/machined-varlink.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/machine/machined-varlink.c b/src/machine/machined-varlink.c +index 009d283acc..fc0b0f11ad 100644 +--- a/src/machine/machined-varlink.c ++++ b/src/machine/machined-varlink.c +@@ -297,7 +297,7 @@ static int group_lookup_name(Manager *m, const char *name, gid_t *ret_gid, char + desc = mfree(desc); + + *ret_gid = converted_gid; +- *ret_description = desc; ++ *ret_description = TAKE_PTR(desc); + return 0; + } + +-- +2.33.0 +
View file
_service:tar_scm:backport-macro-account-for-negative-values-in-DECIMAL_STR_WID.patch
Added
@@ -0,0 +1,34 @@ +From 19c0ce4c68fd424f48a71afbc9d8b7b67ba58709 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal <frantisek@sumsal.cz> +Date: Sun, 13 Mar 2022 14:45:03 +0100 +Subject: PATCH macro: account for negative values in DECIMAL_STR_WIDTH() + +With negative numbers we wouldn't account for the minus sign, thus +returning a string with one character too short, triggering buffer +overflows in certain situations. + +(cherry picked from commit e3dd9ea8ea4510221f73071ad30ee657ca77565d) +(cherry picked from commit 25b3c48ec5203a1220daaf33b8df6e50e79fd74a) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/19c0ce4c68fd424f48a71afbc9d8b7b67ba58709 +--- + src/basic/macro.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/macro.h b/src/basic/macro.h +index 072fed4378..5a3027ae5c 100644 +--- a/src/basic/macro.h ++++ b/src/basic/macro.h +@@ -349,7 +349,7 @@ static inline int __coverity_check_and_return__(int condition) { + #define DECIMAL_STR_WIDTH(x) \ + ({ \ + typeof(x) _x_ = (x); \ +- unsigned ans = 1; \ ++ unsigned ans = 2; \ + while ((_x_ /= 10) != 0) \ + ans++; \ + ans; \ +-- +2.33.0 +
View file
_service:tar_scm:backport-main-drop-get_process_cmdline-from-crash-handler.patch
Added
@@ -0,0 +1,36 @@ +From 28c5859fa30572950a24a7638a3a8191d65daf68 Mon Sep 17 00:00:00 2001 +From: licunlong <licunlong1@huawei.com> +Date: Thu, 10 Mar 2022 09:22:29 +0800 +Subject: PATCH main: drop get_process_cmdline from crash handler + get_process_cmdline calls malloc, which should be avoid in signal handler. + +Fixes: #22690 +--- + src/core/main.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/src/core/main.c b/src/core/main.c +index 41a4b4225f..7c9265f394 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -274,11 +274,12 @@ _noreturn_ static void crash(int sig, siginfo_t *siginfo, void *context) { + int r; + + if (siginfo) { +- _cleanup_free_ char *cmdline = NULL; +- pid_t sender_pid = siginfo->si_pid; +- +- (void) get_process_cmdline(sender_pid, SIZE_MAX, 0, &cmdline); +- log_emergency("Caught <%s> from PID "PID_FMT" (%s)", signal_to_string(sig), sender_pid, strna(cmdline)); ++ if (siginfo->si_pid == 0) ++ log_emergency("Caught <%s> from unknown sender process.", signal_to_string(sig)); ++ else if (siginfo->si_pid == 1) ++ log_emergency("Caught <%s> from our own process.", signal_to_string(sig)); ++ else ++ log_emergency("Caught <%s> from PID "PID_FMT".", signal_to_string(sig), siginfo->si_pid); + } + + /* Order things nicely. */ +-- +2.27.0 +
View file
_service:tar_scm:backport-main-log-which-process-send-SIGNAL-to-PID1.patch
Added
@@ -0,0 +1,54 @@ +From 7347b3db838ea3f02afc6c8a6dccac1ff8e7edbd Mon Sep 17 00:00:00 2001 +From: licunlong <licunlong1@huawei.com> +Date: Tue, 8 Mar 2022 19:18:36 +0800 +Subject: PATCH main: log which process send SIGNAL to PID1 This can help + users to figure out what makes systemd freeze. 1. Someone kills systemd + accidentally, then the sender_pid won't be 1; 2. systemd triggers segfault or + assert, then the sender_pid will be 1; + +--- + src/core/main.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/src/core/main.c b/src/core/main.c +index 5009b8d85f..41a4b4225f 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -228,7 +228,7 @@ _noreturn_ static void freeze_or_exit_or_reboot(void) { + freeze(); + } + +-_noreturn_ static void crash(int sig) { ++_noreturn_ static void crash(int sig, siginfo_t *siginfo, void *context) { + struct sigaction sa; + pid_t pid; + +@@ -273,6 +273,14 @@ _noreturn_ static void crash(int sig) { + siginfo_t status; + int r; + ++ if (siginfo) { ++ _cleanup_free_ char *cmdline = NULL; ++ pid_t sender_pid = siginfo->si_pid; ++ ++ (void) get_process_cmdline(sender_pid, SIZE_MAX, 0, &cmdline); ++ log_emergency("Caught <%s> from PID "PID_FMT" (%s)", signal_to_string(sig), sender_pid, strna(cmdline)); ++ } ++ + /* Order things nicely. */ + r = wait_for_terminate(pid, &status); + if (r < 0) +@@ -330,8 +338,8 @@ _noreturn_ static void crash(int sig) { + + static void install_crash_handler(void) { + static const struct sigaction sa = { +- .sa_handler = crash, +- .sa_flags = SA_NODEFER, /* So that we can raise the signal again from the signal handler */ ++ .sa_sigaction = crash, ++ .sa_flags = SA_NODEFER | SA_SIGINFO, /* So that we can raise the signal again from the signal handler */ + }; + int r; + +-- +2.27.0 +
View file
_service:tar_scm:backport-malloc-uses-getrandom-now.patch
Added
@@ -0,0 +1,30 @@ +From 08c99e5600f92c5143b931a507980a2655380cb3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= <crodriguez@owncloud.com> +Date: Fri, 9 Jul 2021 17:19:05 -0400 +Subject: PATCH malloc() uses getrandom now + +glibc master uses getrandom in malloc since https://sourceware.org/git/?p=glibc.git;a=commit;h=fc859c304898a5ec72e0ba5269ed136ed0ea10e1 , getrandom should be in the default set so to avoid all non trivial programs to fallback to a PRNG. + +(cherry picked from commit 14f4b1b568907350d023d1429c1aa4aaa8925f22) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/08c99e5600f92c5143b931a507980a2655380cb3 +--- + src/shared/seccomp-util.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c +index e0f88aec73..cad0af89f2 100644 +--- a/src/shared/seccomp-util.c ++++ b/src/shared/seccomp-util.c +@@ -310,6 +310,7 @@ const SyscallFilterSet syscall_filter_sets_SYSCALL_FILTER_SET_MAX = { + "getpgrp\0" + "getpid\0" + "getppid\0" ++ "getrandom\0" + "getresgid\0" + "getresgid32\0" + "getresuid\0" +-- +2.33.0 +
View file
_service:tar_scm:backport-missing-syscall-add-__NR_openat2.patch
Added
@@ -0,0 +1,107 @@ +From 31f64a65423414bf1d11fc9035450e9b6256858c Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Mon, 3 Jan 2022 03:44:50 +0900 +Subject: PATCH missing-syscall: add __NR_openat2 + +(cherry picked from commit d96ad9e8cb9fc8a9adfeebf69a645b809705daa0) +(cherry picked from commit cd88d010e862d26ce816eb3bd6735a80999ac41e) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/31f64a65423414bf1d11fc9035450e9b6256858c +--- + src/basic/missing_syscall_def.h | 66 +++++++++++++++++++++++++++++++++ + src/basic/missing_syscalls.py | 1 + + 2 files changed, 67 insertions(+) + +diff --git a/src/basic/missing_syscall_def.h b/src/basic/missing_syscall_def.h +index 6a48c2a0c5..29dfd2e5fa 100644 +--- a/src/basic/missing_syscall_def.h ++++ b/src/basic/missing_syscall_def.h +@@ -679,6 +679,72 @@ assert_cc(__NR_open_tree == systemd_NR_open_tree); + # endif + #endif + ++#ifndef __IGNORE_openat2 ++# if defined(__aarch64__) ++# define systemd_NR_openat2 437 ++# elif defined(__alpha__) ++# define systemd_NR_openat2 547 ++# elif defined(__arc__) || defined(__tilegx__) ++# define systemd_NR_openat2 437 ++# elif defined(__arm__) ++# define systemd_NR_openat2 437 ++# elif defined(__i386__) ++# define systemd_NR_openat2 437 ++# elif defined(__ia64__) ++# define systemd_NR_openat2 1461 ++# elif defined(__loongarch64) ++# define systemd_NR_openat2 437 ++# elif defined(__m68k__) ++# define systemd_NR_openat2 437 ++# elif defined(_MIPS_SIM) ++# if _MIPS_SIM == _MIPS_SIM_ABI32 ++# define systemd_NR_openat2 4437 ++# elif _MIPS_SIM == _MIPS_SIM_NABI32 ++# define systemd_NR_openat2 6437 ++# elif _MIPS_SIM == _MIPS_SIM_ABI64 ++# define systemd_NR_openat2 5437 ++# else ++# error "Unknown MIPS ABI" ++# endif ++# elif defined(__powerpc__) ++# define systemd_NR_openat2 437 ++# elif defined(__riscv) ++# if __riscv_xlen == 32 ++# define systemd_NR_openat2 437 ++# elif __riscv_xlen == 64 ++# define systemd_NR_openat2 437 ++# else ++# error "Unknown RISC-V ABI" ++# endif ++# elif defined(__s390__) ++# define systemd_NR_openat2 437 ++# elif defined(__sparc__) ++# define systemd_NR_openat2 437 ++# elif defined(__x86_64__) ++# if defined(__ILP32__) ++# define systemd_NR_openat2 (437 | /* __X32_SYSCALL_BIT */ 0x40000000) ++# else ++# define systemd_NR_openat2 437 ++# endif ++# elif !defined(missing_arch_template) ++# warning "openat2() syscall number is unknown for your architecture" ++# endif ++ ++/* may be an (invalid) negative number due to libseccomp, see PR 13319 */ ++# if defined __NR_openat2 && __NR_openat2 >= 0 ++# if defined systemd_NR_openat2 ++assert_cc(__NR_openat2 == systemd_NR_openat2); ++# endif ++# else ++# if defined __NR_openat2 ++# undef __NR_openat2 ++# endif ++# if defined systemd_NR_openat2 && systemd_NR_openat2 >= 0 ++# define __NR_openat2 systemd_NR_openat2 ++# endif ++# endif ++#endif ++ + #ifndef __IGNORE_pidfd_open + # if defined(__aarch64__) + # define systemd_NR_pidfd_open 434 +diff --git a/src/basic/missing_syscalls.py b/src/basic/missing_syscalls.py +index 19f9726d4e..dd458994f2 100644 +--- a/src/basic/missing_syscalls.py ++++ b/src/basic/missing_syscalls.py +@@ -16,6 +16,7 @@ SYSCALLS = + 'move_mount', + 'name_to_handle_at', + 'open_tree', ++ 'openat2', + 'pidfd_open', + 'pidfd_send_signal', + 'pkey_mprotect', +-- +2.33.0 +
View file
_service:tar_scm:backport-mkosi-Build-Fedora-35-images.patch
Added
@@ -0,0 +1,29 @@ +From e5c19733785558e6fc17f96e6c18219d46179a2d Mon Sep 17 00:00:00 2001 +From: Daan De Meyer <daan.j.demeyer@gmail.com> +Date: Thu, 9 Dec 2021 12:35:23 +0100 +Subject: PATCH mkosi: Build Fedora 35 images + +(cherry picked from commit 808b23ecf681c12493cbb84958e75ea300ebbeab) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/e5c19733785558e6fc17f96e6c18219d46179a2d +--- + .mkosi/mkosi.fedora | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/.mkosi/mkosi.fedora b/.mkosi/mkosi.fedora +index cc3a5a2d1a..3e7462e477 100644 +--- a/.mkosi/mkosi.fedora ++++ b/.mkosi/mkosi.fedora +@@ -5,7 +5,7 @@ + + Distribution + Distribution=fedora +-Release=34 ++Release=35 + + Packages + BuildPackages= +-- +2.33.0 +
View file
_service:tar_scm:backport-mkosi-Fix-openSUSE-Jinja2-package-name.patch
Added
@@ -0,0 +1,34 @@ +From c135c18d0aedeb6043ea4e54a252b7d2452d0937 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Michal=20Koutn=C3=BD?= <mkoutny@suse.com> +Date: Thu, 10 Jun 2021 14:39:13 +0200 +Subject: PATCH mkosi: Fix openSUSE Jinja2 package name +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Dare to be different ¯\_(ツ)_/¯ + +(cherry picked from commit ed802c44da7918ba1c14944b711a20b14d9e0fd4) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/c135c18d0aedeb6043ea4e54a252b7d2452d0937 +--- + .mkosi/mkosi.opensuse | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/.mkosi/mkosi.opensuse b/.mkosi/mkosi.opensuse +index fdbbdeb1f8..7eb7b857ca 100644 +--- a/.mkosi/mkosi.opensuse ++++ b/.mkosi/mkosi.opensuse +@@ -36,7 +36,7 @@ BuildPackages= + pcre-devel + python3 + python3-lxml +- python3-jinja2 ++ python3-Jinja2 + qrencode-devel + system-user-nobody + systemd-sysvinit +-- +2.33.0 +
View file
_service:tar_scm:backport-mkosi-Remove-Arch-nspawn-workaround.patch
Added
@@ -0,0 +1,43 @@ +From c24f4e86781d866894128a56fbc03f4302f737f6 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer <daan.j.demeyer@gmail.com> +Date: Fri, 25 Feb 2022 11:01:07 +0000 +Subject: PATCH mkosi: Remove Arch nspawn workaround + +This has been fixed so the workaround can be removed. + +(cherry picked from commit 6b2ab8fc5cc0f706b85cbd559e8dcf4e05d7687d) +(cherry picked from commit f0cc6d2f99b2510c57fa36ad7f28cc42c0b724b3) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/c24f4e86781d866894128a56fbc03f4302f737f6 +--- + .github/workflows/mkosi.yml | 13 ------------- + 1 file changed, 13 deletions(-) + +diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml +index 489eb01880..c8d572a4d8 100644 +--- a/.github/workflows/mkosi.yml ++++ b/.github/workflows/mkosi.yml +@@ -37,19 +37,6 @@ jobs: + - name: Symlink + run: ln -s .mkosi/mkosi.${{ matrix.distro }} mkosi.default + +- # Ubuntu's systemd-nspawn doesn't support faccessat2() syscall, which is +- # required, since current Arch's glibc implements faccessat() via faccessat2(). +- - name: Update systemd-nspawn +- if: ${{ matrix.distro == 'arch' }} +- run: | +- echo "deb-src http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs) main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list +- sudo apt update +- sudo apt build-dep systemd +- meson build +- ninja -C build +- sudo ln -svf $PWD/build/systemd-nspawn `which systemd-nspawn` +- systemd-nspawn --version +- + - name: Build ${{ matrix.distro }} + run: sudo python3 -m mkosi --password= --qemu-headless build + +-- +2.33.0 +
View file
_service:tar_scm:backport-mkosi-openSUSE-update-bootable-no-dependencies.patch
Added
@@ -0,0 +1,31 @@ +From e4e572117b41f6e8152a30acc6f60a0385090137 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Michal=20Koutn=C3=BD?= <mkoutny@suse.com> +Date: Fri, 12 Feb 2021 18:11:18 +0100 +Subject: PATCH mkosi: openSUSE update --bootable=no dependencies + +Since we can build --bootable=no images without dracut->systemd, we need +to add systemd runtime dependencies explicitely. + +(cherry picked from commit f2bb8857cd093eb9bd5e1dad6fb996a0a4463556) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/e4e572117b41f6e8152a30acc6f60a0385090137 +--- + .mkosi/mkosi.opensuse | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/.mkosi/mkosi.opensuse b/.mkosi/mkosi.opensuse +index b468433f34..fdbbdeb1f8 100644 +--- a/.mkosi/mkosi.opensuse ++++ b/.mkosi/mkosi.opensuse +@@ -60,6 +60,7 @@ Packages= + libapparmor1 + libcrypt1 + libcryptsetup12 ++ libgcrypt20 + libkmod2 + liblz4-1 + libmount1 +-- +2.33.0 +
View file
_service:tar_scm:backport-mmap-cache-LIST_REMOVE-after-w-unused_prev.patch
Added
@@ -0,0 +1,38 @@ +From 42ca0ab5082344004c0f26b2d6ec57b7a9d4ff03 Mon Sep 17 00:00:00 2001 +From: Vito Caputo <vcaputo@pengaru.com> +Date: Thu, 25 Nov 2021 07:05:06 -0800 +Subject: PATCH mmap-cache: LIST_REMOVE() *after* w->unused_prev + +The LIST_REMOVE() macro always assigns NULL to w->unused_prev, +meaning every time this window was in last_unused, the remainder +of the unused list was lost to the ether. + +Turns out there's been a memory leak in journald after all, this +code has been there since at least 2013... + +(cherry picked from commit b82aca89a5b366c4377b3b140e54313e817e8f57) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/42ca0ab5082344004c0f26b2d6ec57b7a9d4ff03 +--- + src/libsystemd/sd-journal/mmap-cache.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-journal/mmap-cache.c b/src/libsystemd/sd-journal/mmap-cache.c +index 9e0be01d41..02d2d721cf 100644 +--- a/src/libsystemd/sd-journal/mmap-cache.c ++++ b/src/libsystemd/sd-journal/mmap-cache.c +@@ -224,9 +224,9 @@ static void context_attach_window(Context *c, Window *w) { + + if (w->in_unused) { + /* Used again? */ +- LIST_REMOVE(unused, c->cache->unused, w); + if (c->cache->last_unused == w) + c->cache->last_unused = w->unused_prev; ++ LIST_REMOVE(unused, c->cache->unused, w); + + w->in_unused = false; + } +-- +2.33.0 +
View file
_service:tar_scm:backport-mount-util-fix-error-code.patch
Added
@@ -0,0 +1,52 @@ +From 561205a9c4fd0db341a93e227d249a6b6d03e2e1 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sun, 4 Sep 2022 22:34:38 +0900 +Subject: PATCH mount-util: fix error code + +If multiple service is starting simultaneously with a shared image, +then one of the service may fail to create a mount node: + +systemd695: Bind-mounting /usr/lib/os-release on /run/systemd/unit-root/run/host/os-release (MS_BIND|MS_REC "")... +systemd696: Bind-mounting /usr/lib/os-release on /run/systemd/unit-root/run/host/os-release (MS_BIND|MS_REC "")... +systemd695: Failed to mount /usr/lib/os-release (type n/a) on /run/systemd/unit-root/run/host/os-release (MS_BIND|MS_REC ""): No such file or directory +systemd696: Failed to mount /usr/lib/os-release (type n/a) on /run/systemd/unit-root/run/host/os-release (MS_BIND|MS_REC ""): No such file or directory +systemd695: Bind-mounting /usr/lib/os-release on /run/systemd/unit-root/run/host/os-release (MS_BIND|MS_REC "")... +systemd696: Failed to create destination mount point node '/run/systemd/unit-root/run/host/os-release': Operation not permitted +systemd695: Successfully mounted /usr/lib/os-release to /run/systemd/unit-root/run/host/os-release + +The function apply_one_mount() in src/core/namespace.c gracefully +handles -EEXIST from make_mount_point_inode_from_path(), but it erroneously +returned -EPERM previously. This fixes the issue. + +Fixes one of the issues in #24147, especially reported at +https://github.com/systemd/systemd/issues/24147#issuecomment-1236194671. + +(cherry picked from commit b6ca2b281eff254dce2293990360e799af806ad4) +(cherry picked from commit 24238be484e6d7633bc68c784f7b3180299a80d4) +(cherry picked from commit 260633c50b5da5522b714d7989a138ecd73febd6) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/561205a9c4fd0db341a93e227d249a6b6d03e2e1 +--- + src/shared/mount-util.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/shared/mount-util.c b/src/shared/mount-util.c +index 26618bb113..199ff6163d 100644 +--- a/src/shared/mount-util.c ++++ b/src/shared/mount-util.c +@@ -1089,8 +1089,10 @@ int make_mount_point_inode_from_stat(const struct stat *st, const char *dest, mo + + if (S_ISDIR(st->st_mode)) + return mkdir_label(dest, mode); ++ else if (mknod(dest, S_IFREG|(mode & ~0111), 0) < 0) ++ return -errno; + else +- return mknod(dest, S_IFREG|(mode & ~0111), 0); ++ return 0; + } + + int make_mount_point_inode_from_path(const char *source, const char *dest, mode_t mode) { +-- +2.27.0 +
View file
_service:tar_scm:backport-mount-util-fix-fd_is_mount_point-when-both-the-paren.patch
Added
@@ -0,0 +1,125 @@ +From 8de173ff933510200ac3db77f1ae713f2c4acdc3 Mon Sep 17 00:00:00 2001 +From: Franck Bui <fbui@suse.com> +Date: Thu, 30 Sep 2021 14:05:36 +0200 +Subject: PATCH mount-util: fix fd_is_mount_point() when both the parent and + directory are network fs + +The second call to name_to_handle_at_loop() didn't check for the specific +errors that can happen when the parent dir is mounted by nfs and instead of +falling back like it's done for the child dir, fd_is_mount_point() failed in +this case. + +(cherry picked from commit 964ccab8286a7e75d7e9107f574f5cb23752bd5d) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/8de173ff933510200ac3db77f1ae713f2c4acdc3 +--- + src/basic/mountpoint-util.c | 68 ++++++++++++++++++++++--------------- + 1 file changed, 41 insertions(+), 27 deletions(-) + +diff --git a/src/basic/mountpoint-util.c b/src/basic/mountpoint-util.c +index 8c836a1b74..e7a5a99551 100644 +--- a/src/basic/mountpoint-util.c ++++ b/src/basic/mountpoint-util.c +@@ -157,6 +157,19 @@ static bool filename_possibly_with_slash_suffix(const char *s) { + return filename_is_valid(copied); + } + ++static bool is_name_to_handle_at_fatal_error(int err) { ++ /* name_to_handle_at() can return "acceptable" errors that are due to the context. For ++ * example the kernel does not support name_to_handle_at() at all (ENOSYS), or the syscall ++ * was blocked (EACCES/EPERM; maybe through seccomp, because we are running inside of a ++ * container), or the mount point is not triggered yet (EOVERFLOW, think nfs4), or some ++ * general name_to_handle_at() flakiness (EINVAL). However other errors are not supposed to ++ * happen and therefore are considered fatal ones. */ ++ ++ assert(err < 0); ++ ++ return !IN_SET(err, -EOPNOTSUPP, -ENOSYS, -EACCES, -EPERM, -EOVERFLOW, -EINVAL); ++} ++ + int fd_is_mount_point(int fd, const char *filename, int flags) { + _cleanup_free_ struct file_handle *h = NULL, *h_parent = NULL; + int mount_id = -1, mount_id_parent = -1; +@@ -206,39 +219,40 @@ int fd_is_mount_point(int fd, const char *filename, int flags) { + return false; /* symlinks are never mount points */ + + r = name_to_handle_at_loop(fd, filename, &h, &mount_id, flags); +- if (IN_SET(r, -ENOSYS, -EACCES, -EPERM, -EOVERFLOW, -EINVAL)) +- /* This kernel does not support name_to_handle_at() at all (ENOSYS), or the syscall was blocked +- * (EACCES/EPERM; maybe through seccomp, because we are running inside of a container?), or the mount +- * point is not triggered yet (EOVERFLOW, think nfs4), or some general name_to_handle_at() flakiness +- * (EINVAL): fall back to simpler logic. */ +- goto fallback_fdinfo; +- else if (r == -EOPNOTSUPP) +- /* This kernel or file system does not support name_to_handle_at(), hence let's see if the upper fs +- * supports it (in which case it is a mount point), otherwise fall back to the traditional stat() +- * logic */ ++ if (r < 0) { ++ if (is_name_to_handle_at_fatal_error(r)) ++ return r; ++ if (r != -EOPNOTSUPP) ++ goto fallback_fdinfo; ++ ++ /* This kernel or file system does not support name_to_handle_at(), hence let's see ++ * if the upper fs supports it (in which case it is a mount point), otherwise fall ++ * back to the traditional stat() logic */ + nosupp = true; +- else if (r < 0) +- return r; ++ } + + r = name_to_handle_at_loop(fd, "", &h_parent, &mount_id_parent, AT_EMPTY_PATH); +- if (r == -EOPNOTSUPP) { ++ if (r < 0) { ++ if (is_name_to_handle_at_fatal_error(r)) ++ return r; ++ if (r != -EOPNOTSUPP) ++ goto fallback_fdinfo; + if (nosupp) +- /* Neither parent nor child do name_to_handle_at()? We have no choice but to fall back. */ ++ /* Both the parent and the directory can't do name_to_handle_at() */ + goto fallback_fdinfo; +- else +- /* The parent can't do name_to_handle_at() but the directory we are interested in can? If so, +- * it must be a mount point. */ +- return 1; +- } else if (r < 0) +- return r; + +- /* The parent can do name_to_handle_at() but the directory we are interested in can't? If so, it must +- * be a mount point. */ ++ /* The parent can't do name_to_handle_at() but the directory we are ++ * interested in can? If so, it must be a mount point. */ ++ return 1; ++ } ++ ++ /* The parent can do name_to_handle_at() but the directory we are interested in can't? If ++ * so, it must be a mount point. */ + if (nosupp) + return 1; + +- /* If the file handle for the directory we are interested in and its parent are identical, we assume +- * this is the root directory, which is a mount point. */ ++ /* If the file handle for the directory we are interested in and its parent are identical, ++ * we assume this is the root directory, which is a mount point. */ + + if (h->handle_bytes == h_parent->handle_bytes && + h->handle_type == h_parent->handle_type && +@@ -338,10 +352,10 @@ int path_get_mnt_id(const char *path, int *ret) { + } + + r = name_to_handle_at_loop(AT_FDCWD, path, NULL, ret, 0); +- if (IN_SET(r, -EOPNOTSUPP, -ENOSYS, -EACCES, -EPERM, -EOVERFLOW, -EINVAL)) /* kernel/fs don't support this, or seccomp blocks access, or untriggered mount, or name_to_handle_at() is flaky */ +- return fd_fdinfo_mnt_id(AT_FDCWD, path, 0, ret); ++ if (r == 0 || is_name_to_handle_at_fatal_error(r)) ++ return r; + +- return r; ++ return fd_fdinfo_mnt_id(AT_FDCWD, path, 0, ret); + } + + bool fstype_is_network(const char *fstype) { +-- +2.33.0 +
View file
_service:tar_scm:backport-namespace-allow-ProcSubset-pid-with-some-ProtectKern.patch
Added
@@ -0,0 +1,116 @@ +From c789d2f457d2e160d00760aa3ecfd6883c64cf5f Mon Sep 17 00:00:00 2001 +From: Topi Miettinen <toiwoton@gmail.com> +Date: Sat, 27 Nov 2021 12:51:39 +0200 +Subject: PATCH namespace: allow ProcSubset=pid with some ProtectKernel + options + +In case `/proc` is successfully mounted with pid tree subset only due to +`ProcSubset=pid`, the protective mounts for `ProtectKernelTunables=yes` and +`ProtectKernelLogs=yes` to non-pid `/proc` paths are failing because the paths +don't exist. But the pid only option may have failed gracefully (for example +because of ancient kernel), so let's try the mounts but it's not fatal if they +don't succeed. + +(cherry picked from commit 788e720181aead8c85ba30fc7ec9a1455a865cbe) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/c789d2f457d2e160d00760aa3ecfd6883c64cf5f +--- + src/core/namespace.c | 42 ++++++++++++++++++++++++++++++++++-------- + 1 file changed, 34 insertions(+), 8 deletions(-) + +diff --git a/src/core/namespace.c b/src/core/namespace.c +index 9251871384..b933d46cf6 100644 +--- a/src/core/namespace.c ++++ b/src/core/namespace.c +@@ -101,7 +101,7 @@ static const MountEntry apivfs_table = { + }; + + /* ProtectKernelTunables= option and the related filesystem APIs */ +-static const MountEntry protect_kernel_tunables_table = { ++static const MountEntry protect_kernel_tunables_proc_table = { + { "/proc/acpi", READONLY, true }, + { "/proc/apm", READONLY, true }, /* Obsolete API, there's no point in permitting access to this, ever */ + { "/proc/asound", READONLY, true }, +@@ -116,6 +116,9 @@ static const MountEntry protect_kernel_tunables_table = { + { "/proc/sys", READONLY, true }, + { "/proc/sysrq-trigger", READONLY, true }, + { "/proc/timer_stats", READONLY, true }, ++}; ++ ++static const MountEntry protect_kernel_tunables_sys_table = { + { "/sys", READONLY, false }, + { "/sys/fs/bpf", READONLY, true }, + { "/sys/fs/cgroup", READWRITE_IMPLICIT, false }, /* READONLY is set by ProtectControlGroups= option */ +@@ -133,8 +136,11 @@ static const MountEntry protect_kernel_modules_table = { + }; + + /* ProtectKernelLogs= option */ +-static const MountEntry protect_kernel_logs_table = { ++static const MountEntry protect_kernel_logs_proc_table = { + { "/proc/kmsg", INACCESSIBLE, true }, ++}; ++ ++static const MountEntry protect_kernel_logs_dev_table = { + { "/dev/kmsg", INACCESSIBLE, true }, + }; + +@@ -1554,9 +1560,11 @@ static size_t namespace_calculate_mounts( + (n_extension_images > 0 ? n_hierarchies + n_extension_images : 0) + /* Mount each image plus an overlay per hierarchy */ + n_temporary_filesystems + + ns_info->private_dev + +- (ns_info->protect_kernel_tunables ? ELEMENTSOF(protect_kernel_tunables_table) : 0) + ++ (ns_info->protect_kernel_tunables ? ++ ELEMENTSOF(protect_kernel_tunables_proc_table) + ELEMENTSOF(protect_kernel_tunables_sys_table) : 0) + + (ns_info->protect_kernel_modules ? ELEMENTSOF(protect_kernel_modules_table) : 0) + +- (ns_info->protect_kernel_logs ? ELEMENTSOF(protect_kernel_logs_table) : 0) + ++ (ns_info->protect_kernel_logs ? ++ ELEMENTSOF(protect_kernel_logs_proc_table) + ELEMENTSOF(protect_kernel_logs_dev_table) : 0) + + (ns_info->protect_control_groups ? 1 : 0) + + protect_home_cnt + protect_system_cnt + + (ns_info->protect_hostname ? 2 : 0) + +@@ -2037,10 +2045,21 @@ int setup_namespace( + .flags = DEV_MOUNT_OPTIONS, + }; + ++ /* In case /proc is successfully mounted with pid tree subset only (ProcSubset=pid), the ++ protective mounts to non-pid /proc paths would fail. But the pid only option may have ++ failed gracefully, so let's try the mounts but it's not fatal if they don't succeed. */ ++ bool ignore_protect_proc = ns_info->ignore_protect_paths || ns_info->proc_subset == PROC_SUBSET_PID; + if (ns_info->protect_kernel_tunables) { + r = append_static_mounts(&m, +- protect_kernel_tunables_table, +- ELEMENTSOF(protect_kernel_tunables_table), ++ protect_kernel_tunables_proc_table, ++ ELEMENTSOF(protect_kernel_tunables_proc_table), ++ ignore_protect_proc); ++ if (r < 0) ++ goto finish; ++ ++ r = append_static_mounts(&m, ++ protect_kernel_tunables_sys_table, ++ ELEMENTSOF(protect_kernel_tunables_sys_table), + ns_info->ignore_protect_paths); + if (r < 0) + goto finish; +@@ -2057,8 +2076,15 @@ int setup_namespace( + + if (ns_info->protect_kernel_logs) { + r = append_static_mounts(&m, +- protect_kernel_logs_table, +- ELEMENTSOF(protect_kernel_logs_table), ++ protect_kernel_logs_proc_table, ++ ELEMENTSOF(protect_kernel_logs_proc_table), ++ ignore_protect_proc); ++ if (r < 0) ++ goto finish; ++ ++ r = append_static_mounts(&m, ++ protect_kernel_logs_dev_table, ++ ELEMENTSOF(protect_kernel_logs_dev_table), + ns_info->ignore_protect_paths); + if (r < 0) + goto finish; +-- +2.33.0 +
View file
_service:tar_scm:backport-namespace-make-tmp-dir-handling-code-independent-of-.patch
Added
@@ -0,0 +1,68 @@ +From 78858632566c30d2299bcdbd6efe3cbd1cc99d5a Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Fri, 12 Nov 2021 11:16:02 +0100 +Subject: PATCH namespace: make tmp dir handling code independent of umask + too + +Let's make all code in namespace.c robust towards weird umask. This +doesn't matter too much given that the parent dirs we deal here almost +certainly exist anyway, but let's clean this up anyway and make it fully +clean. + +(cherry picked from commit 30443439274cc223583c6c57f7d9041e440e346f) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/78858632566c30d2299bcdbd6efe3cbd1cc99d5a +--- + src/core/namespace.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/src/core/namespace.c b/src/core/namespace.c +index b10a53ad2e..9251871384 100644 +--- a/src/core/namespace.c ++++ b/src/core/namespace.c +@@ -2466,7 +2466,8 @@ static int make_tmp_prefix(const char *prefix) { + if (errno != ENOENT) + return -errno; + +- r = mkdir_parents(prefix, 0755); ++ RUN_WITH_UMASK(000) ++ r = mkdir_parents(prefix, 0755); + if (r < 0) + return r; + +@@ -2474,7 +2475,8 @@ static int make_tmp_prefix(const char *prefix) { + if (r < 0) + return r; + +- if (mkdir(t, 0777) < 0) ++ if (mkdir(t, 0777) < 0) /* umask will corrupt this access mode, but that doesn't matter, we need to ++ * call chmod() anyway for the suid bit, below. */ + return -errno; + + if (chmod(t, 01777) < 0) { +@@ -2533,10 +2535,9 @@ static int setup_one_tmp_dir(const char *id, const char *prefix, char **path, ch + if (!y) + return -ENOMEM; + +- RUN_WITH_UMASK(0000) { ++ RUN_WITH_UMASK(0000) + if (mkdir(y, 0777 | S_ISVTX) < 0) + return -errno; +- } + + r = label_fix_container(y, prefix, 0); + if (r < 0) +@@ -2548,7 +2549,8 @@ static int setup_one_tmp_dir(const char *id, const char *prefix, char **path, ch + /* Trouble: we failed to create the directory. Instead of failing, let's simulate /tmp being + * read-only. This way the service will get the EROFS result as if it was writing to the real + * file system. */ +- r = mkdir_p(RUN_SYSTEMD_EMPTY, 0500); ++ RUN_WITH_UMASK(0000) ++ r = mkdir_p(RUN_SYSTEMD_EMPTY, 0500); + if (r < 0) + return r; + +-- +2.33.0 +
View file
_service:tar_scm:backport-namespace-make-whole-namespace_setup-work-regardless.patch
Added
@@ -0,0 +1,56 @@ +From 569ef9413c2ef3275b45458367342112e5d5f991 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Fri, 12 Nov 2021 11:11:27 +0100 +Subject: PATCH namespace: make whole namespace_setup() work regardless of + configured umask + +Let's reset the umask during the whole namespace_setup() logic, so that +all our mkdir() + mknod() are not subjected to whatever umask might +currently be set. + +This mostly moves the umask save/restore logic out of +mount_private_dev() and into the stack frame of namespace_setup() that +is further out. + +Fixes #19899 + +(cherry picked from commit cdf42f9bd40ff21a67d58b948efea055d56ad398) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/569ef9413c2ef3275b45458367342112e5d5f991 +--- + src/core/namespace.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/core/namespace.c b/src/core/namespace.c +index 233ee7be40..b10a53ad2e 100644 +--- a/src/core/namespace.c ++++ b/src/core/namespace.c +@@ -852,13 +852,10 @@ static int mount_private_dev(MountEntry *m) { + char temporary_mount = "/tmp/namespace-dev-XXXXXX"; + const char *d, *dev = NULL, *devpts = NULL, *devshm = NULL, *devhugepages = NULL, *devmqueue = NULL, *devlog = NULL, *devptmx = NULL; + bool can_mknod = true; +- _cleanup_umask_ mode_t u; + int r; + + assert(m); + +- u = umask(0000); +- + if (!mkdtemp(temporary_mount)) + return log_debug_errno(errno, "Failed to create temporary directory '%s': %m", temporary_mount); + +@@ -1864,6 +1861,10 @@ int setup_namespace( + + assert(ns_info); + ++ /* Make sure that all mknod(), mkdir() calls we do are unaffected by the umask, and the access modes ++ * we configure take effect */ ++ BLOCK_WITH_UMASK(0000); ++ + if (!isempty(propagate_dir) && !isempty(incoming_dir)) + setup_propagate = true; + +-- +2.33.0 +
View file
_service:tar_scm:backport-namespace-rebreak-a-few-comments.patch
Added
@@ -0,0 +1,92 @@ +From bce7fb14df960aee57f0ad5c9c12a0d35c3e504e Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Fri, 12 Nov 2021 11:09:40 +0100 +Subject: PATCH namespace: rebreak a few comments + +(cherry picked from commit d73020f2420aa3f220481016829aaa2602abf081) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/bce7fb14df960aee57f0ad5c9c12a0d35c3e504e +--- + src/core/namespace.c | 30 ++++++++++++++---------------- + 1 file changed, 14 insertions(+), 16 deletions(-) + +diff --git a/src/core/namespace.c b/src/core/namespace.c +index 982aeeac19..233ee7be40 100644 +--- a/src/core/namespace.c ++++ b/src/core/namespace.c +@@ -806,8 +806,7 @@ static int clone_device_node( + *make_devnode = false; + } + +- /* We're about to fall back to bind-mounting the device +- * node. So create a dummy bind-mount target. ++ /* We're about to fall back to bind-mounting the device node. So create a dummy bind-mount target. + * Do not prepare device-node SELinux label (see issue 13762) */ + r = mknod(dn, S_IFREG, 0); + if (r < 0 && errno != EEXIST) +@@ -930,10 +929,8 @@ static int mount_private_dev(MountEntry *m) { + if (r < 0) + log_debug_errno(r, "Failed to set up basic device tree at '%s', ignoring: %m", temporary_mount); + +- /* Create the /dev directory if missing. It is more likely to be +- * missing when the service is started with RootDirectory. This is +- * consistent with mount units creating the mount points when missing. +- */ ++ /* Create the /dev directory if missing. It is more likely to be missing when the service is started ++ * with RootDirectory. This is consistent with mount units creating the mount points when missing. */ + (void) mkdir_p_label(mount_entry_path(m), 0755); + + /* Unmount everything in old /dev */ +@@ -975,8 +972,8 @@ static int mount_bind_dev(const MountEntry *m) { + + assert(m); + +- /* Implements the little brother of mount_private_dev(): simply bind mounts the host's /dev into the service's +- * /dev. This is only used when RootDirectory= is set. */ ++ /* Implements the little brother of mount_private_dev(): simply bind mounts the host's /dev into the ++ * service's /dev. This is only used when RootDirectory= is set. */ + + (void) mkdir_p_label(mount_entry_path(m), 0755); + +@@ -1085,7 +1082,8 @@ static int mount_tmpfs(const MountEntry *m) { + entry_path = mount_entry_path(m); + inner_path = mount_entry_unprefixed_path(m); + +- /* First, get rid of everything that is below if there is anything. Then, overmount with our new tmpfs */ ++ /* First, get rid of everything that is below if there is anything. Then, overmount with our new ++ * tmpfs */ + + (void) mkdir_p_label(entry_path, 0755); + (void) umount_recursive(entry_path, 0); +@@ -1930,11 +1928,11 @@ int setup_namespace( + * we create it if it doesn't already exist. */ + (void) mkdir_p_label("/run/systemd", 0755); + +- /* Always create the mount namespace in a temporary directory, instead of operating +- * directly in the root. The temporary directory prevents any mounts from being +- * potentially obscured my other mounts we already applied. +- * We use the same mount point for all images, which is safe, since they all live +- * in their own namespaces after all, and hence won't see each other. */ ++ /* Always create the mount namespace in a temporary directory, instead of operating directly ++ * in the root. The temporary directory prevents any mounts from being potentially obscured ++ * my other mounts we already applied. We use the same mount point for all images, which is ++ * safe, since they all live in their own namespaces after all, and hence won't see each ++ * other. */ + + root = "/run/systemd/unit-root"; + (void) mkdir_label(root, 0700); +@@ -2198,8 +2196,8 @@ int setup_namespace( + (void) mkdir_p(propagate_dir, 0600); + + if (n_extension_images > 0) +- /* ExtensionImages mountpoint directories will be created +- * while parsing the mounts to create, so have the parent ready */ ++ /* ExtensionImages mountpoint directories will be created while parsing the mounts to create, ++ * so have the parent ready */ + (void) mkdir_p(extension_dir, 0600); + + /* Remount / as SLAVE so that nothing now mounted in the namespace +-- +2.33.0 +
View file
_service:tar_scm:backport-network-add-comments.patch
Added
@@ -0,0 +1,84 @@ +From 7522b239b865f851e7834b53367dc196244e48fd Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 4 Aug 2021 13:52:52 +0900 +Subject: PATCH network: add comments + +(cherry picked from commit 17d808a8bf55471009f5e0e1ccb06b1ffccdfa1a) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/7522b239b865f851e7834b53367dc196244e48fd +--- + src/network/networkd-setlink.c | 20 ++++++++++---------- + 1 file changed, 10 insertions(+), 10 deletions(-) + +diff --git a/src/network/networkd-setlink.c b/src/network/networkd-setlink.c +index a316a6c59b..fa1dd9b3ba 100644 +--- a/src/network/networkd-setlink.c ++++ b/src/network/networkd-setlink.c +@@ -106,7 +106,7 @@ on_error: + static int link_set_addrgen_mode_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { + int r; + +- r = set_link_handler_internal(rtnl, m, link, SET_LINK_ADDRESS_GENERATION_MODE, true, NULL); ++ r = set_link_handler_internal(rtnl, m, link, SET_LINK_ADDRESS_GENERATION_MODE, /* ignore = */ true, NULL); + if (r <= 0) + return r; + +@@ -120,31 +120,31 @@ static int link_set_addrgen_mode_handler(sd_netlink *rtnl, sd_netlink_message *m + } + + static int link_set_bond_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { +- return set_link_handler_internal(rtnl, m, link, SET_LINK_BOND, false, NULL); ++ return set_link_handler_internal(rtnl, m, link, SET_LINK_BOND, /* ignore = */ false, NULL); + } + + static int link_set_bridge_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { +- return set_link_handler_internal(rtnl, m, link, SET_LINK_BRIDGE, false, NULL); ++ return set_link_handler_internal(rtnl, m, link, SET_LINK_BRIDGE, /* ignore = */ false, NULL); + } + + static int link_set_bridge_vlan_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { +- return set_link_handler_internal(rtnl, m, link, SET_LINK_BRIDGE_VLAN, false, NULL); ++ return set_link_handler_internal(rtnl, m, link, SET_LINK_BRIDGE_VLAN, /* ignore = */ false, NULL); + } + + static int link_set_can_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { +- return set_link_handler_internal(rtnl, m, link, SET_LINK_CAN, false, NULL); ++ return set_link_handler_internal(rtnl, m, link, SET_LINK_CAN, /* ignore = */ false, NULL); + } + + static int link_set_flags_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { +- return set_link_handler_internal(rtnl, m, link, SET_LINK_FLAGS, false, get_link_update_flag_handler); ++ return set_link_handler_internal(rtnl, m, link, SET_LINK_FLAGS, /* ignore = */ false, get_link_update_flag_handler); + } + + static int link_set_group_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { +- return set_link_handler_internal(rtnl, m, link, SET_LINK_GROUP, false, NULL); ++ return set_link_handler_internal(rtnl, m, link, SET_LINK_GROUP, /* ignore = */ false, NULL); + } + + static int link_set_mac_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { +- return set_link_handler_internal(rtnl, m, link, SET_LINK_MAC, true, get_link_default_handler); ++ return set_link_handler_internal(rtnl, m, link, SET_LINK_MAC, /* ignore = */ true, get_link_default_handler); + } + + static int link_set_mac_allow_retry_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { +@@ -180,13 +180,13 @@ static int link_set_mac_allow_retry_handler(sd_netlink *rtnl, sd_netlink_message + } + + static int link_set_master_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { +- return set_link_handler_internal(rtnl, m, link, SET_LINK_MASTER, false, get_link_master_handler); ++ return set_link_handler_internal(rtnl, m, link, SET_LINK_MASTER, /* ignore = */ false, get_link_master_handler); + } + + static int link_set_mtu_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { + int r; + +- r = set_link_handler_internal(rtnl, m, link, SET_LINK_MTU, true, get_link_default_handler); ++ r = set_link_handler_internal(rtnl, m, link, SET_LINK_MTU, /* ignore = */ true, get_link_default_handler); + if (r <= 0) + return r; + +-- +2.33.0 +
View file
_service:tar_scm:backport-network-address-read-flags-from-message-header-when-.patch
Added
@@ -0,0 +1,40 @@ +From a6c264cbd6fc8c10c905ee2c1cd22717247c3c25 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 8 Dec 2021 05:35:37 +0900 +Subject: PATCH network: address: read flags from message header when + IFA_FLAGS is not supported by kernel + +Follow-up for 0828a38605975b68c14c9194a1ee2c5c2ff7038f. + +Fixes #21670. + +(cherry picked from commit 8ed68422e1bafc84afe524bc5020d343bc6163ca) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/a6c264cbd6fc8c10c905ee2c1cd22717247c3c25 +--- + src/network/networkd-address.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c +index 7b221516d7..bfc2e19bee 100644 +--- a/src/network/networkd-address.c ++++ b/src/network/networkd-address.c +@@ -1368,6 +1368,14 @@ int manager_rtnl_process_address(sd_netlink *rtnl, sd_netlink_message *message, + } + + r = sd_netlink_message_read_u32(message, IFA_FLAGS, &tmp->flags); ++ if (r == -ENODATA) { ++ unsigned char flags; ++ ++ /* For old kernels. */ ++ r = sd_rtnl_message_addr_get_flags(message, &flags); ++ if (r >= 0) ++ tmp->flags = flags; ++ } + if (r < 0) { + log_link_warning_errno(link, r, "rtnl: received address message without flags, ignoring: %m"); + return 0; +-- +2.33.0 +
View file
_service:tar_scm:backport-network-allow-users-to-forbid-passthru-MACVLAN-from-.patch
Added
@@ -0,0 +1,55 @@ +From 1d1b7de63902e5fa8d1ba900e9bf608e2ccd2b23 Mon Sep 17 00:00:00 2001 +From: Tom Yan <tom.ty89@gmail.com> +Date: Mon, 16 Aug 2021 18:00:42 +0800 +Subject: PATCH network: allow users to forbid passthru MACVLAN from putting + its link into promiscuous mode + +While we haven't implemented a key for users to set MACVLAN/MACVTAP flags, +we can at least allow them to make use of the Promiscuous= key of +the corresponding link to set the nopromisc flag. + +(cherry picked from commit 17a6a4ae2e7104a1105a0cef0ba049799f3ef6bc) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/1d1b7de63902e5fa8d1ba900e9bf608e2ccd2b23 +--- + src/network/netdev/macvlan.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/src/network/netdev/macvlan.c b/src/network/netdev/macvlan.c +index 46b0826148..9d037c2f36 100644 +--- a/src/network/netdev/macvlan.c ++++ b/src/network/netdev/macvlan.c +@@ -5,6 +5,7 @@ + #include "conf-parser.h" + #include "macvlan.h" + #include "macvlan-util.h" ++#include "networkd-network.h" + #include "parse-util.h" + + DEFINE_CONFIG_PARSE_ENUM(config_parse_macvlan_mode, macvlan_mode, MacVlanMode, "Failed to parse macvlan mode"); +@@ -16,6 +17,7 @@ static int netdev_macvlan_fill_message_create(NetDev *netdev, Link *link, sd_net + assert(netdev); + assert(link); + assert(netdev->ifname); ++ assert(link->network); + + if (netdev->kind == NETDEV_KIND_MACVLAN) + m = MACVLAN(netdev); +@@ -52,6 +54,13 @@ static int netdev_macvlan_fill_message_create(NetDev *netdev, Link *link, sd_net + return log_netdev_error_errno(netdev, r, "Could not append IFLA_MACVLAN_MODE attribute: %m"); + } + ++ /* set the nopromisc flag if Promiscuous= of the link is explicitly set to false */ ++ if (m->mode == NETDEV_MACVLAN_MODE_PASSTHRU && link->network->promiscuous == 0) { ++ r = sd_netlink_message_append_u16(req, IFLA_MACVLAN_FLAGS, MACVLAN_FLAG_NOPROMISC); ++ if (r < 0) ++ return log_netdev_error_errno(netdev, r, "Could not append IFLA_MACVLAN_FLAGS attribute: %m"); ++ } ++ + if (m->bc_queue_length != UINT32_MAX) { + r = sd_netlink_message_append_u32(req, IFLA_MACVLAN_BC_QUEUE_LEN, m->bc_queue_length); + if (r < 0) +-- +2.33.0 +
View file
_service:tar_scm:backport-network-also-check-addresses-when-determine-a-gatewa.patch
Added
@@ -0,0 +1,71 @@ +From 2f599380f1ab1ee5fe3f7b02926ae2dd642bed9b Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Mon, 12 Jul 2021 15:46:44 +0900 +Subject: PATCH network: also check addresses when determine a gateway + address is reachable or not + +Fixes #20201. + +(cherry picked from commit 11046cea1414c70b5d7aab37ea88d5a839cbd209) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/2f599380f1ab1ee5fe3f7b02926ae2dd642bed9b +--- + src/network/networkd-route.c | 34 ++++++++++++++++++++++++++++++++++ + 1 file changed, 34 insertions(+) + +diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c +index 77a93beca9..068915616e 100644 +--- a/src/network/networkd-route.c ++++ b/src/network/networkd-route.c +@@ -746,6 +746,26 @@ static bool route_address_is_reachable(const Route *route, int family, const uni + FAMILY_ADDRESS_SIZE(family) * 8) > 0; + } + ++static bool prefix_route_address_is_reachable(const Address *a, int family, const union in_addr_union *address) { ++ assert(a); ++ assert(IN_SET(family, AF_INET, AF_INET6)); ++ assert(address); ++ ++ if (a->family != family) ++ return false; ++ if (FLAGS_SET(a->flags, IFA_F_NOPREFIXROUTE)) ++ return false; ++ if (in_addr_is_set(a->family, &a->in_addr_peer)) ++ return false; ++ ++ return in_addr_prefix_intersect( ++ family, ++ &a->in_addr, ++ a->prefixlen, ++ address, ++ FAMILY_ADDRESS_SIZE(family) * 8) > 0; ++} ++ + bool manager_address_is_reachable(Manager *manager, int family, const union in_addr_union *address) { + Link *link; + +@@ -764,6 +784,20 @@ bool manager_address_is_reachable(Manager *manager, int family, const union in_a + return true; + } + ++ /* If we do not manage foreign routes, then there may exist a prefix route we do not know, ++ * which was created on configuring an address. Hence, also check the addresses. */ ++ if (!manager->manage_foreign_routes) ++ HASHMAP_FOREACH(link, manager->links_by_index) { ++ Address *a; ++ ++ SET_FOREACH(a, link->addresses) ++ if (prefix_route_address_is_reachable(a, family, address)) ++ return true; ++ SET_FOREACH(a, link->addresses_foreign) ++ if (prefix_route_address_is_reachable(a, family, address)) ++ return true; ++ } ++ + return false; + } + +-- +2.33.0 +
View file
_service:tar_scm:backport-network-bridge-fix-endian-of-vlan-protocol.patch
Added
@@ -0,0 +1,32 @@ +From 7b9aa956fbf9fc342a4e35fbcf90e7083cccbf6c Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Thu, 10 Feb 2022 17:47:14 +0900 +Subject: PATCH network: bridge: fix endian of vlan protocol + +Fixes #22469. + +(cherry picked from commit 6eb35be8e0fa5f1f00dddd558cf4dc3642d9e53e) +(cherry picked from commit 514a4c051ce6cceaa5417a2044e708bd5105131d) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/7b9aa956fbf9fc342a4e35fbcf90e7083cccbf6c +--- + src/network/netdev/bridge.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/network/netdev/bridge.c b/src/network/netdev/bridge.c +index 99fb9e1c3c..b9a0136843 100644 +--- a/src/network/netdev/bridge.c ++++ b/src/network/netdev/bridge.c +@@ -126,7 +126,7 @@ static int netdev_bridge_post_create(NetDev *netdev, Link *link, sd_netlink_mess + } + + if (b->vlan_protocol >= 0) { +- r = sd_netlink_message_append_u16(req, IFLA_BR_VLAN_PROTOCOL, b->vlan_protocol); ++ r = sd_netlink_message_append_u16(req, IFLA_BR_VLAN_PROTOCOL, htobe16(b->vlan_protocol)); + if (r < 0) + return log_netdev_error_errno(netdev, r, "Could not append IFLA_BR_VLAN_PROTOCOL attribute: %m"); + } +-- +2.33.0 +
View file
_service:tar_scm:backport-network-check-the-received-interface-name-is-actuall.patch
Added
@@ -0,0 +1,71 @@ +From d2895063305712cd9e5d7f4361f9343bf3b3f00b Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Mon, 12 Jul 2021 21:23:41 +0900 +Subject: PATCH network: check the received interface name is actually new + +For some reasons I do not know, on interface renaming, kernel once send +netlink message with old interface name, and then send with new name. +If eth0 is renamed, and then new interface appears as eth0, then the +message with the old name 'eth0' makes the interface enters failed +state. + +To ignore such invalid(?) rename event messages, let's confirm the +received interface name. + +Fixes #20203. + +(cherry picked from commit 176b8be10ffce2f8c1fc931a37904a528057016f) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/d2895063305712cd9e5d7f4361f9343bf3b3f00b +--- + src/network/networkd-link.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c +index 9421ce1aa6..d58b700050 100644 +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -1,5 +1,6 @@ + /* SPDX-License-Identifier: LGPL-2.1-or-later */ + ++#include <net/if.h> + #include <netinet/in.h> + #include <linux/if.h> + #include <linux/if_arp.h> +@@ -21,6 +22,7 @@ + #include "ethtool-util.h" + #include "fd-util.h" + #include "fileio.h" ++#include "format-util.h" + #include "fs-util.h" + #include "ipvlan.h" + #include "missing_network.h" +@@ -2161,6 +2163,7 @@ static int link_update_alternative_names(Link *link, sd_netlink_message *message + } + + static int link_update_name(Link *link, sd_netlink_message *message) { ++ char ifname_from_indexIF_NAMESIZE + 1; + const char *ifname; + int r; + +@@ -2177,6 +2180,16 @@ static int link_update_name(Link *link, sd_netlink_message *message) { + if (streq(ifname, link->ifname)) + return 0; + ++ if (!format_ifname(link->ifindex, ifname_from_index)) ++ return log_link_debug_errno(link, SYNTHETIC_ERRNO(ENXIO), "Could not get interface name for index %i.", link->ifindex); ++ ++ if (!streq(ifname, ifname_from_index)) { ++ log_link_debug(link, "New interface name '%s' received from the kernel does not correspond " ++ "with the name currently configured on the actual interface '%s'. Ignoring.", ++ ifname, ifname_from_index); ++ return 0; ++ } ++ + log_link_info(link, "Interface name change detected, renamed to %s.", ifname); + + hashmap_remove(link->manager->links_by_name, link->ifname); +-- +2.33.0 +
View file
_service:tar_scm:backport-network-configure-address-with-requested-lifetime.patch
Added
@@ -0,0 +1,50 @@ +From d18f1ad555a0b0b03fe8eb176f763b50a1aab215 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Mon, 19 Jul 2021 15:18:37 +0900 +Subject: PATCH network: configure address with requested lifetime + +When assigning the same address provided by a dynamic addressing +protocol, the new lifetime is stored on Request::Address, but not +Address object in Link object, which can be obtained by address_get(). +So, we need to configure address with Address object in Request. + +Fixes #20245. + +(cherry picked from commit 2d302d88e4dfd48b18486c5ce2c7dfeb229a1b0a) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/d18f1ad555a0b0b03fe8eb176f763b50a1aab215 +--- + src/network/networkd-address.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c +index 6b2230b725..7b221516d7 100644 +--- a/src/network/networkd-address.c ++++ b/src/network/networkd-address.c +@@ -1272,17 +1272,17 @@ int request_process_address(Request *req) { + if (r <= 0) + return r; + +- r = address_get(link, req->address, &a); +- if (r < 0) +- return r; +- +- r = address_configure(a, link, req->netlink_handler); ++ r = address_configure(req->address, link, req->netlink_handler); + if (r < 0) + return r; + + /* To prevent a double decrement on failure in after_configure(). */ + req->message_counter = NULL; + ++ r = address_get(link, req->address, &a); ++ if (r < 0) ++ return r; ++ + if (req->after_configure) { + r = req->after_configure(req, a); + if (r < 0) +-- +2.33.0 +
View file
_service:tar_scm:backport-network-disable-event-sources-before-unref-them.patch
Added
@@ -0,0 +1,61 @@ +From 847168ed320e9ff14ed95dbde0a1f392acbe4a44 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 24 Sep 2021 17:26:10 +0900 +Subject: PATCH network: disable event sources before unref them + +(cherry picked from commit d105befc976ad704d3b17b3a5ee1b659a5f624d4) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/847168ed320e9ff14ed95dbde0a1f392acbe4a44 +--- + src/network/networkd-lldp-tx.c | 2 +- + src/network/networkd-route.c | 6 +++--- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/network/networkd-lldp-tx.c b/src/network/networkd-lldp-tx.c +index 45a087b301..82a403fe21 100644 +--- a/src/network/networkd-lldp-tx.c ++++ b/src/network/networkd-lldp-tx.c +@@ -413,7 +413,7 @@ int link_lldp_emit_start(Link *link) { + void link_lldp_emit_stop(Link *link) { + assert(link); + +- link->lldp_emit_event_source = sd_event_source_unref(link->lldp_emit_event_source); ++ link->lldp_emit_event_source = sd_event_source_disable_unref(link->lldp_emit_event_source); + } + + int config_parse_lldp_mud( +diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c +index b7852f6eec..791fd64c39 100644 +--- a/src/network/networkd-route.c ++++ b/src/network/networkd-route.c +@@ -290,7 +290,7 @@ Route *route_free(Route *route) { + + ordered_set_free_with_destructor(route->multipath_routes, multipath_route_free); + +- sd_event_source_unref(route->expire); ++ sd_event_source_disable_unref(route->expire); + + return mfree(route); + } +@@ -1273,7 +1273,7 @@ static int route_expire_handler(sd_event_source *s, uint64_t usec, void *userdat + } + + static int route_add_and_setup_timer_one(Link *link, const Route *route, const MultipathRoute *m, const NextHop *nh, uint8_t nh_weight, Route **ret) { +- _cleanup_(sd_event_source_unrefp) sd_event_source *expire = NULL; ++ _cleanup_(sd_event_source_disable_unrefp) sd_event_source *expire = NULL; + Route *nr; + int r; + +@@ -1311,7 +1311,7 @@ static int route_add_and_setup_timer_one(Link *link, const Route *route, const M + return log_link_error_errno(link, r, "Could not arm expiration timer: %m"); + } + +- sd_event_source_unref(nr->expire); ++ sd_event_source_disable_unref(nr->expire); + nr->expire = TAKE_PTR(expire); + + *ret = nr; +-- +2.33.0 +
View file
_service:tar_scm:backport-network-do-not-assume-the-highest-priority-when-Prio.patch
Added
@@ -0,0 +1,292 @@ +From c5ff3ea39882609b307c4a9925d1c17413d17dfc Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Tue, 17 Aug 2021 14:03:19 +0900 +Subject: PATCH network: do not assume the highest priority when Priority= is + unspecified + +Previously, when Priority= is unspecified, networkd configured the rule with +the highest (=0) priority. This commit makes networkd distinguish the case +the setting is unspecified and one explicitly specified as Priority=0. + +Note. +1) If the priority is unspecified on configure, then kernel dynamically picks + a priority for the rule. +2) The new behavior is consistent with 'ip rule' command. + +Replaces #15606. + +(cherry picked from commit c4f7a347566b8926382029593b4d9957fef2564c) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/c5ff3ea39882609b307c4a9925d1c17413d17dfc +--- + man/systemd.network.xml | 4 +- + src/network/networkd-routing-policy-rule.c | 120 +++++++++++++++++--- + src/network/networkd-routing-policy-rule.h | 1 + + test/test-network/systemd-networkd-tests.py | 2 +- + 4 files changed, 110 insertions(+), 17 deletions(-) + +diff --git a/man/systemd.network.xml b/man/systemd.network.xml +index 3b7680eb8b..9de9816ced 100644 +--- a/man/systemd.network.xml ++++ b/man/systemd.network.xml +@@ -1238,7 +1238,9 @@ IPv6Token=prefixstable:2002:da8:1::</programlisting></para> + <term><varname>Priority=</varname></term> + <listitem> + <para>Specifies the priority of this rule. <varname>Priority=</varname> is an unsigned +- integer. Higher number means lower priority, and rules get processed in order of increasing number.</para> ++ integer in the range 0…4294967295. Higher number means lower priority, and rules get ++ processed in order of increasing number. Defaults to unset, and the kernel will pick ++ a value dynamically.</para> + </listitem> + </varlistentry> + <varlistentry> +diff --git a/src/network/networkd-routing-policy-rule.c b/src/network/networkd-routing-policy-rule.c +index af7e8a973c..03ccbd8e85 100644 +--- a/src/network/networkd-routing-policy-rule.c ++++ b/src/network/networkd-routing-policy-rule.c +@@ -163,7 +163,9 @@ void routing_policy_rule_hash_func(const RoutingPolicyRule *rule, struct siphash + siphash24_compress(&rule->type, sizeof(rule->type), state); + siphash24_compress(&rule->fwmark, sizeof(rule->fwmark), state); + siphash24_compress(&rule->fwmask, sizeof(rule->fwmask), state); +- siphash24_compress(&rule->priority, sizeof(rule->priority), state); ++ siphash24_compress_boolean(rule->priority_set, state); ++ if (rule->priority_set) ++ siphash24_compress(&rule->priority, sizeof(rule->priority), state); + siphash24_compress(&rule->table, sizeof(rule->table), state); + siphash24_compress(&rule->suppress_prefixlen, sizeof(rule->suppress_prefixlen), state); + +@@ -229,10 +231,16 @@ int routing_policy_rule_compare_func(const RoutingPolicyRule *a, const RoutingPo + if (r != 0) + return r; + +- r = CMP(a->priority, b->priority); ++ r = CMP(a->priority_set, b->priority_set); + if (r != 0) + return r; + ++ if (a->priority_set) { ++ r = CMP(a->priority, b->priority); ++ if (r != 0) ++ return r; ++ } ++ + r = CMP(a->table, b->table); + if (r != 0) + return r; +@@ -293,8 +301,9 @@ DEFINE_PRIVATE_HASH_OPS_WITH_KEY_DESTRUCTOR( + routing_policy_rule_compare_func, + routing_policy_rule_free); + +-static int routing_policy_rule_get(Manager *m, const RoutingPolicyRule *rule, RoutingPolicyRule **ret) { ++static int routing_policy_rule_get(Manager *m, const RoutingPolicyRule *rule, bool require_priority, RoutingPolicyRule **ret) { + RoutingPolicyRule *existing; ++ int r; + + assert(m); + +@@ -312,6 +321,23 @@ static int routing_policy_rule_get(Manager *m, const RoutingPolicyRule *rule, Ro + return 0; + } + ++ if (!require_priority && rule->priority_set) { ++ _cleanup_(routing_policy_rule_freep) RoutingPolicyRule *tmp = NULL; ++ ++ r = routing_policy_rule_dup(rule, &tmp); ++ if (r < 0) ++ return r; ++ ++ tmp->priority_set = false; ++ ++ existing = set_get(m->rules, tmp); ++ if (existing) { ++ if (ret) ++ *ret = existing; ++ return 1; ++ } ++ } ++ + return -ENOENT; + } + +@@ -328,7 +354,7 @@ static int routing_policy_rule_add(Manager *m, const RoutingPolicyRule *in, Rout + if (r < 0) + return r; + +- r = routing_policy_rule_get(m, rule, &existing); ++ r = routing_policy_rule_get(m, rule, true, &existing); + if (r == -ENOENT) { + /* Rule does not exist, use a new one. */ + r = set_ensure_put(&m->rules, &routing_policy_rule_hash_ops, rule); +@@ -371,6 +397,32 @@ static int routing_policy_rule_consume_foreign(Manager *m, RoutingPolicyRule *ru + return 1; + } + ++static int routing_policy_rule_update_priority(RoutingPolicyRule *rule, uint32_t priority) { ++ int r; ++ ++ assert(rule); ++ assert(rule->manager); ++ ++ if (rule->priority_set) ++ return 0; ++ ++ if (!set_remove(rule->manager->rules, rule)) ++ return -ENOENT; ++ ++ rule->priority = priority; ++ rule->priority_set = true; ++ ++ r = set_put(rule->manager->rules, rule); ++ if (r <= 0) { ++ /* Undo */ ++ rule->priority_set = false; ++ assert_se(set_put(rule->manager->rules, rule) > 0); ++ return r == 0 ? -EEXIST : r; ++ } ++ ++ return 1; ++} ++ + static void log_routing_policy_rule_debug(const RoutingPolicyRule *rule, const char *str, const Link *link, const Manager *m) { + _cleanup_free_ char *from = NULL, *to = NULL, *table = NULL; + +@@ -422,9 +474,11 @@ static int routing_policy_rule_set_netlink_message(const RoutingPolicyRule *rule + return log_link_error_errno(link, r, "Could not set destination prefix length: %m"); + } + +- r = sd_netlink_message_append_u32(m, FRA_PRIORITY, rule->priority); +- if (r < 0) +- return log_link_error_errno(link, r, "Could not append FRA_PRIORITY attribute: %m"); ++ if (rule->priority_set) { ++ r = sd_netlink_message_append_u32(m, FRA_PRIORITY, rule->priority); ++ if (r < 0) ++ return log_link_error_errno(link, r, "Could not append FRA_PRIORITY attribute: %m"); ++ } + + if (rule->tos > 0) { + r = sd_rtnl_message_routing_policy_rule_set_tos(m, rule->tos); +@@ -662,6 +716,28 @@ int manager_drop_routing_policy_rules_internal(Manager *m, bool foreign, const L + continue; + } + ++ if (!foreign) { ++ _cleanup_(routing_policy_rule_freep) RoutingPolicyRule *tmp = NULL; ++ ++ /* The rule may be configured without priority. Try to find without priority. */ ++ ++ k = routing_policy_rule_dup(rule, &tmp); ++ if (k < 0) { ++ if (r >= 0) ++ r = k; ++ continue; ++ } ++ ++ tmp->priority_set = false; ++ ++ k = links_have_routing_policy_rule(m, tmp, except); ++ if (k != 0) { ++ if (k < 0 && r >= 0) ++ r = k; ++ continue; ++ } ++ } ++ + k = routing_policy_rule_remove(rule, m); + if (k < 0 && r >= 0) + r = k; +@@ -821,11 +897,11 @@ int request_process_routing_policy_rule(Request *req) { + }
View file
_service:tar_scm:backport-network-fix-configuring-of-CAN-devices.patch
Added
@@ -0,0 +1,40 @@ +From 9bf50758426a3d8dd4b40e28c960e920d41444ba Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Thu, 12 Aug 2021 13:39:53 +0900 +Subject: PATCH network: fix configuring of CAN devices + +Fix a bug introduced by 7558f9e717381eef0ddc8ddfb5a754ea4b0f3e6c. + +Fixes #20428. + +(cherry picked from commit 1e8cce8f1e61e01db844d518b7051b6ce69867fd) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/9bf50758426a3d8dd4b40e28c960e920d41444ba +--- + src/network/networkd-setlink.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/network/networkd-setlink.c b/src/network/networkd-setlink.c +index 10c312c480..13c4cedd10 100644 +--- a/src/network/networkd-setlink.c ++++ b/src/network/networkd-setlink.c +@@ -229,10 +229,14 @@ static int link_configure( + + log_link_debug(link, "Setting %s", set_link_operation_to_string(op)); + +- if (IN_SET(op, SET_LINK_BOND, SET_LINK_CAN)) { ++ if (op == SET_LINK_BOND) { + r = sd_rtnl_message_new_link(link->manager->rtnl, &req, RTM_NEWLINK, link->master_ifindex); + if (r < 0) + return log_link_debug_errno(link, r, "Could not allocate RTM_NEWLINK message: %m"); ++ } else if (op == SET_LINK_CAN) { ++ r = sd_rtnl_message_new_link(link->manager->rtnl, &req, RTM_NEWLINK, link->ifindex); ++ if (r < 0) ++ return log_link_debug_errno(link, r, "Could not allocate RTM_NEWLINK message: %m"); + } else { + r = sd_rtnl_message_new_link(link->manager->rtnl, &req, RTM_SETLINK, link->ifindex); + if (r < 0) +-- +2.33.0 +
View file
_service:tar_scm:backport-network-fix-handling-of-network-interface-renaming.patch
Added
@@ -0,0 +1,49 @@ +From 6ee3390c978dca7a590a4c16d4d620984e60fa96 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 10 Sep 2021 08:09:56 +0900 +Subject: PATCH network: fix handling of network interface renaming + +Fixes #20657. + +(cherry picked from commit 160203e974945ce520fe8f569458634ef898c61c) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/6ee3390c978dca7a590a4c16d4d620984e60fa96 +--- + src/network/networkd-link.c | 14 +++++++++----- + 1 file changed, 9 insertions(+), 5 deletions(-) + +diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c +index d58b700050..20675f2306 100644 +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -1404,17 +1404,21 @@ static int link_initialized(Link *link, sd_device *device) { + assert(link); + assert(device); + +- if (link->state != LINK_STATE_PENDING) +- return 0; ++ /* Always replace with the new sd_device object. As the sysname (and possibly other properties ++ * or sysattrs) may be outdated. */ ++ sd_device_ref(device); ++ sd_device_unref(link->sd_device); ++ link->sd_device = device; + +- if (link->sd_device) ++ /* Do not ignore unamanaged state case here. If an interface is renamed after being once ++ * configured, and the corresponding .network file has Name= in Match section, then the ++ * interface may be already in unmanaged state. See #20657. */ ++ if (!IN_SET(link->state, LINK_STATE_PENDING, LINK_STATE_UNMANAGED)) + return 0; + + log_link_debug(link, "udev initialized link"); + link_set_state(link, LINK_STATE_INITIALIZED); + +- link->sd_device = sd_device_ref(device); +- + /* udev has initialized the link, but we don't know if we have yet + * processed the NEWLINK messages with the latest state. Do a GETLINK, + * when it returns we know that the pending NEWLINKs have already been +-- +2.33.0 +
View file
_service:tar_scm:backport-network-fix-logic-for-checking-gateway-address-is-re.patch
Added
@@ -0,0 +1,182 @@ +From 2bd5bbbd39d5c825ed520e8282840b76b8f7fc79 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sat, 21 Aug 2021 03:51:39 +0900 +Subject: PATCH network: fix logic for checking gateway address is ready + +This fixes the followings: +- The corresponding route or address to the gateway address must be in + the same link. +- IPv6 link local address is not necessary to be reachable. + +Fixes an issue reported in https://github.com/systemd/systemd/issues/8686#issuecomment-902562324. + +(cherry picked from commit 3333350a0e1917395d3654731ca985ea668bca9b) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/2bd5bbbd39d5c825ed520e8282840b76b8f7fc79 +--- + src/network/networkd-nexthop.c | 7 +--- + src/network/networkd-route.c | 72 ++++++++++++++++++++-------------- + src/network/networkd-route.h | 2 +- + 3 files changed, 44 insertions(+), 37 deletions(-) + +diff --git a/src/network/networkd-nexthop.c b/src/network/networkd-nexthop.c +index a52e5dcb16..c5cba88f46 100644 +--- a/src/network/networkd-nexthop.c ++++ b/src/network/networkd-nexthop.c +@@ -791,12 +791,7 @@ static bool nexthop_is_ready_to_configure(Link *link, const NextHop *nexthop) { + } + } + +- if (nexthop->onlink <= 0 && +- in_addr_is_set(nexthop->family, &nexthop->gw) && +- !manager_address_is_reachable(link->manager, nexthop->family, &nexthop->gw)) +- return false; +- +- return true; ++ return gateway_is_ready(link, nexthop->onlink, nexthop->family, &nexthop->gw); + } + + int request_process_nexthop(Request *req) { +diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c +index 068915616e..b7852f6eec 100644 +--- a/src/network/networkd-route.c ++++ b/src/network/networkd-route.c +@@ -753,6 +753,8 @@ static bool prefix_route_address_is_reachable(const Address *a, int family, cons + + if (a->family != family) + return false; ++ if (!address_is_ready(a)) ++ return false; + if (FLAGS_SET(a->flags, IFA_F_NOPREFIXROUTE)) + return false; + if (in_addr_is_set(a->family, &a->in_addr_peer)) +@@ -766,37 +768,34 @@ static bool prefix_route_address_is_reachable(const Address *a, int family, cons + FAMILY_ADDRESS_SIZE(family) * 8) > 0; + } + +-bool manager_address_is_reachable(Manager *manager, int family, const union in_addr_union *address) { +- Link *link; ++static bool link_address_is_reachable(Link *link, int family, const union in_addr_union *address) { ++ Route *route; + +- assert(manager); ++ assert(link); ++ assert(link->manager); + assert(IN_SET(family, AF_INET, AF_INET6)); + assert(address); + +- HASHMAP_FOREACH(link, manager->links_by_index) { +- Route *route; + +- SET_FOREACH(route, link->routes) +- if (route_address_is_reachable(route, family, address)) +- return true; +- SET_FOREACH(route, link->routes_foreign) +- if (route_address_is_reachable(route, family, address)) +- return true; +- } ++ SET_FOREACH(route, link->routes) ++ if (route_address_is_reachable(route, family, address)) ++ return true; ++ SET_FOREACH(route, link->routes_foreign) ++ if (route_address_is_reachable(route, family, address)) ++ return true; + + /* If we do not manage foreign routes, then there may exist a prefix route we do not know, + * which was created on configuring an address. Hence, also check the addresses. */ +- if (!manager->manage_foreign_routes) +- HASHMAP_FOREACH(link, manager->links_by_index) { +- Address *a; +- +- SET_FOREACH(a, link->addresses) +- if (prefix_route_address_is_reachable(a, family, address)) +- return true; +- SET_FOREACH(a, link->addresses_foreign) +- if (prefix_route_address_is_reachable(a, family, address)) +- return true; +- } ++ if (!link->manager->manage_foreign_routes) { ++ Address *a; ++ ++ SET_FOREACH(a, link->addresses) ++ if (prefix_route_address_is_reachable(a, family, address)) ++ return true; ++ SET_FOREACH(a, link->addresses_foreign) ++ if (prefix_route_address_is_reachable(a, family, address)) ++ return true; ++ } + + return false; + } +@@ -1692,6 +1691,22 @@ int link_request_static_routes(Link *link, bool only_ipv4) { + return 0; + } + ++bool gateway_is_ready(Link *link, int onlink, int family, const union in_addr_union *gw) { ++ assert(link); ++ assert(gw); ++ ++ if (onlink > 0) ++ return true; ++ ++ if (!in_addr_is_set(family, gw)) ++ return true; ++ ++ if (family == AF_INET6 && in6_addr_is_link_local(&gw->in6)) ++ return true; ++ ++ return link_address_is_reachable(link, family, gw); ++} ++ + static int route_is_ready_to_configure(const Route *route, Link *link) { + MultipathRoute *m; + NextHop *nh = NULL; +@@ -1735,19 +1750,13 @@ static int route_is_ready_to_configure(const Route *route, Link *link) { + return r; + } + +- if (route->gateway_onlink <= 0 && +- in_addr_is_set(route->gw_family, &route->gw) > 0 && +- !manager_address_is_reachable(link->manager, route->gw_family, &route->gw)) ++ if (!gateway_is_ready(link, route->gateway_onlink, route->gw_family, &route->gw)) + return false; + + ORDERED_SET_FOREACH(m, route->multipath_routes) { + union in_addr_union a = m->gateway.address; + Link *l = NULL; + +- if (route->gateway_onlink <= 0 && +- !manager_address_is_reachable(link->manager, m->gateway.family, &a)) +- return false; +- + if (m->ifname) { + if (link_get_by_name(link->manager, m->ifname, &l) < 0) + return false; +@@ -1759,6 +1768,9 @@ static int route_is_ready_to_configure(const Route *route, Link *link) { + } + if (l && !link_is_ready_to_configure(l, true)) + return false; ++ ++ if (!gateway_is_ready(l ?: link, route->gateway_onlink, m->gateway.family, &a)) ++ return false; + } + + return true; +diff --git a/src/network/networkd-route.h b/src/network/networkd-route.h +index 2d262819ad..235a91f08d 100644 +--- a/src/network/networkd-route.h ++++ b/src/network/networkd-route.h +@@ -78,8 +78,8 @@ int route_configure_handler_internal(sd_netlink *rtnl, sd_netlink_message *m, Li + int route_remove(const Route *route, Manager *manager, Link *link); + + int link_has_route(Link *link, const Route *route); +-bool manager_address_is_reachable(Manager *manager, int family, const union in_addr_union *address); + int manager_find_uplink(Manager *m, int family, Link *exclude, Link **ret); ++bool gateway_is_ready(Link *link, int onlink, int family, const union in_addr_union *gw); + + int link_drop_routes(Link *link); + int link_drop_foreign_routes(Link *link); +-- +2.33.0 +
View file
_service:tar_scm:backport-network-fix-wrong-flag-manage_foreign_routes-manage_.patch
Added
@@ -0,0 +1,32 @@ +From fc88dc07544978b1bda9c192481a07d43d384f81 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Tue, 7 Sep 2021 21:46:50 +0900 +Subject: PATCH network: fix wrong flag: manage_foreign_routes -> + manage_foreign_rules + +Fixes a bug in d94dfe7053d49fa62c4bfc07b7f3fc2227c10aff. + +(cherry picked from commit 771a36439e955906290afc16a6fb3b10401892cf) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/fc88dc07544978b1bda9c192481a07d43d384f81 +--- + src/network/networkd-routing-policy-rule.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/network/networkd-routing-policy-rule.c b/src/network/networkd-routing-policy-rule.c +index 03ccbd8e85..b7e0fd779d 100644 +--- a/src/network/networkd-routing-policy-rule.c ++++ b/src/network/networkd-routing-policy-rule.c +@@ -1115,7 +1115,7 @@ int manager_rtnl_process_rule(sd_netlink *rtnl, sd_netlink_message *message, Man + r = routing_policy_rule_update_priority(rule, tmp->priority); + if (r < 0) + log_warning_errno(r, "Failed to update priority of remembered routing policy rule, ignoring: %m"); +- } else if (!m->manage_foreign_routes) ++ } else if (!m->manage_foreign_rules) + log_routing_policy_rule_debug(tmp, "Ignoring received foreign", NULL, m); + else { + log_routing_policy_rule_debug(tmp, "Remembering foreign", NULL, m); +-- +2.33.0 +
View file
_service:tar_scm:backport-network-ignore-errors-on-setting-bridge-config.patch
Added
@@ -0,0 +1,34 @@ +From 0c136b86d6c32445c6b503c87ba5fa348f34e22b Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 4 Aug 2021 13:53:21 +0900 +Subject: PATCH network: ignore errors on setting bridge config + +For some setups, kernel refuses to set bridge configs with -EOPNOTSUPP. +See kernel's rtnl_bridge_setlink() in net/core/rtnetlink.c. + +Fixes #20373. + +(cherry picked from commit 1171f3f030319155914c2bb90655f46653f88cbf) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/0c136b86d6c32445c6b503c87ba5fa348f34e22b +--- + src/network/networkd-setlink.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/network/networkd-setlink.c b/src/network/networkd-setlink.c +index fa1dd9b3ba..8130bb6bcc 100644 +--- a/src/network/networkd-setlink.c ++++ b/src/network/networkd-setlink.c +@@ -124,7 +124,7 @@ static int link_set_bond_handler(sd_netlink *rtnl, sd_netlink_message *m, Link * + } + + static int link_set_bridge_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { +- return set_link_handler_internal(rtnl, m, link, SET_LINK_BRIDGE, /* ignore = */ false, NULL); ++ return set_link_handler_internal(rtnl, m, link, SET_LINK_BRIDGE, /* ignore = */ true, NULL); + } + + static int link_set_bridge_vlan_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { +-- +2.33.0 +
View file
_service:tar_scm:backport-network-ignore-errors-on-unsetting-master-ifindex.patch
Added
@@ -0,0 +1,68 @@ +From 090378dcb1de5ca66900503210e85d63075fa70a Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Thu, 5 Aug 2021 00:10:52 +0900 +Subject: PATCH network: ignore errors on unsetting master ifindex + +Fixes #20241. + +(cherry picked from commit c347a98272bd1b81682c266b9720fad107b96ab0) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/090378dcb1de5ca66900503210e85d63075fa70a +--- + src/network/networkd-setlink.c | 20 ++++++++++++++++++-- + 1 file changed, 18 insertions(+), 2 deletions(-) + +diff --git a/src/network/networkd-setlink.c b/src/network/networkd-setlink.c +index 8130bb6bcc..10c312c480 100644 +--- a/src/network/networkd-setlink.c ++++ b/src/network/networkd-setlink.c +@@ -95,9 +95,16 @@ static int set_link_handler_internal( + return 1; + + on_error: +- if (op == SET_LINK_FLAGS) { ++ switch (op) { ++ case SET_LINK_FLAGS: + assert(link->set_flags_messages > 0); + link->set_flags_messages--; ++ break; ++ case SET_LINK_MASTER: ++ link->master_set = true; ++ break; ++ default: ++ break; + } + + return 0; +@@ -183,6 +190,11 @@ static int link_set_master_handler(sd_netlink *rtnl, sd_netlink_message *m, Link + return set_link_handler_internal(rtnl, m, link, SET_LINK_MASTER, /* ignore = */ false, get_link_master_handler); + } + ++static int link_unset_master_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { ++ /* Some devices do not support setting master ifindex. Let's ignore error on unsetting master ifindex. */ ++ return set_link_handler_internal(rtnl, m, link, SET_LINK_MASTER, /* ignore = */ true, get_link_master_handler); ++} ++ + static int link_set_mtu_handler(sd_netlink *rtnl, sd_netlink_message *m, Link *link) { + int r; + +@@ -745,10 +757,14 @@ int link_request_to_set_mac(Link *link, bool allow_retry) { + + int link_request_to_set_master(Link *link) { + assert(link); ++ assert(link->network); + + link->master_set = false; + +- return link_request_set_link(link, SET_LINK_MASTER, link_set_master_handler, NULL); ++ if (link->network->batadv || link->network->bond || link->network->bridge || link->network->vrf) ++ return link_request_set_link(link, SET_LINK_MASTER, link_set_master_handler, NULL); ++ else ++ return link_request_set_link(link, SET_LINK_MASTER, link_unset_master_handler, NULL); + } + + int link_request_to_set_mtu(Link *link, uint32_t mtu) { +-- +2.33.0 +
View file
_service:tar_scm:backport-network-print-Ethernet-Link-Layer-DHCP-client-ID-wit.patch
Added
@@ -0,0 +1,40 @@ +From 133354a3b9fc7b88fb143f241cfc4565b943ae87 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Alvin=20=C5=A0ipraga?= <alsi@bang-olufsen.dk> +Date: Tue, 31 Aug 2021 14:17:33 +0200 +Subject: PATCH network: print Ethernet Link-Layer DHCP client ID with + leading 0's + +This is a small cosmetic change. + +Before: + + Offered DHCP leases: 192.168.0.183 (to 0:9:a7:36:bc:89) + +After: + + Offered DHCP leases: 192.168.0.183 (to 00:09:a7:36:bc:89) + +(cherry picked from commit 8e664ab6ecc9c420d2151f14b36824aecc76d8ac) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/133354a3b9fc7b88fb143f241cfc4565b943ae87 +--- + src/libsystemd-network/sd-dhcp-client.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libsystemd-network/sd-dhcp-client.c b/src/libsystemd-network/sd-dhcp-client.c +index dc8ff19d1a..030b50cf2a 100644 +--- a/src/libsystemd-network/sd-dhcp-client.c ++++ b/src/libsystemd-network/sd-dhcp-client.c +@@ -192,7 +192,7 @@ int sd_dhcp_client_id_to_string(const void *data, size_t len, char **ret) { + if (len != sizeof_field(sd_dhcp_client_id, eth)) + return -EINVAL; + +- r = asprintf(&t, "%x:%x:%x:%x:%x:%x", ++ r = asprintf(&t, "%02x:%02x:%02x:%02x:%02x:%02x", + client_id->eth.haddr0, + client_id->eth.haddr1, + client_id->eth.haddr2, +-- +2.33.0 +
View file
_service:tar_scm:backport-network-route-fix-possible-overflow-in-conversion-us.patch
Added
@@ -0,0 +1,30 @@ +From 7a9b38919302e98cebc2c6233fd09d0c07ae41dc Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 15 Oct 2021 10:06:25 +0900 +Subject: PATCH network: route: fix possible overflow in conversion usec_t -> + uint32_t + +(cherry picked from commit ff43dddab7260c9220eaea2a545514772c0e581f) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/7a9b38919302e98cebc2c6233fd09d0c07ae41dc +--- + src/network/networkd-route.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c +index 791fd64c39..eeba31c45d 100644 +--- a/src/network/networkd-route.c ++++ b/src/network/networkd-route.c +@@ -1537,7 +1537,7 @@ static int route_configure( + + if (route->lifetime != USEC_INFINITY && kernel_route_expiration_supported()) { + r = sd_netlink_message_append_u32(req, RTA_EXPIRES, +- DIV_ROUND_UP(usec_sub_unsigned(route->lifetime, now(clock_boottime_or_monotonic())), USEC_PER_SEC)); ++ MIN(DIV_ROUND_UP(usec_sub_unsigned(route->lifetime, now(clock_boottime_or_monotonic())), USEC_PER_SEC), UINT32_MAX)); + if (r < 0) + return log_link_error_errno(link, r, "Could not append RTA_EXPIRES attribute: %m"); + } +-- +2.33.0 +
View file
_service:tar_scm:backport-network-use-address_equal-route_equal-to-compare-add.patch
Added
@@ -0,0 +1,68 @@ +From ea4d7828fe525201ffb98ff2a31fde8a12e0a4c4 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 4 Aug 2021 13:14:03 +0900 +Subject: PATCH network: use address_equal()/route_equal() to compare + addresses or routes configured by NDisc + +Fixes #20244. + +(cherry picked from commit 10e417b3eac03c1bcd0b5f3d5c24291ac644e164) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/ea4d7828fe525201ffb98ff2a31fde8a12e0a4c4 +--- + src/network/networkd-address.c | 2 +- + src/network/networkd-route.c | 4 ++-- + src/network/networkd-route.h | 1 + + 3 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c +index 35305aff99..6b2230b725 100644 +--- a/src/network/networkd-address.c ++++ b/src/network/networkd-address.c +@@ -165,7 +165,7 @@ Address *address_free(Address *address) { + set_remove(address->link->dhcp6_pd_addresses, address); + set_remove(address->link->dhcp6_pd_addresses_old, address); + SET_FOREACH(n, address->link->ndisc_addresses) +- if (n->address == address) ++ if (address_equal(n->address, address)) + free(set_remove(address->link->ndisc_addresses, n)); + + if (address->family == AF_INET6 && +diff --git a/src/network/networkd-route.c b/src/network/networkd-route.c +index 7b36b48141..77a93beca9 100644 +--- a/src/network/networkd-route.c ++++ b/src/network/networkd-route.c +@@ -279,7 +279,7 @@ Route *route_free(Route *route) { + set_remove(route->link->dhcp6_pd_routes, route); + set_remove(route->link->dhcp6_pd_routes_old, route); + SET_FOREACH(n, route->link->ndisc_routes) +- if (n->route == route) ++ if (route_equal(n->route, route)) + free(set_remove(route->link->ndisc_routes, n)); + } + +@@ -435,7 +435,7 @@ DEFINE_HASH_OPS_WITH_KEY_DESTRUCTOR( + route_compare_func, + route_free); + +-static bool route_equal(const Route *r1, const Route *r2) { ++bool route_equal(const Route *r1, const Route *r2) { + if (r1 == r2) + return true; + +diff --git a/src/network/networkd-route.h b/src/network/networkd-route.h +index fa0b3ba0fc..2d262819ad 100644 +--- a/src/network/networkd-route.h ++++ b/src/network/networkd-route.h +@@ -66,6 +66,7 @@ typedef struct Route { + + void route_hash_func(const Route *route, struct siphash *state); + int route_compare_func(const Route *a, const Route *b); ++bool route_equal(const Route *r1, const Route *r2); + extern const struct hash_ops route_hash_ops; + + int route_new(Route **ret); +-- +2.33.0 +
View file
_service:tar_scm:backport-network-use-monotonic-instead-of-boot-time-to-handle.patch
Added
@@ -0,0 +1,36 @@ +From 171daf2dc084fab16c0696b139b1af3f0ab9d9f0 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 6 Aug 2021 19:37:16 +0900 +Subject: PATCH network: use monotonic instead of boot time to handle address + creation/update timestamp + +Follow-up for 25db3aeaf32ba95bad5e765720ebc23c8ef77a99 and 899034ba8167bd16e802cfbea29a9ee85dee5be5. + +Fixes another issue in #20244. + +(cherry picked from commit 5865dc1493e5519549d24fef23a2ce5c812eca32) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/171daf2dc084fab16c0696b139b1af3f0ab9d9f0 +--- + src/network/networkd-ndisc.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/network/networkd-ndisc.c b/src/network/networkd-ndisc.c +index efc4707855..e3705bfed5 100644 +--- a/src/network/networkd-ndisc.c ++++ b/src/network/networkd-ndisc.c +@@ -765,7 +765,9 @@ static int ndisc_router_process_autonomous_prefix(Link *link, sd_ndisc_router *r + assert(link); + assert(rt); + +- r = sd_ndisc_router_get_timestamp(rt, clock_boottime_or_monotonic(), &time_now); ++ /* Do not use clock_boottime_or_monotonic() here, as the kernel internally manages cstamp and ++ * tstamp with jiffies, and it is not increased while the system is suspended. */ ++ r = sd_ndisc_router_get_timestamp(rt, CLOCK_MONOTONIC, &time_now); + if (r < 0) + return log_link_error_errno(link, r, "Failed to get RA timestamp: %m"); + +-- +2.33.0 +
View file
_service:tar_scm:backport-networkd-Include-linux-netdevice.h-header.patch
Added
@@ -0,0 +1,37 @@ +From 898949f71513da918c4aa94a0681fbc6b868e00f Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Mon, 26 Jul 2021 10:58:46 -0700 +Subject: PATCH networkd: Include linux/netdevice.h header +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This header provides definitions for NET_NAME_UNKNOWN ånd NET_NAME_ENUM +Fixes build issue found with non-glibc systems + +../git/src/network/networkd-link.c:1203:52: error: 'NET_NAME_UNKNOWN' undeclared (first use in this function) + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +(cherry picked from commit 2a0d07d6a0d5be63c6c10cb0789412f584858ec1) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/898949f71513da918c4aa94a0681fbc6b868e00f +--- + src/network/networkd-link.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c +index c1ab14ebec..9421ce1aa6 100644 +--- a/src/network/networkd-link.c ++++ b/src/network/networkd-link.c +@@ -4,6 +4,7 @@ + #include <linux/if.h> + #include <linux/if_arp.h> + #include <linux/if_link.h> ++#include <linux/netdevice.h> + #include <sys/socket.h> + #include <unistd.h> + +-- +2.33.0 +
View file
_service:tar_scm:backport-nspawn-fix-type-to-pass-to-connect.patch
Added
@@ -0,0 +1,34 @@ +From caa0827ca920617dc54e62be1ff8422ad9ce2d3a Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Wed, 1 Sep 2021 14:41:37 +0200 +Subject: PATCH nspawn: fix type to pass to connect() + +It expects a generic "struct sockaddr", not a "struct sockaddr_un". +Pass the right member of the union. + +Not sure why gcc/llvm never complained about this... + +(cherry picked from commit 32b9736a230d47b73babcc5cfa27d672bb721bd0) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/caa0827ca920617dc54e62be1ff8422ad9ce2d3a +--- + src/nspawn/nspawn.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c +index 04685fecba..575b9da447 100644 +--- a/src/nspawn/nspawn.c ++++ b/src/nspawn/nspawn.c +@@ -5354,7 +5354,7 @@ static int cant_be_in_netns(void) { + if (fd < 0) + return log_error_errno(errno, "Failed to allocate udev control socket: %m"); + +- if (connect(fd, &sa.un, SOCKADDR_UN_LEN(sa.un)) < 0) { ++ if (connect(fd, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) { + + if (errno == ENOENT || ERRNO_IS_DISCONNECT(errno)) + return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), +-- +2.33.0 +
View file
_service:tar_scm:backport-nss-drop-dummy-setup_logging-helpers.patch
Added
@@ -0,0 +1,61 @@ +From da98ffd65aa29ee968a4f4379f5c8e06bf2d58f4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Tue, 11 Jan 2022 13:23:27 +0100 +Subject: PATCH nss: drop dummy setup_logging() helpers + +log_parse_environment() stopped being a macro in 9fdee66f2d9. +As reported by @bauen1 in https://github.com/systemd/systemd/issues/22020, +the comment was out of date. + +(cherry picked from commit 56a5f4969b96529c82ec8cc08db4fa8e9c61e7b9) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/da98ffd65aa29ee968a4f4379f5c8e06bf2d58f4 +--- + src/nss-mymachines/nss-mymachines.c | 7 +------ + src/nss-systemd/nss-systemd.c | 7 +------ + 2 files changed, 2 insertions(+), 12 deletions(-) + +diff --git a/src/nss-mymachines/nss-mymachines.c b/src/nss-mymachines/nss-mymachines.c +index 44715bb3e5..781fd48d72 100644 +--- a/src/nss-mymachines/nss-mymachines.c ++++ b/src/nss-mymachines/nss-mymachines.c +@@ -22,14 +22,9 @@ + #include "signal-util.h" + #include "string-util.h" + +-static void setup_logging(void) { +- /* We need a dummy function because log_parse_environment is a macro. */ +- log_parse_environment(); +-} +- + static void setup_logging_once(void) { + static pthread_once_t once = PTHREAD_ONCE_INIT; +- assert_se(pthread_once(&once, setup_logging) == 0); ++ assert_se(pthread_once(&once, log_parse_environment) == 0); + } + + #define NSS_ENTRYPOINT_BEGIN \ +diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c +index 36486b96e3..c6c00c40e6 100644 +--- a/src/nss-systemd/nss-systemd.c ++++ b/src/nss-systemd/nss-systemd.c +@@ -116,14 +116,9 @@ static GetentData getsgent_data = { + .mutex = PTHREAD_MUTEX_INITIALIZER, + }; + +-static void setup_logging(void) { +- /* We need a dummy function because log_parse_environment is a macro. */ +- log_parse_environment(); +-} +- + static void setup_logging_once(void) { + static pthread_once_t once = PTHREAD_ONCE_INIT; +- assert_se(pthread_once(&once, setup_logging) == 0); ++ assert_se(pthread_once(&once, log_parse_environment) == 0); + } + + #define NSS_ENTRYPOINT_BEGIN \ +-- +2.33.0 +
View file
_service:tar_scm:backport-nss-myhostname-do-not-apply-non-zero-offset-to-null-.patch
Added
@@ -0,0 +1,45 @@ +From 05189e8c961c6b4ac8ef79c8911cb56965a5034f Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 31 Dec 2021 09:13:00 +0900 +Subject: PATCH nss-myhostname: do not apply non-zero offset to null pointer + +Fixes https://github.com/systemd/systemd/issues/21935#issuecomment-1003216503. + +(cherry picked from commit 92e9df9ca031b9b04487a46afd986ab3122183fd) +(cherry picked from commit a473bfb4332ad6b0a0894135c4de0f8cc324d378) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/05189e8c961c6b4ac8ef79c8911cb56965a5034f +--- + src/nss-myhostname/nss-myhostname.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/nss-myhostname/nss-myhostname.c b/src/nss-myhostname/nss-myhostname.c +index 3536c5fc83..67b1554d27 100644 +--- a/src/nss-myhostname/nss-myhostname.c ++++ b/src/nss-myhostname/nss-myhostname.c +@@ -39,10 +39,8 @@ enum nss_status _nss_myhostname_gethostbyname4_r( + const char *canonical = NULL; + int n_addresses = 0; + uint32_t local_address_ipv4; +- struct local_address *a; + size_t l, idx, ms; + char *r_name; +- unsigned n; + + PROTECT_ERRNO; + BLOCK_SIGNALS(NSS_SIGNALS_BLOCK); +@@ -136,7 +134,9 @@ enum nss_status _nss_myhostname_gethostbyname4_r( + } + + /* Fourth, fill actual addresses in, but in backwards order */ +- for (a = addresses + n_addresses - 1, n = 0; (int) n < n_addresses; n++, a--) { ++ for (int i = n_addresses; i > 0; i--) { ++ struct local_address *a = addresses + i - 1; ++ + r_tuple = (struct gaih_addrtuple*) (buffer + idx); + r_tuple->next = r_tuple_prev; + r_tuple->name = r_name; +-- +2.33.0 +
View file
_service:tar_scm:backport-nss-only-read-logging-config-from-environment-variab.patch
Added
@@ -0,0 +1,118 @@ +From 9e29d13926b62c10d931d287b30b7874872bfe39 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Tue, 11 Jan 2022 13:36:39 +0100 +Subject: PATCH nss: only read logging config from environment variables + +log_parse_environment() uses should_parse_proc_cmdline() to determine whether +it should parse settings from the kernel command line. But the checks that +should_parse_proc_cmdline() apply to the whole process, and we could get a positive +answer also when log_parse_environment() was called from one of the nss modules. +In case of nss-modules, we don't want to look at the kernel command line. + +log_parse_environment_variables() that only looks at the environment variables +is split out and used in the nss modules. + +Fixes #22020. + +(cherry picked from commit a7d15a24659770b0fa9f4cd26fc7bbb17765cbb7) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/9e29d13926b62c10d931d287b30b7874872bfe39 +--- + src/basic/log.c | 16 ++++++++++------ + src/basic/log.h | 1 + + src/nss-mymachines/nss-mymachines.c | 2 +- + src/nss-resolve/nss-resolve.c | 2 +- + src/nss-systemd/nss-systemd.c | 2 +- + 5 files changed, 14 insertions(+), 9 deletions(-) + +diff --git a/src/basic/log.c b/src/basic/log.c +index fb183ea9e7..1d68b49963 100644 +--- a/src/basic/log.c ++++ b/src/basic/log.c +@@ -1189,14 +1189,9 @@ static bool should_parse_proc_cmdline(void) { + return getpid_cached() == p; + } + +-void log_parse_environment(void) { ++void log_parse_environment_variables(void) { + const char *e; + +- /* Do not call from library code. */ +- +- if (should_parse_proc_cmdline()) +- (void) proc_cmdline_parse(parse_proc_cmdline_item, NULL, PROC_CMDLINE_STRIP_RD_PREFIX); +- + e = getenv("SYSTEMD_LOG_TARGET"); + if (e && log_set_target_from_string(e) < 0) + log_warning("Failed to parse log target '%s'. Ignoring.", e); +@@ -1222,6 +1217,15 @@ void log_parse_environment(void) { + log_warning("Failed to parse log tid '%s'. Ignoring.", e); + } + ++void log_parse_environment(void) { ++ /* Do not call from library code. */ ++ ++ if (should_parse_proc_cmdline()) ++ (void) proc_cmdline_parse(parse_proc_cmdline_item, NULL, PROC_CMDLINE_STRIP_RD_PREFIX); ++ ++ log_parse_environment_variables(); ++} ++ + LogTarget log_get_target(void) { + return log_target; + } +diff --git a/src/basic/log.h b/src/basic/log.h +index 8bfae8e0e5..3dbd01a75d 100644 +--- a/src/basic/log.h ++++ b/src/basic/log.h +@@ -69,6 +69,7 @@ int log_open(void); + void log_close(void); + void log_forget_fds(void); + ++void log_parse_environment_variables(void); + void log_parse_environment(void); + + int log_dispatch_internal( +diff --git a/src/nss-mymachines/nss-mymachines.c b/src/nss-mymachines/nss-mymachines.c +index 781fd48d72..c64e79bdff 100644 +--- a/src/nss-mymachines/nss-mymachines.c ++++ b/src/nss-mymachines/nss-mymachines.c +@@ -24,7 +24,7 @@ + + static void setup_logging_once(void) { + static pthread_once_t once = PTHREAD_ONCE_INIT; +- assert_se(pthread_once(&once, log_parse_environment) == 0); ++ assert_se(pthread_once(&once, log_parse_environment_variables) == 0); + } + + #define NSS_ENTRYPOINT_BEGIN \ +diff --git a/src/nss-resolve/nss-resolve.c b/src/nss-resolve/nss-resolve.c +index 4f54973202..dd2e5206e2 100644 +--- a/src/nss-resolve/nss-resolve.c ++++ b/src/nss-resolve/nss-resolve.c +@@ -22,7 +22,7 @@ + static JsonDispatchFlags json_dispatch_flags = 0; + + static void setup_logging(void) { +- log_parse_environment(); ++ log_parse_environment_variables(); + + if (DEBUG_LOGGING) + json_dispatch_flags = JSON_LOG; +diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c +index c6c00c40e6..e87f1d31b3 100644 +--- a/src/nss-systemd/nss-systemd.c ++++ b/src/nss-systemd/nss-systemd.c +@@ -118,7 +118,7 @@ static GetentData getsgent_data = { + + static void setup_logging_once(void) { + static pthread_once_t once = PTHREAD_ONCE_INIT; +- assert_se(pthread_once(&once, log_parse_environment) == 0); ++ assert_se(pthread_once(&once, log_parse_environment_variables) == 0); + } + + #define NSS_ENTRYPOINT_BEGIN \ +-- +2.33.0 +
View file
_service:tar_scm:backport-nss-systemd-ensure-returned-strings-point-into-provi.patch
Added
@@ -0,0 +1,350 @@ +From 055ba736e12255cf79acc81aac382344129d03c5 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro <mcatanzaro@redhat.com> +Date: Wed, 8 Sep 2021 16:51:16 -0500 +Subject: PATCH nss-systemd: ensure returned strings point into provided + buffer + +Jamie Bainbridge found an issue where glib's g_get_user_database_entry() +may crash after doing: + +``` +error = getpwnam_r (logname, &pwd, buffer, bufsize, &pw); +// ... +pw->pw_name0 = g_ascii_toupper (pw->pw_name0); +``` + +in order to uppercase the first letter of the user's real name. This is +a glib bug, because there is a different codepath that gets the pwd from +vanilla getpwnam instead of getpwnam_r as shown here. When the pwd +struct is returned by getpwnam, its fields point to static data owned by +glibc/NSS, and so it must not be modified by the caller. After much +debugging, Jamie Bainbridge has fixed this in https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2244 +by making a copy of the data before modifying it, and that resolves all +problems for glib. Yay! + +However, glib is crashing even when getpwnam_r is used instead of +getpwnam! According to getpwnam_r(3), the strings in the pwd struct are +supposed to be pointers into the buffer passed by the caller, so glib +should be able to safely edit it directly in this case, so long as it +doesn't try to increase the size of any of the strings. + +Problem is various functions throughout nss-systemd.c return synthesized +records declared at the top of the file. These records are returned +directly and so contain pointers to static strings owned by +libsystemd-nss. systemd must instead copy all the strings into the +provided buffer. + +This crash is reproducible if nss-systemd is listed first on the passwd +line in /etc/nsswitch.conf, and the application looks up one of the +synthesized user accounts "root" or "nobody", and finally the +application attempts to edit one of the strings in the returned struct. +All our synthesized records for the other struct types have the same +problem, so this commit fixes them all at once. + +Fixes #20679 + +(cherry picked from commit 47fd7fa6c650d7a0ac41bc89747e3b866ffb9534) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/055ba736e12255cf79acc81aac382344129d03c5 +--- + src/nss-systemd/nss-systemd.c | 204 ++++++++++++++++++++++++++++------ + 1 file changed, 168 insertions(+), 36 deletions(-) + +diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c +index 1b0866109a..1840a0d508 100644 +--- a/src/nss-systemd/nss-systemd.c ++++ b/src/nss-systemd/nss-systemd.c +@@ -2,6 +2,7 @@ + + #include <nss.h> + #include <pthread.h> ++#include <string.h> + + #include "env-util.h" + #include "errno-util.h" +@@ -139,6 +140,155 @@ NSS_GRENT_PROTOTYPES(systemd); + NSS_SGENT_PROTOTYPES(systemd); + NSS_INITGROUPS_PROTOTYPE(systemd); + ++/* Since our NSS functions implement reentrant glibc APIs, we have to guarantee ++ * all the string pointers we return point into the buffer provided by the ++ * caller, not into our own static memory. */ ++ ++static enum nss_status copy_synthesized_passwd( ++ struct passwd *dest, ++ const struct passwd *src, ++ char *buffer, size_t buflen, ++ int *errnop) { ++ ++ size_t required; ++ ++ assert(dest); ++ assert(src); ++ assert(src->pw_name); ++ assert(src->pw_passwd); ++ assert(src->pw_gecos); ++ assert(src->pw_dir); ++ assert(src->pw_shell); ++ ++ required = strlen(src->pw_name) + 1; ++ required += strlen(src->pw_passwd) + 1; ++ required += strlen(src->pw_gecos) + 1; ++ required += strlen(src->pw_dir) + 1; ++ required += strlen(src->pw_shell) + 1; ++ ++ if (buflen < required) { ++ *errnop = ERANGE; ++ return NSS_STATUS_TRYAGAIN; ++ } ++ ++ assert(buffer); ++ ++ *dest = *src; ++ ++ /* String fields point into the user-provided buffer */ ++ dest->pw_name = buffer; ++ dest->pw_passwd = stpcpy(dest->pw_name, src->pw_name) + 1; ++ dest->pw_gecos = stpcpy(dest->pw_passwd, src->pw_passwd) + 1; ++ dest->pw_dir = stpcpy(dest->pw_gecos, src->pw_gecos) + 1; ++ dest->pw_shell = stpcpy(dest->pw_dir, src->pw_dir) + 1; ++ strcpy(dest->pw_shell, src->pw_shell); ++ ++ return NSS_STATUS_SUCCESS; ++} ++ ++static enum nss_status copy_synthesized_spwd( ++ struct spwd *dest, ++ const struct spwd *src, ++ char *buffer, size_t buflen, ++ int *errnop) { ++ ++ size_t required; ++ ++ assert(dest); ++ assert(src); ++ assert(src->sp_namp); ++ assert(src->sp_pwdp); ++ ++ required = strlen(src->sp_namp) + 1; ++ required += strlen(src->sp_pwdp) + 1; ++ ++ if (buflen < required) { ++ *errnop = ERANGE; ++ return NSS_STATUS_TRYAGAIN; ++ } ++ ++ assert(buffer); ++ ++ *dest = *src; ++ ++ /* String fields point into the user-provided buffer */ ++ dest->sp_namp = buffer; ++ dest->sp_pwdp = stpcpy(dest->sp_namp, src->sp_namp) + 1; ++ strcpy(dest->sp_pwdp, src->sp_pwdp); ++ ++ return NSS_STATUS_SUCCESS; ++} ++ ++static enum nss_status copy_synthesized_group( ++ struct group *dest, ++ const struct group *src, ++ char *buffer, size_t buflen, ++ int *errnop) { ++ ++ size_t required; ++ ++ assert(dest); ++ assert(src); ++ assert(src->gr_name); ++ assert(src->gr_passwd); ++ assert(src->gr_mem); ++ assert(!*src->gr_mem); /* Our synthesized records' gr_mem is always just NULL... */ ++ ++ required = strlen(src->gr_name) + 1; ++ required += strlen(src->gr_passwd) + 1; ++ required += 1; /* ...but that NULL still needs to be stored into the buffer! */ ++ ++ if (buflen < required) { ++ *errnop = ERANGE; ++ return NSS_STATUS_TRYAGAIN; ++ } ++ ++ assert(buffer); ++ ++ *dest = *src; ++ ++ /* String fields point into the user-provided buffer */ ++ dest->gr_name = buffer; ++ dest->gr_passwd = stpcpy(dest->gr_name, src->gr_name) + 1; ++ dest->gr_mem = (char **) strcpy(dest->gr_passwd, src->gr_passwd) + 1; ++ *dest->gr_mem = NULL; ++ ++ return NSS_STATUS_SUCCESS; ++} ++ ++static enum nss_status copy_synthesized_sgrp( ++ struct sgrp *dest, ++ const struct sgrp *src, ++ char *buffer, size_t buflen, ++ int *errnop) { ++ ++ size_t required; ++ ++ assert(dest); ++ assert(src); ++ assert(src->sg_namp); ++ assert(src->sg_passwd); ++ ++ required = strlen(src->sg_namp) + 1;
View file
_service:tar_scm:backport-nss-systemd-fix-alignment-of-gr_mem.patch
Added
@@ -0,0 +1,43 @@ +From 649e83bb995eb067cce3e70f50e5d3ab54c9d47d Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 31 Dec 2021 06:59:42 +0900 +Subject: PATCH nss-systemd: fix alignment of gr_mem + +Follow-up for 1e65eb8f9b7d567462030b2e625998d77677e636. + +Fixes #21935. + +(cherry picked from commit 420a35c1fadfb4d67be6316436233d98b5688de5) +(cherry picked from commit 9c8bc0451ab2393f3b9b689e46e1b05e9f6dad35) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/649e83bb995eb067cce3e70f50e5d3ab54c9d47d +--- + src/nss-systemd/nss-systemd.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c +index 7aea3652c4..36486b96e3 100644 +--- a/src/nss-systemd/nss-systemd.c ++++ b/src/nss-systemd/nss-systemd.c +@@ -238,7 +238,7 @@ static enum nss_status copy_synthesized_group( + required += strlen(src->gr_passwd) + 1; + required += sizeof(char*); /* ...but that NULL still needs to be stored into the buffer! */ + +- if (buflen < required) { ++ if (buflen < ALIGN(required)) { + *errnop = ERANGE; + return NSS_STATUS_TRYAGAIN; + } +@@ -250,7 +250,7 @@ static enum nss_status copy_synthesized_group( + /* String fields point into the user-provided buffer */ + dest->gr_name = buffer; + dest->gr_passwd = stpcpy(dest->gr_name, src->gr_name) + 1; +- dest->gr_mem = (char **) stpcpy(dest->gr_passwd, src->gr_passwd) + 1; ++ dest->gr_mem = ALIGN_PTR(stpcpy(dest->gr_passwd, src->gr_passwd) + 1); + *dest->gr_mem = NULL; + + return NSS_STATUS_SUCCESS; +-- +2.33.0 +
View file
_service:tar_scm:backport-nss-systemd-fix-required-buffer-size-calculation.patch
Added
@@ -0,0 +1,45 @@ +From 5f78618a44a21197e727cd1c62da5aa8bf7e0610 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 31 Dec 2021 00:31:51 +0900 +Subject: PATCH nss-systemd: fix required buffer size calculation + +This also fixes the pointer assigned to the gr_mem element of struct group. + +Fixes a bug introduced by 47fd7fa6c650d7a0ac41bc89747e3b866ffb9534. + +Fixes #21935. + +(cherry picked from commit 1e65eb8f9b7d567462030b2e625998d77677e636) +(cherry picked from commit 17227e81ab8a9bdfac679d450ed35434435a6ff8) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/5f78618a44a21197e727cd1c62da5aa8bf7e0610 +--- + src/nss-systemd/nss-systemd.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/nss-systemd/nss-systemd.c b/src/nss-systemd/nss-systemd.c +index 1840a0d508..7aea3652c4 100644 +--- a/src/nss-systemd/nss-systemd.c ++++ b/src/nss-systemd/nss-systemd.c +@@ -236,7 +236,7 @@ static enum nss_status copy_synthesized_group( + + required = strlen(src->gr_name) + 1; + required += strlen(src->gr_passwd) + 1; +- required += 1; /* ...but that NULL still needs to be stored into the buffer! */ ++ required += sizeof(char*); /* ...but that NULL still needs to be stored into the buffer! */ + + if (buflen < required) { + *errnop = ERANGE; +@@ -250,7 +250,7 @@ static enum nss_status copy_synthesized_group( + /* String fields point into the user-provided buffer */ + dest->gr_name = buffer; + dest->gr_passwd = stpcpy(dest->gr_name, src->gr_name) + 1; +- dest->gr_mem = (char **) strcpy(dest->gr_passwd, src->gr_passwd) + 1; ++ dest->gr_mem = (char **) stpcpy(dest->gr_passwd, src->gr_passwd) + 1; + *dest->gr_mem = NULL; + + return NSS_STATUS_SUCCESS; +-- +2.33.0 +
View file
_service:tar_scm:backport-nss-systemd-pack-pw_passwd-result-into-supplied-buff.patch
Added
@@ -0,0 +1,58 @@ +From 84313bc5a262e87f49d176db169e1562d7060b33 Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro <mcatanzaro@redhat.com> +Date: Wed, 8 Sep 2021 13:42:16 -0500 +Subject: PATCH nss-systemd: pack pw_passwd result into supplied buffer + +getpwnam_r() guarantees that the strings in the struct passwd that it +returns are pointers into the buffer allocated by the application and +passed to getpwnam_r(). This means applications may choose to modify the +strings in place, as long as the length of the strings is not increased. +So it's wrong for us to return a static string here, we really do have +to copy it into the application-provided buffer like we do for all the +other strings. + +This is only a theoretical problem since it would be very weird for an +application to modify the pw_passwd field, but I spotted this when +investigating a similar crash caused by glib editing a different field. +See also: + +https://gitlab.gnome.org/GNOME/glib/-/merge_requests/2244 +(cherry picked from commit 92b264676ccd79c89da270aabc1ec466fa18cd0d) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/84313bc5a262e87f49d176db169e1562d7060b33 +--- + src/nss-systemd/userdb-glue.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/nss-systemd/userdb-glue.c b/src/nss-systemd/userdb-glue.c +index a55790f641..c865ff0d82 100644 +--- a/src/nss-systemd/userdb-glue.c ++++ b/src/nss-systemd/userdb-glue.c +@@ -35,6 +35,8 @@ int nss_pack_user_record( + assert(hr->user_name); + required = strlen(hr->user_name) + 1; + ++ required += 2; /* strlen(PASSWORD_SEE_SHADOW) + 1 */ ++ + assert_se(rn = user_record_real_name(hr)); + required += strlen(rn) + 1; + +@@ -51,12 +53,12 @@ int nss_pack_user_record( + .pw_name = buffer, + .pw_uid = hr->uid, + .pw_gid = user_record_gid(hr), +- .pw_passwd = (char*) PASSWORD_SEE_SHADOW, + }; + + assert(buffer); + +- pwd->pw_gecos = stpcpy(pwd->pw_name, hr->user_name) + 1; ++ pwd->pw_passwd = stpcpy(pwd->pw_name, hr->user_name) + 1; ++ pwd->pw_gecos = stpcpy(pwd->pw_passwd, PASSWORD_SEE_SHADOW) + 1; + pwd->pw_dir = stpcpy(pwd->pw_gecos, rn) + 1; + pwd->pw_shell = stpcpy(pwd->pw_dir, hd) + 1; + strcpy(pwd->pw_shell, shell); +-- +2.33.0 +
View file
_service:tar_scm:backport-oomd-fix-race-with-path-unavailability-when-killing-.patch
Added
@@ -0,0 +1,45 @@ +From 1656ad6fd17e5be6504785bf94495437bcf453cb Mon Sep 17 00:00:00 2001 +From: Anita Zhang <the.anitazha@gmail.com> +Date: Wed, 19 Jan 2022 10:40:46 -0800 +Subject: PATCH oomd: fix race with path unavailability when killing cgroups + +There can be a situation where systemd-oomd would kill all of the processes +in a cgroup, pid1 would clean up that cgroup, and systemd-oomd would get +ENODEV trying to iterate the cgroup a final time to ensure it was empty. +systemd-oomd sees this as an error and immediately picks a new candidate even +though pressure may have recovered. To counter this, check and handle +path unavailability errnos specially. + +Fixes: #22030 +(cherry picked from commit 2ee209466bb51f39ae9df7fec4d5594ce8cfa3f0) +(cherry picked from commit 0456e3aaaae7c21a037f4d3c758463c3ba4d167c) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/1656ad6fd17e5be6504785bf94495437bcf453cb +--- + src/oom/oomd-util.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/oom/oomd-util.c b/src/oom/oomd-util.c +index b2a48acb1f..503ede9a9f 100644 +--- a/src/oom/oomd-util.c ++++ b/src/oom/oomd-util.c +@@ -196,7 +196,14 @@ int oomd_cgroup_kill(const char *path, bool recurse, bool dry_run) { + r = cg_kill_recursive(SYSTEMD_CGROUP_CONTROLLER, path, SIGKILL, CGROUP_IGNORE_SELF, pids_killed, log_kill, NULL); + else + r = cg_kill(SYSTEMD_CGROUP_CONTROLLER, path, SIGKILL, CGROUP_IGNORE_SELF, pids_killed, log_kill, NULL); +- if (r < 0) ++ ++ /* The cgroup could have been cleaned up after we have sent SIGKILL to all of the processes, but before ++ * we could do one last iteration of cgroup.procs to check. Or the service unit could have exited and ++ * was removed between picking candidates and coming into this function. In either case, let's log ++ * about it let the caller decide what to do once they know how many PIDs were killed. */ ++ if (IN_SET(r, -ENOENT, -ENODEV)) ++ log_debug_errno(r, "Error when sending SIGKILL to processes in cgroup path %s, ignoring: %m", path); ++ else if (r < 0) + return r; + + r = increment_oomd_xattr(path, "user.oomd_kill", set_size(pids_killed)); +-- +2.33.0 +
View file
_service:tar_scm:backport-oomd-handle-situations-when-no-cgroups-are-killed.patch
Added
@@ -0,0 +1,104 @@ +From 07b5c382361a310b3ec1fa6ccfcfc99fb4fc1ee0 Mon Sep 17 00:00:00 2001 +From: Anita Zhang <the.anitazha@gmail.com> +Date: Wed, 19 Jan 2022 13:26:01 -0800 +Subject: PATCH oomd: handle situations when no cgroups are killed + +Currently if systemd-oomd doesn't kill anything in a selected cgroup, it +selects a new candidate immediately. But if a selected cgroup wasn't killed, +it is likely due to it disappearing or getting cleaned up between the time +it was selected as a candidate and getting sent SIGKILL(s). We should handle +it as though systemd-oomd did perform a kill so that it will check +swap/pressure again before it tries to select a new candidate. + +(cherry picked from commit 914d4e99f43761f1ce77b520850cf096aa5196cd) +(cherry picked from commit c4d89cd602b94ab3baac746395c797ec4da43679) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/07b5c382361a310b3ec1fa6ccfcfc99fb4fc1ee0 +--- + src/oom/oomd-manager.c | 10 +++++++--- + src/oom/oomd-util.c | 11 +++++------ + 2 files changed, 12 insertions(+), 9 deletions(-) + +diff --git a/src/oom/oomd-manager.c b/src/oom/oomd-manager.c +index 9cae0c9c8a..727206d0b3 100644 +--- a/src/oom/oomd-manager.c ++++ b/src/oom/oomd-manager.c +@@ -364,7 +364,7 @@ static int monitor_swap_contexts_handler(sd_event_source *s, uint64_t usec, void + if (r < 0) + log_notice_errno(r, "Failed to kill any cgroup(s) based on swap: %m"); + else { +- if (selected) ++ if (selected && r > 0) + log_notice("Killed %s due to memory used (%"PRIu64") / total (%"PRIu64") and " + "swap used (%"PRIu64") / total (%"PRIu64") being more than " + PERMYRIAD_AS_PERCENT_FORMAT_STR, +@@ -475,9 +475,13 @@ static int monitor_memory_pressure_contexts_handler(sd_event_source *s, uint64_t + if (r < 0) + log_notice_errno(r, "Failed to kill any cgroup(s) under %s based on pressure: %m", t->path); + else { +- /* Don't act on all the high pressure cgroups at once; return as soon as we kill one */ ++ /* Don't act on all the high pressure cgroups at once; return as soon as we kill one. ++ * If r == 0 then it means there were not eligible candidates, the candidate cgroup ++ * disappeared, or the candidate cgroup has no processes by the time we tried to kill ++ * it. In either case, go through the event loop again and select a new candidate if ++ * pressure is still high. */ + m->mem_pressure_post_action_delay_start = usec_now; +- if (selected) ++ if (selected && r > 0) + log_notice("Killed %s due to memory pressure for %s being %lu.%02lu%% > %lu.%02lu%%" + " for > %s with reclaim activity", + selected, t->path, +diff --git a/src/oom/oomd-util.c b/src/oom/oomd-util.c +index 503ede9a9f..5867d2946c 100644 +--- a/src/oom/oomd-util.c ++++ b/src/oom/oomd-util.c +@@ -206,6 +206,9 @@ int oomd_cgroup_kill(const char *path, bool recurse, bool dry_run) { + else if (r < 0) + return r; + ++ if (set_isempty(pids_killed)) ++ log_debug("Nothing killed when attempting to kill %s", path); ++ + r = increment_oomd_xattr(path, "user.oomd_kill", set_size(pids_killed)); + if (r < 0) + log_debug_errno(r, "Failed to set user.oomd_kill on kill: %m"); +@@ -231,8 +234,6 @@ int oomd_kill_by_pgscan_rate(Hashmap *h, const char *prefix, bool dry_run, char + continue; + + r = oomd_cgroup_kill(sortedi->path, true, dry_run); +- if (r == 0) +- continue; /* We didn't find anything to kill */ + if (r == -ENOMEM) + return r; /* Treat oom as a hard error */ + if (r < 0) { +@@ -245,7 +246,7 @@ int oomd_kill_by_pgscan_rate(Hashmap *h, const char *prefix, bool dry_run, char + if (!selected) + return -ENOMEM; + *ret_selected = selected; +- return 1; ++ return r; + } + + return ret; +@@ -271,8 +272,6 @@ int oomd_kill_by_swap_usage(Hashmap *h, uint64_t threshold_usage, bool dry_run, + continue; + + r = oomd_cgroup_kill(sortedi->path, true, dry_run); +- if (r == 0) +- continue; /* We didn't find anything to kill */ + if (r == -ENOMEM) + return r; /* Treat oom as a hard error */ + if (r < 0) { +@@ -285,7 +284,7 @@ int oomd_kill_by_swap_usage(Hashmap *h, uint64_t threshold_usage, bool dry_run, + if (!selected) + return -ENOMEM; + *ret_selected = selected; +- return 1; ++ return r; + } + + return ret; +-- +2.33.0 +
View file
_service:tar_scm:backport-openssl-util-use-EVP-API-to-get-RSA-bits.patch
Added
@@ -0,0 +1,41 @@ +From 0b982442694ff69e873349459b83b421abc60d52 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Wed, 29 Sep 2021 15:03:44 +0200 +Subject: PATCH openssl-util: use EVP API to get RSA bits + +(cherry picked from commit 7f12adc3000c08a370f74bd16c654506c8a99e92) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/0b982442694ff69e873349459b83b421abc60d52 +--- + src/shared/openssl-util.c | 7 +------ + 1 file changed, 1 insertion(+), 6 deletions(-) + +diff --git a/src/shared/openssl-util.c b/src/shared/openssl-util.c +index bb47ae5e87..bd728e6c7c 100644 +--- a/src/shared/openssl-util.c ++++ b/src/shared/openssl-util.c +@@ -46,7 +46,6 @@ int rsa_pkey_to_suitable_key_size( + size_t *ret_suitable_key_size) { + + size_t suitable_key_size; +- const RSA *rsa; + int bits; + + assert_se(pkey); +@@ -58,11 +57,7 @@ int rsa_pkey_to_suitable_key_size( + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) + return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), "X.509 certificate does not refer to RSA key."); + +- rsa = EVP_PKEY_get0_RSA(pkey); +- if (!rsa) +- return log_debug_errno(SYNTHETIC_ERRNO(EIO), "Failed to acquire RSA public key from X.509 certificate."); +- +- bits = RSA_bits(rsa); ++ bits = EVP_PKEY_bits(pkey); + log_debug("Bits in RSA key: %i", bits); + + /* We use PKCS#1 padding for the RSA cleartext, hence let's leave some extra space for it, hence only +-- +2.33.0 +
View file
_service:tar_scm:backport-packit-build-on-and-use-Fedora-35-spec-file.patch
Added
@@ -0,0 +1,51 @@ +From 4d2e39342352fce3969064e58e366753e7002f46 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi <bluca@debian.org> +Date: Tue, 15 Feb 2022 01:21:01 +0000 +Subject: PATCH packit: build on and use Fedora 35 spec file + +It's targeted to the v249 branch, while the rawhide one follows +the newest upstream release, and the command line options are not +compatible + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/4d2e39342352fce3969064e58e366753e7002f46 +--- + .packit.yml | 12 +++++------- + 1 file changed, 5 insertions(+), 7 deletions(-) + +diff --git a/.packit.yml b/.packit.yml +index ee47f8954e..fb2cb5a7c3 100644 +--- a/.packit.yml ++++ b/.packit.yml +@@ -16,8 +16,8 @@ upstream_tag_template: "v{version}" + + actions: + post-upstream-clone: +- # Use the Fedora Rawhide specfile +- - "git clone https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1" ++ # Use the Fedora 35 specfile ++ - "git clone --branch f35 https://src.fedoraproject.org/rpms/systemd .packit_rpm --depth=1" + # Drop the "sources" file so rebase-helper doesn't think we're a dist-git + - "rm -fv .packit_rpm/sources" + # Drop backported patches from the specfile, but keep the downstream-only ones +@@ -31,14 +31,12 @@ actions: + # 0 https://github.com/mesonbuild/meson/issues/7360 + # 1 https://github.com/systemd/systemd/pull/18908#issuecomment-792250110 + - 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec' +- # cryptolib is supported from v250 and newer, remove it +- - 'sed -i "/-Dcryptolib=openssl/d" .packit_rpm/systemd.spec' + + jobs: + - job: copr_build + trigger: pull_request + metadata: + targets: +- - fedora-rawhide-aarch64 +- - fedora-rawhide-i386 +- - fedora-rawhide-x86_64 ++ - fedora-35-aarch64 ++ - fedora-35-i386 ++ - fedora-35-x86_64 +-- +2.33.0 +
View file
_service:tar_scm:backport-packit-drop-unnumbered-patches-as-well.patch
Added
@@ -0,0 +1,33 @@ +From d566e288f2fb1935261d36c0c35effc4489da5e6 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal <frantisek@sumsal.cz> +Date: Thu, 17 Feb 2022 14:02:04 +0100 +Subject: PATCH packit: drop unnumbered patches as well + +(cherry picked from commit 729c6b6af8e3cef259b80746f7f7f10cc63d309f) +(cherry picked from commit 477b85f43871c78fce053ebbd9592bf71d49dd30) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/d566e288f2fb1935261d36c0c35effc4489da5e6 +--- + .packit.yml | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/.packit.yml b/.packit.yml +index fb2cb5a7c3..3a47c6a6a1 100644 +--- a/.packit.yml ++++ b/.packit.yml +@@ -21,9 +21,9 @@ actions: + # Drop the "sources" file so rebase-helper doesn't think we're a dist-git + - "rm -fv .packit_rpm/sources" + # Drop backported patches from the specfile, but keep the downstream-only ones +- # - Patch0000-0499: backported patches from upstream ++ # - Patch(0000-0499): backported patches from upstream + # - Patch0500-9999: downstream-only patches +- - "sed -ri '/^Patch00-4?0-9{0,2}\\:.+\\.patch/d' .packit_rpm/systemd.spec" ++ - "sed -ri '/^Patch(00-4?0-9{0,2})?\\:.+\\.patch/d' .packit_rpm/systemd.spec" + # Build the RPM with --werror. Even though --werror doesn't work in all + # cases (see 0), we can't use -Dc_args=/-Dcpp_args= here because of the + # RPM hardening macros, that use $CFLAGS/$CPPFLAGS (see 1). +-- +2.33.0 +
View file
_service:tar_scm:backport-packit-remove-unsupported-Dcryptolib-openssl-option.patch
Added
@@ -0,0 +1,29 @@ +From 8815d340e508f0456bb56e9858c6cea3390a6143 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi <bluca@debian.org> +Date: Tue, 15 Feb 2022 01:21:01 +0000 +Subject: PATCH packit: remove unsupported -Dcryptolib=openssl option + +Introduced later, so it breaks the build on v249-stable + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/8815d340e508f0456bb56e9858c6cea3390a6143 +--- + .packit.yml | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/.packit.yml b/.packit.yml +index 4545e30e08..ee47f8954e 100644 +--- a/.packit.yml ++++ b/.packit.yml +@@ -31,6 +31,8 @@ actions: + # 0 https://github.com/mesonbuild/meson/issues/7360 + # 1 https://github.com/systemd/systemd/pull/18908#issuecomment-792250110 + - 'sed -i "/^CONFIGURE_OPTS=(/a--werror" .packit_rpm/systemd.spec' ++ # cryptolib is supported from v250 and newer, remove it ++ - 'sed -i "/-Dcryptolib=openssl/d" .packit_rpm/systemd.spec' + + jobs: + - job: copr_build +-- +2.33.0 +
View file
_service:tar_scm:backport-path-util-make-find_executable-work-without-proc-mou.patch
Added
@@ -0,0 +1,37 @@ +From 727d0b55f46468d6171f4a326bd3139bab3c93ab Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Mon, 23 Aug 2021 06:16:48 +0900 +Subject: PATCH path-util: make find_executable() work without /proc mounted + +Follow-up for 888f65ace6296ed61285d31db846babf1c11885e. + +Hopefully fixes #20514. + +(cherry picked from commit 93413acd3ef3a637a0f31a1d133b103e1dc81fd6) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/727d0b55f46468d6171f4a326bd3139bab3c93ab +--- + src/basic/path-util.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/basic/path-util.c b/src/basic/path-util.c +index e5afb5f5f5..13d71ed1b6 100644 +--- a/src/basic/path-util.c ++++ b/src/basic/path-util.c +@@ -628,7 +628,11 @@ static int check_x_access(const char *path, int *ret_fd) { + return r; + + r = access_fd(fd, X_OK); +- if (r < 0) ++ if (r == -ENOSYS) { ++ /* /proc is not mounted. Fallback to access(). */ ++ if (access(path, X_OK) < 0) ++ return -errno; ++ } else if (r < 0) + return r; + + if (ret_fd) +-- +2.33.0 +
View file
_service:tar_scm:backport-pid1-fix-segv-triggered-by-status-query.patch
Added
@@ -0,0 +1,40 @@ +From 0aadfe4937045efd5a7a53a176d05db7dc937435 Mon Sep 17 00:00:00 2001 +From: Robin Humble <plaguedbypenguins@gmail.com> +Date: Wed, 1 Feb 2023 23:36:48 +1100 +Subject: PATCH pid1: fix segv triggered by status query (#26279) + +If any query makes it to the end of install_info_follow() then I think symlink_target is set to NULL. +If that is followed by -EXDEV from unit_file_load_or_readlink(), then that causes basename(NULL) +which segfaults pid 1. + +This is triggered by eg. "systemctl status crond" in RHEL9 if + +/etc/systemd/system/crond.service + -> /ram/etc/systemd/system/crond.service + -> /usr/lib/systemd/system/.crond.service.blah.blah + -> /usr/lib/systemd/system/crond.service + +(cherry picked from commit 19cfda9fc3c60de21a362ebb56bcb9f4a9855e85) +(cherry picked from commit 015b0ca9286471c05fe88cfa277dd82e20537ba8) +(cherry picked from commit 9a906fae890904284fe91e29b6bdcb64429fecba) +(cherry picked from commit a2dc9e3be9a8895edcba10f4c0d8d703b435c18b) +--- + src/shared/install.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shared/install.c b/src/shared/install.c +index 4bf868f8e9..f038665dea 100644 +--- a/src/shared/install.c ++++ b/src/shared/install.c +@@ -1609,7 +1609,7 @@ static int install_info_traverse( + } + + r = install_info_follow(c, i, paths->root_dir, flags, false); +- if (r == -EXDEV) { ++ if (r == -EXDEV && i->symlink_target) { + _cleanup_free_ char *buffer = NULL; + const char *bn; + +-- +2.27.0 +
View file
_service:tar_scm:backport-pid1-lookup-owning-PID-of-BusName-name-of-services-a.patch
Added
@@ -0,0 +1,160 @@ +From 1daa382a7f9e55d11f7b59b144a9963688169843 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Thu, 17 Feb 2022 14:40:25 +0100 +Subject: PATCH pid1: lookup owning PID of BusName= name of services + asynchronously + +A first step of removing blocking calls to the D-Bus broker from PID 1. +There's a lot more to got (i.e. grep src/core/ for sd_bus_creds +basically), but it's a start. + +Removing blocking calls to D-Bus broker deals systematicallly with +deadlocks caused by dbus-daemon blocking on synchronous IPC calls back +to PID1 (e.g. Varlink calls through nss-systemd). Bugs such as #15316. + +Also-see: https://github.com/systemd/systemd/pull/22038#issuecomment-1042958390 +(cherry picked from commit e39eb045a502d599e6cd3fda7a46020dd438d018) +(cherry picked from commit cf390149cb25248169c482e315a1a7ff02eaf956) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/1daa382a7f9e55d11f7b59b144a9963688169843 +--- + src/core/service.c | 91 ++++++++++++++++++++++++++++++++++++---------- + src/core/service.h | 2 + + 2 files changed, 74 insertions(+), 19 deletions(-) + +diff --git a/src/core/service.c b/src/core/service.c +index 5f56217904..f6eb46cb54 100644 +--- a/src/core/service.c ++++ b/src/core/service.c +@@ -398,6 +398,8 @@ static void service_done(Unit *u) { + s->timer_event_source = sd_event_source_disable_unref(s->timer_event_source); + s->exec_fd_event_source = sd_event_source_disable_unref(s->exec_fd_event_source); + ++ s->bus_name_pid_lookup_slot = sd_bus_slot_unref(s->bus_name_pid_lookup_slot); ++ + service_release_resources(u); + } + +@@ -4216,6 +4218,60 @@ static int service_get_timeout(Unit *u, usec_t *timeout) { + return 1; + } + ++static bool pick_up_pid_from_bus_name(Service *s) { ++ assert(s); ++ ++ /* If the service is running but we have no main PID yet, get it from the owner of the D-Bus name */ ++ ++ return !pid_is_valid(s->main_pid) && ++ IN_SET(s->state, ++ SERVICE_START, ++ SERVICE_START_POST, ++ SERVICE_RUNNING, ++ SERVICE_RELOAD); ++} ++ ++static int bus_name_pid_lookup_callback(sd_bus_message *reply, void *userdata, sd_bus_error *ret_error) { ++ const sd_bus_error *e; ++ Unit *u = userdata; ++ uint32_t pid; ++ Service *s; ++ int r; ++ ++ assert(reply); ++ assert(u); ++ ++ s = SERVICE(u); ++ s->bus_name_pid_lookup_slot = sd_bus_slot_unref(s->bus_name_pid_lookup_slot); ++ ++ if (!s->bus_name || !pick_up_pid_from_bus_name(s)) ++ return 1; ++ ++ e = sd_bus_message_get_error(reply); ++ if (e) { ++ r = sd_bus_error_get_errno(e); ++ log_warning_errno(r, "GetConnectionUnixProcessID() failed: %s", bus_error_message(e, r)); ++ return 1; ++ } ++ ++ r = sd_bus_message_read(reply, "u", &pid); ++ if (r < 0) { ++ bus_log_parse_error(r); ++ return 1; ++ } ++ ++ if (!pid_is_valid(pid)) { ++ log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "GetConnectionUnixProcessID() returned invalid PID"); ++ return 1; ++ } ++ ++ log_unit_debug(u, "D-Bus name %s is now owned by process " PID_FMT, s->bus_name, (pid_t) pid); ++ ++ service_set_main_pid(s, pid); ++ unit_watch_pid(UNIT(s), pid, false); ++ return 1; ++} ++ + static void service_bus_name_owner_change(Unit *u, const char *new_owner) { + + Service *s = SERVICE(u); +@@ -4246,28 +4302,25 @@ static void service_bus_name_owner_change(Unit *u, const char *new_owner) { + else if (s->state == SERVICE_START && new_owner) + service_enter_start_post(s); + +- } else if (new_owner && +- s->main_pid <= 0 && +- IN_SET(s->state, +- SERVICE_START, +- SERVICE_START_POST, +- SERVICE_RUNNING, +- SERVICE_RELOAD)) { +- +- _cleanup_(sd_bus_creds_unrefp) sd_bus_creds *creds = NULL; +- pid_t pid; ++ } else if (new_owner && pick_up_pid_from_bus_name(s)) { + + /* Try to acquire PID from bus service */ + +- r = sd_bus_get_name_creds(u->manager->api_bus, s->bus_name, SD_BUS_CREDS_PID, &creds); +- if (r >= 0) +- r = sd_bus_creds_get_pid(creds, &pid); +- if (r >= 0) { +- log_unit_debug(u, "D-Bus name %s is now owned by process " PID_FMT, s->bus_name, pid); +- +- service_set_main_pid(s, pid); +- unit_watch_pid(UNIT(s), pid, false); +- } ++ s->bus_name_pid_lookup_slot = sd_bus_slot_unref(s->bus_name_pid_lookup_slot); ++ ++ r = sd_bus_call_method_async( ++ u->manager->api_bus, ++ &s->bus_name_pid_lookup_slot, ++ "org.freedesktop.DBus", ++ "/org/freedesktop/DBus", ++ "org.freedesktop.DBus", ++ "GetConnectionUnixProcessID", ++ bus_name_pid_lookup_callback, ++ s, ++ "s", ++ s->bus_name); ++ if (r < 0) ++ log_debug_errno(r, "Failed to request owner PID of service name, ignoring: %m"); + } + } + +diff --git a/src/core/service.h b/src/core/service.h +index 6d931c3d5e..6c47c91f85 100644 +--- a/src/core/service.h ++++ b/src/core/service.h +@@ -185,6 +185,8 @@ struct Service { + NotifyAccess notify_access; + NotifyState notify_state; + ++ sd_bus_slot *bus_name_pid_lookup_slot; ++ + sd_event_source *exec_fd_event_source; + + ServiceFDStore *fd_store; +-- +2.33.0 +
View file
_service:tar_scm:backport-pid1-pass-PAM_DATA_SILENT-to-pam_end-in-child.patch
Added
@@ -0,0 +1,42 @@ +From 9ac4b463b6d8da420c2b12af4408d0d583280a6d Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Tue, 1 Feb 2022 12:37:51 +0100 +Subject: PATCH pid1: pass PAM_DATA_SILENT to pam_end() in child + +Fixes: #22318 +(cherry picked from commit 7feb2b5737ad110eb3985e8e9d8189f18d1c5147) +(cherry picked from commit 9c560d201527ee064ae11784d6538ae544926181) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/9ac4b463b6d8da420c2b12af4408d0d583280a6d +--- + src/core/execute.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/core/execute.c b/src/core/execute.c +index 2f2de4d9cf..04c0513453 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -1323,7 +1323,9 @@ static int setup_pam( + ret = 0; + + child_finish: +- pam_end(handle, pam_code | flags); ++ /* NB: pam_end() when called in child processes should set PAM_DATA_SILENT to let the module ++ * know about this. See pam_end(3) */ ++ (void) pam_end(handle, pam_code | flags | PAM_DATA_SILENT); + _exit(ret); + } + +@@ -1358,7 +1360,7 @@ fail: + if (close_session) + pam_code = pam_close_session(handle, flags); + +- pam_end(handle, pam_code | flags); ++ (void) pam_end(handle, pam_code | flags); + } + + strv_free(e); +-- +2.33.0 +
View file
_service:tar_scm:backport-pid1-propagate-the-original-command-line-when-reexec.patch
Added
@@ -0,0 +1,156 @@ +From f3af6ba86c1128ccf6d6f896f70c22f9645a51c5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Thu, 22 Jul 2021 08:21:46 +0200 +Subject: PATCH pid1: propagate the original command line when reexecuting + +When we reexec the manager in a container, we lose configuration settings on +the kernel command line: + + $ systemd-nspawn -M rawhide -b systemd.status-unit-format=name systemd.show-status=yes + ... + # tr '\0' ' ' </proc/1/cmdline + /usr/lib/systemd/systemd systemd.status_unit_format=combined systemd.show-status=yes + # sudo systemctl daemon-reexec + # tr '\0' ' ' </proc/1/cmdline + /usr/lib/systemd/systemd --system --deserialize 20 + + This means that after daemon-reexec, the settings that we gain from the + commandline are reset to defaults. + +So let's reeexecute with the original arguments copied over, modulo some +filtering. + +(cherry picked from commit 846f1da465beda990c1c01346311393f485df467) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/f3af6ba86c1128ccf6d6f896f70c22f9645a51c5 +--- + src/core/main.c | 63 +++++++++++++++++++++++++++++++++++++++++-------- + 1 file changed, 53 insertions(+), 10 deletions(-) + +diff --git a/src/core/main.c b/src/core/main.c +index da6c50a1c4..b32a19a1d8 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -1720,9 +1720,50 @@ static void update_numa_policy(bool skip_setup) { + log_warning_errno(r, "Failed to set NUMA memory policy: %m"); + } + ++static void filter_args(const char* dst, unsigned *pos, char **src, int argc) { ++ assert(dst); ++ assert(pos); ++ ++ /* Copy some filtered arguments into the dst array from src. */ ++ for (int i = 1; i < argc; i++) { ++ if (STR_IN_SET(srci, ++ "--switched-root", ++ "--system", ++ "--user")) ++ continue; ++ ++ if (startswith(srci, "--deserialize=")) ++ continue; ++ if (streq(srci, "--deserialize")) { ++ i++; /* Skip the argument too */ ++ continue; ++ } ++ ++ /* Skip target unit designators. We already acted upon this information and have queued ++ * appropriate jobs. We don't want to redo all this after reexecution. */ ++ if (startswith(srci, "--unit=")) ++ continue; ++ if (streq(srci, "--unit")) { ++ i++; /* Skip the argument too */ ++ continue; ++ } ++ ++ if (startswith(srci, ++ in_initrd() ? "rd.systemd.unit=" : "systemd.unit=")) ++ continue; ++ ++ if (runlevel_to_target(srci)) ++ continue; ++ ++ /* Seems we have a good old option. Let's pass it over to the new instance. */ ++ dst*pos = srci; ++ (*pos)++; ++ } ++} ++ + static void do_reexecute( + int argc, +- char *argv, ++ char* argv, + const struct rlimit *saved_rlimit_nofile, + const struct rlimit *saved_rlimit_memlock, + FDSet *fds, +@@ -1730,7 +1771,7 @@ static void do_reexecute( + const char *switch_root_init, + const char **ret_error_message) { + +- unsigned i, j, args_size; ++ unsigned i, args_size; + const char **args; + int r; + +@@ -1760,11 +1801,11 @@ static void do_reexecute( + log_error_errno(r, "Failed to switch root, trying to continue: %m"); + } + +- args_size = MAX(6, argc+1); ++ args_size = argc + 6; + args = newa(const char*, args_size); + + if (!switch_root_init) { +- char sfdDECIMAL_STR_MAX(int) + 1; ++ char sfdDECIMAL_STR_MAX(int); + + /* First try to spawn ourselves with the right path, and with full serialization. We do this only if + * the user didn't specify an explicit init to spawn. */ +@@ -1774,8 +1815,9 @@ static void do_reexecute( + + xsprintf(sfd, "%i", fileno(arg_serialization)); + +- i = 0; +- argsi++ = SYSTEMD_BINARY_PATH; ++ i = 1; /* Leave args0 empty for now. */ ++ filter_args(args, &i, argv, argc); ++ + if (switch_root_dir) + argsi++ = "--switched-root"; + argsi++ = arg_system ? "--system" : "--user"; +@@ -1793,8 +1835,9 @@ static void do_reexecute( + */ + valgrind_summary_hack(); + ++ args0 = SYSTEMD_BINARY_PATH; + (void) execv(args0, (char* const*) args); +- log_debug_errno(errno, "Failed to execute our own binary, trying fallback: %m"); ++ log_debug_errno(errno, "Failed to execute our own binary %s, trying fallback: %m", args0); + } + + /* Try the fallback, if there is any, without any serialization. We pass the original argv and envp. (Well, +@@ -1807,9 +1850,9 @@ static void do_reexecute( + /* Reopen the console */ + (void) make_console_stdio(); + +- for (j = 1, i = 1; j < (unsigned) argc; j++) ++ i = 1; /* Leave args0 empty for now. */ ++ for (int j = 1; j <= argc; j++) + argsi++ = argvj; +- argsi++ = NULL; + assert(i <= args_size); + + /* Re-enable any blocked signals, especially important if we switch from initial ramdisk to init=... */ +@@ -1820,7 +1863,7 @@ static void do_reexecute( + if (switch_root_init) { + args0 = switch_root_init; + (void) execve(args0, (char* const*) args, saved_env); +- log_warning_errno(errno, "Failed to execute configured init, trying fallback: %m"); ++ log_warning_errno(errno, "Failed to execute configured init %s, trying fallback: %m", args0); + } + + args0 = "/sbin/init"; +-- +2.33.0 +
View file
_service:tar_scm:backport-pid1-set-SYSTEMD_NSS_DYNAMIC_BYPASS-1-env-var-for-db.patch
Added
@@ -0,0 +1,127 @@ +From 0863a55ae95fe6bf7312b7a864d07a9e3fbee563 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Thu, 17 Feb 2022 14:49:54 +0100 +Subject: PATCH pid1: set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for + dbus-daemon +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +There's currently a deadlock between PID 1 and dbus-daemon: in some +cases dbus-daemon will do NSS lookups (which are blocking) at the same +time PID 1 synchronously blocks on some call to dbus-daemon. Let's break +that by setting SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon, +which will disable synchronously blocking varlink calls from nss-systemd +to PID 1. + +In the long run we should fix this differently: remove all synchronous +calls to dbus-daemon from PID 1. This is not trivial however: so far we +had the rule that synchronous calls from PID 1 to the dbus broker are OK +as long as they only go to interfaces implemented by the broke itself +rather than services reachable through it. Given that the relationship +between PID 1 and dbus is kinda special anyway, this was considered +acceptable for the sake of simplicity, since we quite often need +metadata about bus peers from the broker, and the asynchronous logic +would substantially complicate even the simplest method handlers. + +This mostly reworks the existing code that sets SYSTEMD_NSS_BYPASS_BUS= +(which is a similar hack to deal with deadlocks between nss-systemd and +dbus-daemon itself) to set SYSTEMD_NSS_DYNAMIC_BYPASS=1 instead. No code +was checking SYSTEMD_NSS_BYPASS_BUS= anymore anyway, and it used to +solve a similar problem, hence it's an obvious piece of code to rework +like this. + +Issue originally tracked down by Lukas Märdian. This patch is inspired +and closely based on his patch: + + https://github.com/systemd/systemd/pull/22038 + +Fixes: #15316 +Co-authored-by: Lukas Märdian <slyon@ubuntu.com> +(cherry picked from commit de90700f36f2126528f7ce92df0b5b5d5e277558) +(cherry picked from commit 367041af816d48d4852140f98fd0ba78ed83f9e4) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/0863a55ae95fe6bf7312b7a864d07a9e3fbee563 +--- + src/core/execute.c | 10 +++++----- + src/core/execute.h | 26 +++++++++++++------------- + src/core/service.c | 2 +- + 3 files changed, 19 insertions(+), 19 deletions(-) + +diff --git a/src/core/execute.c b/src/core/execute.c +index 28efe5c36f..37f63a9378 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -1828,11 +1828,11 @@ static int build_environment( + our_envn_env++ = x; + } + +- /* If this is D-Bus, tell the nss-systemd module, since it relies on being able to use D-Bus look up dynamic +- * users via PID 1, possibly dead-locking the dbus daemon. This way it will not use D-Bus to resolve names, but +- * check the database directly. */ +- if (p->flags & EXEC_NSS_BYPASS_BUS) { +- x = strdup("SYSTEMD_NSS_BYPASS_BUS=1"); ++ /* If this is D-Bus, tell the nss-systemd module, since it relies on being able to use blocking ++ * Varlink calls back to us for look up dynamic users in PID 1. Break the deadlock between D-Bus and ++ * PID 1 by disabling use of PID1' NSS interface for looking up dynamic users. */ ++ if (p->flags & EXEC_NSS_DYNAMIC_BYPASS) { ++ x = strdup("SYSTEMD_NSS_DYNAMIC_BYPASS=1"); + if (!x) + return -ENOMEM; + our_envn_env++ = x; +diff --git a/src/core/execute.h b/src/core/execute.h +index 4c7a5b874f..47349a69a2 100644 +--- a/src/core/execute.h ++++ b/src/core/execute.h +@@ -343,21 +343,21 @@ static inline bool exec_context_with_rootfs(const ExecContext *c) { + } + + typedef enum ExecFlags { +- EXEC_APPLY_SANDBOXING = 1 << 0, +- EXEC_APPLY_CHROOT = 1 << 1, +- EXEC_APPLY_TTY_STDIN = 1 << 2, +- EXEC_PASS_LOG_UNIT = 1 << 3, /* Whether to pass the unit name to the service's journal stream connection */ +- EXEC_CHOWN_DIRECTORIES = 1 << 4, /* chown() the runtime/state/cache/log directories to the user we run as, under all conditions */ +- EXEC_NSS_BYPASS_BUS = 1 << 5, /* Set the SYSTEMD_NSS_BYPASS_BUS environment variable, to disable nss-systemd for dbus */ +- EXEC_CGROUP_DELEGATE = 1 << 6, +- EXEC_IS_CONTROL = 1 << 7, +- EXEC_CONTROL_CGROUP = 1 << 8, /* Place the process not in the indicated cgroup but in a subcgroup '/.control', but only EXEC_CGROUP_DELEGATE and EXEC_IS_CONTROL is set, too */ +- EXEC_WRITE_CREDENTIALS = 1 << 9, /* Set up the credential store logic */ ++ EXEC_APPLY_SANDBOXING = 1 << 0, ++ EXEC_APPLY_CHROOT = 1 << 1, ++ EXEC_APPLY_TTY_STDIN = 1 << 2, ++ EXEC_PASS_LOG_UNIT = 1 << 3, /* Whether to pass the unit name to the service's journal stream connection */ ++ EXEC_CHOWN_DIRECTORIES = 1 << 4, /* chown() the runtime/state/cache/log directories to the user we run as, under all conditions */ ++ EXEC_NSS_DYNAMIC_BYPASS = 1 << 5, /* Set the SYSTEMD_NSS_DYNAMIC_BYPASS environment variable, to disable nss-systemd blocking on PID 1, for use by dbus-daemon */ ++ EXEC_CGROUP_DELEGATE = 1 << 6, ++ EXEC_IS_CONTROL = 1 << 7, ++ EXEC_CONTROL_CGROUP = 1 << 8, /* Place the process not in the indicated cgroup but in a subcgroup '/.control', but only EXEC_CGROUP_DELEGATE and EXEC_IS_CONTROL is set, too */ ++ EXEC_WRITE_CREDENTIALS = 1 << 9, /* Set up the credential store logic */ + + /* The following are not used by execute.c, but by consumers internally */ +- EXEC_PASS_FDS = 1 << 10, +- EXEC_SETENV_RESULT = 1 << 11, +- EXEC_SET_WATCHDOG = 1 << 12, ++ EXEC_PASS_FDS = 1 << 10, ++ EXEC_SETENV_RESULT = 1 << 11, ++ EXEC_SET_WATCHDOG = 1 << 12, + } ExecFlags; + + /* Parameters for a specific invocation of a command. This structure is put together right before a command is +diff --git a/src/core/service.c b/src/core/service.c +index f6eb46cb54..a480edc439 100644 +--- a/src/core/service.c ++++ b/src/core/service.c +@@ -1573,7 +1573,7 @@ static int service_spawn( + return -ENOMEM; + + /* System D-Bus needs nss-systemd disabled, so that we don't deadlock */ +- SET_FLAG(exec_params.flags, EXEC_NSS_BYPASS_BUS, ++ SET_FLAG(exec_params.flags, EXEC_NSS_DYNAMIC_BYPASS, + MANAGER_IS_SYSTEM(UNIT(s)->manager) && unit_has_name(UNIT(s), SPECIAL_DBUS_SERVICE)); + + strv_free_and_replace(exec_params.environment, final_env); +-- +2.33.0 +
View file
_service:tar_scm:backport-pid1-watch-bus-name-always-when-we-have-it.patch
Added
@@ -0,0 +1,57 @@ +From b301230a6ce52989053b12324fcaef0d45610ee6 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Thu, 17 Feb 2022 17:23:48 +0100 +Subject: PATCH pid1: watch bus name always when we have it + +Previously we'd only watch configured service bus names if Type=dbus was +set. Let's also watch it for other types. This is useful to pick up the +main PID of such a service. In fact the code to pick it up was already +in place, alas it didn't do anything given the signal was never received +for it. Fix that. + +(It's also useful for debugging) + +(cherry picked from commit 1e8b312e5a22538f91defb89cf2997e09e106297) +(cherry picked from commit a51e540b278827c0fc59760b9c77cd42cbddc0d2) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/b301230a6ce52989053b12324fcaef0d45610ee6 +--- + src/core/service.c | 18 ++++++++++-------- + 1 file changed, 10 insertions(+), 8 deletions(-) + +diff --git a/src/core/service.c b/src/core/service.c +index 7b90822f68..5f56217904 100644 +--- a/src/core/service.c ++++ b/src/core/service.c +@@ -685,17 +685,19 @@ static int service_setup_bus_name(Service *s) { + assert(s); + + /* If s->bus_name is not set, then the unit will be refused by service_verify() later. */ +- if (s->type != SERVICE_DBUS || !s->bus_name) ++ if (!s->bus_name) + return 0; + +- r = unit_add_dependency_by_name(UNIT(s), UNIT_REQUIRES, SPECIAL_DBUS_SOCKET, true, UNIT_DEPENDENCY_FILE); +- if (r < 0) +- return log_unit_error_errno(UNIT(s), r, "Failed to add dependency on " SPECIAL_DBUS_SOCKET ": %m"); ++ if (s->type == SERVICE_DBUS) { ++ r = unit_add_dependency_by_name(UNIT(s), UNIT_REQUIRES, SPECIAL_DBUS_SOCKET, true, UNIT_DEPENDENCY_FILE); ++ if (r < 0) ++ return log_unit_error_errno(UNIT(s), r, "Failed to add dependency on " SPECIAL_DBUS_SOCKET ": %m"); + +- /* We always want to be ordered against dbus.socket if both are in the transaction. */ +- r = unit_add_dependency_by_name(UNIT(s), UNIT_AFTER, SPECIAL_DBUS_SOCKET, true, UNIT_DEPENDENCY_FILE); +- if (r < 0) +- return log_unit_error_errno(UNIT(s), r, "Failed to add dependency on " SPECIAL_DBUS_SOCKET ": %m"); ++ /* We always want to be ordered against dbus.socket if both are in the transaction. */ ++ r = unit_add_dependency_by_name(UNIT(s), UNIT_AFTER, SPECIAL_DBUS_SOCKET, true, UNIT_DEPENDENCY_FILE); ++ if (r < 0) ++ return log_unit_error_errno(UNIT(s), r, "Failed to add dependency on " SPECIAL_DBUS_SOCKET ": %m"); ++ } + + r = unit_watch_bus_name(UNIT(s), s->bus_name); + if (r == -EEXIST) +-- +2.33.0 +
View file
_service:tar_scm:backport-policy-files-adjust-landing-page-link.patch
Added
@@ -0,0 +1,170 @@ +From de0d375e38df25b9fe333d64f9880751aea46e6b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Wed, 12 Jan 2022 10:42:22 +0100 +Subject: PATCH policy files: adjust landing page link + +(cherry picked from commit d6e2c1ab7158d52425d3cb72459c5624db12368c) +(cherry picked from commit 944d8d9050b96e690054224e796254dfc18e6681) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/de0d375e38df25b9fe333d64f9880751aea46e6b +--- + src/core/org.freedesktop.systemd1.policy.in | 2 +- + src/home/org.freedesktop.home1.policy | 2 +- + src/hostname/org.freedesktop.hostname1.policy | 2 +- + src/import/org.freedesktop.import1.policy | 2 +- + src/locale/org.freedesktop.locale1.policy | 2 +- + src/login/org.freedesktop.login1.policy | 2 +- + src/machine/org.freedesktop.machine1.policy | 2 +- + src/network/org.freedesktop.network1.policy | 2 +- + src/portable/org.freedesktop.portable1.policy | 2 +- + src/resolve/org.freedesktop.resolve1.policy | 2 +- + src/timedate/org.freedesktop.timedate1.policy | 2 +- + 11 files changed, 11 insertions(+), 11 deletions(-) + +diff --git a/src/core/org.freedesktop.systemd1.policy.in b/src/core/org.freedesktop.systemd1.policy.in +index 74721c516f..f34b2d5bf0 100644 +--- a/src/core/org.freedesktop.systemd1.policy.in ++++ b/src/core/org.freedesktop.systemd1.policy.in +@@ -16,7 +16,7 @@ + <policyconfig> + + <vendor>The systemd Project</vendor> +- <vendor_url>http://www.freedesktop.org/wiki/Software/systemd</vendor_url> ++ <vendor_url>https://systemd.io</vendor_url> + + <action id="org.freedesktop.systemd1.reply-password"> + <description gettext-domain="systemd">Send passphrase back to system</description> +diff --git a/src/home/org.freedesktop.home1.policy b/src/home/org.freedesktop.home1.policy +index 10ad7c283a..71253e04e9 100644 +--- a/src/home/org.freedesktop.home1.policy ++++ b/src/home/org.freedesktop.home1.policy +@@ -7,7 +7,7 @@ + <policyconfig> + + <vendor>The systemd Project</vendor> +- <vendor_url>http://www.freedesktop.org/wiki/Software/systemd</vendor_url> ++ <vendor_url>https://systemd.io</vendor_url> + + <action id="org.freedesktop.home1.create-home"> + <description gettext-domain="systemd">Create a home area</description> +diff --git a/src/hostname/org.freedesktop.hostname1.policy b/src/hostname/org.freedesktop.hostname1.policy +index 7d28c395cf..dacea0ff0a 100644 +--- a/src/hostname/org.freedesktop.hostname1.policy ++++ b/src/hostname/org.freedesktop.hostname1.policy +@@ -14,7 +14,7 @@ + <policyconfig> + + <vendor>The systemd Project</vendor> +- <vendor_url>http://www.freedesktop.org/wiki/Software/systemd</vendor_url> ++ <vendor_url>https://systemd.io</vendor_url> + + <action id="org.freedesktop.hostname1.set-hostname"> + <description gettext-domain="systemd">Set hostname</description> +diff --git a/src/import/org.freedesktop.import1.policy b/src/import/org.freedesktop.import1.policy +index 9736816e33..e88a6e8ae6 100644 +--- a/src/import/org.freedesktop.import1.policy ++++ b/src/import/org.freedesktop.import1.policy +@@ -16,7 +16,7 @@ + <policyconfig> + + <vendor>The systemd Project</vendor> +- <vendor_url>http://www.freedesktop.org/wiki/Software/systemd</vendor_url> ++ <vendor_url>https://systemd.io</vendor_url> + + <action id="org.freedesktop.import1.import"> + <description gettext-domain="systemd">Import a VM or container image</description> +diff --git a/src/locale/org.freedesktop.locale1.policy b/src/locale/org.freedesktop.locale1.policy +index f12ca0970a..ed98c4aa09 100644 +--- a/src/locale/org.freedesktop.locale1.policy ++++ b/src/locale/org.freedesktop.locale1.policy +@@ -16,7 +16,7 @@ + <policyconfig> + + <vendor>The systemd Project</vendor> +- <vendor_url>http://www.freedesktop.org/wiki/Software/systemd</vendor_url> ++ <vendor_url>https://systemd.io</vendor_url> + + <action id="org.freedesktop.locale1.set-locale"> + <description gettext-domain="systemd">Set system locale</description> +diff --git a/src/login/org.freedesktop.login1.policy b/src/login/org.freedesktop.login1.policy +index 80ebb39f30..df906b0e73 100644 +--- a/src/login/org.freedesktop.login1.policy ++++ b/src/login/org.freedesktop.login1.policy +@@ -16,7 +16,7 @@ + <policyconfig> + + <vendor>The systemd Project</vendor> +- <vendor_url>http://www.freedesktop.org/wiki/Software/systemd</vendor_url> ++ <vendor_url>https://systemd.io</vendor_url> + + <action id="org.freedesktop.login1.inhibit-block-shutdown"> + <description gettext-domain="systemd">Allow applications to inhibit system shutdown</description> +diff --git a/src/machine/org.freedesktop.machine1.policy b/src/machine/org.freedesktop.machine1.policy +index ddf5ec05c6..5e43cb6e24 100644 +--- a/src/machine/org.freedesktop.machine1.policy ++++ b/src/machine/org.freedesktop.machine1.policy +@@ -16,7 +16,7 @@ + <policyconfig> + + <vendor>The systemd Project</vendor> +- <vendor_url>http://www.freedesktop.org/wiki/Software/systemd</vendor_url> ++ <vendor_url>https://systemd.io</vendor_url> + + <action id="org.freedesktop.machine1.login"> + <description gettext-domain="systemd">Log into a local container</description> +diff --git a/src/network/org.freedesktop.network1.policy b/src/network/org.freedesktop.network1.policy +index 9e27f728bc..c39f20655d 100644 +--- a/src/network/org.freedesktop.network1.policy ++++ b/src/network/org.freedesktop.network1.policy +@@ -16,7 +16,7 @@ + <policyconfig> + + <vendor>The systemd Project</vendor> +- <vendor_url>http://www.freedesktop.org/wiki/Software/systemd</vendor_url> ++ <vendor_url>https://systemd.io</vendor_url> + + <action id="org.freedesktop.network1.set-ntp-servers"> + <description gettext-domain="systemd">Set NTP servers</description> +diff --git a/src/portable/org.freedesktop.portable1.policy b/src/portable/org.freedesktop.portable1.policy +index 17e22b0155..09f9028dc5 100644 +--- a/src/portable/org.freedesktop.portable1.policy ++++ b/src/portable/org.freedesktop.portable1.policy +@@ -7,7 +7,7 @@ + <policyconfig> + + <vendor>The systemd Project</vendor> +- <vendor_url>http://www.freedesktop.org/wiki/Software/systemd</vendor_url> ++ <vendor_url>https://systemd.io</vendor_url> + + <action id="org.freedesktop.portable1.inspect-images"> + <description gettext-domain="systemd">Inspect a portable service image</description> +diff --git a/src/resolve/org.freedesktop.resolve1.policy b/src/resolve/org.freedesktop.resolve1.policy +index 08615ec6a4..2408bb9e38 100644 +--- a/src/resolve/org.freedesktop.resolve1.policy ++++ b/src/resolve/org.freedesktop.resolve1.policy +@@ -16,7 +16,7 @@ + <policyconfig> + + <vendor>The systemd Project</vendor> +- <vendor_url>http://www.freedesktop.org/wiki/Software/systemd</vendor_url> ++ <vendor_url>https://systemd.io</vendor_url> + + <action id="org.freedesktop.resolve1.register-service"> + <description gettext-domain="systemd">Register a DNS-SD service</description> +diff --git a/src/timedate/org.freedesktop.timedate1.policy b/src/timedate/org.freedesktop.timedate1.policy +index c4e71b0753..4a770c08e6 100644 +--- a/src/timedate/org.freedesktop.timedate1.policy ++++ b/src/timedate/org.freedesktop.timedate1.policy +@@ -16,7 +16,7 @@ + <policyconfig> + + <vendor>The systemd Project</vendor> +- <vendor_url>http://www.freedesktop.org/wiki/Software/systemd</vendor_url> ++ <vendor_url>https://systemd.io</vendor_url> + + <action id="org.freedesktop.timedate1.set-time"> + <description gettext-domain="systemd">Set system time</description> +-- +2.33.0 +
View file
_service:tar_scm:backport-portable-add-flag-to-return-extension-releases-in-Ge.patch
Added
@@ -0,0 +1,493 @@ +From e31e2b84cf5afff73b793dd335600265dca1ca7e Mon Sep 17 00:00:00 2001 +From: Luca Boccassi <luca.boccassi@microsoft.com> +Date: Tue, 25 Jan 2022 15:49:22 +0000 +Subject: PATCH portable: add flag to return extension-releases in + GetImageMetadataWithExtensions + +Return the name of each extension and the associated extension-release +file, and pretty-print them in 'portablectl inspect', if a new flag +is passed. + +$ portablectl inspect --extension app2 --extension app0 minimal app0 app1 +(Matching unit files with prefixes 'app0', 'app1'.) +Image: + /run/portables/minimal.raw +Portable Service: + n/a +Operating System: + Debian GNU/Linux 10 (buster) +Extension: + /run/portables/app2.raw + Extension Scope: + n/a + Extension Compatibility Level: + n/a + Portable Service: + n/a + Portable Prefixes: + n/a + Operating System: + n/a (debian 10) +Extension: + /run/portables/app0.raw + Extension Scope: + n/a + Extension Compatibility Level: + n/a + Portable Service: + n/a + Portable Prefixes: + n/a + Operating System: + n/a (debian 10) +Unit files: + app0.service + +(cherry picked from commit e3f7ed944ae750a40685c52349f3cc850db0876e) +(cherry picked from commit a87fdd2af22128bce621508315ed5126a8d11f45) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/e31e2b84cf5afff73b793dd335600265dca1ca7e +--- + man/org.freedesktop.portable1.xml | 10 ++- + src/portable/portable.c | 99 ++++++++++++++++++++---------- + src/portable/portable.h | 15 ++--- + src/portable/portablectl.c | 78 ++++++++++++++++++++++- + src/portable/portabled-image-bus.c | 38 ++++++++++-- + test/units/testsuite-29.sh | 3 + + 6 files changed, 199 insertions(+), 44 deletions(-) + +diff --git a/man/org.freedesktop.portable1.xml b/man/org.freedesktop.portable1.xml +index 53c960206e..053f2a5434 100644 +--- a/man/org.freedesktop.portable1.xml ++++ b/man/org.freedesktop.portable1.xml +@@ -187,7 +187,15 @@ node /org/freedesktop/portable1 { + This method is a superset of <function>GetImageMetadata()</function> with the addition of + a list of extensions as input parameter, which were overlaid on top of the main + image via <function>AttachImageWithExtensions()</function>. +- The <varname>flag</varname> parameter is currently unused and reserved for future purposes.</para> ++ The <varname>flag</varname> parameter can be used to request that, before the units, the path of ++ each extension and an array of bytes with the content of the respective extension-release file ++ are sent. One such structure will be sent for each extension named in the input arguments. The ++ flag value to enable this functionality is defined as follows:</para> ++ ++ <programlisting> ++#define PORTABLE_INSPECT_EXTENSION_RELEASES (UINT64_C(1) << 1) ++ </programlisting> ++ + + <para><function>GetImageState()</function> retrieves the image state as one of the following + strings: +diff --git a/src/portable/portable.c b/src/portable/portable.c +index 8c5e5b6821..23fe6bf926 100644 +--- a/src/portable/portable.c ++++ b/src/portable/portable.c +@@ -533,13 +533,14 @@ static int extract_image_and_extensions( + bool validate_sysext, + Image **ret_image, + OrderedHashmap **ret_extension_images, ++ OrderedHashmap **ret_extension_releases, + PortableMetadata **ret_os_release, + Hashmap **ret_unit_files, + sd_bus_error *error) { + + _cleanup_free_ char *id = NULL, *version_id = NULL, *sysext_level = NULL; + _cleanup_(portable_metadata_unrefp) PortableMetadata *os_release = NULL; +- _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL; ++ _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL, *extension_releases = NULL; + _cleanup_hashmap_free_ Hashmap *unit_files = NULL; + _cleanup_(image_unrefp) Image *image = NULL; + Image *ext; +@@ -561,6 +562,12 @@ static int extract_image_and_extensions( + if (!extension_images) + return -ENOMEM; + ++ if (ret_extension_releases) { ++ extension_releases = ordered_hashmap_new(&portable_metadata_hash_ops); ++ if (!extension_releases) ++ return -ENOMEM; ++ } ++ + STRV_FOREACH(p, extension_image_paths) { + _cleanup_(image_unrefp) Image *new = NULL; + +@@ -600,6 +607,7 @@ static int extract_image_and_extensions( + _cleanup_(portable_metadata_unrefp) PortableMetadata *extension_release_meta = NULL; + _cleanup_hashmap_free_ Hashmap *extra_unit_files = NULL; + _cleanup_strv_free_ char **extension_release = NULL; ++ _cleanup_close_ int extension_release_fd = -1; + _cleanup_fclose_ FILE *f = NULL; + + r = portable_extract_by_path(ext->path, /* path_is_extension= */ true, matches, &extension_release_meta, &extra_unit_files, error); +@@ -610,10 +618,15 @@ static int extract_image_and_extensions( + if (r < 0) + return r; + +- if (!validate_sysext) ++ if (!validate_sysext && !ret_extension_releases) + continue; + +- r = take_fdopen_unlocked(&extension_release_meta->fd, "r", &f); ++ /* We need to keep the fd valid, to return the PortableMetadata to the caller. */ ++ extension_release_fd = fd_reopen(extension_release_meta->fd, O_CLOEXEC); ++ if (extension_release_fd < 0) ++ return extension_release_fd; ++ ++ r = take_fdopen_unlocked(&extension_release_fd, "r", &f); + if (r < 0) + return r; + +@@ -621,15 +634,28 @@ static int extract_image_and_extensions( + if (r < 0) + return r; + +- r = extension_release_validate(ext->path, id, version_id, sysext_level, extension_release); +- if (r == 0) +- return sd_bus_error_set_errnof(error, SYNTHETIC_ERRNO(ESTALE), "Image %s extension-release metadata does not match the root's", ext->path); +- if (r < 0) +- return sd_bus_error_set_errnof(error, r, "Failed to compare image %s extension-release metadata with the root's os-release: %m", ext->path); ++ if (validate_sysext) { ++ r = extension_release_validate(ext->path, id, version_id, sysext_level, extension_release); ++ if (r == 0) ++ return sd_bus_error_set_errnof(error, SYNTHETIC_ERRNO(ESTALE), "Image %s extension-release metadata does not match the root's", ext->path); ++ if (r < 0) ++ return sd_bus_error_set_errnof(error, r, "Failed to compare image %s extension-release metadata with the root's os-release: %m", ext->path); ++ } ++ ++ if (ret_extension_releases) { ++ r = ordered_hashmap_put(extension_releases, ext->name, extension_release_meta); ++ if (r < 0) ++ return r; ++ TAKE_PTR(extension_release_meta); ++ } + } + +- *ret_image = TAKE_PTR(image); +- *ret_extension_images = TAKE_PTR(extension_images); ++ if (ret_image) ++ *ret_image = TAKE_PTR(image); ++ if (ret_extension_images) ++ *ret_extension_images = TAKE_PTR(extension_images); ++ if (ret_extension_releases) ++ *ret_extension_releases = TAKE_PTR(extension_releases); + if (ret_os_release) + *ret_os_release = TAKE_PTR(os_release); + if (ret_unit_files) +@@ -643,24 +669,29 @@ int portable_extract( + char **matches, + char **extension_image_paths, + PortableMetadata **ret_os_release, ++ OrderedHashmap **ret_extension_releases, + Hashmap **ret_unit_files, + sd_bus_error *error) { + + _cleanup_(portable_metadata_unrefp) PortableMetadata *os_release = NULL; +- _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL; ++ _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL, *extension_releases = NULL; + _cleanup_hashmap_free_ Hashmap *unit_files = NULL; + _cleanup_(image_unrefp) Image *image = NULL; + int r; + +- r = extract_image_and_extensions(name_or_path, +- matches, +- extension_image_paths, +- /* validate_sysext= */ false, +- &image, +- &extension_images, +- &os_release, +- &unit_files, +- error);
View file
_service:tar_scm:backport-portable-add-return-parameter-to-GetImageMetadataWit.patch
Added
@@ -0,0 +1,393 @@ +From 594b9adc847c4b759d1e51559fceb617015f8575 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Thu, 3 Mar 2022 16:26:36 +0100 +Subject: PATCH portable: add return parameter to + GetImageMetadataWithExtensions + +The complaint was that the output array was used for two kinds of data, and the +input flag decided whether this extra data should be included. The flag is +removed, and instead the old method is changed to include the data always as +a separate parameter. + +This breaks backward compatibility, but the old method is effectively broken +and does not appear to be used yet, at least in open source code, by +searching on codesearch.debian.net and github.com. + +Fixes #22404. + +Co-authored-by: Luca Boccassi <bluca@debian.org> +(cherry picked from commit 087a799f64560bb0379b8a99ebbd9ca84804e4c3) +(cherry picked from commit 00b5aa8d741ad17f6b8f5f03d901b038e3a27d04) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/594b9adc847c4b759d1e51559fceb617015f8575 +--- + man/org.freedesktop.portable1.xml | 21 ++--- + src/portable/portable.h | 13 ++- + src/portable/portablectl.c | 142 +++++++++++++++-------------- + src/portable/portabled-bus.c | 1 + + src/portable/portabled-image-bus.c | 30 +++--- + 5 files changed, 110 insertions(+), 97 deletions(-) + +diff --git a/man/org.freedesktop.portable1.xml b/man/org.freedesktop.portable1.xml +index 053f2a5434..8f960cc28d 100644 +--- a/man/org.freedesktop.portable1.xml ++++ b/man/org.freedesktop.portable1.xml +@@ -54,6 +54,7 @@ node /org/freedesktop/portable1 { + in t flags, + out s image, + out ay os_release, ++ out a{say} extensions, + out a{say} units); + GetImageState(in s image, + out s state); +@@ -183,19 +184,12 @@ node /org/freedesktop/portable1 { + and a list of portable units contained in the image, in the form of a string (unit name) and + an array of bytes with the content.</para> + +- <para><function>GetImageMetadataWithExtensions()</function> retrieves metadata associated with an image. +- This method is a superset of <function>GetImageMetadata()</function> with the addition of +- a list of extensions as input parameter, which were overlaid on top of the main +- image via <function>AttachImageWithExtensions()</function>. +- The <varname>flag</varname> parameter can be used to request that, before the units, the path of +- each extension and an array of bytes with the content of the respective extension-release file +- are sent. One such structure will be sent for each extension named in the input arguments. The +- flag value to enable this functionality is defined as follows:</para> +- +- <programlisting> +-#define PORTABLE_INSPECT_EXTENSION_RELEASES (UINT64_C(1) << 1) +- </programlisting> +- ++ <para><function>GetImageMetadataWithExtensions()</function> retrieves metadata associated with an ++ image. This method is a superset of <function>GetImageMetadata()</function> with the addition of a list ++ of extensions as input parameter, which were overlaid on top of the main image via ++ <function>AttachImageWithExtensions()</function>. The path of each extension and an array of bytes with ++ the content of the respective extension-release file are returned, one such structure for each ++ extension named in the input arguments.</para> + + <para><function>GetImageState()</function> retrieves the image state as one of the following + strings: +@@ -340,6 +334,7 @@ node /org/freedesktop/portable1 { + in t flags, + out s image, + out ay os_release, ++ out a{say} extensions, + out a{say} units); + GetState(out s state); + Attach(in as matches, +diff --git a/src/portable/portable.h b/src/portable/portable.h +index ce55f050a2..a1abf60dc7 100644 +--- a/src/portable/portable.h ++++ b/src/portable/portable.h +@@ -20,14 +20,13 @@ typedef struct PortableMetadata { + #define PORTABLE_METADATA_IS_UNIT(m) (!IN_SET((m)->name0, 0, '/')) + + typedef enum PortableFlags { +- PORTABLE_RUNTIME = 1 << 0, +- PORTABLE_INSPECT_EXTENSION_RELEASES = 1 << 1, /* Public API via DBUS, do not change */ +- PORTABLE_PREFER_COPY = 1 << 2, +- PORTABLE_PREFER_SYMLINK = 1 << 3, +- PORTABLE_REATTACH = 1 << 4, +- _PORTABLE_MASK_PUBLIC = PORTABLE_RUNTIME | PORTABLE_INSPECT_EXTENSION_RELEASES, ++ PORTABLE_RUNTIME = 1 << 0, /* Public API via DBUS, do not change */ ++ PORTABLE_PREFER_COPY = 1 << 1, ++ PORTABLE_PREFER_SYMLINK = 1 << 2, ++ PORTABLE_REATTACH = 1 << 3, ++ _PORTABLE_MASK_PUBLIC = PORTABLE_RUNTIME, + _PORTABLE_TYPE_MAX, +- _PORTABLE_TYPE_INVALID = -EINVAL, ++ _PORTABLE_TYPE_INVALID = -EINVAL, + } PortableFlags; + + /* This enum is anonymous, since we usually store it in an 'int', as we overload it with negative errno +diff --git a/src/portable/portablectl.c b/src/portable/portablectl.c +index 827d7a7b4a..21048baeb5 100644 +--- a/src/portable/portablectl.c ++++ b/src/portable/portablectl.c +@@ -259,7 +259,7 @@ static int maybe_reload(sd_bus **bus) { + static int get_image_metadata(sd_bus *bus, const char *image, char **matches, sd_bus_message **reply) { + _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL; + _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; +- PortableFlags flags = PORTABLE_INSPECT_EXTENSION_RELEASES; ++ uint64_t flags = 0; + const char *method; + int r; + +@@ -361,71 +361,78 @@ static int inspect_image(int argc, char *argv, void *userdata) { + strna(pretty_os)); + } + +- r = sd_bus_message_enter_container(reply, 'a', "{say}"); +- if (r < 0) +- return bus_log_parse_error(r); +- +- /* If we specified any extensions, we'll first get back exactly the +- * paths (and extension-release content) for each one of the arguments. */ +- for (size_t i = 0; i < strv_length(arg_extension_images); ++i) { +- const char *name; ++ if (!strv_isempty(arg_extension_images)) { ++ /* If we specified any extensions, we'll first get back exactly the paths (and ++ * extension-release content) for each one of the arguments. */ + +- r = sd_bus_message_enter_container(reply, 'e', "say"); ++ r = sd_bus_message_enter_container(reply, 'a', "{say}"); + if (r < 0) + return bus_log_parse_error(r); +- if (r == 0) +- break; + +- r = sd_bus_message_read(reply, "s", &name); +- if (r < 0) +- return bus_log_parse_error(r); ++ for (size_t i = 0; i < strv_length(arg_extension_images); ++i) { ++ const char *name; + +- r = sd_bus_message_read_array(reply, 'y', &data, &sz); +- if (r < 0) +- return bus_log_parse_error(r); ++ r = sd_bus_message_enter_container(reply, 'e', "say"); ++ if (r < 0) ++ return bus_log_parse_error(r); ++ if (r == 0) ++ break; + +- if (arg_cat) { +- if (nl) +- fputc('\n', stdout); ++ r = sd_bus_message_read(reply, "s", &name); ++ if (r < 0) ++ return bus_log_parse_error(r); + +- printf("%s-- Extension Release: %s --%s\n", ansi_highlight(), name, ansi_normal()); +- fwrite(data, sz, 1, stdout); +- fflush(stdout); +- nl = true; +- } else { +- _cleanup_free_ char *pretty_portable = NULL, *pretty_os = NULL, *sysext_level = NULL, +- *id = NULL, *version_id = NULL, *sysext_scope = NULL, *portable_prefixes = NULL; +- _cleanup_fclose_ FILE *f = NULL; +- +- f = fmemopen_unlocked((void*) data, sz, "re"); +- if (!f) +- return log_error_errno(errno, "Failed to open extension-release buffer: %m"); +- +- r = parse_env_file(f, name, +- "ID", &id, +- "VERSION_ID", &version_id, +- "SYSEXT_SCOPE", &sysext_scope, +- "SYSEXT_LEVEL", &sysext_level, +- "PORTABLE_PRETTY_NAME", &pretty_portable, +- "PORTABLE_PREFIXES", &portable_prefixes, +- "PRETTY_NAME", &pretty_os); ++ r = sd_bus_message_read_array(reply, 'y', &data, &sz); ++ if (r < 0) ++ return bus_log_parse_error(r); ++ ++ if (arg_cat) { ++ if (nl) ++ fputc('\n', stdout); ++ ++ printf("%s-- Extension Release: %s --%s\n", ansi_highlight(), name, ansi_normal()); ++ fwrite(data, sz, 1, stdout); ++ fflush(stdout); ++ nl = true; ++ } else { ++ _cleanup_free_ char *pretty_portable = NULL, *pretty_os = NULL, *sysext_level = NULL, ++ *id = NULL, *version_id = NULL, *sysext_scope = NULL, *portable_prefixes = NULL; ++ _cleanup_fclose_ FILE *f = NULL; ++ ++ f = fmemopen_unlocked((void*) data, sz, "re");
View file
_service:tar_scm:backport-portable-inline-one-variable-declaration.patch
Added
@@ -0,0 +1,38 @@ +From f1f790658be65ba281d101d651f853701a829250 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Thu, 3 Mar 2022 19:13:20 +0100 +Subject: PATCH portable: inline one variable declaration + +(cherry picked from commit 90e3f3581dd578a23aec9f63ca846babfe4fcaa0) +(cherry picked from commit 06d466a05c69e39058f109700c8a6c10bd4c2c89) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/f1f790658be65ba281d101d651f853701a829250 +--- + src/portable/portabled-image-bus.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/portable/portabled-image-bus.c b/src/portable/portabled-image-bus.c +index 3e6310f23e..964035ec15 100644 +--- a/src/portable/portabled-image-bus.c ++++ b/src/portable/portabled-image-bus.c +@@ -109,7 +109,6 @@ int bus_image_common_get_metadata( + _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; + _cleanup_free_ PortableMetadata **sorted = NULL; + PortableFlags flags = 0; +- size_t i; + int r; + + assert(name_or_path || image); +@@ -216,7 +215,7 @@ int bus_image_common_get_metadata( + } + } + +- for (i = 0; i < hashmap_size(unit_files); i++) { ++ for (size_t i = 0; i < hashmap_size(unit_files); i++) { + + r = sd_bus_message_open_container(reply, 'e', "say"); + if (r < 0) +-- +2.33.0 +
View file
_service:tar_scm:backport-portable-move-profile-search-helper-to-path-lookup.patch
Added
@@ -0,0 +1,139 @@ +From 494652d95c620f0191f5c7c8f30956e9e98dd62b Mon Sep 17 00:00:00 2001 +From: Luca Boccassi <luca.boccassi@microsoft.com> +Date: Fri, 26 Nov 2021 17:50:34 +0000 +Subject: PATCH portable: move profile search helper to path-lookup + +Will be used in systemd-analyze later + +(cherry picked from commit 13c02e7bd54e4420c392bd76c0fcf1846c10f99c) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/494652d95c620f0191f5c7c8f30956e9e98dd62b +--- + src/basic/path-lookup.c | 28 ++++++++++++++++++++++++++++ + src/basic/path-lookup.h | 3 +++ + src/portable/portable.c | 33 ++------------------------------- + 3 files changed, 33 insertions(+), 31 deletions(-) + +diff --git a/src/basic/path-lookup.c b/src/basic/path-lookup.c +index 05eb17d66c..83adf4767e 100644 +--- a/src/basic/path-lookup.c ++++ b/src/basic/path-lookup.c +@@ -8,6 +8,7 @@ + #include "fs-util.h" + #include "log.h" + #include "macro.h" ++#include "nulstr-util.h" + #include "path-lookup.h" + #include "path-util.h" + #include "stat-util.h" +@@ -864,3 +865,30 @@ char **env_generator_binary_paths(bool is_system) { + + return TAKE_PTR(paths); + } ++ ++int find_portable_profile(const char *name, const char *unit, char **ret_path) { ++ const char *p, *dot; ++ ++ assert(name); ++ assert(ret_path); ++ ++ assert_se(dot = strrchr(unit, '.')); ++ ++ NULSTR_FOREACH(p, PORTABLE_PROFILE_DIRS) { ++ _cleanup_free_ char *joined = NULL; ++ ++ joined = strjoin(p, "/", name, "/", dot + 1, ".conf"); ++ if (!joined) ++ return -ENOMEM; ++ ++ if (laccess(joined, F_OK) >= 0) { ++ *ret_path = TAKE_PTR(joined); ++ return 0; ++ } ++ ++ if (errno != ENOENT) ++ return -errno; ++ } ++ ++ return -ENOENT; ++} +diff --git a/src/basic/path-lookup.h b/src/basic/path-lookup.h +index 088bb9b57c..af85dc7b4f 100644 +--- a/src/basic/path-lookup.h ++++ b/src/basic/path-lookup.h +@@ -72,3 +72,6 @@ char **env_generator_binary_paths(bool is_system); + + #define NETWORK_DIRS ((const char* const*) CONF_PATHS_STRV("systemd/network")) + #define NETWORK_DIRS_NULSTR CONF_PATHS_NULSTR("systemd/network") ++ ++#define PORTABLE_PROFILE_DIRS CONF_PATHS_NULSTR("systemd/portable/profile") ++int find_portable_profile(const char *name, const char *unit, char **ret_path); +diff --git a/src/portable/portable.c b/src/portable/portable.c +index 02f4a692b0..8c5e5b6821 100644 +--- a/src/portable/portable.c ++++ b/src/portable/portable.c +@@ -37,8 +37,6 @@ + #include "tmpfile-util.h" + #include "user-util.h" + +-static const char profile_dirs = CONF_PATHS_NULSTR("systemd/portable/profile"); +- + /* Markers used in the first line of our 20-portable.conf unit file drop-in to determine, that a) the unit file was + * dropped there by the portable service logic and b) for which image it was dropped there. */ + #define PORTABLE_DROPIN_MARKER_BEGIN "# Drop-in created for image '" +@@ -967,33 +965,6 @@ static int install_chroot_dropin( + return 0; + } + +-static int find_profile(const char *name, const char *unit, char **ret) { +- const char *p, *dot; +- +- assert(name); +- assert(ret); +- +- assert_se(dot = strrchr(unit, '.')); +- +- NULSTR_FOREACH(p, profile_dirs) { +- _cleanup_free_ char *joined = NULL; +- +- joined = strjoin(p, "/", name, "/", dot + 1, ".conf"); +- if (!joined) +- return -ENOMEM; +- +- if (laccess(joined, F_OK) >= 0) { +- *ret = TAKE_PTR(joined); +- return 0; +- } +- +- if (errno != ENOENT) +- return -errno; +- } +- +- return -ENOENT; +-} +- + static int install_profile_dropin( + const char *image_path, + const PortableMetadata *m, +@@ -1014,7 +985,7 @@ static int install_profile_dropin( + if (!profile) + return 0; + +- r = find_profile(profile, m->name, &from); ++ r = find_portable_profile(profile, m->name, &from); + if (r < 0) { + if (r != -ENOENT) + return log_debug_errno(errno, "Profile '%s' is not accessible: %m", profile); +@@ -1731,7 +1702,7 @@ int portable_get_state( + int portable_get_profiles(char ***ret) { + assert(ret); + +- return conf_files_list_nulstr(ret, NULL, NULL, CONF_FILES_DIRECTORY|CONF_FILES_BASENAME|CONF_FILES_FILTER_MASKED, profile_dirs); ++ return conf_files_list_nulstr(ret, NULL, NULL, CONF_FILES_DIRECTORY|CONF_FILES_BASENAME|CONF_FILES_FILTER_MASKED, PORTABLE_PROFILE_DIRS); + } + + static const char* const portable_change_type_table_PORTABLE_CHANGE_TYPE_MAX = { +-- +2.33.0 +
View file
_service:tar_scm:backport-portablectl-reorder-if-branches-to-match-previous-co.patch
Added
@@ -0,0 +1,42 @@ +From b57a0605dd294c00ed34d7bad08a9c33f9810a2d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Thu, 3 Mar 2022 18:56:06 +0100 +Subject: PATCH portablectl: reorder if branches to match previous + conditional in the same function + +One is a ternary op, the other an normal conditional, but they should still use +the same order of branches. + +(cherry picked from commit 573e33de078956ded078653ef3f90f93469b4dbf) +(cherry picked from commit 7856dc310906cb8b09d27b7175b322129bd619b6) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/b57a0605dd294c00ed34d7bad08a9c33f9810a2d +--- + src/portable/portablectl.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/portable/portablectl.c b/src/portable/portablectl.c +index af5e78c998..827d7a7b4a 100644 +--- a/src/portable/portablectl.c ++++ b/src/portable/portablectl.c +@@ -927,12 +927,13 @@ static int detach_image(int argc, char *argv, void *userdata) { + if (r < 0) + return r; + +- if (!strv_isempty(arg_extension_images)) { ++ if (strv_isempty(arg_extension_images)) ++ r = sd_bus_message_append(m, "b", arg_runtime); ++ else { + uint64_t flags = arg_runtime ? PORTABLE_RUNTIME : 0; + + r = sd_bus_message_append(m, "t", flags); +- } else +- r = sd_bus_message_append(m, "b", arg_runtime); ++ } + if (r < 0) + return bus_log_create_error(r); + +-- +2.33.0 +
View file
_service:tar_scm:backport-portabled-error-out-if-there-are-no-units-only-after.patch
Added
@@ -0,0 +1,74 @@ +From 6ea63e538eaa13e1efacd33e4ade2cd096b818e0 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi <luca.boccassi@microsoft.com> +Date: Wed, 18 Aug 2021 16:37:13 +0100 +Subject: PATCH portabled: error out if there are no units only after parsing + all images + +It's ok if the OS image doesn't have matching units, if we find them +in the extensions. Tidies up the parsing logic a bit. + +(cherry picked from commit 7bf5ec4538cd4c77979dd9d09d9e9429a0a3535c) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/6ea63e538eaa13e1efacd33e4ade2cd096b818e0 +--- + src/portable/portable.c | 29 ++++++++++++++++++++++++++--- + 1 file changed, 26 insertions(+), 3 deletions(-) + +diff --git a/src/portable/portable.c b/src/portable/portable.c +index 5ecbeec2de..8550becded 100644 +--- a/src/portable/portable.c ++++ b/src/portable/portable.c +@@ -504,9 +504,6 @@ static int portable_extract_by_path( + if (extract_os_release && !os_release) + return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image '%s' lacks os-release data, refusing.", path); + +- if (!extract_os_release && hashmap_isempty(unit_files)) +- return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Couldn't find any matching unit files in image '%s', refusing.", path); +- + if (ret_unit_files) + *ret_unit_files = TAKE_PTR(unit_files); + +@@ -573,6 +570,19 @@ int portable_extract( + return r; + } + ++ if (hashmap_isempty(unit_files)) { ++ _cleanup_free_ char *extensions = strv_join(extension_image_paths, ", "); ++ if (!extensions) ++ return -ENOMEM; ++ ++ return sd_bus_error_setf(error, ++ SD_BUS_ERROR_INVALID_ARGS, ++ "Couldn't find any matching unit files in image '%s%s%s', refusing.", ++ image->path, ++ isempty(extensions) ? "" : "' or any of its extensions '", ++ isempty(extensions) ? "" : extensions); ++ } ++ + *ret_os_release = TAKE_PTR(os_release); + *ret_unit_files = TAKE_PTR(unit_files); + +@@ -1189,6 +1199,19 @@ int portable_attach( + return r; + } + ++ if (hashmap_isempty(unit_files)) { ++ _cleanup_free_ char *extensions = strv_join(extension_image_paths, ", "); ++ if (!extensions) ++ return -ENOMEM; ++ ++ return sd_bus_error_setf(error, ++ SD_BUS_ERROR_INVALID_ARGS, ++ "Couldn't find any matching unit files in image '%s%s%s', refusing.", ++ image->path, ++ isempty(extensions) ? "" : "' or any of its extensions '", ++ isempty(extensions) ? "" : extensions); ++ } ++ + r = lookup_paths_init(&paths, UNIT_FILE_SYSTEM, LOOKUP_PATHS_SPLIT_USR, NULL); + if (r < 0) + return r; +-- +2.33.0 +
View file
_service:tar_scm:backport-portabled-refactor-extraction-validation-into-a-comm.patch
Added
@@ -0,0 +1,245 @@ +From 04934ab329767b4a1fde60438f769f9eb055fd9d Mon Sep 17 00:00:00 2001 +From: Luca Boccassi <luca.boccassi@microsoft.com> +Date: Mon, 6 Sep 2021 13:19:47 +0100 +Subject: PATCH portabled: refactor extraction/validation into a common + helper + +(cherry picked from commit 9ff61565be1efe5cc962964cde1af2278e554e9e) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/04934ab329767b4a1fde60438f769f9eb055fd9d +--- + src/portable/portable.c | 169 ++++++++++++++++++++++------------------ + 1 file changed, 92 insertions(+), 77 deletions(-) + +diff --git a/src/portable/portable.c b/src/portable/portable.c +index 765aedf852..02f4a692b0 100644 +--- a/src/portable/portable.c ++++ b/src/portable/portable.c +@@ -528,14 +528,18 @@ static int portable_extract_by_path( + return 0; + } + +-int portable_extract( ++static int extract_image_and_extensions( + const char *name_or_path, + char **matches, + char **extension_image_paths, ++ bool validate_sysext, ++ Image **ret_image, ++ OrderedHashmap **ret_extension_images, + PortableMetadata **ret_os_release, + Hashmap **ret_unit_files, + sd_bus_error *error) { + ++ _cleanup_free_ char *id = NULL, *version_id = NULL, *sysext_level = NULL; + _cleanup_(portable_metadata_unrefp) PortableMetadata *os_release = NULL; + _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL; + _cleanup_hashmap_free_ Hashmap *unit_files = NULL; +@@ -544,6 +548,9 @@ int portable_extract( + int r; + + assert(name_or_path); ++ assert(matches); ++ assert(ret_image); ++ assert(ret_extension_images); + + r = image_find_harder(IMAGE_PORTABLE, name_or_path, NULL, &image); + if (r < 0) +@@ -574,17 +581,91 @@ int portable_extract( + if (r < 0) + return r; + ++ /* If we are layering extension images on top of a runtime image, check that the os-release and extension-release metadata ++ * match, otherwise reject it immediately as invalid, or it will fail when the units are started. */ ++ if (validate_sysext) { ++ _cleanup_fclose_ FILE *f = NULL; ++ ++ r = take_fdopen_unlocked(&os_release->fd, "r", &f); ++ if (r < 0) ++ return r; ++ ++ r = parse_env_file(f, os_release->name, ++ "ID", &id, ++ "VERSION_ID", &version_id, ++ "SYSEXT_LEVEL", &sysext_level); ++ if (r < 0) ++ return r; ++ } ++ + ORDERED_HASHMAP_FOREACH(ext, extension_images) { ++ _cleanup_(portable_metadata_unrefp) PortableMetadata *extension_release_meta = NULL; + _cleanup_hashmap_free_ Hashmap *extra_unit_files = NULL; ++ _cleanup_strv_free_ char **extension_release = NULL; ++ _cleanup_fclose_ FILE *f = NULL; + +- r = portable_extract_by_path(ext->path, /* path_is_extension= */ true, matches, NULL, &extra_unit_files, error); ++ r = portable_extract_by_path(ext->path, /* path_is_extension= */ true, matches, &extension_release_meta, &extra_unit_files, error); + if (r < 0) + return r; ++ + r = hashmap_move(unit_files, extra_unit_files); + if (r < 0) + return r; ++ ++ if (!validate_sysext) ++ continue; ++ ++ r = take_fdopen_unlocked(&extension_release_meta->fd, "r", &f); ++ if (r < 0) ++ return r; ++ ++ r = load_env_file_pairs(f, extension_release_meta->name, &extension_release); ++ if (r < 0) ++ return r; ++ ++ r = extension_release_validate(ext->path, id, version_id, sysext_level, extension_release); ++ if (r == 0) ++ return sd_bus_error_set_errnof(error, SYNTHETIC_ERRNO(ESTALE), "Image %s extension-release metadata does not match the root's", ext->path); ++ if (r < 0) ++ return sd_bus_error_set_errnof(error, r, "Failed to compare image %s extension-release metadata with the root's os-release: %m", ext->path); + } + ++ *ret_image = TAKE_PTR(image); ++ *ret_extension_images = TAKE_PTR(extension_images); ++ if (ret_os_release) ++ *ret_os_release = TAKE_PTR(os_release); ++ if (ret_unit_files) ++ *ret_unit_files = TAKE_PTR(unit_files); ++ ++ return 0; ++} ++ ++int portable_extract( ++ const char *name_or_path, ++ char **matches, ++ char **extension_image_paths, ++ PortableMetadata **ret_os_release, ++ Hashmap **ret_unit_files, ++ sd_bus_error *error) { ++ ++ _cleanup_(portable_metadata_unrefp) PortableMetadata *os_release = NULL; ++ _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL; ++ _cleanup_hashmap_free_ Hashmap *unit_files = NULL; ++ _cleanup_(image_unrefp) Image *image = NULL; ++ int r; ++ ++ r = extract_image_and_extensions(name_or_path, ++ matches, ++ extension_image_paths, ++ /* validate_sysext= */ false, ++ &image, ++ &extension_images, ++ &os_release, ++ &unit_files, ++ error); ++ if (r < 0) ++ return r; ++ + if (hashmap_isempty(unit_files)) { + _cleanup_free_ char *extensions = strv_join(extension_image_paths, ", "); + if (!extensions) +@@ -1166,91 +1247,25 @@ int portable_attach( + size_t *n_changes, + sd_bus_error *error) { + +- _cleanup_free_ char *id = NULL, *version_id = NULL, *sysext_level = NULL; +- _cleanup_(portable_metadata_unrefp) PortableMetadata *os_release = NULL; + _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL; + _cleanup_hashmap_free_ Hashmap *unit_files = NULL; + _cleanup_(lookup_paths_free) LookupPaths paths = {}; + _cleanup_(image_unrefp) Image *image = NULL; + PortableMetadata *item; +- Image *ext; +- char **p; + int r; + +- assert(name_or_path); +- +- r = image_find_harder(IMAGE_PORTABLE, name_or_path, NULL, &image); +- if (r < 0) +- return r; +- if (!strv_isempty(extension_image_paths)) { +- extension_images = ordered_hashmap_new(&image_hash_ops); +- if (!extension_images) +- return -ENOMEM; +- +- STRV_FOREACH(p, extension_image_paths) { +- _cleanup_(image_unrefp) Image *new = NULL; +- +- r = image_find_harder(IMAGE_PORTABLE, *p, NULL, &new); +- if (r < 0) +- return r; +- +- r = ordered_hashmap_put(extension_images, new->name, new); +- if (r < 0) +- return r; +- TAKE_PTR(new); +- } +- } +- +- r = portable_extract_by_path(image->path, /* path_is_extension= */ false, matches, &os_release, &unit_files, error); ++ r = extract_image_and_extensions(name_or_path, ++ matches, ++ extension_image_paths, ++ /* validate_sysext= */ true, ++ &image, ++ &extension_images, ++ /* os_release= */ NULL, ++ &unit_files, ++ error); + if (r < 0) + return r; + +- /* If we are layering extension images on top of a runtime image, check that the os-release and extension-release metadata +- * match, otherwise reject it immediately as invalid, or it will fail when the units are started. */ +- if (os_release) { +- _cleanup_fclose_ FILE *f = NULL; +- +- r = take_fdopen_unlocked(&os_release->fd, "r", &f);
View file
_service:tar_scm:backport-portabled-validate-SYSEXT_LEVEL-when-attaching.patch
Added
@@ -0,0 +1,240 @@ +From 5453257f8caebbcfe880601de27853f2d51acbb7 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi <luca.boccassi@microsoft.com> +Date: Wed, 4 Aug 2021 15:00:06 +0100 +Subject: PATCH portabled: validate SYSEXT_LEVEL when attaching + +When attaching a portable service with extensions, immediately validate +that the os-release and extension-release metadata values match, rather +than letting it fail when the units are started + +(cherry picked from commit 239ac0c7f72c30cab2e84d395d064c3b7384ff84) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/5453257f8caebbcfe880601de27853f2d51acbb7 +--- + src/portable/portable.c | 88 ++++++++++++++++++++++++++++++++--------- + src/portable/portable.h | 1 + + 2 files changed, 71 insertions(+), 18 deletions(-) + +diff --git a/src/portable/portable.c b/src/portable/portable.c +index 8550becded..765aedf852 100644 +--- a/src/portable/portable.c ++++ b/src/portable/portable.c +@@ -11,8 +11,10 @@ + #include "dirent-util.h" + #include "discover-image.h" + #include "dissect-image.h" ++#include "env-file.h" + #include "errno-list.h" + #include "escape.h" ++#include "extension-release.h" + #include "fd-util.h" + #include "fileio.h" + #include "fs-util.h" +@@ -232,6 +234,8 @@ DEFINE_PRIVATE_HASH_OPS_WITH_VALUE_DESTRUCTOR(portable_metadata_hash_ops, char, + static int extract_now( + const char *where, + char **matches, ++ const char *image_name, ++ bool path_is_extension, + int socket_fd, + PortableMetadata **ret_os_release, + Hashmap **ret_unit_files) { +@@ -241,6 +245,7 @@ static int extract_now( + _cleanup_(lookup_paths_free) LookupPaths paths = {}; + _cleanup_close_ int os_release_fd = -1; + _cleanup_free_ char *os_release_path = NULL; ++ const char *os_release_id; + char **i; + int r; + +@@ -255,19 +260,27 @@ static int extract_now( + + assert(where); + +- /* First, find /etc/os-release and send it upstream (or just save it). */ +- r = open_os_release(where, &os_release_path, &os_release_fd); ++ /* First, find os-release/extension-release and send it upstream (or just save it). */ ++ if (path_is_extension) { ++ os_release_id = strjoina("/usr/lib/extension-release.d/extension-release.", image_name); ++ r = open_extension_release(where, image_name, &os_release_path, &os_release_fd); ++ } else { ++ os_release_id = "/etc/os-release"; ++ r = open_os_release(where, &os_release_path, &os_release_fd); ++ } + if (r < 0) +- log_debug_errno(r, "Couldn't acquire os-release file, ignoring: %m"); ++ log_debug_errno(r, ++ "Couldn't acquire %s file, ignoring: %m", ++ path_is_extension ? "extension-release " : "os-release"); + else { + if (socket_fd >= 0) { +- r = send_item(socket_fd, "/etc/os-release", os_release_fd); ++ r = send_item(socket_fd, os_release_id, os_release_fd); + if (r < 0) + return log_debug_errno(r, "Failed to send os-release file: %m"); + } + + if (ret_os_release) { +- os_release = portable_metadata_new("/etc/os-release", NULL, os_release_fd); ++ os_release = portable_metadata_new(os_release_id, NULL, os_release_fd); + if (!os_release) + return -ENOMEM; + +@@ -353,7 +366,7 @@ static int extract_now( + + static int portable_extract_by_path( + const char *path, +- bool extract_os_release, ++ bool path_is_extension, + char **matches, + PortableMetadata **ret_os_release, + Hashmap **ret_unit_files, +@@ -371,7 +384,7 @@ static int portable_extract_by_path( + /* We can't turn this into a loop-back block device, and this returns EISDIR? Then this is a directory + * tree and not a raw device. It's easy then. */ + +- r = extract_now(path, matches, -1, &os_release, &unit_files); ++ r = extract_now(path, matches, NULL, path_is_extension, -1, &os_release, &unit_files); + if (r < 0) + return r; + +@@ -428,7 +441,7 @@ static int portable_extract_by_path( + + seq0 = safe_close(seq0); + +- if (!extract_os_release) ++ if (path_is_extension) + flags |= DISSECT_IMAGE_VALIDATE_OS_EXT; + else + flags |= DISSECT_IMAGE_VALIDATE_OS; +@@ -439,7 +452,7 @@ static int portable_extract_by_path( + goto child_finish; + } + +- r = extract_now(tmpdir, matches, seq1, NULL, NULL); ++ r = extract_now(tmpdir, matches, m->image_name, path_is_extension, seq1, NULL, NULL); + + child_finish: + _exit(r < 0 ? EXIT_FAILURE : EXIT_SUCCESS); +@@ -485,7 +498,7 @@ static int portable_extract_by_path( + + add = NULL; + +- } else if (PORTABLE_METADATA_IS_OS_RELEASE(add)) { ++ } else if (PORTABLE_METADATA_IS_OS_RELEASE(add) || PORTABLE_METADATA_IS_EXTENSION_RELEASE(add)) { + + assert(!os_release); + os_release = TAKE_PTR(add); +@@ -499,10 +512,12 @@ static int portable_extract_by_path( + child = 0; + } + +- /* When the portable image is layered, the image with units will not +- * have a full filesystem, so no os-release - it will be in the root layer */ +- if (extract_os_release && !os_release) +- return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Image '%s' lacks os-release data, refusing.", path); ++ if (!os_release) ++ return sd_bus_error_setf(error, ++ SD_BUS_ERROR_INVALID_ARGS, ++ "Image '%s' lacks %s data, refusing.", ++ path, ++ path_is_extension ? "extension-release" : "os-release"); + + if (ret_unit_files) + *ret_unit_files = TAKE_PTR(unit_files); +@@ -555,14 +570,14 @@ int portable_extract( + } + } + +- r = portable_extract_by_path(image->path, true, matches, &os_release, &unit_files, error); ++ r = portable_extract_by_path(image->path, /* path_is_extension= */ false, matches, &os_release, &unit_files, error); + if (r < 0) + return r; + + ORDERED_HASHMAP_FOREACH(ext, extension_images) { + _cleanup_hashmap_free_ Hashmap *extra_unit_files = NULL; + +- r = portable_extract_by_path(ext->path, false, matches, NULL, &extra_unit_files, error); ++ r = portable_extract_by_path(ext->path, /* path_is_extension= */ true, matches, NULL, &extra_unit_files, error); + if (r < 0) + return r; + r = hashmap_move(unit_files, extra_unit_files); +@@ -1151,6 +1166,8 @@ int portable_attach( + size_t *n_changes, + sd_bus_error *error) { + ++ _cleanup_free_ char *id = NULL, *version_id = NULL, *sysext_level = NULL; ++ _cleanup_(portable_metadata_unrefp) PortableMetadata *os_release = NULL; + _cleanup_ordered_hashmap_free_ OrderedHashmap *extension_images = NULL; + _cleanup_hashmap_free_ Hashmap *unit_files = NULL; + _cleanup_(lookup_paths_free) LookupPaths paths = {}; +@@ -1184,16 +1201,51 @@ int portable_attach( + } + } + +- r = portable_extract_by_path(image->path, true, matches, NULL, &unit_files, error); ++ r = portable_extract_by_path(image->path, /* path_is_extension= */ false, matches, &os_release, &unit_files, error); + if (r < 0) + return r; + ++ /* If we are layering extension images on top of a runtime image, check that the os-release and extension-release metadata ++ * match, otherwise reject it immediately as invalid, or it will fail when the units are started. */ ++ if (os_release) { ++ _cleanup_fclose_ FILE *f = NULL; ++ ++ r = take_fdopen_unlocked(&os_release->fd, "r", &f); ++ if (r < 0) ++ return r; ++ ++ r = parse_env_file(f, os_release->name, ++ "ID", &id, ++ "VERSION_ID", &version_id, ++ "SYSEXT_LEVEL", &sysext_level); ++ if (r < 0) ++ return r; ++ } ++ + ORDERED_HASHMAP_FOREACH(ext, extension_images) { ++ _cleanup_(portable_metadata_unrefp) PortableMetadata *extension_release_meta = NULL;
View file
_service:tar_scm:backport-process-util-wait-for-processes-we-killed-even-if-ki.patch
Added
@@ -0,0 +1,46 @@ +From deda69dad784f9c4367533555ff4d7bf6308c0ff Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Wed, 3 Nov 2021 15:54:28 +0100 +Subject: PATCH process-util: wait for processes we killed even if killing + failed + +The processes might be zombies in which case killing will fail, but +reaping them still matters. + +(cherry picked from commit 2c1612100daae9cef1b71c06ae4c4ec5f9378f09) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/deda69dad784f9c4367533555ff4d7bf6308c0ff +--- + src/basic/process-util.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/basic/process-util.c b/src/basic/process-util.c +index 14259ea8df..461bbfe9a5 100644 +--- a/src/basic/process-util.c ++++ b/src/basic/process-util.c +@@ -858,8 +858,8 @@ int wait_for_terminate_with_timeout(pid_t pid, usec_t timeout) { + void sigkill_wait(pid_t pid) { + assert(pid > 1); + +- if (kill(pid, SIGKILL) >= 0) +- (void) wait_for_terminate(pid, NULL); ++ (void) kill(pid, SIGKILL); ++ (void) wait_for_terminate(pid, NULL); + } + + void sigkill_waitp(pid_t *pid) { +@@ -876,8 +876,8 @@ void sigkill_waitp(pid_t *pid) { + void sigterm_wait(pid_t pid) { + assert(pid > 1); + +- if (kill_and_sigcont(pid, SIGTERM) >= 0) +- (void) wait_for_terminate(pid, NULL); ++ (void) kill_and_sigcont(pid, SIGTERM); ++ (void) wait_for_terminate(pid, NULL); + } + + int kill_and_sigcont(pid_t pid, int sig) { +-- +2.33.0 +
View file
_service:tar_scm:backport-random-util-use-ssize_t-for-getrandom-return-value.patch
Added
@@ -0,0 +1,81 @@ +From a7ba75de06efb5a1d962c4b250f66e49e1d3ac6a Mon Sep 17 00:00:00 2001 +From: Mike Gilbert <floppym@gentoo.org> +Date: Fri, 24 Dec 2021 19:20:36 -0500 +Subject: PATCH random-util: use ssize_t for getrandom return value + +This matches the prototype provided by glibc. + +(cherry picked from commit 289b41aae7356b7a6c72ff4a3476193a084ff33f) +(cherry picked from commit 4d889024ef5ba1edc5d967a010a2551e0826e5d7) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/a7ba75de06efb5a1d962c4b250f66e49e1d3ac6a +--- + src/basic/missing_syscall.h | 3 ++- + src/basic/random-util.c | 16 ++++++++-------- + 2 files changed, 10 insertions(+), 9 deletions(-) + +diff --git a/src/basic/missing_syscall.h b/src/basic/missing_syscall.h +index 9e3a165857..279c5911bd 100644 +--- a/src/basic/missing_syscall.h ++++ b/src/basic/missing_syscall.h +@@ -57,7 +57,8 @@ static inline int missing_memfd_create(const char *name, unsigned int flags) { + /* ======================================================================= */ + + #if !HAVE_GETRANDOM +-static inline int missing_getrandom(void *buffer, size_t count, unsigned flags) { ++/* glibc says getrandom() returns ssize_t */ ++static inline ssize_t missing_getrandom(void *buffer, size_t count, unsigned flags) { + # ifdef __NR_getrandom + return syscall(__NR_getrandom, buffer, count, flags); + # else +diff --git a/src/basic/random-util.c b/src/basic/random-util.c +index c2be962355..e117330857 100644 +--- a/src/basic/random-util.c ++++ b/src/basic/random-util.c +@@ -161,7 +161,6 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) { + static int have_syscall = -1; + _cleanup_close_ int fd = -1; + bool got_some = false; +- int r; + + /* Gathers some high-quality randomness from the kernel (or potentially mid-quality randomness from + * the CPU if the RANDOM_ALLOW_RDRAND flag is set). This call won't block, unless the RANDOM_BLOCK +@@ -220,18 +219,19 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) { + if (have_syscall != 0 && !HAS_FEATURE_MEMORY_SANITIZER) { + + for (;;) { +- r = getrandom(p, n, ++ ssize_t l; ++ l = getrandom(p, n, + (FLAGS_SET(flags, RANDOM_BLOCK) ? 0 : GRND_NONBLOCK) | + (FLAGS_SET(flags, RANDOM_ALLOW_INSECURE) ? GRND_INSECURE : 0)); +- if (r > 0) { ++ if (l > 0) { + have_syscall = true; + +- if ((size_t) r == n) ++ if ((size_t) l == n) + return 0; /* Yay, success! */ + +- assert((size_t) r < n); +- p = (uint8_t*) p + r; +- n -= r; ++ assert((size_t) l < n); ++ p = (uint8_t*) p + l; ++ n -= l; + + if (FLAGS_SET(flags, RANDOM_EXTEND_WITH_PSEUDO)) { + /* Fill in the remaining bytes using pseudo-random values */ +@@ -248,7 +248,7 @@ int genuine_random_bytes(void *p, size_t n, RandomFlags flags) { + /* Fill in the rest with /dev/urandom */ + break; + +- } else if (r == 0) { ++ } else if (l == 0) { + have_syscall = true; + return -EIO; + +-- +2.33.0 +
View file
_service:tar_scm:backport-repart-use-real-disk-start-end-for-bar-production.patch
Added
@@ -0,0 +1,48 @@ +From 0c3c3db042a24d11da7accf777029fbaf8db5a29 Mon Sep 17 00:00:00 2001 +From: Tom Yan <tom.ty89@gmail.com> +Date: Mon, 20 Dec 2021 01:30:38 +0800 +Subject: PATCH repart: use real disk start/end for bar production + +Partitions are not always within our aligned scope. Bar printing +involves foreign partitions as well. + +Fixes #21817. + +(cherry picked from commit d8daed09f37bc9f8ecb9268a4e371f65aec8b24a) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/0c3c3db042a24d11da7accf777029fbaf8db5a29 +--- + src/partition/repart.c | 14 ++++++-------- + 1 file changed, 6 insertions(+), 8 deletions(-) + +diff --git a/src/partition/repart.c b/src/partition/repart.c +index 7602ac6aa8..9f0fe9e10d 100644 +--- a/src/partition/repart.c ++++ b/src/partition/repart.c +@@ -2103,16 +2103,14 @@ static void context_bar_char_process_partition( + from = p->offset; + to = from + p->new_size; + +- assert(context->end >= context->start); +- total = context->end - context->start; ++ assert(context->total > 0); ++ total = context->total; + +- assert(from >= context->start); +- assert(from <= context->end); +- x = (from - context->start) * n / total; ++ assert(from <= total); ++ x = from * n / total; + +- assert(to >= context->start); +- assert(to <= context->end); +- y = (to - context->start) * n / total; ++ assert(to <= total); ++ y = to * n / total; + + assert(x <= y); + assert(y <= n); +-- +2.33.0 +
View file
_service:tar_scm:backport-repart-use-right-error-variable.patch
Added
@@ -0,0 +1,38 @@ +From b57f76bff912de738a8da8feceb298160bebab26 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Tue, 5 Oct 2021 14:10:27 +0200 +Subject: PATCH repart: use right error variable + +(cherry picked from commit 8ac04a65477b59c9143b635c0c0daa5152d9b466) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/b57f76bff912de738a8da8feceb298160bebab26 +--- + src/partition/repart.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/partition/repart.c b/src/partition/repart.c +index 851c68cc4b..3c80d1380a 100644 +--- a/src/partition/repart.c ++++ b/src/partition/repart.c +@@ -2784,7 +2784,7 @@ static int context_copy_blocks(Context *context) { + return log_error_errno(r, "Failed to copy in data from '%s': %m", p->copy_blocks_path); + + if (fsync(target_fd) < 0) +- return log_error_errno(r, "Failed to synchronize copied data blocks: %m"); ++ return log_error_errno(errno, "Failed to synchronize copied data blocks: %m"); + + if (p->encrypt != ENCRYPT_OFF) { + encrypted_dev_fd = safe_close(encrypted_dev_fd); +@@ -3060,7 +3060,7 @@ static int context_mkfs(Context *context) { + + if (p->encrypt != ENCRYPT_OFF) { + if (fsync(encrypted_dev_fd) < 0) +- return log_error_errno(r, "Failed to synchronize LUKS volume: %m"); ++ return log_error_errno(errno, "Failed to synchronize LUKS volume: %m"); + encrypted_dev_fd = safe_close(encrypted_dev_fd); + + r = deactivate_luks(cd, encrypted); +-- +2.33.0 +
View file
_service:tar_scm:backport-resolvconf-compat-make-u-operation-a-NOP.patch
Added
@@ -0,0 +1,57 @@ +From 4fe53426991e829c0add9378d91f3677a23076fd Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Wed, 29 Sep 2021 10:48:24 +0200 +Subject: PATCH resolvconf-compat: make "-u" operation a NOP + +According to the various man pages of "resolvconf" the -u switch is for: + +"-u Just run the update scripts (if updating is enabled)." + +"-u Force resolvconf to update all its subscribers. resolvconf does not + update the subscribers when adding a resolv.conf that matches what + it already has for that interface." + +We have no "subscribers", we ourselves are the only "subscriber" we +support. Hence it's probably better to ignore such a request and make it +a NOP, then to fail. + +Fixes: #20748 +(cherry picked from commit bee07a399572e0d60600c040a84099ecb418ed33) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/4fe53426991e829c0add9378d91f3677a23076fd +--- + src/resolve/resolvconf-compat.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/src/resolve/resolvconf-compat.c b/src/resolve/resolvconf-compat.c +index 93ded6d564..991c62e21d 100644 +--- a/src/resolve/resolvconf-compat.c ++++ b/src/resolve/resolvconf-compat.c +@@ -39,8 +39,8 @@ static int resolvconf_help(void) { + "This is a compatibility alias for the resolvectl(1) tool, providing native\n" + "command line compatibility with the resolvconf(8) tool of various Linux\n" + "distributions and BSD systems. Some options supported by other implementations\n" +- "are not supported and are ignored: -m, -p. Various options supported by other\n" +- "implementations are not supported and will cause the invocation to fail: -u,\n" ++ "are not supported and are ignored: -m, -p, -u. Various options supported by other\n" ++ "implementations are not supported and will cause the invocation to fail:\n" + "-I, -i, -l, -R, -r, -v, -V, --enable-updates, --disable-updates,\n" + "--updates-are-enabled.\n" + "\nSee the %2$s for details.\n", +@@ -171,8 +171,11 @@ int resolvconf_parse_argv(int argc, char *argv) { + log_debug("Switch -%c ignored.", c); + break; + +- /* Everybody else can agree on the existence of -u but we don't support it. */ ++ /* -u supposedly should "update all subscribers". We have no subscribers, hence let's make ++ this a NOP, and exit immediately, cleanly. */ + case 'u': ++ log_info("Switch -%c ignored.", c); ++ return 0; + + /* The following options are openresolv inventions we don't support. */ + case 'I': +-- +2.33.0 +
View file
_service:tar_scm:backport-resolve-add-reference-of-the-original-bus-message-to.patch
Added
@@ -0,0 +1,34 @@ +From 965e8b5a691d05b32ecadbe1d4d00de2200492c2 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 11 Feb 2022 09:43:16 +0900 +Subject: PATCH resolve: add reference of the original bus message to the aux + queries + +Otherwise, the error in aux queries cannot be replied. + +Fixes #22477. + +(cherry picked from commit 08275791d85a1852e79951212f6cbbc727db789a) +(cherry picked from commit 919d398668d2baa1873e61f7f502fac910a9d606) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/965e8b5a691d05b32ecadbe1d4d00de2200492c2 +--- + src/resolve/resolved-bus.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c +index ed06895ed9..61d4b50c5b 100644 +--- a/src/resolve/resolved-bus.c ++++ b/src/resolve/resolved-bus.c +@@ -1137,6 +1137,7 @@ static int resolve_service_hostname(DnsQuery *q, DnsResourceRecord *rr, int ifin + if (r < 0) + return r; + ++ aux->bus_request = sd_bus_message_ref(q->bus_request); + aux->request_family = q->request_family; + aux->complete = resolve_service_hostname_complete; + +-- +2.33.0 +
View file
_service:tar_scm:backport-resolve-drop-never-matched-condition.patch
Added
@@ -0,0 +1,49 @@ +From 7b99795c46d4cd61501a31364894f13ac3a9e60d Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 23 Feb 2022 07:49:40 +0900 +Subject: PATCH resolve: drop never matched condition + +As dns_scope_good_domain() does not return negative errno. + +(cherry picked from commit 830f50ab1e03fa7ee262876ed42023d10e89688d) +(cherry picked from commit 499115dbc3408f9a85160099e114bbaf0bacfe84) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/7b99795c46d4cd61501a31364894f13ac3a9e60d +--- + src/resolve/resolved-dns-query.c | 12 ++---------- + 1 file changed, 2 insertions(+), 10 deletions(-) + +diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c +index 192bfd3bf5..4d15240e25 100644 +--- a/src/resolve/resolved-dns-query.c ++++ b/src/resolve/resolved-dns-query.c +@@ -743,11 +743,7 @@ int dns_query_go(DnsQuery *q) { + continue; + + match = dns_scope_good_domain(s, q->ifindex, q->flags, name); +- if (match < 0) { +- log_debug("Couldn't check if '%s' matches against scope, ignoring.", name); +- continue; +- } +- ++ assert(match >= 0); + if (match > found) { /* Does this match better? If so, remember how well it matched, and the first one + * that matches this well */ + found = match; +@@ -779,11 +775,7 @@ int dns_query_go(DnsQuery *q) { + continue; + + match = dns_scope_good_domain(s, q->ifindex, q->flags, name); +- if (match < 0) { +- log_debug("Couldn't check if '%s' matches against scope, ignoring.", name); +- continue; +- } +- ++ assert(match >= 0); + if (match < found) + continue; + +-- +2.33.0 +
View file
_service:tar_scm:backport-resolve-fix-assertion-triggered-when-r-0.patch
Added
@@ -0,0 +1,35 @@ +From bfa7063dac7173858ddddda7c49eda95a9dd89bf Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Thu, 20 Jan 2022 05:24:31 +0900 +Subject: PATCH resolve: fix assertion triggered when r == 0 + +Fixes #22178. + +(cherry picked from commit 98b1eb711cfc70776fefd3d4ec437a6a4f9aeff2) +(cherry picked from commit 740dd39e070b3b827cbac37df2a40d61bd9cdb89) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/bfa7063dac7173858ddddda7c49eda95a9dd89bf +--- + src/resolve/resolved-etc-hosts.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/resolve/resolved-etc-hosts.c b/src/resolve/resolved-etc-hosts.c +index 9af3a27bb1..a8da6c3d88 100644 +--- a/src/resolve/resolved-etc-hosts.c ++++ b/src/resolve/resolved-etc-hosts.c +@@ -109,7 +109,10 @@ static int parse_line(EtcHosts *hosts, unsigned nr, const char *line) { + + r = dns_name_is_valid_ldh(name); + if (r <= 0) { +- log_warning_errno(r, "/etc/hosts:%u: hostname \"%s\" is not valid, ignoring.", nr, name); ++ if (r < 0) ++ log_warning_errno(r, "/etc/hosts:%u: Failed to check the validity of hostname \"%s\", ignoring: %m", nr, name); ++ else ++ log_warning("/etc/hosts:%u: hostname \"%s\" is not valid, ignoring.", nr, name); + continue; + } + +-- +2.33.0 +
View file
_service:tar_scm:backport-resolve-fix-heap-buffer-overflow-reported-by-ASAN-wi.patch
Added
@@ -0,0 +1,34 @@ +From c285d500d0fe356f74f34846bc2ac0e25fe6ae42 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 8 Jul 2022 22:00:58 +0900 +Subject: PATCH resolve: fix heap-buffer-overflow reported by ASAN with + strict_string_checks=1 + +Fixes #23942. + +(cherry picked from commit beeab352de413e1c04de0a67ee36525fcf6e99dd) +(cherry picked from commit feb244676baa246e660b713544c2cb8766c25b34) +(cherry picked from commit 63c0ce2346cb70a2959bd539541119866223a619) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/c285d500d0fe356f74f34846bc2ac0e25fe6ae42 +--- + src/resolve/resolved-dns-packet.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c +index b37f57fe67..c4cfbf7820 100644 +--- a/src/resolve/resolved-dns-packet.c ++++ b/src/resolve/resolved-dns-packet.c +@@ -1393,7 +1393,7 @@ int dns_packet_read_string(DnsPacket *p, char **ret, size_t *start) { + if (memchr(d, 0, c)) + return -EBADMSG; + +- t = strndup(d, c); ++ t = memdup_suffix0(d, c); + if (!t) + return -ENOMEM; + +-- +2.27.0 +
View file
_service:tar_scm:backport-resolve-fix-possible-memleak.patch
Added
@@ -0,0 +1,41 @@ +From 11f8123bbf36801ec436dc77d42a8e253eed1fb7 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sat, 5 Feb 2022 22:03:19 +0900 +Subject: PATCH resolve: fix possible memleak + +Fortunately, unlike the issue fixed in the previous commit, the memleak +should be superficial and not become apparent, as the queries handled +here are managed by the stub stream, and will be freed when the stream +is closed. + +Just for safety, and slightly reducing the runtime memory usage by the +stub stream. + +(cherry picked from commit fe8c5ce615ee2123f17b1f0b3728c439e19e4b5b) +(cherry picked from commit 4dbc210124b4303ecadb6cdb28a4a4c821e1150b) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/11f8123bbf36801ec436dc77d42a8e253eed1fb7 +--- + src/resolve/resolved-dns-stub.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/resolve/resolved-dns-stub.c b/src/resolve/resolved-dns-stub.c +index 49da916576..8040db70f9 100644 +--- a/src/resolve/resolved-dns-stub.c ++++ b/src/resolve/resolved-dns-stub.c +@@ -755,8 +755,10 @@ static void dns_stub_query_complete(DnsQuery *q) { + * packet doesn't answer our question. In that case let's restart the query, + * now with the redirected question. We'll */ + r = dns_query_go(q); +- if (r < 0) ++ if (r < 0) { + log_debug_errno(r, "Failed to restart query: %m"); ++ dns_query_free(q); ++ } + + return; + } +-- +2.33.0 +
View file
_service:tar_scm:backport-resolve-fix-potential-memleak-and-use-after-free.patch
Added
@@ -0,0 +1,40 @@ +From 8baf04a6588bd392f606a3d55b0711cdd00b4b80 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sat, 5 Feb 2022 21:37:01 +0900 +Subject: PATCH resolve: fix potential memleak and use-after-free + +When stub stream is closed early, then queries associated to the stream +are freed. Previously, the timer event source for queries may not be +disabled, hence may be triggered with already freed query. +See also dns_stub_stream_complete(). + +Note that we usually not set NULL or zero when freeing simple objects. +But, here DnsQuery is large and complicated object, and the element may +be referenced in subsequent freeing process in the future. Hence, for +safety, let's set NULL to the pointer. + +(cherry picked from commit 73bfd7be042cc63e7649242b377ad494bf74ea4b) +(cherry picked from commit d82bd80cf4e7659906a502735b20a45964b55a88) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/8baf04a6588bd392f606a3d55b0711cdd00b4b80 +--- + src/resolve/resolved-dns-query.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c +index 7f341986d9..6d372395fe 100644 +--- a/src/resolve/resolved-dns-query.c ++++ b/src/resolve/resolved-dns-query.c +@@ -381,6 +381,8 @@ DnsQuery *dns_query_free(DnsQuery *q) { + if (!q) + return NULL; + ++ q->timeout_event_source = sd_event_source_disable_unref(q->timeout_event_source); ++ + while (q->auxiliary_queries) + dns_query_free(q->auxiliary_queries); + +-- +2.33.0 +
View file
_service:tar_scm:backport-resolve-make-dns_scope_good_domain-take-DnsQuery.patch
Added
@@ -0,0 +1,116 @@ +From 8cc818cdc726c8185387b413e8a2f31e00d7c185 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 23 Feb 2022 07:50:30 +0900 +Subject: PATCH resolve: make dns_scope_good_domain() take DnsQuery* + +(cherry picked from commit 176a9a2cca47f7c1553d96f7dd51c2193a269dbc) +(cherry picked from commit 54ab65f5f3da22985126dc3ae846a777d6b555a9) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/8cc818cdc726c8185387b413e8a2f31e00d7c185 +--- + src/resolve/resolved-dns-query.c | 14 ++------------ + src/resolve/resolved-dns-scope.c | 21 +++++++++++++++++---- + src/resolve/resolved-dns-scope.h | 4 ++-- + 3 files changed, 21 insertions(+), 18 deletions(-) + +diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c +index 4d15240e25..24cd7cddf5 100644 +--- a/src/resolve/resolved-dns-query.c ++++ b/src/resolve/resolved-dns-query.c +@@ -736,13 +736,8 @@ int dns_query_go(DnsQuery *q) { + + LIST_FOREACH(scopes, s, q->manager->dns_scopes) { + DnsScopeMatch match; +- const char *name; + +- name = dns_question_first_name(dns_query_question_for_protocol(q, s->protocol)); +- if (!name) +- continue; +- +- match = dns_scope_good_domain(s, q->ifindex, q->flags, name); ++ match = dns_scope_good_domain(s, q); + assert(match >= 0); + if (match > found) { /* Does this match better? If so, remember how well it matched, and the first one + * that matches this well */ +@@ -768,13 +763,8 @@ int dns_query_go(DnsQuery *q) { + + LIST_FOREACH(scopes, s, first->scopes_next) { + DnsScopeMatch match; +- const char *name; +- +- name = dns_question_first_name(dns_query_question_for_protocol(q, s->protocol)); +- if (!name) +- continue; + +- match = dns_scope_good_domain(s, q->ifindex, q->flags, name); ++ match = dns_scope_good_domain(s, q); + assert(match >= 0); + if (match < found) + continue; +diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c +index 2546d0d4da..47edba6bc3 100644 +--- a/src/resolve/resolved-dns-scope.c ++++ b/src/resolve/resolved-dns-scope.c +@@ -584,11 +584,13 @@ static DnsScopeMatch match_subnet_reverse_lookups( + + DnsScopeMatch dns_scope_good_domain( + DnsScope *s, +- int ifindex, +- uint64_t flags, +- const char *domain) { ++ DnsQuery *q) { + ++ DnsQuestion *question; + DnsSearchDomain *d; ++ const char *domain; ++ uint64_t flags; ++ int ifindex; + + /* This returns the following return values: + * +@@ -602,7 +604,18 @@ DnsScopeMatch dns_scope_good_domain( + */ + + assert(s); +- assert(domain); ++ assert(q); ++ ++ question = dns_query_question_for_protocol(q, s->protocol); ++ if (!question) ++ return DNS_SCOPE_NO; ++ ++ domain = dns_question_first_name(question); ++ if (!domain) ++ return DNS_SCOPE_NO; ++ ++ ifindex = q->ifindex; ++ flags = q->flags; + + /* Checks if the specified domain is something to look up on this scope. Note that this accepts + * non-qualified hostnames, i.e. those without any search path suffixed. */ +diff --git a/src/resolve/resolved-dns-scope.h b/src/resolve/resolved-dns-scope.h +index a2b9546b38..1f9d22b7d1 100644 +--- a/src/resolve/resolved-dns-scope.h ++++ b/src/resolve/resolved-dns-scope.h +@@ -10,7 +10,7 @@ typedef struct DnsScope DnsScope; + #include "resolved-dns-cache.h" + #include "resolved-dns-dnssec.h" + #include "resolved-dns-packet.h" +- ++#include "resolved-dns-query.h" + #include "resolved-dns-search-domain.h" + #include "resolved-dns-server.h" + #include "resolved-dns-stream.h" +@@ -76,7 +76,7 @@ int dns_scope_emit_udp(DnsScope *s, int fd, int af, DnsPacket *p); + int dns_scope_socket_tcp(DnsScope *s, int family, const union in_addr_union *address, DnsServer *server, uint16_t port, union sockaddr_union *ret_socket_address); + int dns_scope_socket_udp(DnsScope *s, DnsServer *server); + +-DnsScopeMatch dns_scope_good_domain(DnsScope *s, int ifindex, uint64_t flags, const char *domain); ++DnsScopeMatch dns_scope_good_domain(DnsScope *s, DnsQuery *q); + bool dns_scope_good_key(DnsScope *s, const DnsResourceKey *key); + + DnsServer *dns_scope_get_dns_server(DnsScope *s); +-- +2.33.0 +
View file
_service:tar_scm:backport-resolve-mdns_packet_extract_matching_rrs-may-return-.patch
Added
@@ -0,0 +1,42 @@ +From 9b1f4d855aa7b16b425545fdd888dbef918d1daa Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Mon, 4 Jul 2022 11:23:33 +0900 +Subject: PATCH resolve: mdns_packet_extract_matching_rrs() may return 0 + +Fixes the following assertion: + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/9b1f4d855aa7b16b425545fdd888dbef918d1daa +--- +Assertion 'r > 0' failed at src/resolve/resolved-mdns.c:180, function mdns_do_tiebreak(). Aborting. + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/9b1f4d855aa7b16b425545fdd888dbef918d1daa +--- + +(cherry picked from commit f2605af1f2e770818bbc6bad2561acdbd25a38ad) +(cherry picked from commit 0070302b3cdc1350bf7bfd5d032dbea420f4ed40) +(cherry picked from commit 30d24c8df600545d1878a868bcd409e65479af77) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/9b1f4d855aa7b16b425545fdd888dbef918d1daa +--- + src/resolve/resolved-mdns.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/src/resolve/resolved-mdns.c b/src/resolve/resolved-mdns.c +index 24241249b1..8c8ee81da1 100644 +--- a/src/resolve/resolved-mdns.c ++++ b/src/resolve/resolved-mdns.c +@@ -165,8 +165,6 @@ static int mdns_do_tiebreak(DnsResourceKey *key, DnsAnswer *answer, DnsPacket *p + if (r < 0) + return r; + +- assert(r > 0); +- + if (proposed_rrs_cmp(remote, r, our, size) > 0) + return 1; + +-- +2.27.0 +
View file
_service:tar_scm:backport-resolve-refuse-AF_UNSPEC-when-resolving-address.patch
Added
@@ -0,0 +1,32 @@ +From 63590abb5dd48fbcc8c0dfc5dfc1ee088382d5f7 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 11 Feb 2022 09:49:13 +0900 +Subject: PATCH resolve: refuse AF_UNSPEC when resolving address + +Fixes #22480. + +(cherry picked from commit 0234f0c0531682e7f28a4ef51852c102c6e97267) +(cherry picked from commit 084c88983eaecbf23e113db5a7ee11f94b60472b) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/63590abb5dd48fbcc8c0dfc5dfc1ee088382d5f7 +--- + src/resolve/resolved-varlink.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/resolve/resolved-varlink.c b/src/resolve/resolved-varlink.c +index 6f4ab425ef..9a61b19e61 100644 +--- a/src/resolve/resolved-varlink.c ++++ b/src/resolve/resolved-varlink.c +@@ -484,7 +484,7 @@ static int vl_method_resolve_address(Varlink *link, JsonVariant *parameters, Var + if (p.ifindex < 0) + return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("ifindex")); + +- if (!IN_SET(p.family, AF_UNSPEC, AF_INET, AF_INET6)) ++ if (!IN_SET(p.family, AF_INET, AF_INET6)) + return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("family")); + + if (FAMILY_ADDRESS_SIZE(p.family) != p.address_size) +-- +2.33.0 +
View file
_service:tar_scm:backport-resolve-remove-server-large-level.patch
Added
@@ -0,0 +1,152 @@ +From 0bc9811acfd2535bf8a7a16a3903a2c22df206c9 Mon Sep 17 00:00:00 2001 +From: Dan Streetman <ddstreet@canonical.com> +Date: Fri, 20 Aug 2021 14:44:35 -0400 +Subject: PATCH resolve: remove server 'large' level + +This removes the DNS_SERVER_FEATURE_LEVEL_LARGE, and sets the EDNS0 +advertised max packet size as if always in 'large' mode. + +Without this, we always send out EDNS0 opts that limit response sizes +to 512 bytes, thus the remote server will never send anything larger +and will always truncate responses larger than 512 bytes, forcing us +to drop from EDNS0 down to TCP, even though one of the primary benefits +of EDNS0 is larger packet sizes. + +Fixes: #20993 +(cherry picked from commit 526fce97afe130f71dba3bd4646196bbb1188b82) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/0bc9811acfd2535bf8a7a16a3903a2c22df206c9 +--- + src/resolve/resolved-dns-server.c | 63 +++++++++++-------------------- + src/resolve/resolved-dns-server.h | 3 +- + 2 files changed, 24 insertions(+), 42 deletions(-) + +diff --git a/src/resolve/resolved-dns-server.c b/src/resolve/resolved-dns-server.c +index 58a1376708..a21148d288 100644 +--- a/src/resolve/resolved-dns-server.c ++++ b/src/resolve/resolved-dns-server.c +@@ -282,11 +282,6 @@ void dns_server_packet_received(DnsServer *s, int protocol, DnsServerFeatureLeve + if (s->packet_bad_opt && level >= DNS_SERVER_FEATURE_LEVEL_EDNS0) + level = DNS_SERVER_FEATURE_LEVEL_EDNS0 - 1; + +- /* Even if we successfully receive a reply to a request announcing support for large packets, that +- * does not mean we can necessarily receive large packets. */ +- if (level == DNS_SERVER_FEATURE_LEVEL_LARGE) +- level = DNS_SERVER_FEATURE_LEVEL_LARGE - 1; +- + dns_server_verified(s, level); + + /* Remember the size of the largest UDP packet fragment we received from a server, we know that we +@@ -429,7 +424,7 @@ DnsServerFeatureLevel dns_server_possible_feature_level(DnsServer *s) { + * better than EDNS0, hence don't even try. */ + if (dns_server_get_dnssec_mode(s) != DNSSEC_NO) + best = dns_server_get_dns_over_tls_mode(s) == DNS_OVER_TLS_NO ? +- DNS_SERVER_FEATURE_LEVEL_LARGE : ++ DNS_SERVER_FEATURE_LEVEL_DO : + DNS_SERVER_FEATURE_LEVEL_TLS_DO; + else + best = dns_server_get_dns_over_tls_mode(s) == DNS_OVER_TLS_NO ? +@@ -597,7 +592,7 @@ DnsServerFeatureLevel dns_server_possible_feature_level(DnsServer *s) { + } + + int dns_server_adjust_opt(DnsServer *server, DnsPacket *packet, DnsServerFeatureLevel level) { +- size_t packet_size; ++ size_t packet_size, udp_size; + bool edns_do; + int r; + +@@ -616,40 +611,29 @@ int dns_server_adjust_opt(DnsServer *server, DnsPacket *packet, DnsServerFeature + + edns_do = level >= DNS_SERVER_FEATURE_LEVEL_DO; + +- if (level == DNS_SERVER_FEATURE_LEVEL_LARGE) { +- size_t udp_size; +- +- /* In large mode, advertise the local MTU, in order to avoid fragmentation (for security +- * reasons) – except if we are talking to localhost (where the security considerations don't +- * matter). If we see fragmentation, lower the reported size to the largest fragment, to +- * avoid it. */ +- +- udp_size = udp_header_size(server->family); +- +- if (in_addr_is_localhost(server->family, &server->address) > 0) +- packet_size = 65536 - udp_size; /* force linux loopback MTU if localhost address */ +- else { +- /* Use the MTU pointing to the server, subtract the IP/UDP header size */ +- packet_size = LESS_BY(dns_server_get_mtu(server), udp_size); ++ udp_size = udp_header_size(server->family); + +- /* On the Internet we want to avoid fragmentation for security reasons. If we saw +- * fragmented packets, the above was too large, let's clamp it to the largest +- * fragment we saw */ +- if (server->packet_fragmented) +- packet_size = MIN(server->received_udp_fragment_max, packet_size); +- +- /* Let's not pick ridiculously large sizes, i.e. not more than 4K. No one appears +- * to ever use such large sized on the Internet IRL, hence let's not either. */ +- packet_size = MIN(packet_size, 4096U); +- } ++ if (in_addr_is_localhost(server->family, &server->address) > 0) ++ packet_size = 65536 - udp_size; /* force linux loopback MTU if localhost address */ ++ else { ++ /* Use the MTU pointing to the server, subtract the IP/UDP header size */ ++ packet_size = LESS_BY(dns_server_get_mtu(server), udp_size); ++ ++ /* On the Internet we want to avoid fragmentation for security reasons. If we saw ++ * fragmented packets, the above was too large, let's clamp it to the largest ++ * fragment we saw */ ++ if (server->packet_fragmented) ++ packet_size = MIN(server->received_udp_fragment_max, packet_size); ++ ++ /* Let's not pick ridiculously large sizes, i.e. not more than 4K. No one appears ++ * to ever use such large sized on the Internet IRL, hence let's not either. */ ++ packet_size = MIN(packet_size, 4096U); ++ } + +- /* Strictly speaking we quite possibly can receive larger datagrams than the MTU (since the +- * MTU is for egress, not for ingress), but more often than not the value is symmetric, and +- * we want something that does the right thing in the majority of cases, and not just in the +- * theoretical edge case. */ +- } else +- /* In non-large mode, let's advertise the size of the largest fragment we ever managed to accept. */ +- packet_size = server->received_udp_fragment_max; ++ /* Strictly speaking we quite possibly can receive larger datagrams than the MTU (since the ++ * MTU is for egress, not for ingress), but more often than not the value is symmetric, and ++ * we want something that does the right thing in the majority of cases, and not just in the ++ * theoretical edge case. */ + + /* Safety clamp, never advertise less than 512 or more than 65535 */ + packet_size = CLAMP(packet_size, +@@ -1097,7 +1081,6 @@ static const char* const dns_server_feature_level_table_DNS_SERVER_FEATURE_LEVE + DNS_SERVER_FEATURE_LEVEL_EDNS0 = "UDP+EDNS0", + DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN = "TLS+EDNS0", + DNS_SERVER_FEATURE_LEVEL_DO = "UDP+EDNS0+DO", +- DNS_SERVER_FEATURE_LEVEL_LARGE = "UDP+EDNS0+DO+LARGE", + DNS_SERVER_FEATURE_LEVEL_TLS_DO = "TLS+EDNS0+D0", + }; + DEFINE_STRING_TABLE_LOOKUP(dns_server_feature_level, DnsServerFeatureLevel); +diff --git a/src/resolve/resolved-dns-server.h b/src/resolve/resolved-dns-server.h +index fe0eaee49c..be9efb0a79 100644 +--- a/src/resolve/resolved-dns-server.h ++++ b/src/resolve/resolved-dns-server.h +@@ -32,7 +32,6 @@ typedef enum DnsServerFeatureLevel { + DNS_SERVER_FEATURE_LEVEL_EDNS0, + DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN, + DNS_SERVER_FEATURE_LEVEL_DO, +- DNS_SERVER_FEATURE_LEVEL_LARGE, + DNS_SERVER_FEATURE_LEVEL_TLS_DO, + _DNS_SERVER_FEATURE_LEVEL_MAX, + _DNS_SERVER_FEATURE_LEVEL_INVALID = -EINVAL, +@@ -43,7 +42,7 @@ typedef enum DnsServerFeatureLevel { + #define DNS_SERVER_FEATURE_LEVEL_IS_EDNS0(x) ((x) >= DNS_SERVER_FEATURE_LEVEL_EDNS0) + #define DNS_SERVER_FEATURE_LEVEL_IS_TLS(x) IN_SET(x, DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN, DNS_SERVER_FEATURE_LEVEL_TLS_DO) + #define DNS_SERVER_FEATURE_LEVEL_IS_DNSSEC(x) ((x) >= DNS_SERVER_FEATURE_LEVEL_DO) +-#define DNS_SERVER_FEATURE_LEVEL_IS_UDP(x) IN_SET(x, DNS_SERVER_FEATURE_LEVEL_UDP, DNS_SERVER_FEATURE_LEVEL_EDNS0, DNS_SERVER_FEATURE_LEVEL_DO, DNS_SERVER_FEATURE_LEVEL_LARGE) ++#define DNS_SERVER_FEATURE_LEVEL_IS_UDP(x) IN_SET(x, DNS_SERVER_FEATURE_LEVEL_UDP, DNS_SERVER_FEATURE_LEVEL_EDNS0, DNS_SERVER_FEATURE_LEVEL_DO) + + const char* dns_server_feature_level_to_string(int i) _const_; + int dns_server_feature_level_from_string(const char *s) _pure_; +-- +2.33.0 +
View file
_service:tar_scm:backport-resolve-synthesize-empty-domain-only-when-A-and-or-A.patch
Added
@@ -0,0 +1,105 @@ +From 76016b82c683bcb15c155a8ab7ca45004894c134 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 4 Feb 2022 12:05:33 +0900 +Subject: PATCH resolve: synthesize empty domain only when A and/or AAAA key + is requested + +Follow-up for 3b2ac14ac45bef01cf489c3231b868936866444b (#22231). + +Before this commit. +--- +$ dig -t SRV '.' + +; <<>> DiG 9.16.24-RH <<>> -t SRV . +;; global options: +cmd +;; Got answer: +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16836 +;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags:; udp: 65494 +;; QUESTION SECTION: +;. IN SRV + +;; Query time: 1 msec +;; SERVER: 127.0.0.53#53(127.0.0.53) +;; WHEN: Fri Feb 04 12:01:09 JST 2022 +;; MSG SIZE rcvd: 28 +--- + +After this commit. +--- +$ dig -t SRV '.' + +; <<>> DiG 9.16.24-RH <<>> -t SRV . +;; global options: +cmd +;; Got answer: +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19861 +;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags:; udp: 65494 +;; QUESTION SECTION: +;. IN SRV + +;; AUTHORITY SECTION: +. 86394 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2022020302 1800 900 604800 86400 + +;; Query time: 20 msec +;; SERVER: 127.0.0.53#53(127.0.0.53) +;; WHEN: Fri Feb 04 12:00:12 JST 2022 +;; MSG SIZE rcvd: 103 +--- + +Fixes #22401. + +(cherry picked from commit 30fa3aa1fa56d9a1a4f3a26c0bc02253d44dfa0f) +(cherry picked from commit d57147ef5698c50e02e5e74df8d0936230032cfe) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/76016b82c683bcb15c155a8ab7ca45004894c134 +--- + src/resolve/resolved-dns-scope.c | 20 ++++++++++++++++---- + 1 file changed, 16 insertions(+), 4 deletions(-) + +diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c +index 47edba6bc3..360ceecdb7 100644 +--- a/src/resolve/resolved-dns-scope.c ++++ b/src/resolve/resolved-dns-scope.c +@@ -626,10 +626,6 @@ DnsScopeMatch dns_scope_good_domain( + if ((SD_RESOLVED_FLAGS_MAKE(s->protocol, s->family, false, false) & flags) == 0) + return DNS_SCOPE_NO; + +- /* Never resolve empty name. */ +- if (dns_name_is_empty(domain)) +- return DNS_SCOPE_NO; +- + /* Never resolve any loopback hostname or IP address via DNS, LLMNR or mDNS. Instead, always rely on + * synthesized RRs for these. */ + if (is_localhost(domain) || +@@ -658,6 +654,22 @@ DnsScopeMatch dns_scope_good_domain( + DnsScopeMatch m; + int n_best = -1; + ++ if (dns_name_is_empty(domain)) { ++ DnsResourceKey *t; ++ bool found = false; ++ ++ /* Refuse empty name if only A and/or AAAA records are requested. */ ++ ++ DNS_QUESTION_FOREACH(t, question) ++ if (!IN_SET(t->type, DNS_TYPE_A, DNS_TYPE_AAAA)) { ++ found = true; ++ break; ++ } ++ ++ if (!found) ++ return DNS_SCOPE_NO; ++ } ++ + /* Never route things to scopes that lack DNS servers */ + if (!dns_scope_get_dns_server(s)) + return DNS_SCOPE_NO; +-- +2.33.0 +
View file
_service:tar_scm:backport-resolve-synthesize-empty-name.patch
Added
@@ -0,0 +1,97 @@ +From d3331adc66af4e69f7bdc378c1c591dd27703bf2 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Mon, 24 Jan 2022 06:07:33 +0900 +Subject: PATCH resolve: synthesize empty name + +Do not return any error for empty name. Just returns empty answer. + +Before: +--- +$ dig . + +; <<>> DiG 9.16.24-RH <<>> . +;; global options: +cmd +;; Got answer: +;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 13617 +;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags:; udp: 65494 +;; QUESTION SECTION: +;. IN A + +;; Query time: 0 msec +;; SERVER: 127.0.0.53#53(127.0.0.53) +;; WHEN: Mon Jan 24 05:49:30 JST 2022 +;; MSG SIZE rcvd: 28 +--- + +After: +--- +$ dig . + +; <<>> DiG 9.16.24-RH <<>> . +;; global options: +cmd +;; Got answer: +;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7957 +;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags:; udp: 65494 +;; QUESTION SECTION: +;. IN A + +;; Query time: 1 msec +;; SERVER: 127.0.0.53#53(127.0.0.53) +;; WHEN: Mon Jan 24 06:05:02 JST 2022 +;; MSG SIZE rcvd: 28 +--- + +Replaces #22197. + +Fixes RHBZ#2039854 (https://bugzilla.redhat.com/show_bug.cgi?id=2039854). + +(cherry picked from commit 3b2ac14ac45bef01cf489c3231b868936866444b) +(cherry picked from commit 0fd3ccca64402eaec9535d0288d888f7fcacb9b8) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/d3331adc66af4e69f7bdc378c1c591dd27703bf2 +--- + src/resolve/resolved-dns-scope.c | 4 ++++ + src/resolve/resolved-dns-synthesize.c | 5 ++++- + 2 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/resolve/resolved-dns-scope.c b/src/resolve/resolved-dns-scope.c +index 178482727c..2546d0d4da 100644 +--- a/src/resolve/resolved-dns-scope.c ++++ b/src/resolve/resolved-dns-scope.c +@@ -613,6 +613,10 @@ DnsScopeMatch dns_scope_good_domain( + if ((SD_RESOLVED_FLAGS_MAKE(s->protocol, s->family, false, false) & flags) == 0) + return DNS_SCOPE_NO; + ++ /* Never resolve empty name. */ ++ if (dns_name_is_empty(domain)) ++ return DNS_SCOPE_NO; ++ + /* Never resolve any loopback hostname or IP address via DNS, LLMNR or mDNS. Instead, always rely on + * synthesized RRs for these. */ + if (is_localhost(domain) || +diff --git a/src/resolve/resolved-dns-synthesize.c b/src/resolve/resolved-dns-synthesize.c +index ef1423f441..ea239e686d 100644 +--- a/src/resolve/resolved-dns-synthesize.c ++++ b/src/resolve/resolved-dns-synthesize.c +@@ -394,7 +394,10 @@ int dns_synthesize_answer( + + name = dns_resource_key_name(key); + +- if (is_localhost(name)) { ++ if (dns_name_is_empty(name)) { ++ /* Do nothing. */ ++ ++ } else if (is_localhost(name)) { + + r = synthesize_localhost_rr(m, key, ifindex, &answer); + if (r < 0) +-- +2.33.0 +
View file
_service:tar_scm:backport-resolve-synthesize-null-address-IPv4-broadcast-addre.patch
Added
@@ -0,0 +1,41 @@ +From a3d2c2b669149fe7e1bfdfa0c72c39653bef2e4c Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Mon, 24 Jan 2022 06:36:53 +0900 +Subject: PATCH resolve: synthesize null address, IPv4 broadcast address, or + invalid domain + +These are filtered in `dns_scope_good_domain()`, but not synthesized. + +Fixes #22229. + +(cherry picked from commit 46b53e8035fb60c9a7f26dd32d6689ab3b7da97c) +(cherry picked from commit 89b439ee00e3fbee47cda3f790cbf320538cae7f) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/a3d2c2b669149fe7e1bfdfa0c72c39653bef2e4c +--- + src/resolve/resolved-dns-synthesize.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/resolve/resolved-dns-synthesize.c b/src/resolve/resolved-dns-synthesize.c +index ea239e686d..0914515fdf 100644 +--- a/src/resolve/resolved-dns-synthesize.c ++++ b/src/resolve/resolved-dns-synthesize.c +@@ -397,6 +397,14 @@ int dns_synthesize_answer( + if (dns_name_is_empty(name)) { + /* Do nothing. */ + ++ } else if (dns_name_endswith(name, "0.in-addr.arpa") > 0 || ++ dns_name_equal(name, "255.255.255.255.in-addr.arpa") > 0 || ++ dns_name_equal(name, "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa") > 0 || ++ dns_name_endswith(name, "invalid") > 0) { ++ ++ nxdomain = true; ++ continue; ++ + } else if (is_localhost(name)) { + + r = synthesize_localhost_rr(m, key, ifindex, &answer); +-- +2.33.0 +
View file
_service:tar_scm:backport-resolve-use-_cleanup_-attribute-for-freeing-DnsQuery.patch
Added
@@ -0,0 +1,563 @@ +From 87f33d6a03d8c25393ad6472fcad5b69bb60aa6b Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sat, 5 Feb 2022 22:04:42 +0900 +Subject: PATCH resolve: use _cleanup_ attribute for freeing DnsQuery + +(cherry picked from commit c704288c473fa08820566fdb16c38726d24db026) +(cherry picked from commit 0533d1aab61b6a797d07c4c861acf5e87f8191e8) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/87f33d6a03d8c25393ad6472fcad5b69bb60aa6b +--- + src/resolve/resolved-bus.c | 112 +++++++++++++++----------------- + src/resolve/resolved-dns-stub.c | 27 +++----- + src/resolve/resolved-varlink.c | 38 +++++------ + 3 files changed, 79 insertions(+), 98 deletions(-) + +diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c +index 78d1acf5e0..ed06895ed9 100644 +--- a/src/resolve/resolved-bus.c ++++ b/src/resolve/resolved-bus.c +@@ -179,9 +179,10 @@ static int append_address(sd_bus_message *reply, DnsResourceRecord *rr, int ifin + return 0; + } + +-static void bus_method_resolve_hostname_complete(DnsQuery *q) { ++static void bus_method_resolve_hostname_complete(DnsQuery *query) { + _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *canonical = NULL; + _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; ++ _cleanup_(dns_query_freep) DnsQuery *q = query; + _cleanup_free_ char *normalized = NULL; + DnsQuestion *question; + DnsResourceRecord *rr; +@@ -202,8 +203,11 @@ static void bus_method_resolve_hostname_complete(DnsQuery *q) { + } + if (r < 0) + goto finish; +- if (r == DNS_QUERY_CNAME) /* This was a cname, and the query was restarted. */ ++ if (r == DNS_QUERY_CNAME) { ++ /* This was a cname, and the query was restarted. */ ++ TAKE_PTR(q); + return; ++ } + + r = sd_bus_message_new_method_return(q->bus_request, &reply); + if (r < 0) +@@ -264,8 +268,6 @@ finish: + log_error_errno(r, "Failed to send hostname reply: %m"); + sd_bus_reply_method_errno(q->bus_request, r, NULL); + } +- +- dns_query_free(q); + } + + static int validate_and_mangle_flags( +@@ -403,11 +405,11 @@ void bus_client_log(sd_bus_message *m, const char *what) { + + static int bus_method_resolve_hostname(sd_bus_message *message, void *userdata, sd_bus_error *error) { + _cleanup_(dns_question_unrefp) DnsQuestion *question_idna = NULL, *question_utf8 = NULL; ++ _cleanup_(dns_query_freep) DnsQuery *q = NULL; + Manager *m = userdata; + const char *hostname; + int family, ifindex; + uint64_t flags; +- DnsQuery *q; + int r; + + assert(message); +@@ -459,21 +461,19 @@ static int bus_method_resolve_hostname(sd_bus_message *message, void *userdata, + + r = dns_query_bus_track(q, message); + if (r < 0) +- goto fail; ++ return r; + + r = dns_query_go(q); + if (r < 0) +- goto fail; ++ return r; + ++ TAKE_PTR(q); + return 1; +- +-fail: +- dns_query_free(q); +- return r; + } + +-static void bus_method_resolve_address_complete(DnsQuery *q) { ++static void bus_method_resolve_address_complete(DnsQuery *query) { + _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; ++ _cleanup_(dns_query_freep) DnsQuery *q = query; + DnsQuestion *question; + DnsResourceRecord *rr; + unsigned added = 0; +@@ -493,8 +493,11 @@ static void bus_method_resolve_address_complete(DnsQuery *q) { + } + if (r < 0) + goto finish; +- if (r == DNS_QUERY_CNAME) /* This was a cname, and the query was restarted. */ ++ if (r == DNS_QUERY_CNAME) { ++ /* This was a cname, and the query was restarted. */ ++ TAKE_PTR(q); + return; ++ } + + r = sd_bus_message_new_method_return(q->bus_request, &reply); + if (r < 0) +@@ -550,17 +553,15 @@ finish: + log_error_errno(r, "Failed to send address reply: %m"); + sd_bus_reply_method_errno(q->bus_request, r, NULL); + } +- +- dns_query_free(q); + } + + static int bus_method_resolve_address(sd_bus_message *message, void *userdata, sd_bus_error *error) { + _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL; ++ _cleanup_(dns_query_freep) DnsQuery *q = NULL; + Manager *m = userdata; + union in_addr_union a; + int family, ifindex; + uint64_t flags; +- DnsQuery *q; + int r; + + assert(message); +@@ -604,17 +605,14 @@ static int bus_method_resolve_address(sd_bus_message *message, void *userdata, s + + r = dns_query_bus_track(q, message); + if (r < 0) +- goto fail; ++ return r; + + r = dns_query_go(q); + if (r < 0) +- goto fail; ++ return r; + ++ TAKE_PTR(q); + return 1; +- +-fail: +- dns_query_free(q); +- return r; + } + + static int bus_message_append_rr(sd_bus_message *m, DnsResourceRecord *rr, int ifindex) { +@@ -645,8 +643,9 @@ static int bus_message_append_rr(sd_bus_message *m, DnsResourceRecord *rr, int i + return sd_bus_message_close_container(m); + } + +-static void bus_method_resolve_record_complete(DnsQuery *q) { ++static void bus_method_resolve_record_complete(DnsQuery *query) { + _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; ++ _cleanup_(dns_query_freep) DnsQuery *q = query; + DnsResourceRecord *rr; + DnsQuestion *question; + unsigned added = 0; +@@ -667,8 +666,11 @@ static void bus_method_resolve_record_complete(DnsQuery *q) { + } + if (r < 0) + goto finish; +- if (r == DNS_QUERY_CNAME) /* This was a cname, and the query was restarted. */ ++ if (r == DNS_QUERY_CNAME) { ++ /* This was a cname, and the query was restarted. */ ++ TAKE_PTR(q); + return; ++ } + + r = sd_bus_message_new_method_return(q->bus_request, &reply); + if (r < 0) +@@ -714,19 +716,17 @@ finish: + log_error_errno(r, "Failed to send record reply: %m"); + sd_bus_reply_method_errno(q->bus_request, r, NULL); + } +- +- dns_query_free(q); + } + + static int bus_method_resolve_record(sd_bus_message *message, void *userdata, sd_bus_error *error) { + _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL; + _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL; ++ _cleanup_(dns_query_freep) DnsQuery *q = NULL; + Manager *m = userdata; + uint16_t class, type; + const char *name; + int r, ifindex; + uint64_t flags; +- DnsQuery *q; + + assert(message); + assert(m); +@@ -782,17 +782,14 @@ static int bus_method_resolve_record(sd_bus_message *message, void *userdata, sd + + r = dns_query_bus_track(q, message); + if (r < 0) +- goto fail; ++ return r; +
View file
_service:tar_scm:backport-resolved-Don-t-omit-AD-bit-in-reply-if-DO-is-set-in-.patch
Added
@@ -0,0 +1,43 @@ +From 5421863a16f19ba6a85214bb17986d6015b298b3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jack=20D=C3=A4hn?= <jack@jkdhn.me> +Date: Tue, 3 Aug 2021 08:07:05 +0200 +Subject: PATCH resolved: Don't omit AD bit in reply if DO is set in the + query + +Set the AD bit in the response if the data is authenticated and AD or DO is set in the query, as suggested by section 5.8 of RFC6840. + +Fixes #20332 + +(cherry picked from commit b553abd8aed0f6fbff9973882fb08c3aec1d9400) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/5421863a16f19ba6a85214bb17986d6015b298b3 +--- + src/resolve/resolved-dns-stub.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/resolve/resolved-dns-stub.c b/src/resolve/resolved-dns-stub.c +index 5b9d32f001..49da916576 100644 +--- a/src/resolve/resolved-dns-stub.c ++++ b/src/resolve/resolved-dns-stub.c +@@ -585,7 +585,7 @@ static int dns_stub_send_reply( + DNS_PACKET_RD(q->request_packet), + !!q->request_packet->opt, + edns0_do, +- DNS_PACKET_AD(q->request_packet) && dns_query_fully_authenticated(q), ++ (DNS_PACKET_AD(q->request_packet) || DNS_PACKET_DO(q->request_packet)) && dns_query_fully_authenticated(q), + DNS_PACKET_CD(q->request_packet), + q->stub_listener_extra ? ADVERTISE_EXTRA_DATAGRAM_SIZE_MAX : ADVERTISE_DATAGRAM_SIZE_MAX, + dns_packet_has_nsid_request(q->request_packet) > 0 && !q->stub_listener_extra); +@@ -627,7 +627,7 @@ static int dns_stub_send_failure( + DNS_PACKET_RD(p), + !!p->opt, + DNS_PACKET_DO(p), +- DNS_PACKET_AD(p) && authenticated, ++ (DNS_PACKET_AD(p) || DNS_PACKET_DO(p)) && authenticated, + DNS_PACKET_CD(p), + l ? ADVERTISE_EXTRA_DATAGRAM_SIZE_MAX : ADVERTISE_DATAGRAM_SIZE_MAX, + dns_packet_has_nsid_request(p) > 0 && !l); +-- +2.33.0 +
View file
_service:tar_scm:backport-resolved-clean-up-manager_write_resolv_conf-a-bit.patch
Added
@@ -0,0 +1,109 @@ +From e4f6e956abdca1b7f538845dae79e5afb708e2df Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Mon, 22 Nov 2021 18:29:17 +0100 +Subject: PATCH resolved: clean up manager_write_resolv_conf() a bit + +Let's downgrade log messages which are not fatal for the service to +LOG_WARNING. + +And let's simplify clean-up by using _cleanup_(unlink_and_freep). + +(cherry picked from commit e2ef1e9aea24d89d1e92fa4675ddc330029b48bf) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/e4f6e956abdca1b7f538845dae79e5afb708e2df +--- + src/resolve/resolved-resolv-conf.c | 41 +++++++++++------------------- + 1 file changed, 15 insertions(+), 26 deletions(-) + +diff --git a/src/resolve/resolved-resolv-conf.c b/src/resolve/resolved-resolv-conf.c +index d5a77605a8..100894d6b2 100644 +--- a/src/resolve/resolved-resolv-conf.c ++++ b/src/resolve/resolved-resolv-conf.c +@@ -330,7 +330,7 @@ static int write_stub_resolv_conf_contents(FILE *f, OrderedSet *dns, OrderedSet + + int manager_write_resolv_conf(Manager *m) { + _cleanup_ordered_set_free_ OrderedSet *dns = NULL, *domains = NULL; +- _cleanup_free_ char *temp_path_uplink = NULL, *temp_path_stub = NULL; ++ _cleanup_(unlink_and_freep) char *temp_path_uplink = NULL, *temp_path_stub = NULL; + _cleanup_fclose_ FILE *f_uplink = NULL, *f_stub = NULL; + int r; + +@@ -342,60 +342,49 @@ int manager_write_resolv_conf(Manager *m) { + /* Add the full list to a set, to filter out duplicates */ + r = manager_compile_dns_servers(m, &dns); + if (r < 0) +- return log_warning_errno(r, "Failed to compile list of DNS servers: %m"); ++ return log_warning_errno(r, "Failed to compile list of DNS servers, ignoring: %m"); + + r = manager_compile_search_domains(m, &domains, false); + if (r < 0) +- return log_warning_errno(r, "Failed to compile list of search domains: %m"); ++ return log_warning_errno(r, "Failed to compile list of search domains, ignoring: %m"); + + r = fopen_temporary_label(PRIVATE_UPLINK_RESOLV_CONF, PRIVATE_UPLINK_RESOLV_CONF, &f_uplink, &temp_path_uplink); + if (r < 0) +- return log_warning_errno(r, "Failed to open new %s for writing: %m", PRIVATE_UPLINK_RESOLV_CONF); ++ return log_warning_errno(r, "Failed to open new %s for writing, ignoring: %m", PRIVATE_UPLINK_RESOLV_CONF); + + (void) fchmod(fileno(f_uplink), 0644); + + r = write_uplink_resolv_conf_contents(f_uplink, dns, domains); +- if (r < 0) { +- log_error_errno(r, "Failed to write new %s: %m", PRIVATE_UPLINK_RESOLV_CONF); +- goto fail; +- } ++ if (r < 0) ++ return log_warning_errno(r, "Failed to write new %s, ignoring: %m", PRIVATE_UPLINK_RESOLV_CONF); + + if (m->dns_stub_listener_mode != DNS_STUB_LISTENER_NO) { + r = fopen_temporary_label(PRIVATE_STUB_RESOLV_CONF, PRIVATE_STUB_RESOLV_CONF, &f_stub, &temp_path_stub); +- if (r < 0) { +- log_warning_errno(r, "Failed to open new %s for writing: %m", PRIVATE_STUB_RESOLV_CONF); +- goto fail; +- } ++ if (r < 0) ++ return log_warning_errno(r, "Failed to open new %s for writing, ignoring: %m", PRIVATE_STUB_RESOLV_CONF); + + (void) fchmod(fileno(f_stub), 0644); + + r = write_stub_resolv_conf_contents(f_stub, dns, domains); +- if (r < 0) { +- log_error_errno(r, "Failed to write new %s: %m", PRIVATE_STUB_RESOLV_CONF); +- goto fail; +- } ++ if (r < 0) ++ return log_warning_errno(r, "Failed to write new %s, ignoring: %m", PRIVATE_STUB_RESOLV_CONF); + + r = conservative_rename(temp_path_stub, PRIVATE_STUB_RESOLV_CONF); + if (r < 0) +- log_error_errno(r, "Failed to move new %s into place: %m", PRIVATE_STUB_RESOLV_CONF); ++ log_warning_errno(r, "Failed to move new %s into place, ignoring: %m", PRIVATE_STUB_RESOLV_CONF); + ++ temp_path_stub = mfree(temp_path_stub); /* free the string explicitly, so that we don't unlink anymore */ + } else { + r = symlink_atomic_label(basename(PRIVATE_UPLINK_RESOLV_CONF), PRIVATE_STUB_RESOLV_CONF); + if (r < 0) +- log_error_errno(r, "Failed to symlink %s: %m", PRIVATE_STUB_RESOLV_CONF); ++ log_warning_errno(r, "Failed to symlink %s, ignoring: %m", PRIVATE_STUB_RESOLV_CONF); + } + + r = conservative_rename(temp_path_uplink, PRIVATE_UPLINK_RESOLV_CONF); + if (r < 0) +- log_error_errno(r, "Failed to move new %s into place: %m", PRIVATE_UPLINK_RESOLV_CONF); +- +- fail: +- if (r < 0) { +- /* Something went wrong, perform cleanup... */ +- (void) unlink(temp_path_uplink); +- (void) unlink(temp_path_stub); +- } ++ log_warning_errno(r, "Failed to move new %s into place: %m", PRIVATE_UPLINK_RESOLV_CONF); + ++ temp_path_uplink = mfree(temp_path_uplink); /* free the string explicitly, so that we don't unlink anymore */ + return r; + } + +-- +2.33.0 +
View file
_service:tar_scm:backport-resolved-fix-ResolveService-hostname-handling.patch
Added
@@ -0,0 +1,47 @@ +From 70f465cb5d10b7bcd7bd7c326756d542e59c0e0b Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Mon, 22 Nov 2021 14:37:54 +0100 +Subject: PATCH resolved: fix ResolveService() hostname handling + +Let's eat up special returns of dns_query_process_cname_many() when +storing hostname resolution results. + +The rest of the code assumes only == 0 means success and != 0 means +error, but so far > 0 also could mean success, let's fix that. + +Fixes: #21365 #21140 + +(This was originally broken in 1db8e6d1db0880de240e5598e28d24d708479434) + +(cherry picked from commit 5a78106ad92d3f122f7ac653eecf767f0a8948cf) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/70f465cb5d10b7bcd7bd7c326756d542e59c0e0b +--- + src/resolve/resolved-bus.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c +index 7226200f00..78d1acf5e0 100644 +--- a/src/resolve/resolved-bus.c ++++ b/src/resolve/resolved-bus.c +@@ -1005,6 +1005,7 @@ static void resolve_service_all_complete(DnsQuery *q) { + goto finish; + } + ++ assert(bad->auxiliary_result < 0); + r = bad->auxiliary_result; + goto finish; + } +@@ -1112,7 +1113,7 @@ static void resolve_service_hostname_complete(DnsQuery *q) { + return; + + /* This auxiliary lookup is finished or failed, let's see if all are finished now. */ +- q->auxiliary_result = r; ++ q->auxiliary_result = r < 0 ? r : 0; + resolve_service_all_complete(q->auxiliary_for); + } + +-- +2.33.0 +
View file
_service:tar_scm:backport-resolved-make-sure-we-don-t-hit-an-assert-when-deali.patch
Added
@@ -0,0 +1,33 @@ +From 018c8e8f67b699c5e5aadb73a3ddf3b8009a741a Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Mon, 22 Nov 2021 16:14:07 +0100 +Subject: PATCH resolved: make sure we don't hit an assert when dealing with + incomplete DNSSD service definitions + +Fixes: #21142 +(cherry picked from commit 8cf9898a964693b8a3c40b502af0377ede746f4d) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/018c8e8f67b699c5e5aadb73a3ddf3b8009a741a +--- + src/resolve/resolved-dns-zone.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/resolve/resolved-dns-zone.c b/src/resolve/resolved-dns-zone.c +index b86b325144..6b3f5f707d 100644 +--- a/src/resolve/resolved-dns-zone.c ++++ b/src/resolve/resolved-dns-zone.c +@@ -94,7 +94,9 @@ void dns_zone_remove_rr(DnsZone *z, DnsResourceRecord *rr) { + DnsZoneItem *i; + + assert(z); +- assert(rr); ++ ++ if (!rr) ++ return; + + i = dns_zone_get(z, rr); + if (i) +-- +2.33.0 +
View file
_service:tar_scm:backport-resolved-properly-signal-transient-errors-back-to-NS.patch
Added
@@ -0,0 +1,140 @@ +From 7ab91cb307eb0a518f4a956674a108221538fc88 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Mon, 22 Nov 2021 15:17:34 +0100 +Subject: PATCH resolved: properly signal transient errors back to NSS stack + +NSS mostly knows four error cases: SUCCESS, NOTFOUND, UNAVAIL, TRYAGAIN, +and they can all be used in nsswitch.conf to route requests. + +So far nss-resolve would return SUCCESS + NOTFOUND + UNAVAIL. Let's also +return TRYAGAIN in some cases, specifically the ones where we are +currntly unable to resolve a request but likely could later. i.e. +errors caused by networking issues or such. + +Fixes: #20786 +(cherry picked from commit ae78529fc75027b3487b64e0d22a572fd9c8ffeb) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/7ab91cb307eb0a518f4a956674a108221538fc88 +--- + src/nss-resolve/nss-resolve.c | 55 +++++++++++++++++++++++++++++------ + 1 file changed, 46 insertions(+), 9 deletions(-) + +diff --git a/src/nss-resolve/nss-resolve.c b/src/nss-resolve/nss-resolve.c +index e2a29475a2..4f54973202 100644 +--- a/src/nss-resolve/nss-resolve.c ++++ b/src/nss-resolve/nss-resolve.c +@@ -41,6 +41,9 @@ NSS_GETHOSTBYNAME_PROTOTYPES(resolve); + NSS_GETHOSTBYADDR_PROTOTYPES(resolve); + + static bool error_shall_fallback(const char *error_id) { ++ /* The Varlink errors where we shall signal "please fallback" back to the NSS stack, so that some ++ * fallback module can be loaded. (These are mostly all Varlink-internal errors, as apparently we ++ * then were unable to even do IPC with systemd-resolved.) */ + return STR_IN_SET(error_id, + VARLINK_ERROR_DISCONNECTED, + VARLINK_ERROR_TIMEOUT, +@@ -50,6 +53,16 @@ static bool error_shall_fallback(const char *error_id) { + VARLINK_ERROR_METHOD_NOT_IMPLEMENTED); + } + ++static bool error_shall_try_again(const char *error_id) { ++ /* The Varlink errors where we shall signal "can't answer now but might be able to later" back to the ++ * NSS stack. These are all errors that indicate lack of configuration or network problems. */ ++ return STR_IN_SET(error_id, ++ "io.systemd.Resolve.NoNameServers", ++ "io.systemd.Resolve.QueryTimedOut", ++ "io.systemd.Resolve.MaxAttemptsReached", ++ "io.systemd.Resolve.NetworkDown"); ++} ++ + static int connect_to_resolved(Varlink **ret) { + _cleanup_(varlink_unrefp) Varlink *link = NULL; + int r; +@@ -242,9 +255,11 @@ enum nss_status _nss_resolve_gethostbyname4_r( + if (r < 0) + goto fail; + if (!isempty(error_id)) { +- if (!error_shall_fallback(error_id)) +- goto not_found; +- goto fail; ++ if (error_shall_try_again(error_id)) ++ goto try_again; ++ if (error_shall_fallback(error_id)) ++ goto fail; ++ goto not_found; + } + + r = json_dispatch(rparams, resolve_hostname_reply_dispatch_table, NULL, json_dispatch_flags, &p); +@@ -341,6 +356,12 @@ fail: + not_found: + *h_errnop = HOST_NOT_FOUND; + return NSS_STATUS_NOTFOUND; ++ ++try_again: ++ UNPROTECT_ERRNO; ++ *errnop = -r; ++ *h_errnop = TRY_AGAIN; ++ return NSS_STATUS_TRYAGAIN; + } + + enum nss_status _nss_resolve_gethostbyname3_r( +@@ -390,9 +411,11 @@ enum nss_status _nss_resolve_gethostbyname3_r( + if (r < 0) + goto fail; + if (!isempty(error_id)) { +- if (!error_shall_fallback(error_id)) +- goto not_found; +- goto fail; ++ if (error_shall_try_again(error_id)) ++ goto try_again; ++ if (error_shall_fallback(error_id)) ++ goto fail; ++ goto not_found; + } + + r = json_dispatch(rparams, resolve_hostname_reply_dispatch_table, NULL, json_dispatch_flags, &p); +@@ -508,6 +531,12 @@ fail: + not_found: + *h_errnop = HOST_NOT_FOUND; + return NSS_STATUS_NOTFOUND; ++ ++try_again: ++ UNPROTECT_ERRNO; ++ *errnop = -r; ++ *h_errnop = TRY_AGAIN; ++ return NSS_STATUS_TRYAGAIN; + } + + typedef struct ResolveAddressReply { +@@ -594,9 +623,11 @@ enum nss_status _nss_resolve_gethostbyaddr2_r( + if (r < 0) + goto fail; + if (!isempty(error_id)) { +- if (!error_shall_fallback(error_id)) +- goto not_found; +- goto fail; ++ if (error_shall_try_again(error_id)) ++ goto try_again; ++ if (error_shall_fallback(error_id)) ++ goto fail; ++ goto not_found; + } + + r = json_dispatch(rparams, resolve_address_reply_dispatch_table, NULL, json_dispatch_flags, &p); +@@ -694,6 +725,12 @@ fail: + not_found: + *h_errnop = HOST_NOT_FOUND; + return NSS_STATUS_NOTFOUND; ++ ++try_again: ++ UNPROTECT_ERRNO; ++ *errnop = -r; ++ *h_errnop = TRY_AGAIN; ++ return NSS_STATUS_TRYAGAIN; + } + + NSS_GETHOSTBYNAME_FALLBACKS(resolve); +-- +2.33.0 +
View file
_service:tar_scm:backport-resolved-retry-on-SERVFAIL-before-downgrading-featur.patch
Added
@@ -0,0 +1,98 @@ +From 8280bec34df8e35592f4a4a549127471a9199231 Mon Sep 17 00:00:00 2001 +From: Steven Siloti <ssiloti@gmail.com> +Date: Sun, 11 Jul 2021 11:05:26 -0700 +Subject: PATCH resolved: retry on SERVFAIL before downgrading feature level + +The SERVFAIL RCODE can be generated for many reasons which may not be related +to lack of feature support. For example, the Stubby resolver generates +SERVFAIL when a request times out. Such transient failures can cause +unnecessary downgrades to both the transaction and the server's feature level. +The consequences of this are especially severe if the server is in DNSSEC +strict mode. In this case repeated downgrades eventually cause the server to +stop resolving entirely with the error "incompatible-server". + +To avoid unnecessary downgrades the request should be retried once with the +current level before the transaction's feature level is downgraded. + +(cherry picked from commit 8a33aa199dc1cea14494469ac9d7d08dc6721df1) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/8280bec34df8e35592f4a4a549127471a9199231 +--- + src/resolve/resolved-dns-server.c | 3 +- + src/resolve/resolved-dns-transaction.c | 43 +++++++++++++++++--------- + 2 files changed, 29 insertions(+), 17 deletions(-) + +diff --git a/src/resolve/resolved-dns-server.c b/src/resolve/resolved-dns-server.c +index e7a4bce71a..58a1376708 100644 +--- a/src/resolve/resolved-dns-server.c ++++ b/src/resolve/resolved-dns-server.c +@@ -362,9 +362,8 @@ void dns_server_packet_rcode_downgrade(DnsServer *s, DnsServerFeatureLevel level + if (s->possible_feature_level > level) { + s->possible_feature_level = level; + dns_server_reset_counters(s); ++ log_debug("Downgrading transaction feature level fixed an RCODE error, downgrading server %s too.", strna(dns_server_string_full(s))); + } +- +- log_debug("Downgrading transaction feature level fixed an RCODE error, downgrading server %s too.", strna(dns_server_string_full(s))); + } + + void dns_server_packet_invalid(DnsServer *s, DnsServerFeatureLevel level) { +diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c +index 9535a7ba4c..cf10c5c359 100644 +--- a/src/resolve/resolved-dns-transaction.c ++++ b/src/resolve/resolved-dns-transaction.c +@@ -1142,22 +1142,35 @@ void dns_transaction_process_reply(DnsTransaction *t, DnsPacket *p, bool encrypt + break; + } + +- /* Reduce this feature level by one and try again. */ +- switch (t->current_feature_level) { +- case DNS_SERVER_FEATURE_LEVEL_TLS_DO: +- t->clamp_feature_level_servfail = DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN; +- break; +- case DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN + 1: +- /* Skip plain TLS when TLS is not supported */ +- t->clamp_feature_level_servfail = DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN - 1; +- break; +- default: +- t->clamp_feature_level_servfail = t->current_feature_level - 1; +- } ++ /* SERVFAIL can happen for many reasons and may be transient. ++ * To avoid unnecessary downgrades retry once with the initial level. ++ * Check for clamp_feature_level_servfail having an invalid value as a sign that this is the ++ * first attempt to downgrade. If so, clamp to the current value so that the transaction ++ * is retried without actually downgrading. If the next try also fails we will downgrade by ++ * hitting the else branch below. */ ++ if (DNS_PACKET_RCODE(p) == DNS_RCODE_SERVFAIL && ++ t->clamp_feature_level_servfail < 0) { ++ t->clamp_feature_level_servfail = t->current_feature_level; ++ log_debug("Server returned error %s, retrying transaction.", ++ dns_rcode_to_string(DNS_PACKET_RCODE(p))); ++ } else { ++ /* Reduce this feature level by one and try again. */ ++ switch (t->current_feature_level) { ++ case DNS_SERVER_FEATURE_LEVEL_TLS_DO: ++ t->clamp_feature_level_servfail = DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN; ++ break; ++ case DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN + 1: ++ /* Skip plain TLS when TLS is not supported */ ++ t->clamp_feature_level_servfail = DNS_SERVER_FEATURE_LEVEL_TLS_PLAIN - 1; ++ break; ++ default: ++ t->clamp_feature_level_servfail = t->current_feature_level - 1; ++ } + +- log_debug("Server returned error %s, retrying transaction with reduced feature level %s.", +- dns_rcode_to_string(DNS_PACKET_RCODE(p)), +- dns_server_feature_level_to_string(t->clamp_feature_level_servfail)); ++ log_debug("Server returned error %s, retrying transaction with reduced feature level %s.", ++ dns_rcode_to_string(DNS_PACKET_RCODE(p)), ++ dns_server_feature_level_to_string(t->clamp_feature_level_servfail)); ++ } + + dns_transaction_retry(t, false /* use the same server */); + return; +-- +2.33.0 +
View file
_service:tar_scm:backport-resolved-suppress-writing-DNS-server-info-into-etc-r.patch
Added
@@ -0,0 +1,38 @@ +From 2b2804757c8520b5cc133d9a3078f6fbec4a69cb Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Mon, 27 Sep 2021 14:28:16 +0200 +Subject: PATCH resolved: suppress writing DNS server info into + /etc/resolv.conf for non-standard UDP ports + +glibc doesn't support this, hence don#t generate it. + +Fixes: #20836 +(cherry picked from commit a50dadf2fd7413bbfc26af7e2ad2900b3e06af82) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/2b2804757c8520b5cc133d9a3078f6fbec4a69cb +--- + src/resolve/resolved-resolv-conf.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/resolve/resolved-resolv-conf.c b/src/resolve/resolved-resolv-conf.c +index dd02d368e9..d5a77605a8 100644 +--- a/src/resolve/resolved-resolv-conf.c ++++ b/src/resolve/resolved-resolv-conf.c +@@ -216,6 +216,13 @@ static void write_resolv_conf_server(DnsServer *s, FILE *f, unsigned *count) { + return; + } + ++ /* resolv.conf simply doesn't support any other ports than 53, hence there's nothing much we can ++ * do — we have to suppress these entries */ ++ if (dns_server_port(s) != 53) { ++ log_debug("DNS server %s with non-standard UDP port number, suppressing from generated resolv.conf.", dns_server_string(s)); ++ return; ++ } ++ + /* Check if the scope this DNS server belongs to is suitable as 'default' route for lookups; resolv.conf does + * not have a syntax to express that, so it must not appear as a global name server to avoid routing unrelated + * domains to it (which is a privacy violation, will most probably fail anyway, and adds unnecessary load) */ +-- +2.33.0 +
View file
_service:tar_scm:backport-revert-core-map-io.bfq.weight-to-1.1000.patch
Deleted
@@ -1,90 +0,0 @@ -From 04bee6cd5439a4efb0faaf56ea245d44f3e99781 Mon Sep 17 00:00:00 2001 -From: y30009332 <yangmingtai@huawei.com> -Date: Tue, 1 Mar 2022 16:54:46 +0800 -Subject: PATCH revert :core map io.bfq.weight to 1..1000 -Reason:systemd-248 map io.bfq.weight to 1..1000, example 600 map to 60, -In order to maintain compatibility with v243, revert the commit and use -the v243 scheme - -Reference:https://github.com/systemd/systemd/commit/68c1ac1568910037a224c301d5c871af73493c16 ---- - src/core/cgroup.c | 35 ++++++++++++++++------------------- - 1 file changed, 16 insertions(+), 19 deletions(-) - -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index 2cbb789978..e5c4a605a6 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -1194,23 +1194,6 @@ static int cgroup_apply_devices(Unit *u) { - return r; - } - --static void set_io_weight(Unit *u, const char *controller, uint64_t weight) { -- char buf8+DECIMAL_STR_MAX(uint64_t)+1; -- const char *p; -- -- p = strjoina(controller, ".weight"); -- xsprintf(buf, "default %" PRIu64 "\n", weight); -- (void) set_attribute_and_warn(u, controller, p, buf); -- -- /* FIXME: drop this when distro kernels properly support BFQ through "io.weight" -- * See also: https://github.com/systemd/systemd/pull/13335 and -- * https://github.com/torvalds/linux/commit/65752aef0a407e1ef17ec78a7fc31ba4e0b360f9. -- * The range is 1..1000 apparently. */ -- p = strjoina(controller, ".bfq.weight"); -- xsprintf(buf, "%" PRIu64 "\n", (weight + 9) / 10); -- (void) set_attribute_and_warn(u, controller, p, buf); --} -- - static void cgroup_apply_bpf_foreign_program(Unit *u) { - assert(u); - -@@ -1303,6 +1286,7 @@ static void cgroup_context_apply( - * controller), and in case of containers we want to leave control of these attributes to the container manager - * (and we couldn't access that stuff anyway, even if we tried if proper delegation is used). */ - if ((apply_mask & CGROUP_MASK_IO) && !is_local_root) { -+ char buf8+DECIMAL_STR_MAX(uint64_t)+1; - bool has_io, has_blockio; - uint64_t weight; - -@@ -1322,7 +1306,13 @@ static void cgroup_context_apply( - } else - weight = CGROUP_WEIGHT_DEFAULT; - -- set_io_weight(u, "io", weight); -+ xsprintf(buf, "default %" PRIu64 "\n", weight); -+ (void) set_attribute_and_warn(u, "io", "io.weight", buf); -+ -+ /* FIXME: drop this when distro kernels properly support BFQ through "io.weight" -+ * See also: https://github.com/systemd/systemd/pull/13335 */ -+ xsprintf(buf, "%" PRIu64 "\n", weight); -+ (void) set_attribute_and_warn(u, "io", "io.bfq.weight", buf); - - if (has_io) { - CGroupIODeviceLatency *latency; -@@ -1377,6 +1367,7 @@ static void cgroup_context_apply( - /* Applying a 'weight' never makes sense for the host root cgroup, and for containers this should be - * left to our container manager, too. */ - if (!is_local_root) { -+ char bufDECIMAL_STR_MAX(uint64_t)+1; - uint64_t weight; - - if (has_io) { -@@ -1392,7 +1383,13 @@ static void cgroup_context_apply( - else - weight = CGROUP_BLKIO_WEIGHT_DEFAULT; - -- set_io_weight(u, "blkio", weight); -+ xsprintf(buf, "%" PRIu64 "\n", weight); -+ (void) set_attribute_and_warn(u, "blkio", "blkio.weight", buf); -+ -+ /* FIXME: drop this when distro kernels properly support BFQ through "blkio.weight" -+ * See also: https://github.com/systemd/systemd/pull/13335 */ -+ xsprintf(buf, "%" PRIu64 "\n", weight); -+ (void) set_attribute_and_warn(u, "blkio", "blkio.bfq.weight", buf); - - if (has_io) { - CGroupIODeviceWeight *w; --- -2.27.0 -
View file
_service:tar_scm:backport-revert-delete-initrd-usr-fs-target.patch
Added
@@ -0,0 +1,237 @@ +From 29a24ab28e9790680348b1ffab653a321fa49a67 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Fri, 26 Mar 2021 22:40:40 +0100 +Subject: PATCH fstab-generator: if usr= is specified, mount it to + /sysusr/usr/ first. + + This reverts 29a24ab28e9790680348b1ffab653a321fa49a67 + +Reason: In systemd 249, at initrd stage, /usr fs will be mounted on /sysroot, or on /sysusr. +This will cause sysroot.mount to be run ahead of time. But at this time, the lvm of extra file directory is inactive, +This will make the crashed system have to wait 5 minutes. So we revert the commit, and don't mount sysroot in advance. + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/29a24ab28e9790680348b1ffab653a321fa49a67 +--- + src/basic/special.h | 1 - + src/fstab-generator/fstab-generator.c | 90 ++++---------------------- + units/initrd-usr-fs.target | 17 ----- + units/initrd.target | 4 +- + units/meson.build | 1 - + units/systemd-repart.service.in | 2 +- + units/systemd-volatile-root.service.in | 2 +- + 7 files changed, 17 insertions(+), 100 deletions(-) + delete mode 100644 units/initrd-usr-fs.target + +diff --git a/src/basic/special.h b/src/basic/special.h +index 78f22f1..8b01df8 100644 +--- a/src/basic/special.h ++++ b/src/basic/special.h +@@ -37,7 +37,6 @@ + #define SPECIAL_INITRD_FS_TARGET "initrd-fs.target" + #define SPECIAL_INITRD_ROOT_DEVICE_TARGET "initrd-root-device.target" + #define SPECIAL_INITRD_ROOT_FS_TARGET "initrd-root-fs.target" +-#define SPECIAL_INITRD_USR_FS_TARGET "initrd-usr-fs.target" + #define SPECIAL_REMOTE_FS_TARGET "remote-fs.target" /* LSB's $remote_fs */ + #define SPECIAL_REMOTE_FS_PRE_TARGET "remote-fs-pre.target" + #define SPECIAL_SWAP_TARGET "swap.target" +diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c +index a4e3ea5..54bfbc2 100644 +--- a/src/fstab-generator/fstab-generator.c ++++ b/src/fstab-generator/fstab-generator.c +@@ -758,10 +758,6 @@ static int add_sysroot_mount(void) { + static int add_sysroot_usr_mount(void) { + _cleanup_free_ char *what = NULL; + const char *opts; +- int r; +- +- /* Returns 0 if we didn't do anything, > 0 if we either generated a unit for the /usr/ mount, or we +- * know for sure something else did */ + + if (!arg_usr_what && !arg_usr_fstype && !arg_usr_options) + return 0; +@@ -785,23 +781,8 @@ static int add_sysroot_usr_mount(void) { + return log_oom(); + } + +- if (isempty(arg_usr_what)) { +- log_debug("Could not find a usr= entry on the kernel command line."); ++ if (!arg_usr_what) + return 0; +- } +- +- if (streq(arg_usr_what, "gpt-auto")) { +- /* This is handled by the gpt-auto generator */ +- log_debug("Skipping /usr/ directory handling, as gpt-auto was requested."); +- return 1; /* systemd-gpt-auto-generator will generate a unit for this, hence report that a +- * unit file is being created for the host /usr/ mount. */ +- } +- +- if (path_equal(arg_usr_what, "/dev/nfs")) { +- /* This is handled by the initrd (if at all supported, that is) */ +- log_debug("Skipping /usr/ directory handling, as /dev/nfs was requested."); +- return 1; /* As above, report that NFS code will create the unit */ +- } + + what = fstab_node_to_udev_node(arg_usr_what); + if (!what) +@@ -814,62 +795,17 @@ static int add_sysroot_usr_mount(void) { + else + opts = arg_usr_options; + +- /* When mounting /usr from the initrd, we add an extra level of indirection: we first mount the /usr/ +- * partition to /sysusr/usr/, and then afterwards bind mount that to /sysroot/usr/. We do this so +- * that we can cover for systems that initially only have a /usr/ around and where the root fs needs +- * to be synthesized, based on configuration included in /usr/, e.g. systemd-repart. Software like +- * this should order itself after initrd-usr-fs.target and before initrd-fs.target; and it should +- * look into both /sysusr/ and /sysroot/ for the configuration data to apply. */ +- +- log_debug("Found entry what=%s where=/sysusr/usr type=%s opts=%s", what, strna(arg_usr_fstype), strempty(opts)); +- +- r = add_mount(arg_dest, +- what, +- "/sysusr/usr", +- NULL, +- arg_usr_fstype, +- opts, +- is_device_path(what) ? 1 : 0, /* passno */ +- 0, +- SPECIAL_INITRD_USR_FS_TARGET, +- "/proc/cmdline"); +- if (r < 0) +- return r; +- +- log_debug("Synthesizing entry what=/sysusr/usr where=/sysrootr/usr opts=bind"); +- +- r = add_mount(arg_dest, +- "/sysusr/usr", +- "/sysroot/usr", +- NULL, +- NULL, +- "bind", +- 0, +- 0, +- SPECIAL_INITRD_FS_TARGET, +- "/proc/cmdline"); +- if (r < 0) +- return r; +- +- return 1; +-} +- +-static int add_sysroot_usr_mount_or_fallback(void) { +- int r; +- +- r = add_sysroot_usr_mount(); +- if (r != 0) +- return r; +- +- /* OK, so we didn't write anything out for /sysusr/usr/ nor /sysroot/usr/. In this case, let's make +- * sure that initrd-usr-fs.target is at least ordered after sysroot.mount so that services that order +- * themselves get the guarantee that /usr/ is definitely mounted somewhere. */ +- +- return generator_add_symlink( +- arg_dest, +- SPECIAL_INITRD_USR_FS_TARGET, +- "requires", +- "sysroot.mount"); ++ log_debug("Found entry what=%s where=/sysroot/usr type=%s", what, strna(arg_usr_fstype)); ++ return add_mount(arg_dest, ++ what, ++ "/sysroot/usr", ++ NULL, ++ arg_usr_fstype, ++ opts, ++ is_device_path(what) ? 1 : 0, /* passno */ ++ 0, ++ SPECIAL_INITRD_FS_TARGET, ++ "/proc/cmdline"); + } + + static int add_volatile_root(void) { +@@ -1031,7 +967,7 @@ static int run(const char *dest, const char *dest_early, const char *dest_late) + if (in_initrd()) { + r = add_sysroot_mount(); + +- r2 = add_sysroot_usr_mount_or_fallback(); ++ r2 = add_sysroot_usr_mount(); + + r3 = add_volatile_root(); + } else +diff --git a/units/initrd-usr-fs.target b/units/initrd-usr-fs.target +deleted file mode 100644 +index 7219655..0000000 +--- a/units/initrd-usr-fs.target ++++ /dev/null +@@ -1,17 +0,0 @@ +-# SPDX-License-Identifier: LGPL-2.1-or-later +-# +-# This file is part of systemd. +-# +-# systemd is free software; you can redistribute it and/or modify it +-# under the terms of the GNU Lesser General Public License as published by +-# the Free Software Foundation; either version 2.1 of the License, or +-# (at your option) any later version. +- +-Unit +-Description=Initrd /usr File System +-Documentation=man:systemd.special(7) +-AssertPathExists=/etc/initrd-release +-OnFailure=emergency.target +-OnFailureJobMode=replace-irreversibly +-DefaultDependencies=no +-Conflicts=shutdown.target +diff --git a/units/initrd.target b/units/initrd.target +index fc8fbff..655158a 100644 +--- a/units/initrd.target ++++ b/units/initrd.target +@@ -14,6 +14,6 @@ OnFailure=emergency.target + OnFailureJobMode=replace-irreversibly + AssertPathExists=/etc/initrd-release + Requires=basic.target +-Wants=initrd-root-fs.target initrd-root-device.target initrd-fs.target initrd-usr-fs.target initrd-parse-etc.service +-After=initrd-root-fs.target initrd-root-device.target initrd-fs.target initrd-usr-fs.target basic.target rescue.service rescue.target ++Wants=initrd-root-fs.target initrd-root-device.target initrd-fs.target initrd-parse-etc.service ++After=initrd-root-fs.target initrd-root-device.target initrd-fs.target basic.target rescue.service rescue.target + AllowIsolate=yes +diff --git a/units/meson.build b/units/meson.build +index df6741b..31fedf5 100644 +--- a/units/meson.build
View file
_service:tar_scm:backport-revert-units-add-ProtectClock-yes.patch
Added
@@ -0,0 +1,46 @@ +From cabc1c6d7adae658a2966a4b02a6faabb803e92b Mon Sep 17 00:00:00 2001 +From: Topi Miettinen <toiwoton@gmail.com> +Date: Thu, 2 Apr 2020 21:18:11 +0300 +Subject: PATCH units: add ProtectClock=yes + +Add `ProtectClock=yes` to systemd units. Since it implies certain +`DeviceAllow=` rules, make sure that the units have `DeviceAllow=` rules so +they are still able to access other devices. Exclude timesyncd and timedated. + +=== +Conflict:this only revert systemd-udevd.service.in +Reference:https://github.com/systemd/systemd/commit/cabc1c6d7adae658a2966a4b02a6faabb803e92b + +When DeviceAllow is configured, devices.deny will first be set to "a", and +then devices.allow be set based on DeviceAllow, which makes devices.list +between these two steps is not reliable. Only revert systemd-udevd.service.in +because udevd can fork subprocess to execute udev rules, which may affect user +process. +--- + units/systemd-udevd.service.in | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in +index 7b6354a..30746c1 100644 +--- a/units/systemd-udevd.service.in ++++ b/units/systemd-udevd.service.in +@@ -17,8 +17,6 @@ ConditionPathIsReadWrite=/sys + + Service + Delegate=pids +-DeviceAllow=block-* rwm +-DeviceAllow=char-* rwm + Type=notify + # Note that udev will reset the value internally for its workers + OOMScoreAdjust=-1000 +@@ -30,7 +28,6 @@ ExecReload=udevadm control --reload --timeout 0 + KillMode=mixed + TasksMax=infinity + PrivateMounts=yes +-ProtectClock=yes + ProtectHostname=yes + MemoryDenyWriteExecute=yes + RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6 +-- +2.23.0 +
View file
_service:tar_scm:backport-run-mount-systemctl-don-t-fork-off-PolicyKit-ask-pw-.patch
Added
@@ -0,0 +1,70 @@ +From fb999b918462361fefa435f86884f81edff503c5 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Mon, 30 Aug 2021 13:21:55 +0200 +Subject: PATCH run/mount/systemctl: don't fork off PolicyKit/ask-pw agent + when in --user mode + +When we are in --user mode there's no point in doing PolicyKit/ask-pw +because both of these systems are only used by system-level services. +Let's disable the two agents for that automaticlly hence. + +Prompted by: #20576 + +(cherry picked from commit 966f3a246c8c804d8a9c9d393f03c5c3fe0dd393) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/fb999b918462361fefa435f86884f81edff503c5 +--- + src/mount/mount-tool.c | 3 +++ + src/run/run.c | 4 ++++ + src/systemctl/systemctl.c | 5 +++++ + 3 files changed, 12 insertions(+) + +diff --git a/src/mount/mount-tool.c b/src/mount/mount-tool.c +index c213c905a1..70b4c5a765 100644 +--- a/src/mount/mount-tool.c ++++ b/src/mount/mount-tool.c +@@ -332,6 +332,9 @@ static int parse_argv(int argc, char *argv) { + assert_not_reached("Unhandled option"); + } + ++ if (arg_user) ++ arg_ask_password = false; ++ + if (arg_user && arg_transport != BUS_TRANSPORT_LOCAL) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "Execution in user context is not supported on non-local systems."); +diff --git a/src/run/run.c b/src/run/run.c +index 38de0322e0..1c83e36e4e 100644 +--- a/src/run/run.c ++++ b/src/run/run.c +@@ -506,6 +506,10 @@ static int parse_argv(int argc, char *argv) { + assert_not_reached("Unhandled option"); + } + ++ /* If we are talking to the per-user instance PolicyKit isn't going to help */ ++ if (arg_user) ++ arg_ask_password = false; ++ + with_trigger = !!arg_path_property || !!arg_socket_property || arg_with_timer; + + /* currently, only single trigger (path, socket, timer) unit can be created simultaneously */ +diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c +index 4cc723aab5..2f6f58127c 100644 +--- a/src/systemctl/systemctl.c ++++ b/src/systemctl/systemctl.c +@@ -925,6 +925,11 @@ static int systemctl_parse_argv(int argc, char *argv) { + assert_not_reached("Unhandled option"); + } + ++ /* If we are in --user mode, there's no point in talking to PolicyKit or the infra to query system ++ * passwords */ ++ if (arg_scope != UNIT_FILE_SYSTEM) ++ arg_ask_password = false; ++ + if (arg_transport == BUS_TRANSPORT_REMOTE && arg_scope != UNIT_FILE_SYSTEM) + return log_error_errno(SYNTHETIC_ERRNO(EINVAL), + "Cannot access user instance remotely."); +-- +2.33.0 +
View file
_service:tar_scm:backport-scope-count-successful-cgroup-additions-when-delegat.patch
Added
@@ -0,0 +1,51 @@ +From be509064edba9863521a77a4a20a6e1a0971693e Mon Sep 17 00:00:00 2001 +From: Jonas Witschel <diabonas@archlinux.org> +Date: Wed, 10 Nov 2021 22:46:35 +0100 +Subject: PATCH scope: count successful cgroup additions when delegating via + D-Bus + +Since commit 8d3e4ac7cd37200d1431411a4b98925a24b7d9b3 ("scope: refuse +activation of scopes if no PIDs to add are left") all "systemd-run --scope +--user" calls fail because cgroup attachments delegated to the system instance +are not counted towards successful additions. Fix this by incrementing the +return value in case unit_attach_pid_to_cgroup_via_bus() succeeds, similar to +what happens when cg_attach() succeeds directly. + +Note that this can *not* distinguish the case when +unit_attach_pid_to_cgroup_via_bus() has been run successfully, but all +processes to attach are gone in the meantime, unlike the checks that commit +8d3e4ac7cd37200d1431411a4b98925a24b7d9b3 adds for the system instance. This is +because even though unit_attach_pid_to_cgroup_via_bus() leads to an internal +unit_attach_pids_to_cgroup() call, the return value over D-Bus does not include +the number of successfully attached processes and is always NULL on success. + +Fixes: #21297 + +(cherry picked from commit c65417a01121301fdf7f8514ee7663d287af3a72) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/be509064edba9863521a77a4a20a6e1a0971693e +--- + src/core/cgroup.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 51936b7d1d..79e10ca3c0 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -2188,8 +2188,11 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { + z = unit_attach_pid_to_cgroup_via_bus(u, pid, suffix_path); + if (z < 0) + log_unit_info_errno(u, z, "Couldn't move process "PID_FMT" to requested cgroup '%s' (directly or via the system bus): %m", pid, empty_to_root(p)); +- else ++ else { ++ if (ret >= 0) ++ ret++; /* Count successful additions */ + continue; /* When the bus thing worked via the bus we are fully done for this PID. */ ++ } + } + + if (ret >= 0) +-- +2.33.0 +
View file
_service:tar_scm:backport-scope-refuse-activation-of-scopes-if-no-PIDs-to-add-.patch
Added
@@ -0,0 +1,55 @@ +From 7ecb1b82d9b55a081d81b2802695fd21293ce029 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Wed, 27 Oct 2021 23:17:50 +0200 +Subject: PATCH scope: refuse activation of scopes if no PIDs to add are left + +If all processes we are supposed to add are gone by the time we are +ready to do so, let's fail. + +THis is heavily based on Cunlong Li's work, who thankfully tracked this +down. + +Replaces: #20577 +(cherry picked from commit 8d3e4ac7cd37200d1431411a4b98925a24b7d9b3) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/7ecb1b82d9b55a081d81b2802695fd21293ce029 +--- + src/core/cgroup.c | 3 ++- + src/core/scope.c | 6 ++++++ + 2 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 1551d57e90..51936b7d1d 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -2196,7 +2196,8 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) { + ret = r; /* Remember first error */ + + continue; +- } ++ } else if (ret >= 0) ++ ret++; /* Count successful additions */ + + r = cg_all_unified(); + if (r < 0) +diff --git a/src/core/scope.c b/src/core/scope.c +index af6311bb5f..fd4367dbed 100644 +--- a/src/core/scope.c ++++ b/src/core/scope.c +@@ -374,6 +374,12 @@ static int scope_start(Unit *u) { + scope_enter_dead(s, SCOPE_FAILURE_RESOURCES); + return r; + } ++ if (r == 0) { ++ log_unit_warning(u, "No PIDs left to attach to the scope's control group, refusing: %m"); ++ scope_enter_dead(s, SCOPE_FAILURE_RESOURCES); ++ return -ECHILD; ++ } ++ log_unit_debug(u, "%i %s added to scope's control group.", r, r == 1 ? "process" : "processes"); + + s->result = SCOPE_SUCCESS; + +-- +2.33.0 +
View file
_service:tar_scm:backport-scsi_id-retry-inquiry-ioctl-if-host_byte-is-DID_TRAN.patch
Added
@@ -0,0 +1,56 @@ +From 9442b2f78f17309bb1c2bca0df735728b03ee732 Mon Sep 17 00:00:00 2001 +From: Wenchao Hao <haowenchao@huawei.com> +Date: Sun, 28 Aug 2022 16:44:56 +0800 +Subject: PATCH scsi_id: retry inquiry ioctl if host_byte is + DID_TRANSPORT_DISRUPTED + +The inquiry is issued to kernel via ioctl, kernelspace would set +this inquiry command's retry count to 0 which means the command +would not be retried in kernel space even if the LLDs returned +a status which need to be retried. So we should take the retry +in user space. +--- + src/udev/scsi_id/scsi_serial.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/udev/scsi_id/scsi_serial.c b/src/udev/scsi_id/scsi_serial.c +index cfc13feced..992d1cf25b 100644 +--- a/src/udev/scsi_id/scsi_serial.c ++++ b/src/udev/scsi_id/scsi_serial.c +@@ -69,6 +69,7 @@ static const char hex_str="0123456789abcdef"; + #define DID_NO_CONNECT 0x01 /* Unable to connect before timeout */ + #define DID_BUS_BUSY 0x02 /* Bus remain busy until timeout */ + #define DID_TIME_OUT 0x03 /* Timed out for some other reason */ ++#define DID_TRANSPORT_DISRUPTED 0x0e /* Transport disrupted and should retry */ + #define DRIVER_TIMEOUT 0x06 + #define DRIVER_SENSE 0x08 /* Sense_buffer has been set */ + +@@ -79,6 +80,7 @@ static const char hex_str="0123456789abcdef"; + #define SG_ERR_CAT_TIMEOUT 3 + #define SG_ERR_CAT_RECOVERED 4 /* Successful command after recovered err */ + #define SG_ERR_CAT_NOTSUPPORTED 5 /* Illegal / unsupported command */ ++#define SG_ERR_CAT_RETRY 6 /* Command should be retried */ + #define SG_ERR_CAT_SENSE 98 /* Something else in the sense buffer */ + #define SG_ERR_CAT_OTHER 99 /* Some other error/warning */ + +@@ -126,6 +128,8 @@ static int sg_err_category_new(int scsi_status, int msg_status, int + if (host_status) { + if (IN_SET(host_status, DID_NO_CONNECT, DID_BUS_BUSY, DID_TIME_OUT)) + return SG_ERR_CAT_TIMEOUT; ++ if (host_status == DID_TRANSPORT_DISRUPTED) ++ return SG_ERR_CAT_RETRY; + } + if (driver_status) { + if (driver_status == DRIVER_TIMEOUT) +@@ -332,6 +336,8 @@ resend: + case SG_ERR_CAT_RECOVERED: + retval = 0; + break; ++ case SG_ERR_CAT_RETRY: ++ break; + + default: + if (dev_scsi->use_sg == 4) +-- +2.27.0 +
View file
_service:tar_scm:backport-sd-boot-Fix-possible-null-pointer-dereference.patch
Added
@@ -0,0 +1,32 @@ +From 872d101c2308e07c523fd6ca84bd774447f05b7e Mon Sep 17 00:00:00 2001 +From: Jan Janssen <medhefgo@web.de> +Date: Wed, 11 Aug 2021 14:59:46 +0200 +Subject: PATCH sd-boot: Fix possible null pointer dereference + +Auto entries are showing garbage for the version in print_status() +because StrDuplicate does not expect null pointers. + +(cherry picked from commit b52fafb26d90b77cfc259fcbdab3c95a571bacb1) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/872d101c2308e07c523fd6ca84bd774447f05b7e +--- + src/boot/efi/boot.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c +index 3249171ec1..13940a6df7 100644 +--- a/src/boot/efi/boot.c ++++ b/src/boot/efi/boot.c +@@ -1724,7 +1724,7 @@ static ConfigEntry *config_entry_add_loader( + *entry = (ConfigEntry) { + .type = type, + .title = StrDuplicate(title), +- .version = StrDuplicate(version), ++ .version = version ? StrDuplicate(version) : NULL, + .device = device, + .loader = StrDuplicate(loader), + .id = StrDuplicate(id), +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-boot-Rework-console-input-handling.patch
Added
@@ -0,0 +1,323 @@ +From 9e47ea7c98d1f4e0a75edb5d1590e5742f253317 Mon Sep 17 00:00:00 2001 +From: Jan Janssen <medhefgo@web.de> +Date: Wed, 11 Aug 2021 14:59:46 +0200 +Subject: PATCH sd-boot: Rework console input handling + +Fixes: #15847 +Probably fixes: #19191 + +(cherry picked from commit e98d271e57f3d0356e444b6ea2d48836ee2769b0) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/9e47ea7c98d1f4e0a75edb5d1590e5742f253317 +--- + src/boot/efi/boot.c | 55 +++++++--------------- + src/boot/efi/console.c | 102 +++++++++++++++++++++++++++++------------ + src/boot/efi/console.h | 2 +- + 3 files changed, 91 insertions(+), 68 deletions(-) + +diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c +index 54d704f0d1..b4f3b9605a 100644 +--- a/src/boot/efi/boot.c ++++ b/src/boot/efi/boot.c +@@ -134,7 +134,7 @@ static BOOLEAN line_edit( + uefi_call_wrapper(ST->ConOut->OutputString, 2, ST->ConOut, print); + uefi_call_wrapper(ST->ConOut->SetCursorPosition, 3, ST->ConOut, cursor, y_pos); + +- err = console_key_read(&key, TRUE); ++ err = console_key_read(&key, 0); + if (EFI_ERROR(err)) + continue; + +@@ -387,7 +387,7 @@ static VOID print_status(Config *config, CHAR16 *loaded_image_path) { + Print(L"OsIndicationsSupported: %d\n", indvar); + + Print(L"\n--- press key ---\n\n"); +- console_key_read(&key, TRUE); ++ console_key_read(&key, 0); + + Print(L"timeout: %u\n", config->timeout_sec); + if (config->timeout_sec_efivar >= 0) +@@ -432,7 +432,7 @@ static VOID print_status(Config *config, CHAR16 *loaded_image_path) { + Print(L"LoaderEntryDefault: %s\n", defaultstr); + + Print(L"\n--- press key ---\n\n"); +- console_key_read(&key, TRUE); ++ console_key_read(&key, 0); + + for (UINTN i = 0; i < config->entry_count; i++) { + ConfigEntry *entry; +@@ -482,7 +482,7 @@ static VOID print_status(Config *config, CHAR16 *loaded_image_path) { + entry->path, entry->next_name); + + Print(L"\n--- press key ---\n\n"); +- console_key_read(&key, TRUE); ++ console_key_read(&key, 0); + } + + uefi_call_wrapper(ST->ConOut->ClearScreen, 1, ST->ConOut); +@@ -509,11 +509,10 @@ static BOOLEAN menu_run( + UINTN y_max; + CHAR16 *status; + CHAR16 *clearline; +- INTN timeout_remain; ++ UINTN timeout_remain = config->timeout_sec; + INT16 idx; + BOOLEAN exit = FALSE; + BOOLEAN run = TRUE; +- BOOLEAN wait = FALSE; + + graphics_mode(FALSE); + uefi_call_wrapper(ST->ConIn->Reset, 2, ST->ConIn, FALSE); +@@ -538,12 +537,6 @@ static BOOLEAN menu_run( + y_max = 25; + } + +- /* we check 10 times per second for a keystroke */ +- if (config->timeout_sec > 0) +- timeout_remain = config->timeout_sec * 10; +- else +- timeout_remain = -1; +- + idx_highlight = config->idx_default; + idx_highlight_prev = 0; + +@@ -643,7 +636,7 @@ static BOOLEAN menu_run( + + if (timeout_remain > 0) { + FreePool(status); +- status = PoolPrint(L"Boot in %d sec.", (timeout_remain + 5) / 10); ++ status = PoolPrint(L"Boot in %d s.", timeout_remain); + } + + /* print status at last line of screen */ +@@ -664,27 +657,18 @@ static BOOLEAN menu_run( + uefi_call_wrapper(ST->ConOut->OutputString, 2, ST->ConOut, clearline+1 + x + len); + } + +- err = console_key_read(&key, wait); +- if (EFI_ERROR(err)) { +- /* timeout reached */ ++ err = console_key_read(&key, timeout_remain > 0 ? 1000 * 1000 : 0); ++ if (err == EFI_TIMEOUT) { ++ timeout_remain--; + if (timeout_remain == 0) { + exit = TRUE; + break; + } + +- /* sleep and update status */ +- if (timeout_remain > 0) { +- uefi_call_wrapper(BS->Stall, 1, 100 * 1000); +- timeout_remain--; +- continue; +- } +- +- /* timeout disabled, wait for next key */ +- wait = TRUE; ++ /* update status */ + continue; +- } +- +- timeout_remain = -1; ++ } else ++ timeout_remain = 0; + + /* clear status after keystroke */ + if (status) { +@@ -787,7 +771,7 @@ static BOOLEAN menu_run( + config->timeout_sec_efivar, + EFI_VARIABLE_NON_VOLATILE); + if (config->timeout_sec_efivar > 0) +- status = PoolPrint(L"Menu timeout set to %d sec.", config->timeout_sec_efivar); ++ status = PoolPrint(L"Menu timeout set to %d s.", config->timeout_sec_efivar); + else + status = StrDuplicate(L"Menu disabled. Hold down key at bootup to show menu."); + } else if (config->timeout_sec_efivar <= 0){ +@@ -795,7 +779,7 @@ static BOOLEAN menu_run( + efivar_set( + LOADER_GUID, L"LoaderConfigTimeout", NULL, EFI_VARIABLE_NON_VOLATILE); + if (config->timeout_sec_config > 0) +- status = PoolPrint(L"Menu timeout of %d sec is defined by configuration file.", ++ status = PoolPrint(L"Menu timeout of %d s is defined by configuration file.", + config->timeout_sec_config); + else + status = StrDuplicate(L"Menu disabled. Hold down key at bootup to show menu."); +@@ -813,7 +797,7 @@ static BOOLEAN menu_run( + config->timeout_sec_efivar, + EFI_VARIABLE_NON_VOLATILE); + if (config->timeout_sec_efivar > 0) +- status = PoolPrint(L"Menu timeout set to %d sec.", ++ status = PoolPrint(L"Menu timeout set to %d s.", + config->timeout_sec_efivar); + else + status = StrDuplicate(L"Menu disabled. Hold down key at bootup to show menu."); +@@ -2369,13 +2353,8 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { + else { + UINT64 key; + +- err = console_key_read(&key, FALSE); +- +- if (err == EFI_NOT_READY) { +- uefi_call_wrapper(BS->Stall, 1, 100 * 1000); +- err = console_key_read(&key, FALSE); +- } +- ++ /* Block up to 100ms to give firmware time to get input working. */ ++ err = console_key_read(&key, 100 * 1000); + if (!EFI_ERROR(err)) { + INT16 idx; + +diff --git a/src/boot/efi/console.c b/src/boot/efi/console.c +index 83619d2147..369c549daf 100644 +--- a/src/boot/efi/console.c ++++ b/src/boot/efi/console.c +@@ -11,61 +11,105 @@ + + #define EFI_SIMPLE_TEXT_INPUT_EX_GUID &(EFI_GUID) EFI_SIMPLE_TEXT_INPUT_EX_PROTOCOL_GUID + +-EFI_STATUS console_key_read(UINT64 *key, BOOLEAN wait) { ++static inline void EventClosep(EFI_EVENT *event) { ++ if (!*event) ++ return; ++ ++ uefi_call_wrapper(BS->CloseEvent, 1, *event); ++} ++ ++/* ++ * Reading input from the console sounds like an easy task to do, but thanks to broken ++ * firmware it is actually a nightmare. ++ * ++ * There is a ConIn and TextInputEx API for this. Ideally we want to use TextInputEx, ++ * because that gives us Ctrl/Alt/Shift key state information. Unfortunately, it is not ++ * always available and sometimes just non-functional. ++ * ++ * On the other hand we have ConIn, where some firmware likes to just freeze on us ++ * if we call ReadKeyStroke on it. ++ * ++ * Therefore, we use WaitForEvent on both ConIn and TextInputEx (if available) along ++ * with a timer event. The timer ensures there is no need to call into functions
View file
_service:tar_scm:backport-sd-boot-Unify-error-handling.patch
Added
@@ -0,0 +1,404 @@ +From 218c0839b24853899d2ea15cb2973ab0d56a7f31 Mon Sep 17 00:00:00 2001 +From: Jan Janssen <medhefgo@web.de> +Date: Wed, 11 Aug 2021 14:59:46 +0200 +Subject: PATCH sd-boot: Unify error handling + +log_error_stall() and log_error_status_stall() will ensure the user has +a chance to catch an error message by stalling and also forcing a +lightred/black color on it. Also, convert several Print() calls to it +since they are actually error messages. + +(cherry picked from commit 8aba0eec499b762657f528988c2f093ac490620d) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/218c0839b24853899d2ea15cb2973ab0d56a7f31 +--- + src/boot/efi/boot.c | 62 ++++++++++---------------------- + src/boot/efi/random-seed.c | 73 +++++++++++++------------------------- + src/boot/efi/stub.c | 24 ++++--------- + src/boot/efi/util.c | 17 +++++++-- + src/boot/efi/util.h | 9 +++++ + 5 files changed, 75 insertions(+), 110 deletions(-) + +diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c +index 13940a6df7..54d704f0d1 100644 +--- a/src/boot/efi/boot.c ++++ b/src/boot/efi/boot.c +@@ -527,7 +527,7 @@ static BOOLEAN menu_run( + err = console_set_mode(&config->console_mode, config->console_mode_change); + if (EFI_ERROR(err)) { + uefi_call_wrapper(ST->ConOut->ClearScreen, 1, ST->ConOut); +- Print(L"Error switching console mode to %ld: %r.\r", (UINT64)config->console_mode, err); ++ log_error_stall(L"Error switching console mode to %lu: %r", (UINT64)config->console_mode, err); + } + } else + uefi_call_wrapper(ST->ConOut->ClearScreen, 1, ST->ConOut); +@@ -1221,8 +1221,7 @@ static VOID config_entry_bump_counters( + break; + + if (r != EFI_BUFFER_TOO_SMALL || file_info_size * 2 < file_info_size) { +- Print(L"\nFailed to get file info for '%s': %r\n", old_path, r); +- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); ++ log_error_stall(L"Failed to get file info for '%s': %r", old_path, r); + return; + } + +@@ -1234,8 +1233,7 @@ static VOID config_entry_bump_counters( + StrCpy(file_info->FileName, entry->next_name); + r = uefi_call_wrapper(handle->SetInfo, 4, handle, &EfiFileInfoGuid, file_info_size, file_info); + if (EFI_ERROR(r)) { +- Print(L"\nFailed to rename '%s' to '%s', ignoring: %r\n", old_path, entry->next_name, r); +- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); ++ log_error_stall(L"Failed to rename '%s' to '%s', ignoring: %r", old_path, entry->next_name, r); + return; + } + +@@ -2165,18 +2163,12 @@ static EFI_STATUS image_start( + EFI_STATUS err; + + path = FileDevicePath(entry->device, entry->loader); +- if (!path) { +- Print(L"Error getting device path."); +- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); +- return EFI_INVALID_PARAMETER; +- } ++ if (!path) ++ return log_error_status_stall(EFI_INVALID_PARAMETER, L"Error getting device path."); + + err = uefi_call_wrapper(BS->LoadImage, 6, FALSE, parent_image, path, NULL, 0, &image); +- if (EFI_ERROR(err)) { +- Print(L"Error loading %s: %r", entry->loader, err); +- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); +- return err; +- } ++ if (EFI_ERROR(err)) ++ return log_error_status_stall(err, L"Error loading %s: %r", entry->loader, err); + + if (config->options_edit) + options = config->options_edit; +@@ -2190,8 +2182,7 @@ static EFI_STATUS image_start( + err = uefi_call_wrapper(BS->OpenProtocol, 6, image, &LoadedImageProtocol, (VOID **)&loaded_image, + parent_image, NULL, EFI_OPEN_PROTOCOL_GET_PROTOCOL); + if (EFI_ERROR(err)) { +- Print(L"Error getting LoadedImageProtocol handle: %r", err); +- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); ++ log_error_stall(L"Error getting LoadedImageProtocol handle: %r", err); + goto out_unload; + } + loaded_image->LoadOptions = options; +@@ -2202,10 +2193,8 @@ static EFI_STATUS image_start( + err = tpm_log_event(SD_TPM_PCR, + (EFI_PHYSICAL_ADDRESS) (UINTN) loaded_image->LoadOptions, + loaded_image->LoadOptionsSize, loaded_image->LoadOptions); +- if (EFI_ERROR(err)) { +- Print(L"Unable to add image options measurement: %r", err); +- uefi_call_wrapper(BS->Stall, 1, 200 * 1000); +- } ++ if (EFI_ERROR(err)) ++ log_error_stall(L"Unable to add image options measurement: %r", err); + #endif + } + +@@ -2231,9 +2220,7 @@ static EFI_STATUS reboot_into_firmware(VOID) { + return err; + + err = uefi_call_wrapper(RT->ResetSystem, 4, EfiResetCold, EFI_SUCCESS, 0, NULL); +- Print(L"Error calling ResetSystem: %r", err); +- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); +- return err; ++ return log_error_status_stall(err, L"Error calling ResetSystem: %r", err); + } + + static VOID config_free(Config *config) { +@@ -2305,30 +2292,21 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { + + err = uefi_call_wrapper(BS->OpenProtocol, 6, image, &LoadedImageProtocol, (VOID **)&loaded_image, + image, NULL, EFI_OPEN_PROTOCOL_GET_PROTOCOL); +- if (EFI_ERROR(err)) { +- Print(L"Error getting a LoadedImageProtocol handle: %r", err); +- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); +- return err; +- } ++ if (EFI_ERROR(err)) ++ return log_error_status_stall(err, L"Error getting a LoadedImageProtocol handle: %r", err); + + /* export the device path this image is started from */ + if (disk_get_part_uuid(loaded_image->DeviceHandle, uuid) == EFI_SUCCESS) + efivar_set(LOADER_GUID, L"LoaderDevicePartUUID", uuid, 0); + + root_dir = LibOpenRoot(loaded_image->DeviceHandle); +- if (!root_dir) { +- Print(L"Unable to open root directory."); +- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); +- return EFI_LOAD_ERROR; +- } ++ if (!root_dir) ++ return log_error_status_stall(EFI_LOAD_ERROR, L"Unable to open root directory.", EFI_LOAD_ERROR); + + if (secure_boot_enabled() && shim_loaded()) { + err = security_policy_install(); +- if (EFI_ERROR(err)) { +- Print(L"Error installing security policy: %r ", err); +- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); +- return err; +- } ++ if (EFI_ERROR(err)) ++ return log_error_status_stall(err, L"Error installing security policy: %r", err); + } + + /* the filesystem path to this image, to prevent adding ourselves to the menu */ +@@ -2367,8 +2345,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { + } + + if (config.entry_count == 0) { +- Print(L"No loader found. Configuration files in \\loader\\entries\\*.conf are needed."); +- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); ++ log_error_stall(L"No loader found. Configuration files in \\loader\\entries\\*.conf are needed."); + goto out; + } + +@@ -2440,8 +2417,7 @@ EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *sys_table) { + err = image_start(image, &config, entry); + if (EFI_ERROR(err)) { + graphics_mode(FALSE); +- Print(L"\nFailed to execute %s (%s): %r\n", entry->title, entry->loader, err); +- uefi_call_wrapper(BS->Stall, 1, 3 * 1000 * 1000); ++ log_error_stall(L"Failed to execute %s (%s): %r", entry->title, entry->loader, err); + goto out; + } + +diff --git a/src/boot/efi/random-seed.c b/src/boot/efi/random-seed.c +index 3e179851b0..939daf3e41 100644 +--- a/src/boot/efi/random-seed.c ++++ b/src/boot/efi/random-seed.c +@@ -35,10 +35,8 @@ static EFI_STATUS acquire_rng(UINTN size, VOID **ret) { + return log_oom(); + + err = uefi_call_wrapper(rng->GetRNG, 3, rng, NULL, size, data); +- if (EFI_ERROR(err)) { +- Print(L"Failed to acquire RNG data: %r\n", err); +- return err; +- } ++ if (EFI_ERROR(err)) ++ return log_error_status_stall(err, L"Failed to acquire RNG data: %r", err); + + *ret = TAKE_PTR(data); + return EFI_SUCCESS; +@@ -149,14 +147,12 @@ static EFI_STATUS acquire_system_token(VOID **ret, UINTN *ret_size) { + err = efivar_get_raw(LOADER_GUID, L"LoaderSystemToken", &data, &size); + if (EFI_ERROR(err)) { + if (err != EFI_NOT_FOUND) +- Print(L"Failed to read LoaderSystemToken EFI variable: %r", err); ++ log_error_stall(L"Failed to read LoaderSystemToken EFI variable: %r", err); + return err; + } + +- if (size <= 0) { +- Print(L"System token too short, ignoring."); +- return EFI_NOT_FOUND; +- }
View file
_service:tar_scm:backport-sd-bus-allow-numerical-uids-in-M-user-.host.patch
Added
@@ -0,0 +1,75 @@ +From 93597655ac3b1ecc8411e6b1249ab6ce631e87e2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Wed, 7 Jul 2021 18:02:50 +0200 +Subject: PATCH sd-bus: allow numerical uids in -M user@.host + +UIDs don't work well over ssh, but locally or with containers they are OK. +In particular, user@.service uses UIDs as identifiers, and it's nice to be +able to copy&paste that UID for interaction with the user's managers. + +(cherry picked from commit 2da7d0bc92e2423a5c7225c5d24b99d5d52a0bc6) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/93597655ac3b1ecc8411e6b1249ab6ce631e87e2 +--- + src/libsystemd/sd-bus/sd-bus.c | 27 ++++++++++++++++++--------- + 1 file changed, 18 insertions(+), 9 deletions(-) + +diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c +index ab8d4e4a60..e85a409871 100644 +--- a/src/libsystemd/sd-bus/sd-bus.c ++++ b/src/libsystemd/sd-bus/sd-bus.c +@@ -39,6 +39,7 @@ + #include "parse-util.h" + #include "path-util.h" + #include "process-util.h" ++#include "stdio-util.h" + #include "string-util.h" + #include "strv.h" + #include "user-util.h" +@@ -1616,7 +1617,7 @@ static int user_and_machine_valid(const char *user_and_machine) { + if (!user) + return -ENOMEM; + +- if (!isempty(user) && !valid_user_group_name(user, VALID_USER_RELAX)) ++ if (!isempty(user) && !valid_user_group_name(user, VALID_USER_RELAX | VALID_USER_ALLOW_NUMERIC)) + return false; + + h++; +@@ -1647,17 +1648,25 @@ static int user_and_machine_equivalent(const char *user_and_machine) { + + /* Otherwise, if we are root, then we can also allow the ".host" syntax, as that's the user this + * would connect to. */ +- if (geteuid() == 0 && STR_IN_SET(user_and_machine, ".host", "root@.host")) ++ uid_t uid = geteuid(); ++ ++ if (uid == 0 && STR_IN_SET(user_and_machine, ".host", "root@.host", "0@.host")) + return true; + +- /* Otherwise, we have to figure our user name, and compare things with that. */ +- un = getusername_malloc(); +- if (!un) +- return -ENOMEM; ++ /* Otherwise, we have to figure out our user id and name, and compare things with that. */ ++ char bufDECIMAL_STR_MAX(uid_t); ++ xsprintf(buf, UID_FMT, uid); ++ ++ f = startswith(user_and_machine, buf); ++ if (!f) { ++ un = getusername_malloc(); ++ if (!un) ++ return -ENOMEM; + +- f = startswith(user_and_machine, un); +- if (!f) +- return false; ++ f = startswith(user_and_machine, un); ++ if (!f) ++ return false; ++ } + + return STR_IN_SET(f, "@", "@.host"); + } +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-bus-do-not-pass-NULL-when-received-message-with-i.patch
Added
@@ -0,0 +1,34 @@ +From bc3d5f31bf8af840d3f4c1f66ea5d7ec6dcfcb1b Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Thu, 14 Jul 2022 10:53:54 +0900 +Subject: PATCH sd-bus: do not pass NULL when received message with invalid + type + +Fixes #24003. + +(cherry picked from commit 3f0dbb0f0c4e3c0013fa5fe54441ca7f969555a7) +(cherry picked from commit e56bfc8a417d1877c25b943b75cd73163246fbf2) +(cherry picked from commit a6aa5b2f7262ba67acfddd6dfa304144639a9ca4) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/bc3d5f31bf8af840d3f4c1f66ea5d7ec6dcfcb1b +--- + src/libsystemd/sd-bus/sd-bus.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c +index e85a409871..7a58c560d5 100644 +--- a/src/libsystemd/sd-bus/sd-bus.c ++++ b/src/libsystemd/sd-bus/sd-bus.c +@@ -48,7 +48,7 @@ + do { \ + sd_bus_message *_mm = (m); \ + log_debug("Got message type=%s sender=%s destination=%s path=%s interface=%s member=%s cookie=%" PRIu64 " reply_cookie=%" PRIu64 " signature=%s error-name=%s error-message=%s", \ +- bus_message_type_to_string(_mm->header->type), \ ++ strna(bus_message_type_to_string(_mm->header->type)), \ + strna(sd_bus_message_get_sender(_mm)), \ + strna(sd_bus_message_get_destination(_mm)), \ + strna(sd_bus_message_get_path(_mm)), \ +-- +2.27.0 +
View file
_service:tar_scm:backport-sd-bus-fix-buffer-overflow.patch
Added
@@ -0,0 +1,126 @@ +From 1a4f4051c3f41b7750dbc904bb4768413bc8bd58 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 27 May 2022 04:23:10 +0900 +Subject: PATCH sd-bus: fix buffer overflow + +Fixes #23486. + +(cherry picked from commit 89b6a3f13e5f3b8a375dc82cb2a1c2c204a5067e) +(cherry picked from commit a5c4e29b2ca83b0956ea4635e1db7b02ae007d55) +(cherry picked from commit a5b0338e896338774226a3bd8a56f63555c7b9ce) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/1a4f4051c3f41b7750dbc904bb4768413bc8bd58 +--- + src/libsystemd/sd-bus/bus-message.c | 30 ++++++++++++++---- + test/fuzz/fuzz-bus-message/issue-23486-case-1 | Bin 0 -> 32 bytes + test/fuzz/fuzz-bus-message/issue-23486-case-2 | Bin 0 -> 16 bytes + test/fuzz/fuzz-bus-message/issue-23486-case-3 | Bin 0 -> 16 bytes + 4 files changed, 23 insertions(+), 7 deletions(-) + create mode 100644 test/fuzz/fuzz-bus-message/issue-23486-case-1 + create mode 100644 test/fuzz/fuzz-bus-message/issue-23486-case-2 + create mode 100644 test/fuzz/fuzz-bus-message/issue-23486-case-3 + +diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c +index 20f7396c74..d74a351e29 100644 +--- a/src/libsystemd/sd-bus/bus-message.c ++++ b/src/libsystemd/sd-bus/bus-message.c +@@ -428,7 +428,7 @@ int bus_message_from_header( + + _cleanup_free_ sd_bus_message *m = NULL; + struct bus_header *h; +- size_t a, label_sz; ++ size_t a, label_sz = 0; /* avoid false maybe-uninitialized warning */ + + assert(bus); + assert(header || header_accessible <= 0); +@@ -506,7 +506,10 @@ int bus_message_from_header( + m->fields_size = BUS_MESSAGE_BSWAP32(m, h->dbus1.fields_size); + m->body_size = BUS_MESSAGE_BSWAP32(m, h->dbus1.body_size); + +- if (sizeof(struct bus_header) + ALIGN8(m->fields_size) + m->body_size != message_size) ++ assert(message_size >= sizeof(struct bus_header)); ++ if (m->fields_size > message_size - sizeof(struct bus_header) || ++ ALIGN8(m->fields_size) > message_size - sizeof(struct bus_header) || ++ m->body_size != message_size - sizeof(struct bus_header) - ALIGN8(m->fields_size)) + return -EBADMSG; + } + +@@ -3062,15 +3065,21 @@ void bus_body_part_unmap(struct bus_body_part *part) { + return; + } + +-static int buffer_peek(const void *p, uint32_t sz, size_t *rindex, size_t align, size_t nbytes, void **r) { ++static int buffer_peek(const void *p, size_t sz, size_t *rindex, size_t align, size_t nbytes, void **r) { + size_t k, start, end; + + assert(rindex); + assert(align > 0); + +- start = ALIGN_TO((size_t) *rindex, align); +- end = start + nbytes; ++ start = ALIGN_TO(*rindex, align); ++ if (start > sz) ++ return -EBADMSG; ++ ++ /* Avoid overflow below */ ++ if (nbytes > SIZE_MAX - start) ++ return -EBADMSG; + ++ end = start + nbytes; + if (end > sz) + return -EBADMSG; + +@@ -3273,10 +3282,17 @@ static int message_peek_body( + assert(rindex); + assert(align > 0); + +- start = ALIGN_TO((size_t) *rindex, align); ++ start = ALIGN_TO(*rindex, align); ++ if (start > m->user_body_size) ++ return -EBADMSG; ++ + padding = start - *rindex; +- end = start + nbytes; + ++ /* Avoid overflow below */ ++ if (nbytes > SIZE_MAX - start) ++ return -EBADMSG; ++ ++ end = start + nbytes; + if (end > m->user_body_size) + return -EBADMSG; + +diff --git a/test/fuzz/fuzz-bus-message/issue-23486-case-1 b/test/fuzz/fuzz-bus-message/issue-23486-case-1 +new file mode 100644 +index 0000000000000000000000000000000000000000..fe8338b42ba6af6c080aa92aa619e05a6e6e1cc8 +GIT binary patch +literal 32 +gcmd1dVrFCj0xbpQd;uUW!<wI;RGG=}=RX7h0Ak|{p8x;= + +literal 0 +HcmV?d00001 + +diff --git a/test/fuzz/fuzz-bus-message/issue-23486-case-2 b/test/fuzz/fuzz-bus-message/issue-23486-case-2 +new file mode 100644 +index 0000000000000000000000000000000000000000..179124461333198e95e94ac045c3e333bb2063c6 +GIT binary patch +literal 16 +Rcmc~{{?Ewp9|{;47ywYf31|QS + +literal 0 +HcmV?d00001 + +diff --git a/test/fuzz/fuzz-bus-message/issue-23486-case-3 b/test/fuzz/fuzz-bus-message/issue-23486-case-3 +new file mode 100644 +index 0000000000000000000000000000000000000000..cff8b38037a67c92b0bf5295fbf7dd53378f2d76 +GIT binary patch +literal 16 +Wcmc~{y3fb}1Sc6&82<hL{~rJ)#s+u* + +literal 0 +HcmV?d00001 + +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-bus-fix-missing-initializer-in-SD_BUS_VTABLE_END-.patch
Added
@@ -0,0 +1,93 @@ +From cdaf655f73bb3be10d47ab6f00d71a8d0b1a81e3 Mon Sep 17 00:00:00 2001 +From: Matthijs van Duin <matthijsvanduin@gmail.com> +Date: Wed, 21 Jul 2021 11:10:36 +0200 +Subject: PATCH sd-bus: fix missing initializer in SD_BUS_VTABLE_END (#20253) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When two fields were added to the vtable.x.start struct, no initializers +for these were added to SD_BUS_VTABLE_END which also (ab)used that +struct (albeit sneakily by using non-designated initialization). + +While C tolerates this, C++ prohibits these missing initializers, and +both g++ and clang++ will complain when using -Wextra. + +This patch gives SD_BUS_VTABLE_END its own case in the union and +clarifies its initialization. + +I tested the behaviour of g++ 10.2 and clang 11 in various cases. Both will warn +(-Wmissing-field-initializers, implied by -Wextra) if you provide initializers for some +but not all fields of a struct. Declaring x.end as empty struct or using an empty initializer +{} to initialize the union or one of its members is valid C++ but not C, although both gcc +and clang accept it without warning (even at -Wall -Wextra -std=c90/c++11) unless you +use -pedantic (which requires -std=c99/c++2a to support designated initializers). + +Interestingly, .x = { .start = { 0, 0, NULL } } is the only initializer I found for the union +(among candidates for SD_BUS_VTABLE_END) where gcc doesn't zero-fill it entirely +when allocated on stack, it looked like it did in all other cases (I only examined this on +32-bit arm). clang always seems to initialize all bytes of the union. + +zjs: test case: +$ cat vtable-test.cc +#include "sd-bus.h" + +const sd_bus_vtable vtable = { + SD_BUS_VTABLE_END +}; + +$ g++ -I src/systemd/ -Wall -Wmissing-field-initializers -c vtable-test.cc +vtable-test.cc:5:1: warning: missing initializer for member ‘sd_bus_vtable::<unnamed union>::<unnamed struct>::features’ -Wmissing-field-initializers + 5 | }; + | ^ +vtable-test.cc:5:1: warning: missing initializer for member ‘sd_bus_vtable::<unnamed union>::<unnamed struct>::vtable_format_reference’ -Wmissing-field-initializers + +$ clang++ -I src/systemd/ -Wmissing-field-initializers -c vtable-test.cc +vtable-test.cc:4:4: warning: missing field 'features' initializer -Wmissing-field-initializers + SD_BUS_VTABLE_END + ^ +src/systemd/sd-bus-vtable.h:188:28: note: expanded from macro 'SD_BUS_VTABLE_END' + .x = { { 0 } }, \ + ^ +1 warning generated. + +Both warnings are gone with the patch. + +(cherry picked from commit 654eaa403070d3c897454a5190603fda4071c3ff) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/cdaf655f73bb3be10d47ab6f00d71a8d0b1a81e3 +--- + src/systemd/sd-bus-vtable.h | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/systemd/sd-bus-vtable.h b/src/systemd/sd-bus-vtable.h +index 75f8848360..35c942b16c 100644 +--- a/src/systemd/sd-bus-vtable.h ++++ b/src/systemd/sd-bus-vtable.h +@@ -75,6 +75,9 @@ struct sd_bus_vtable { + uint64_t features; + const unsigned *vtable_format_reference; + } start; ++ struct { ++ size_t reserved; ++ } end; + struct { + const char *member; + const char *signature; +@@ -185,7 +188,11 @@ struct sd_bus_vtable { + { \ + .type = _SD_BUS_VTABLE_END, \ + .flags = 0, \ +- .x = { { 0 } }, \ ++ .x = { \ ++ .end = { \ ++ .reserved = 0, \ ++ }, \ ++ }, \ + } + + #define _SD_ECHO(X) X +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-bus-print-debugging-information-if-bus_container_.patch
Added
@@ -0,0 +1,80 @@ +From 4358cbc8076352e7946956f5d71bf7c80d7f2e43 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Wed, 7 Jul 2021 18:01:03 +0200 +Subject: PATCH sd-bus: print debugging information if + bus_container_connect_socket() fails + +We would return the errno, but there are many steps, and without some +debugging info it's hard to figure out what exactly failed. + +(cherry picked from commit 0c201ca945c64e97ba4961ded13ce38a63200468) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/4358cbc8076352e7946956f5d71bf7c80d7f2e43 +--- + src/libsystemd/sd-bus/bus-container.c | 18 ++++++++++-------- + 1 file changed, 10 insertions(+), 8 deletions(-) + +diff --git a/src/libsystemd/sd-bus/bus-container.c b/src/libsystemd/sd-bus/bus-container.c +index b11ebb3f65..1159af46cd 100644 +--- a/src/libsystemd/sd-bus/bus-container.c ++++ b/src/libsystemd/sd-bus/bus-container.c +@@ -37,11 +37,11 @@ int bus_container_connect_socket(sd_bus *b) { + + r = namespace_open(b->nspid, &pidnsfd, &mntnsfd, NULL, &usernsfd, &rootfd); + if (r < 0) +- return r; ++ return log_debug_errno(r, "Failed to open namespace of PID "PID_FMT": %m", b->nspid); + + b->input_fd = socket(b->sockaddr.sa.sa_family, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0); + if (b->input_fd < 0) +- return -errno; ++ return log_debug_errno(errno, "Failed to create a socket: %m"); + + b->input_fd = fd_move_above_stdio(b->input_fd); + +@@ -50,12 +50,12 @@ int bus_container_connect_socket(sd_bus *b) { + bus_socket_setup(b); + + if (socketpair(AF_UNIX, SOCK_SEQPACKET|SOCK_CLOEXEC, 0, pair) < 0) +- return -errno; ++ return log_debug_errno(errno, "Failed to create a socket pair: %m"); + + r = namespace_fork("(sd-buscntrns)", "(sd-buscntr)", NULL, 0, FORK_RESET_SIGNALS|FORK_DEATHSIG, + pidnsfd, mntnsfd, -1, usernsfd, rootfd, &child); + if (r < 0) +- return r; ++ return log_debug_errno(r, "Failed to create namespace for (sd-buscntr): %m"); + if (r == 0) { + pair0 = safe_close(pair0); + +@@ -80,20 +80,22 @@ int bus_container_connect_socket(sd_bus *b) { + + n = read(pair0, &error_buf, sizeof(error_buf)); + if (n < 0) +- return -errno; ++ return log_debug_errno(errno, "Failed to read error status from (sd-buscntr): %m"); + + if (n > 0) { + if (n != sizeof(error_buf)) +- return -EIO; ++ return log_debug_errno(SYNTHETIC_ERRNO(EIO), ++ "Read error status of unexpected length %zd from (sd-buscntr): %m", n); + + if (error_buf < 0) +- return -EIO; ++ return log_debug_errno(SYNTHETIC_ERRNO(EBADMSG), ++ "Got unexpected error status from (sd-buscntr): %m"); + + if (error_buf == EINPROGRESS) + return 1; + + if (error_buf > 0) +- return -error_buf; ++ return log_debug_errno(error_buf, "Got error from (sd-buscntr): %m"); + } + + return bus_socket_start_auth(b); +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-bus-print-quoted-commandline-when-in-bus_socket_e.patch
Added
@@ -0,0 +1,69 @@ +From a221143c6de4917bb6653f5aa134ce8be3c90f6c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Wed, 7 Jul 2021 16:36:49 +0200 +Subject: PATCH sd-bus: print quoted commandline when in bus_socket_exec() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The arguments are where the interesting part is: +src/libsystemd/sd-bus/bus-socket.c:965: sd-bus: starting bus with systemd-run... +↓ +src/libsystemd/sd-bus/bus-socket.c:972: sd-bus: starting bus with systemd-run -M.host -PGq --wait -pUser=1000 -pPAMName=login systemd-stdio-bridge "-punix:path=\${XDG_RUNTIME_DIR}/bus" + +(cherry picked from commit 87fa2e21dd7a30d25ccda2df6b8446a82637b059) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/a221143c6de4917bb6653f5aa134ce8be3c90f6c +--- + src/libsystemd/sd-bus/bus-socket.c | 20 ++++++++++++++------ + 1 file changed, 14 insertions(+), 6 deletions(-) + +diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c +index 09eb49c37f..42c5f175d3 100644 +--- a/src/libsystemd/sd-bus/bus-socket.c ++++ b/src/libsystemd/sd-bus/bus-socket.c +@@ -12,6 +12,7 @@ + #include "bus-internal.h" + #include "bus-message.h" + #include "bus-socket.h" ++#include "escape.h" + #include "fd-util.h" + #include "format-util.h" + #include "fs-util.h" +@@ -962,8 +963,17 @@ int bus_socket_exec(sd_bus *b) { + assert(b->exec_path); + assert(b->busexec_pid == 0); + +- log_debug("sd-bus: starting bus%s%s with %s...", +- b->description ? " " : "", strempty(b->description), b->exec_path); ++ if (DEBUG_LOGGING) { ++ _cleanup_free_ char *line = NULL; ++ ++ if (b->exec_argv) ++ line = quote_command_line(b->exec_argv); ++ ++ log_debug("sd-bus: starting bus%s%s with %s%s", ++ b->description ? " " : "", strempty(b->description), ++ line ?: b->exec_path, ++ b->exec_argv && !line ? "…" : ""); ++ } + + r = socketpair(AF_UNIX, SOCK_STREAM|SOCK_NONBLOCK|SOCK_CLOEXEC, 0, s); + if (r < 0) +@@ -984,10 +994,8 @@ int bus_socket_exec(sd_bus *b) { + + if (b->exec_argv) + execvp(b->exec_path, b->exec_argv); +- else { +- const char *argv = { b->exec_path, NULL }; +- execvp(b->exec_path, (char**) argv); +- } ++ else ++ execvp(b->exec_path, STRV_MAKE(b->exec_path)); + + _exit(EXIT_FAILURE); + } +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-device-introduce-device_has_devlink.patch
Added
@@ -0,0 +1,47 @@ +From 8ada2c1b5922110d961aa82e6d712f6eed696afe Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 1 Sep 2021 09:22:15 +0900 +Subject: PATCH sd-device: introduce device_has_devlink() + +(cherry picked from commit b881ce16b9ccae4c3089c82e2ea1781cd9773a4f) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/8ada2c1b5922110d961aa82e6d712f6eed696afe +--- + src/libsystemd/sd-device/device-private.h | 1 + + src/libsystemd/sd-device/sd-device.c | 7 +++++++ + 2 files changed, 8 insertions(+) + +diff --git a/src/libsystemd/sd-device/device-private.h b/src/libsystemd/sd-device/device-private.h +index fe268d7f2f..9bb5eff208 100644 +--- a/src/libsystemd/sd-device/device-private.h ++++ b/src/libsystemd/sd-device/device-private.h +@@ -32,6 +32,7 @@ void device_set_db_persist(sd_device *device); + void device_set_devlink_priority(sd_device *device, int priority); + int device_ensure_usec_initialized(sd_device *device, sd_device *device_old); + int device_add_devlink(sd_device *device, const char *devlink); ++bool device_has_devlink(sd_device *device, const char *devlink); + int device_add_property(sd_device *device, const char *property, const char *value); + int device_add_tag(sd_device *device, const char *tag, bool both); + void device_remove_tag(sd_device *device, const char *tag); +diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c +index 3f2cce5bba..418a5b10bd 100644 +--- a/src/libsystemd/sd-device/sd-device.c ++++ b/src/libsystemd/sd-device/sd-device.c +@@ -1195,6 +1195,13 @@ int device_add_devlink(sd_device *device, const char *devlink) { + return 0; + } + ++bool device_has_devlink(sd_device *device, const char *devlink) { ++ assert(device); ++ assert(devlink); ++ ++ return set_contains(device->devlinks, devlink); ++} ++ + static int device_add_property_internal_from_string(sd_device *device, const char *str) { + _cleanup_free_ char *key = NULL; + char *value; +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-device-monitor-actually-refuse-to-send-invalid-de.patch
Added
@@ -0,0 +1,35 @@ +From b1b19cfdd22892ecc11e27206c3eab138c719e13 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 12 Aug 2022 04:19:27 +0900 +Subject: PATCH sd-device-monitor: actually refuse to send invalid devices + +Fixes an issue introduced by 9e79123884a36ce095b98d1c0fe247dddf02dbec. + +(cherry picked from commit 8bb4989906a1659b0f6adfa03dc7585e294a392b) +(cherry picked from commit 6e1acfe81823b67b6b830d3ae8d0f0184eab8b2f) +(cherry picked from commit b48a17f13fb85145c17ee1dd3beb450d1dcc4b08) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/b1b19cfdd22892ecc11e27206c3eab138c719e13 +--- + src/libsystemd/sd-device/device-monitor.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/libsystemd/sd-device/device-monitor.c b/src/libsystemd/sd-device/device-monitor.c +index 2cb35951de..d7c6c69640 100644 +--- a/src/libsystemd/sd-device/device-monitor.c ++++ b/src/libsystemd/sd-device/device-monitor.c +@@ -577,8 +577,8 @@ int device_monitor_send_device( + if (r < 0) + return log_device_debug_errno(device, r, "sd-device-monitor: Failed to get device properties: %m"); + if (blen < 32) +- log_device_debug_errno(device, SYNTHETIC_ERRNO(EINVAL), +- "sd-device-monitor: Length of device property nulstr is too small to contain valid device information"); ++ return log_device_debug_errno(device, SYNTHETIC_ERRNO(EINVAL), ++ "sd-device-monitor: Length of device property nulstr is too small to contain valid device information"); + + /* fill in versioned header */ + r = sd_device_get_subsystem(device, &val); +-- +2.27.0 +
View file
_service:tar_scm:backport-sd-device-monitor-update-log-message-to-clarify-the-.patch
Added
@@ -0,0 +1,42 @@ +From 82b2135bf0512c11f7f21f9d0689e8ea5b4a2529 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 13 Oct 2021 12:57:40 +0900 +Subject: PATCH sd-device-monitor: update log message to clarify the error + will be ignored + +(cherry picked from commit 6b652c03a47aa28898dffd408543c06670e3450d) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/82b2135bf0512c11f7f21f9d0689e8ea5b4a2529 +--- + src/libsystemd/sd-device/device-monitor.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/libsystemd/sd-device/device-monitor.c b/src/libsystemd/sd-device/device-monitor.c +index b485e3e2b6..2cb35951de 100644 +--- a/src/libsystemd/sd-device/device-monitor.c ++++ b/src/libsystemd/sd-device/device-monitor.c +@@ -178,7 +178,7 @@ int device_monitor_new_full(sd_device_monitor **ret, MonitorNetlinkGroup group, + + netns = ioctl(m->sock, SIOCGSKNS); + if (netns < 0) +- log_debug_errno(errno, "sd-device-monitor: Unable to get network namespace of udev netlink socket, unable to determine if we are in host netns: %m"); ++ log_debug_errno(errno, "sd-device-monitor: Unable to get network namespace of udev netlink socket, unable to determine if we are in host netns, ignoring: %m"); + else { + struct stat a, b; + +@@ -191,9 +191,9 @@ int device_monitor_new_full(sd_device_monitor **ret, MonitorNetlinkGroup group, + if (ERRNO_IS_PRIVILEGE(errno)) + /* If we can't access PID1's netns info due to permissions, it's fine, this is a + * safety check only after all. */ +- log_debug_errno(errno, "sd-device-monitor: No permission to stat PID1's netns, unable to determine if we are in host netns: %m"); ++ log_debug_errno(errno, "sd-device-monitor: No permission to stat PID1's netns, unable to determine if we are in host netns, ignoring: %m"); + else +- log_debug_errno(errno, "sd-device-monitor: Failed to stat PID1's netns: %m"); ++ log_debug_errno(errno, "sd-device-monitor: Failed to stat PID1's netns, ignoring: %m"); + + } else if (a.st_dev != b.st_dev || a.st_ino != b.st_ino) + log_debug("sd-device-monitor: Netlink socket we listen on is not from host netns, we won't see device events."); +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-device-silence-gcc-warning-with-newest-gcc.patch
Added
@@ -0,0 +1,30 @@ +From e05023045edd4a0e20b60e81f9fa54f08636d660 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Sat, 15 Jan 2022 13:38:30 +0100 +Subject: PATCH sd-device: silence gcc warning with newest gcc + +(cherry picked from commit 376ee2c312b87951028a0adff96b1052f32475fa) +(cherry picked from commit 18aff8c85720606e05826045b6799d19a7dcf08a) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/e05023045edd4a0e20b60e81f9fa54f08636d660 +--- + src/libsystemd/sd-device/sd-device.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-device/sd-device.c b/src/libsystemd/sd-device/sd-device.c +index 388128bf33..45261588a8 100644 +--- a/src/libsystemd/sd-device/sd-device.c ++++ b/src/libsystemd/sd-device/sd-device.c +@@ -1370,7 +1370,7 @@ int device_read_db_internal_filename(sd_device *device, const char *filename) { + _cleanup_free_ char *db = NULL; + const char *value; + size_t db_len; +- char key; ++ char key = '\0'; /* Unnecessary initialization to appease gcc-12.0.0-0.4.fc36 */ + int r; + + enum { +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-dhcp-lease-fix-a-memory-leak-in-dhcp_lease_parse_.patch
Added
@@ -0,0 +1,51 @@ +From aaf7afb05cdbfbec6d06798b698689bdfe1a50ac Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin <evvers@ya.ru> +Date: Sat, 29 Jan 2022 03:16:40 +0000 +Subject: PATCH sd-dhcp-lease: fix a memory leak in + dhcp_lease_parse_search_domains + +================================================================= +==81071==ERROR: LeakSanitizer: detected memory leaks + +Direct leak of 16 byte(s) in 1 object(s) allocated from: + #0 0x51245c in __interceptor_reallocarray (/home/vagrant/systemd/build/fuzz-dhcp-client+0x51245c) + #1 0x7f01440c67e6 in strv_push /home/vagrant/systemd/build/../src/basic/strv.c:435:13 + #2 0x7f01440ca9e1 in strv_consume /home/vagrant/systemd/build/../src/basic/strv.c:506:13 + #3 0x7f01440ca9e1 in strv_extend /home/vagrant/systemd/build/../src/basic/strv.c:558:16 + #4 0x5806e3 in dhcp_lease_parse_search_domains /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-lease.c:900:21 + #5 0x57c1be in dhcp_lease_parse_options /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-lease.c:727:21 + #6 0x572450 in parse_options /home/vagrant/systemd/build/../src/libsystemd-network/dhcp-option.c:348:33 + #7 0x571c6a in dhcp_option_parse /home/vagrant/systemd/build/../src/libsystemd-network/dhcp-option.c:376:13 + #8 0x559a01 in client_handle_offer /home/vagrant/systemd/build/../src/libsystemd-network/sd-dhcp-client.c:1543:13 + #9 0x5592bd in LLVMFuzzerTestOneInput /home/vagrant/systemd/build/../src/libsystemd-network/fuzz-dhcp-client.c:74:16 + #10 0x44a379 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x44a379) + #11 0x42ae1f in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x42ae1f) + #12 0x432ade in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/vagrant/systemd/build/fuzz-dhcp-client+0x432ade) + #13 0x421f86 in main (/home/vagrant/systemd/build/fuzz-dhcp-client+0x421f86) + #14 0x7f0142fff55f in __libc_start_call_main (/lib64/libc.so.6+0x2d55f) + +(cherry picked from commit 9591c0a8b3496d0e5cbbfe7c75161ba80089c143) +(cherry picked from commit 7dc0f80588f371a62a56a75bf27eab2c515becf3) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/aaf7afb05cdbfbec6d06798b698689bdfe1a50ac +--- + src/libsystemd-network/sd-dhcp-lease.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c +index 75aa0c3d2c..ccfd66caa3 100644 +--- a/src/libsystemd-network/sd-dhcp-lease.c ++++ b/src/libsystemd-network/sd-dhcp-lease.c +@@ -815,7 +815,7 @@ int dhcp_lease_parse_search_domains(const uint8_t *option, size_t len, char ***d + pos = next_chunk; + } + +- *domains = TAKE_PTR(names); ++ strv_free_and_replace(*domains, names); + + return cnt; + } +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-dhcp-lease-fix-an-infinite-loop-found-by-the-fuzz.patch
Added
@@ -0,0 +1,34 @@ +From c95ae2ba0093742292671fd30a63af15f1b63bc6 Mon Sep 17 00:00:00 2001 +From: Evgeny Vereshchagin <evvers@ya.ru> +Date: Sat, 29 Jan 2022 02:08:39 +0000 +Subject: PATCH sd-dhcp-lease: fix an infinite loop found by the fuzzer + +(cherry picked from commit 86b06c666be8b7afb45541d35aa4d0ecb38056d1) +(cherry picked from commit 426807c54b9500b806eaaf50d32c7c936510706c) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/c95ae2ba0093742292671fd30a63af15f1b63bc6 +--- + src/libsystemd-network/sd-dhcp-lease.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c +index 9a0d7f6fea..75aa0c3d2c 100644 +--- a/src/libsystemd-network/sd-dhcp-lease.c ++++ b/src/libsystemd-network/sd-dhcp-lease.c +@@ -463,10 +463,8 @@ static int lease_parse_routes( + + route->option = SD_DHCP_OPTION_STATIC_ROUTE; + r = in4_addr_default_prefixlen((struct in_addr*) option, &route->dst_prefixlen); +- if (r < 0) { +- log_debug("Failed to determine destination prefix length from class based IP, ignoring"); +- continue; +- } ++ if (r < 0) ++ return -EINVAL; + + assert_se(lease_parse_be32(option, 4, &addr.s_addr) >= 0); + route->dst_addr = inet_makeaddr(inet_netof(addr), 0); +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-dhcp-lease-fix-memleak.patch
Added
@@ -0,0 +1,64 @@ +From e2b7a7e3d285180ef04087cd5f821b42cb128c31 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Mon, 31 Jan 2022 05:19:09 +0900 +Subject: PATCH sd-dhcp-lease: fix memleak + +Fixes https://github.com/systemd/systemd/pull/22294#issuecomment-1024840811. + +(cherry picked from commit 06cf04dff4dd6c69e527913ad137616c23861270) +(cherry picked from commit ae95ca27bee2bef5bf53002873a254f1a0fe8b81) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/e2b7a7e3d285180ef04087cd5f821b42cb128c31 +--- + src/libsystemd-network/sd-dhcp-lease.c | 20 ++++++++++++++++++-- + 1 file changed, 18 insertions(+), 2 deletions(-) + +diff --git a/src/libsystemd-network/sd-dhcp-lease.c b/src/libsystemd-network/sd-dhcp-lease.c +index ccfd66caa3..421ca6f306 100644 +--- a/src/libsystemd-network/sd-dhcp-lease.c ++++ b/src/libsystemd-network/sd-dhcp-lease.c +@@ -1024,6 +1024,18 @@ int dhcp_lease_save(sd_dhcp_lease *lease, const char *lease_file) { + return 0; + } + ++static char **private_options_free(char **options) { ++ if (!options) ++ return NULL; ++ ++ for (unsigned i = 0; i < SD_DHCP_OPTION_PRIVATE_LAST - SD_DHCP_OPTION_PRIVATE_BASE + 1; i++) ++ free(optionsi); ++ ++ return mfree(options); ++} ++ ++DEFINE_TRIVIAL_CLEANUP_FUNC(char**, private_options_free); ++ + int dhcp_lease_load(sd_dhcp_lease **ret, const char *lease_file) { + _cleanup_(sd_dhcp_lease_unrefp) sd_dhcp_lease *lease = NULL; + _cleanup_free_ char +@@ -1046,8 +1058,8 @@ int dhcp_lease_load(sd_dhcp_lease **ret, const char *lease_file) { + *vendor_specific_hex = NULL, + *lifetime = NULL, + *t1 = NULL, +- *t2 = NULL, +- *optionsSD_DHCP_OPTION_PRIVATE_LAST - SD_DHCP_OPTION_PRIVATE_BASE + 1 = {}; ++ *t2 = NULL; ++ _cleanup_(private_options_freep) char **options = NULL; + + int r, i; + +@@ -1058,6 +1070,10 @@ int dhcp_lease_load(sd_dhcp_lease **ret, const char *lease_file) { + if (r < 0) + return r; + ++ options = new0(char*, SD_DHCP_OPTION_PRIVATE_LAST - SD_DHCP_OPTION_PRIVATE_BASE + 1); ++ if (!options) ++ return -ENOMEM; ++ + r = parse_env_file(NULL, lease_file, + "ADDRESS", &address, + "ROUTER", &router, +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-dhcp-server-fix-possible-double-free-or-use-after.patch
Added
@@ -0,0 +1,29 @@ +From bb320989bf7580f46a4867c361be1ee02eccc678 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 11 Aug 2021 16:20:35 +0900 +Subject: PATCH sd-dhcp-server: fix possible double-free or use-after-free + +(cherry picked from commit 3dc8fb0eb8dd4b7dd802aa69cfe5b2c8f760f561) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/bb320989bf7580f46a4867c361be1ee02eccc678 +--- + src/libsystemd-network/sd-dhcp-server.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c +index e2ea79f584..9ae884b0fc 100644 +--- a/src/libsystemd-network/sd-dhcp-server.c ++++ b/src/libsystemd-network/sd-dhcp-server.c +@@ -1107,7 +1107,7 @@ int dhcp_server_handle_message(sd_dhcp_server *server, DHCPMessage *message, siz + + if (server->bound_leasespool_offset == existing_lease) { + server->bound_leasespool_offset = NULL; +- hashmap_remove(server->leases_by_client_id, existing_lease); ++ hashmap_remove(server->leases_by_client_id, &existing_lease->client_id); + dhcp_lease_free(existing_lease); + + if (server->callback) +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-dhcp-server-refuse-too-large-packet-to-send.patch
Added
@@ -0,0 +1,88 @@ +From 76bcd1d6d26ebe0424e2c5edc7f5a31a82ae3a7c Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 28 Jan 2022 11:53:49 +0900 +Subject: PATCH sd-dhcp-server: refuse too large packet to send + +Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44134. + +(cherry picked from commit 71df50a9734f7006bc1ac8be59ca81c797b39c35) +(cherry picked from commit 530a18d49361ade6d3f09abb78f8f901753a4cda) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/76bcd1d6d26ebe0424e2c5edc7f5a31a82ae3a7c +--- + src/libsystemd-network/sd-dhcp-server.c | 3 +++ + ...z-dhcp-server-relay-message-4972399731277824 | Bin 0 -> 65508 bytes + 2 files changed, 3 insertions(+) + create mode 100644 test/fuzz/fuzz-dhcp-server-relay-message/clusterfuzz-testcase-minimized-fuzz-dhcp-server-relay-message-4972399731277824 + +diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c +index 3f4af8440e..0b3904c02a 100644 +--- a/src/libsystemd-network/sd-dhcp-server.c ++++ b/src/libsystemd-network/sd-dhcp-server.c +@@ -296,6 +296,9 @@ static int dhcp_server_send_unicast_raw(sd_dhcp_server *server, + + memcpy(&link.ll.sll_addr, &packet->dhcp.chaddr, ETH_ALEN); + ++ if (len > UINT16_MAX) ++ return -EOVERFLOW; ++ + dhcp_packet_append_ip_headers(packet, server->address, DHCP_PORT_SERVER, + packet->dhcp.yiaddr, + DHCP_PORT_CLIENT, len, -1); +diff --git a/test/fuzz/fuzz-dhcp-server-relay-message/clusterfuzz-testcase-minimized-fuzz-dhcp-server-relay-message-4972399731277824 b/test/fuzz/fuzz-dhcp-server-relay-message/clusterfuzz-testcase-minimized-fuzz-dhcp-server-relay-message-4972399731277824 +new file mode 100644 +index 0000000000000000000000000000000000000000..e902b6989b419428fa0114c973b148fbe583c871 +GIT binary patch +literal 65508 +zcmeHQO^Xyq7_QnGHe|g?!~_DVcn}G3nRRFO0}pY$<fM>Wa3jnmhk?a_5|05v50Z;< +z1A(xF<PzM!5D>v7AqGrXhzLPhg%F5=s4Qd=bvy4<AKg7}_k657YtQ<;%XU>)*Yw9z +zZ$0%^b-mR?(XdwPvQk6J$<0WqDAFTJX*r;pPQLo0xf(^0?8x@Xn?A1uE5-~N`~Nl~ +zhtGuH?fz))<oSiQMgw_GIf{(d!-&sfBQoOxxma}j=!xlzcTb%@UK)y!$KH-yy`<Dl +zIV`74-_E7;C+Cckzp`A|MzEu5+LTL9WKShW%4R0nNoSMOi^v6V351gEh+3PJofUad +z|FBKD$TwzZH}d172cLfO^$(A_$=fN9G4d>UzyNS`-2uF0t}NYi=vLRRHC7)k&K;Yz +z5Ai&kd6AE?nV$zJxnc|PGo`*nj-Oq&D@#{5M^dG4&m4&|K2!Qgx7vgvHRjv;6O>OP +zUKu6u`sm=g5t$Yx617$MQ9b$PF0TP{AgERfP$atKe_n^KxF=V`K1)576{ilF@5puC +zUqzev0zUJ7f5_^t62;#O#n<lCR`Io0d{O^26xtZcg!9UoR{gz5$<*CXTeeX0%HzEs +zG*&KLI2e_%yXX|ZC0nxNlpt)?a_Y%OQ}Mj0P{!`x)KK*Ku);Y?rM!$;>6Sq<N-Vj% +zo?=pipQE5Hy6J*GyHMT-A_{jdrC|TSLxWV%rdw5ChX9_OsvgR}_^Pg@x@@?xsqR$w +zpy~*VukKX!4I@BRr>fJ487Kt2DI6?y7t&sLu%Kf`1BR?lRv#!%W7m|djw+iBtgIV@ +zAghzr$?9bFfkJ?+PFC-L09l=^K2V%STb-=lfzxQKlhw)U-Lm@RWM#ZMF<z}4sEmz| +zPfXQn6Jyo!>DmP5j=b>cA*6fKJ?Xv!0;GG=eYbQk6IRLUFCGE1dIwJH&WJxyn-G1L +zQ`uROo&^dv!<8lsm3>o`eSdXoY`ivhU}}1@HZ@V1tWH(NsQraUfZD$)+TV*SgLmmz +zPWczf+ui-vuVF>X!?_nVTm6fgdlI({>;CfAWAD!q9ezz*As)zMDD~dRD=Ly*^>?%R +z{-LHl$HCyE^mLtD$gQU-pOE_Ku0NfF(ti!yTI^EtuK0vtKEIs*mb7GdmX&!Gll-qb +z=a1<AkWqgrv~h>hlH4zJZ0mhD*s=k45zdAa)pU+=wyrx=I2(?RT2P0ya5}$cf2HUM +zIQk;1iv>bf&qe^8MxVsM>|}Madf^cutE0Mt)5+>N2mm0mI#7U+)eFyQ9DyOL+p0=d +z&qn|N^@r6*v=;r74VTLC^{}^qOXXzZMOOE)a9o|XdL9D(V|5{PxAGrZJ(Hd~C6d)M +z5hAOT)oH7DK!B_c1cGn`Mi>2EAz3}e>Vvc%Y3jC<ZUz^!a<Fjf4yW#fMks`AjMx|z +z9s#mCsw-dewm|>@_2+c}2afE^5MKv-4>)j?i5a^XWOcH72L#CKKp+Thb<KgJq9Z_7 +zM|EvusdncB--}};Ag7<;)+0bwr>b{A0EgKv1qzUU8ZcwNHg+4ZTbhZ~w(6F?bSnnn +zv!2P~1iwm^Ge(Np&Z3pAEEAQ;hQIGb0|s11RtE}@ezJNdN3}^Lt7n3<tyn$vg#03{ +z0-@K*>akK#)jbr+{1?PH2gbp|IWU|9<II+1O9Mt1eN>sOPFA;l4cnFFqGXu}03dct +z1Fw_S$?AnifUHhd?|=XflhuI&gsfh8PNS_(R<~7^wt7AS0Eny(6d+`EvU=eWAgkM| +zn$KyR7yy9C>OcWPRxdoK^<=AGR`1{&YgUG3x~)-IQpta&OG|QdxBC!Eqk%m3LnvC? +zU(6ywWX1*fxYzBYC#EmnJ$3qc$xqW#^7Rxsi@ejfQ+e&lwLPuO>bP|N<Xnn*Y}CzY +zDwmwdo-!d_*7u%Cb};cNWW$sJ+_cqC|B<mHYHd;ySDMX8E+t2vxKF<9>_wpOR``O= +zqMO=~2sB@?6&(RzdpT`FI5hM163shM8qK>v>|}Madf^cutE0M#ZM>~ny%#$@FRwAu +zk8l%d#fw5bDWdCer#O6O$y`~w=Xy5PwQG&lhl_K^W&;VX4@Kj8>Q%AdupUF7!WO3R +z{JOcS4!g6@%MIo#TkC<i8-O8#Ro}Ij!Hl|ZP|^Xt5M<zmUI=NG@bOrSY(y=mbZj&g +z&x^M5UtX?_q>Dp<K`$?ouM?XnT5#tGeVd=Kd;7az&V9f0_di@;&>9e8L`-YMu$3$_ +zaOZxQvn`eOK-`d<+VS|`eLFJbpiRT4lOy?4>V_X!)LM2vw5OIxEY^)t?!n%H<i}6o +z_SGDHBhHgVMxyAx&5R$^L`&tq)xPq=SuNw1wY7$B*rcK~!Z|=bn;h#E*(oXNj2PVk +zGeC)xVl5&&siLw|Tv$CusQH<IZLYbBhGh#(R+4;XS%yTadO)Hjq^f&3Hno|XFO{A( +z#@g+t29R3J+Ln^)eut`_i4|3ys*YNS_Lwg(a}WSPp@WaO^m}8t`aI_Lk{K{uiVSr0 +z+=Hdtiq*Lk8J8lHO0nq2LVbH3f^DVh;h`ktn-Lji=bMp~M)2Ku0E699+Uj`-&{hWm +zL0Vsfas&prq+V)j1Fwv|m&JcVJ963jrO;`>cv>f`=W!aRkE7ml1O_NT$m&Aef`c80 +zvxtz@3x@z%-B#6jpg2srvbbRK7g-$uk=20$gse_hFFXQdbz4=*>iGx&AhJ48fRNP- +z&uJWiA*<V}n$Kyp)d3J$9VkG^>SXo8BS2QSRh6vXf&iBy%Ui|(>7aHi!9A00o^9~h +z<{8Bgix(dOws~yxIv{|<WObkbVNXW$U2@S8AgkM|+G5AISgPA%e5##Y-t93iMaDIk +zJX>T1^a9R8WiUMptohP;6HhCB$y_Nj3%X4rt414eRIEidqLx#7$K}Yv%4A%QOlz5w +ms+1UNDFta4jrEG`)UNv3W$G~9mo9->FvVI#b}H<0Wd8%4hT`V{ + +literal 0 +HcmV?d00001 + +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-dhcp-server-rename-server_send_nak-server_send_na.patch
Added
@@ -0,0 +1,76 @@ +From 96acfde5aae2017e1cad042b51f179ad20aba38d Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 28 Jan 2022 02:14:47 +0900 +Subject: PATCH sd-dhcp-server: rename server_send_nak() -> + server_send_nak_or_ignore() + +And logs error in the function. + +(cherry picked from commit eb5bff9c9de2bd218f5ac431e3aead4b5747ecd9) +(cherry picked from commit 7f36fb25d5c6681dbabb067a9fb083bfad37a804) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/96acfde5aae2017e1cad042b51f179ad20aba38d +--- + src/libsystemd-network/sd-dhcp-server.c | 29 ++++++++++++++----------- + 1 file changed, 16 insertions(+), 13 deletions(-) + +diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c +index 070f4ec1c2..d594aeb7cd 100644 +--- a/src/libsystemd-network/sd-dhcp-server.c ++++ b/src/libsystemd-network/sd-dhcp-server.c +@@ -583,16 +583,28 @@ static int server_send_offer_or_ack( + return 0; + } + +-static int server_send_nak(sd_dhcp_server *server, DHCPRequest *req) { ++static int server_send_nak_or_ignore(sd_dhcp_server *server, bool init_reboot, DHCPRequest *req) { + _cleanup_free_ DHCPPacket *packet = NULL; + size_t offset; + int r; + ++ /* When a request is refused, RFC 2131, section 4.3.2 mentioned we should send NAK when the ++ * client is in INITREBOOT. If the client is in other state, there is nothing mentioned in the ++ * RFC whether we should send NAK or not. Hence, let's silently ignore the request. */ ++ ++ if (!init_reboot) ++ return 0; ++ + r = server_message_init(server, &packet, DHCP_NAK, &offset, req); + if (r < 0) +- return r; ++ return log_dhcp_server_errno(server, r, "Failed to create NAK message: %m"); ++ ++ r = dhcp_server_send_packet(server, req, packet, DHCP_NAK, offset); ++ if (r < 0) ++ return log_dhcp_server_errno(server, r, "Could not send NAK message: %m"); + +- return dhcp_server_send_packet(server, req, packet, DHCP_NAK, offset); ++ log_dhcp_server(server, "NAK (0x%x)", be32toh(req->message->xid)); ++ return DHCP_NAK; + } + + static int server_send_forcerenew(sd_dhcp_server *server, be32_t address, +@@ -1079,18 +1091,9 @@ int dhcp_server_handle_message(sd_dhcp_server *server, DHCPMessage *message, siz + server->callback(server, SD_DHCP_SERVER_EVENT_LEASE_CHANGED, server->callback_userdata); + + return DHCP_ACK; +- +- } else if (init_reboot) { +- r = server_send_nak(server, req); +- if (r < 0) +- /* this only fails on critical errors */ +- return log_dhcp_server_errno(server, r, "Could not send nak: %m"); +- +- log_dhcp_server(server, "NAK (0x%x)", be32toh(req->message->xid)); +- return DHCP_NAK; + } + +- break; ++ return server_send_nak_or_ignore(server, init_reboot, req); + } + + case DHCP_RELEASE: { +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-dhcp6-client-cirtainly-adjust-T1-and-T2.patch
Added
@@ -0,0 +1,50 @@ +From e444192a850854e5bc45673b29ba03e5a87a2297 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Tue, 10 Aug 2021 21:39:27 +0900 +Subject: PATCH sd-dhcp6-client: cirtainly adjust T1 and T2 + +This fixes a bug introduced by 99f1d3fc5043b33dea5faa88f7015a487965333f. +Note that in the information requesting mode, the lease has neither +addresses nor PD prefixes. + +(cherry picked from commit de949e911ee15d1c9daaf5ba5a3cff806fb2b514) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/e444192a850854e5bc45673b29ba03e5a87a2297 +--- + src/libsystemd-network/sd-dhcp6-client.c | 17 ++++++++--------- + 1 file changed, 8 insertions(+), 9 deletions(-) + +diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c +index afeb346944..f99c12620b 100644 +--- a/src/libsystemd-network/sd-dhcp6-client.c ++++ b/src/libsystemd-network/sd-dhcp6-client.c +@@ -1328,17 +1328,16 @@ static int client_parse_message( + dhcp6_message_type_to_string(message->type)); + return -EINVAL; + } ++ } + +- } else { +- if (lease->ia.addresses) { +- lease->ia.ia_na.lifetime_t1 = htobe32(lt_t1); +- lease->ia.ia_na.lifetime_t2 = htobe32(lt_t2); +- } ++ if (lease->ia.addresses) { ++ lease->ia.ia_na.lifetime_t1 = htobe32(lt_t1); ++ lease->ia.ia_na.lifetime_t2 = htobe32(lt_t2); ++ } + +- if (lease->pd.addresses) { +- lease->pd.ia_pd.lifetime_t1 = htobe32(lt_t1); +- lease->pd.ia_pd.lifetime_t2 = htobe32(lt_t2); +- } ++ if (lease->pd.addresses) { ++ lease->pd.ia_pd.lifetime_t1 = htobe32(lt_t1); ++ lease->pd.ia_pd.lifetime_t2 = htobe32(lt_t2); + } + + client->information_refresh_time_usec = MAX(irt, IRT_MINIMUM); +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-dhcp6-client-constify-one-argument.patch
Added
@@ -0,0 +1,43 @@ +From d3f99205f84172f6f9e41061a5aa9414eccf3571 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Thu, 23 Sep 2021 14:57:29 +0900 +Subject: PATCH sd-dhcp6-client: constify one argument + +(cherry picked from commit dc95e21d33708e807d3e5872af428383aac3f9b7) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/d3f99205f84172f6f9e41061a5aa9414eccf3571 +--- + src/libsystemd-network/dhcp6-internal.h | 2 +- + src/libsystemd-network/dhcp6-option.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/libsystemd-network/dhcp6-internal.h b/src/libsystemd-network/dhcp6-internal.h +index 35cafc96ec..96d7de8cae 100644 +--- a/src/libsystemd-network/dhcp6-internal.h ++++ b/src/libsystemd-network/dhcp6-internal.h +@@ -105,7 +105,7 @@ int dhcp6_option_parse(uint8_t **buf, size_t *buflen, uint16_t *optcode, + size_t *optlen, uint8_t **optvalue); + int dhcp6_option_parse_status(DHCP6Option *option, size_t len); + int dhcp6_option_parse_ia(sd_dhcp6_client *client, DHCP6Option *iaoption, be32_t iaid, DHCP6IA *ia, uint16_t *ret_status_code); +-int dhcp6_option_parse_ip6addrs(uint8_t *optval, uint16_t optlen, ++int dhcp6_option_parse_ip6addrs(const uint8_t *optval, uint16_t optlen, + struct in6_addr **addrs, size_t count); + int dhcp6_option_parse_domainname_list(const uint8_t *optval, uint16_t optlen, + char ***str_arr); +diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c +index 34d7e997dd..0709cfd4fd 100644 +--- a/src/libsystemd-network/dhcp6-option.c ++++ b/src/libsystemd-network/dhcp6-option.c +@@ -707,7 +707,7 @@ int dhcp6_option_parse_ia( + return 1; + } + +-int dhcp6_option_parse_ip6addrs(uint8_t *optval, uint16_t optlen, ++int dhcp6_option_parse_ip6addrs(const uint8_t *optval, uint16_t optlen, + struct in6_addr **addrs, size_t count) { + + if (optlen == 0 || optlen % sizeof(struct in6_addr) != 0) +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-dhcp6-client-constify-several-arguments.patch
Added
@@ -0,0 +1,89 @@ +From 9dcf9e12a68640f413d52f48d1d9786c4c71e073 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 24 Sep 2021 13:34:14 +0900 +Subject: PATCH sd-dhcp6-client: constify several arguments + +(cherry picked from commit 3f8227bf830cc2b87ea9bce5394a71c186d12956) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/9dcf9e12a68640f413d52f48d1d9786c4c71e073 +--- + src/libsystemd-network/dhcp6-lease-internal.h | 10 ++++------ + src/libsystemd-network/sd-dhcp6-lease.c | 12 +++++------- + 2 files changed, 9 insertions(+), 13 deletions(-) + +diff --git a/src/libsystemd-network/dhcp6-lease-internal.h b/src/libsystemd-network/dhcp6-lease-internal.h +index 391b4f1fa9..41b43ba7a4 100644 +--- a/src/libsystemd-network/dhcp6-lease-internal.h ++++ b/src/libsystemd-network/dhcp6-lease-internal.h +@@ -50,12 +50,10 @@ int dhcp6_lease_get_rapid_commit(sd_dhcp6_lease *lease, bool *rapid_commit); + int dhcp6_lease_get_iaid(sd_dhcp6_lease *lease, be32_t *iaid); + int dhcp6_lease_get_pd_iaid(sd_dhcp6_lease *lease, be32_t *iaid); + +-int dhcp6_lease_set_dns(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen); +-int dhcp6_lease_set_domains(sd_dhcp6_lease *lease, uint8_t *optval, +- size_t optlen); +-int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen); +-int dhcp6_lease_set_sntp(sd_dhcp6_lease *lease, uint8_t *optval, +- size_t optlen) ; ++int dhcp6_lease_set_dns(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen); ++int dhcp6_lease_set_domains(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen); ++int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen); ++int dhcp6_lease_set_sntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) ; + int dhcp6_lease_set_fqdn(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen); + + int dhcp6_lease_new(sd_dhcp6_lease **ret); +diff --git a/src/libsystemd-network/sd-dhcp6-lease.c b/src/libsystemd-network/sd-dhcp6-lease.c +index 9c77b146c7..8378971422 100644 +--- a/src/libsystemd-network/sd-dhcp6-lease.c ++++ b/src/libsystemd-network/sd-dhcp6-lease.c +@@ -193,7 +193,7 @@ void sd_dhcp6_lease_reset_pd_prefix_iter(sd_dhcp6_lease *lease) { + lease->prefix_iter = lease->pd.addresses; + } + +-int dhcp6_lease_set_dns(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { ++int dhcp6_lease_set_dns(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) { + assert_return(lease, -EINVAL); + assert_return(optval, -EINVAL); + +@@ -215,8 +215,7 @@ int sd_dhcp6_lease_get_dns(sd_dhcp6_lease *lease, const struct in6_addr **addrs) + return -ENOENT; + } + +-int dhcp6_lease_set_domains(sd_dhcp6_lease *lease, uint8_t *optval, +- size_t optlen) { ++int dhcp6_lease_set_domains(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) { + int r; + char **domains; + +@@ -248,7 +247,7 @@ int sd_dhcp6_lease_get_domains(sd_dhcp6_lease *lease, char ***domains) { + return -ENOENT; + } + +-int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { ++int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) { + int r; + + assert_return(lease, -EINVAL); +@@ -295,7 +294,7 @@ int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { + return 0; + } + +-int dhcp6_lease_set_sntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { ++int dhcp6_lease_set_sntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) { + assert_return(lease, -EINVAL); + assert_return(optval, -EINVAL); + +@@ -335,8 +334,7 @@ int sd_dhcp6_lease_get_ntp_fqdn(sd_dhcp6_lease *lease, char ***ntp_fqdn) { + return -ENOENT; + } + +-int dhcp6_lease_set_fqdn(sd_dhcp6_lease *lease, const uint8_t *optval, +- size_t optlen) { ++int dhcp6_lease_set_fqdn(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) { + int r; + char *fqdn; + +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-dhcp6-client-do-not-merge-NTP-and-SNTP-options.patch
Added
@@ -0,0 +1,130 @@ +From 4b05527fe35de9602cdcd68a9812d67cd0892e00 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 24 Sep 2021 15:00:43 +0900 +Subject: PATCH sd-dhcp6-client: do not merge NTP and SNTP options + +Previously, SNTP option is ignored when it appears after NTP option(s), +but merged later NTP options when it appears first. +This makes split the NTP and SNTP addresses, and use SNTP addresses only +when no NTP option is provided. + +(cherry picked from commit e693e969614062fea1746399cf5cff4c09526c6a) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/4b05527fe35de9602cdcd68a9812d67cd0892e00 +--- + src/libsystemd-network/dhcp6-lease-internal.h | 4 ++- + src/libsystemd-network/sd-dhcp6-client.c | 2 +- + src/libsystemd-network/sd-dhcp6-lease.c | 26 ++++++++++--------- + src/libsystemd-network/test-dhcp6-client.c | 3 +-- + 4 files changed, 19 insertions(+), 16 deletions(-) + +diff --git a/src/libsystemd-network/dhcp6-lease-internal.h b/src/libsystemd-network/dhcp6-lease-internal.h +index 41b43ba7a4..dbcb6d040f 100644 +--- a/src/libsystemd-network/dhcp6-lease-internal.h ++++ b/src/libsystemd-network/dhcp6-lease-internal.h +@@ -33,6 +33,8 @@ struct sd_dhcp6_lease { + size_t ntp_count; + char **ntp_fqdn; + size_t ntp_fqdn_count; ++ struct in6_addr *sntp; ++ size_t sntp_count; + char *fqdn; + }; + +@@ -53,7 +55,7 @@ int dhcp6_lease_get_pd_iaid(sd_dhcp6_lease *lease, be32_t *iaid); + int dhcp6_lease_set_dns(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen); + int dhcp6_lease_set_domains(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen); + int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen); +-int dhcp6_lease_set_sntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) ; ++int dhcp6_lease_add_sntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) ; + int dhcp6_lease_set_fqdn(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen); + + int dhcp6_lease_new(sd_dhcp6_lease **ret); +diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c +index efbf7d7df3..a31dd16c01 100644 +--- a/src/libsystemd-network/sd-dhcp6-client.c ++++ b/src/libsystemd-network/sd-dhcp6-client.c +@@ -1265,7 +1265,7 @@ static int client_parse_message( + break; + + case SD_DHCP6_OPTION_SNTP_SERVERS: +- r = dhcp6_lease_set_sntp(lease, optval, optlen); ++ r = dhcp6_lease_add_sntp(lease, optval, optlen); + if (r < 0) + return r; + +diff --git a/src/libsystemd-network/sd-dhcp6-lease.c b/src/libsystemd-network/sd-dhcp6-lease.c +index 4804f0941a..e424aa15b6 100644 +--- a/src/libsystemd-network/sd-dhcp6-lease.c ++++ b/src/libsystemd-network/sd-dhcp6-lease.c +@@ -294,31 +294,32 @@ int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t opt + return 0; + } + +-int dhcp6_lease_set_sntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) { ++int dhcp6_lease_add_sntp(sd_dhcp6_lease *lease, const uint8_t *optval, size_t optlen) { + assert_return(lease, -EINVAL); + assert_return(optval, -EINVAL); + + if (optlen == 0) + return 0; + +- if (lease->ntp || lease->ntp_fqdn) +- return -EEXIST; +- +- /* Using deprecated SNTP information */ +- +- return dhcp6_option_parse_addresses(optval, optlen, &lease->ntp, &lease->ntp_count); ++ /* SNTP option is defined in RFC4075, and deprecated by RFC5908. */ ++ return dhcp6_option_parse_addresses(optval, optlen, &lease->sntp, &lease->sntp_count); + } + +-int sd_dhcp6_lease_get_ntp_addrs(sd_dhcp6_lease *lease, +- const struct in6_addr **addrs) { ++int sd_dhcp6_lease_get_ntp_addrs(sd_dhcp6_lease *lease, const struct in6_addr **ret) { + assert_return(lease, -EINVAL); +- assert_return(addrs, -EINVAL); ++ assert_return(ret, -EINVAL); + +- if (lease->ntp_count) { +- *addrs = lease->ntp; ++ if (lease->ntp) { ++ *ret = lease->ntp; + return lease->ntp_count; + } + ++ if (lease->sntp && !lease->ntp_fqdn) { ++ /* Fallback to the deprecated SNTP option. */ ++ *ret = lease->sntp; ++ return lease->sntp_count; ++ } ++ + return -ENOENT; + } + +@@ -377,6 +378,7 @@ static sd_dhcp6_lease *dhcp6_lease_free(sd_dhcp6_lease *lease) { + strv_free(lease->domains); + free(lease->ntp); + strv_free(lease->ntp_fqdn); ++ free(lease->sntp); + + return mfree(lease); + } +diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c +index b22297dcd5..429687562c 100644 +--- a/src/libsystemd-network/test-dhcp6-client.c ++++ b/src/libsystemd-network/test-dhcp6-client.c +@@ -521,8 +521,7 @@ static int test_advertise_option(sd_event *e) { + + case SD_DHCP6_OPTION_SNTP_SERVERS: + assert_se(optlen == 16); +- assert_se(dhcp6_lease_set_sntp(lease, optval, +- optlen) >= 0); ++ assert_se(dhcp6_lease_add_sntp(lease, optval, optlen) >= 0); + break; + + default: +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-dhcp6-client-fix-buffer-size-calculation-in-dhcp6.patch
Added
@@ -0,0 +1,154 @@ +From b8a852e515002e5e312dd99b964bb17b9ca8fc1d Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 24 Sep 2021 01:24:52 +0900 +Subject: PATCH sd-dhcp6-client: fix buffer size calculation in + dhcp6_option_parse_ip6addrs() + +GREEDY_REALLOC() takes number of elements, not buffer size. + +This also rename dhcp6_option_parse_ip6addrs() to +dhcp6_option_parse_addresses(). + +(cherry picked from commit ad3c84204c76e03a0b9b761563f6cd8907515014) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/b8a852e515002e5e312dd99b964bb17b9ca8fc1d +--- + src/libsystemd-network/dhcp6-internal.h | 7 ++++-- + src/libsystemd-network/dhcp6-option.c | 22 +++++++++++------- + src/libsystemd-network/sd-dhcp6-lease.c | 30 +++++-------------------- + 3 files changed, 24 insertions(+), 35 deletions(-) + +diff --git a/src/libsystemd-network/dhcp6-internal.h b/src/libsystemd-network/dhcp6-internal.h +index 8d083d3858..e555557914 100644 +--- a/src/libsystemd-network/dhcp6-internal.h ++++ b/src/libsystemd-network/dhcp6-internal.h +@@ -111,8 +111,11 @@ int dhcp6_option_parse( + const uint8_t **ret_option_data); + int dhcp6_option_parse_status(DHCP6Option *option, size_t len); + int dhcp6_option_parse_ia(sd_dhcp6_client *client, DHCP6Option *iaoption, be32_t iaid, DHCP6IA *ia, uint16_t *ret_status_code); +-int dhcp6_option_parse_ip6addrs(const uint8_t *optval, uint16_t optlen, +- struct in6_addr **addrs, size_t count); ++int dhcp6_option_parse_addresses( ++ const uint8_t *optval, ++ size_t optlen, ++ struct in6_addr **addrs, ++ size_t *count); + int dhcp6_option_parse_domainname_list(const uint8_t *optval, uint16_t optlen, + char ***str_arr); + int dhcp6_option_parse_domainname(const uint8_t *optval, uint16_t optlen, char **str); +diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c +index 781d391c0c..8f763de133 100644 +--- a/src/libsystemd-network/dhcp6-option.c ++++ b/src/libsystemd-network/dhcp6-option.c +@@ -699,20 +699,26 @@ int dhcp6_option_parse_ia( + return 1; + } + +-int dhcp6_option_parse_ip6addrs(const uint8_t *optval, uint16_t optlen, +- struct in6_addr **addrs, size_t count) { ++int dhcp6_option_parse_addresses( ++ const uint8_t *optval, ++ size_t optlen, ++ struct in6_addr **addrs, ++ size_t *count) { ++ ++ assert(optval); ++ assert(addrs); ++ assert(count); + + if (optlen == 0 || optlen % sizeof(struct in6_addr) != 0) +- return -EINVAL; ++ return -EBADMSG; + +- if (!GREEDY_REALLOC(*addrs, count * sizeof(struct in6_addr) + optlen)) ++ if (!GREEDY_REALLOC(*addrs, *count + optlen / sizeof(struct in6_addr))) + return -ENOMEM; + +- memcpy(*addrs + count, optval, optlen); ++ memcpy(*addrs + *count, optval, optlen); ++ *count += optlen / sizeof(struct in6_addr); + +- count += optlen / sizeof(struct in6_addr); +- +- return count; ++ return 0; + } + + static int parse_domain(const uint8_t **data, uint16_t *len, char **out_domain) { +diff --git a/src/libsystemd-network/sd-dhcp6-lease.c b/src/libsystemd-network/sd-dhcp6-lease.c +index 6375a22537..9c77b146c7 100644 +--- a/src/libsystemd-network/sd-dhcp6-lease.c ++++ b/src/libsystemd-network/sd-dhcp6-lease.c +@@ -194,22 +194,13 @@ void sd_dhcp6_lease_reset_pd_prefix_iter(sd_dhcp6_lease *lease) { + } + + int dhcp6_lease_set_dns(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { +- int r; +- + assert_return(lease, -EINVAL); + assert_return(optval, -EINVAL); + +- if (!optlen) ++ if (optlen == 0) + return 0; + +- r = dhcp6_option_parse_ip6addrs(optval, optlen, &lease->dns, +- lease->dns_count); +- if (r < 0) +- return r; +- +- lease->dns_count = r; +- +- return 0; ++ return dhcp6_option_parse_addresses(optval, optlen, &lease->dns, &lease->dns_count); + } + + int sd_dhcp6_lease_get_dns(sd_dhcp6_lease *lease, const struct in6_addr **addrs) { +@@ -281,12 +272,10 @@ int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { + if (sublen != 16) + return 0; + +- r = dhcp6_option_parse_ip6addrs(subval, sublen, &lease->ntp, lease->ntp_count); ++ r = dhcp6_option_parse_addresses(subval, sublen, &lease->ntp, &lease->ntp_count); + if (r < 0) + return r; + +- lease->ntp_count = r; +- + break; + + case DHCP6_NTP_SUBOPTION_SRV_FQDN: { +@@ -307,12 +296,10 @@ int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { + } + + int dhcp6_lease_set_sntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { +- int r; +- + assert_return(lease, -EINVAL); + assert_return(optval, -EINVAL); + +- if (!optlen) ++ if (optlen == 0) + return 0; + + if (lease->ntp || lease->ntp_fqdn) +@@ -320,14 +307,7 @@ int dhcp6_lease_set_sntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) + + /* Using deprecated SNTP information */ + +- r = dhcp6_option_parse_ip6addrs(optval, optlen, &lease->ntp, +- lease->ntp_count); +- if (r < 0) +- return r; +- +- lease->ntp_count = r; +- +- return 0; ++ return dhcp6_option_parse_addresses(optval, optlen, &lease->ntp, &lease->ntp_count); + } + + int sd_dhcp6_lease_get_ntp_addrs(sd_dhcp6_lease *lease, +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-dhcp6-client-fix-copy-and-paste-mistake.patch
Added
@@ -0,0 +1,31 @@ +From 1c71cba86be4818c1546d5f84fde5138f737e180 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Tue, 10 Aug 2021 21:36:04 +0900 +Subject: PATCH sd-dhcp6-client: fix copy-and-paste mistake + +Fix bug introduced by b47fb949b338a8e77be789542fffb8c86da79284. + +(cherry picked from commit 0c42b613485978eb82d7aff7ed426b8a8bb327af) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/1c71cba86be4818c1546d5f84fde5138f737e180 +--- + src/libsystemd-network/sd-dhcp6-client.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c +index e8c47f429a..afeb346944 100644 +--- a/src/libsystemd-network/sd-dhcp6-client.c ++++ b/src/libsystemd-network/sd-dhcp6-client.c +@@ -1219,7 +1219,7 @@ static int client_parse_message( + + if (lease->ia.addresses) { + lt_t1 = MIN(lt_t1, be32toh(lease->ia.ia_na.lifetime_t1)); +- lt_t2 = MIN(lt_t2, be32toh(lease->ia.ia_na.lifetime_t1)); ++ lt_t2 = MIN(lt_t2, be32toh(lease->ia.ia_na.lifetime_t2)); + } + + break; +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-dhcp6-client-fix-error-handling.patch
Added
@@ -0,0 +1,33 @@ +From c766dc2f77ed15e41de70e5e5f03dc4650fa55de Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Tue, 30 Nov 2021 17:58:40 +0900 +Subject: PATCH sd-dhcp6-client: fix error handling + +(cherry picked from commit 97e80ee4a86d4097fda78a01d8b64ad2085008f3) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/c766dc2f77ed15e41de70e5e5f03dc4650fa55de +--- + src/libsystemd-network/sd-dhcp6-client.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c +index a31dd16c01..1acca301b4 100644 +--- a/src/libsystemd-network/sd-dhcp6-client.c ++++ b/src/libsystemd-network/sd-dhcp6-client.c +@@ -1424,10 +1424,10 @@ static int client_receive_message( + len = recv(fd, message, buflen, 0); + if (len < 0) { + /* see comment above for why we shouldn't error out on ENETDOWN. */ +- if (IN_SET(errno, EAGAIN, EINTR, ENETDOWN)) ++ if (IN_SET(len, -EAGAIN, -EINTR, -ENETDOWN)) + return 0; + +- return log_dhcp6_client_errno(client, errno, "Could not receive message from UDP socket: %m"); ++ return log_dhcp6_client_errno(client, len, "Could not receive message from UDP socket: %m"); + + } + if ((size_t) len < sizeof(DHCP6Message)) { +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-dhcp6-client-ignore-IAs-whose-IAID-do-not-match-c.patch
Added
@@ -0,0 +1,318 @@ +From 5193b40cebe30e6297ba8d1e8cf888ab25cea2ae Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 22 Sep 2021 10:35:56 +0300 +Subject: PATCH sd-dhcp6-client: ignore IAs whose IAID do not match client's + IAID + +But do not refuse whole message. + +(cherry picked from commit 469fd57f181e2a8d93f01662418ca998e1239ea5) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/5193b40cebe30e6297ba8d1e8cf888ab25cea2ae +--- + src/libsystemd-network/dhcp6-internal.h | 2 +- + src/libsystemd-network/dhcp6-option.c | 36 ++++++++++++++++++-- + src/libsystemd-network/sd-dhcp6-client.c | 29 +++------------- + src/libsystemd-network/test-dhcp6-client.c | 39 ++++++++++++++-------- + 4 files changed, 64 insertions(+), 42 deletions(-) + +diff --git a/src/libsystemd-network/dhcp6-internal.h b/src/libsystemd-network/dhcp6-internal.h +index f0f814957f..35cafc96ec 100644 +--- a/src/libsystemd-network/dhcp6-internal.h ++++ b/src/libsystemd-network/dhcp6-internal.h +@@ -104,7 +104,7 @@ int dhcp6_option_append_vendor_option(uint8_t **buf, size_t *buflen, OrderedHash + int dhcp6_option_parse(uint8_t **buf, size_t *buflen, uint16_t *optcode, + size_t *optlen, uint8_t **optvalue); + int dhcp6_option_parse_status(DHCP6Option *option, size_t len); +-int dhcp6_option_parse_ia(sd_dhcp6_client *client, DHCP6Option *iaoption, DHCP6IA *ia, uint16_t *ret_status_code); ++int dhcp6_option_parse_ia(sd_dhcp6_client *client, DHCP6Option *iaoption, be32_t iaid, DHCP6IA *ia, uint16_t *ret_status_code); + int dhcp6_option_parse_ip6addrs(uint8_t *optval, uint16_t optlen, + struct in6_addr **addrs, size_t count); + int dhcp6_option_parse_domainname_list(const uint8_t *optval, uint16_t optlen, +diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c +index 97ef03a2d2..34d7e997dd 100644 +--- a/src/libsystemd-network/dhcp6-option.c ++++ b/src/libsystemd-network/dhcp6-option.c +@@ -509,7 +509,13 @@ static int dhcp6_option_parse_pdprefix(sd_dhcp6_client *client, DHCP6Option *opt + return 0; + } + +-int dhcp6_option_parse_ia(sd_dhcp6_client *client, DHCP6Option *iaoption, DHCP6IA *ia, uint16_t *ret_status_code) { ++int dhcp6_option_parse_ia( ++ sd_dhcp6_client *client, ++ DHCP6Option *iaoption, ++ be32_t iaid, ++ DHCP6IA *ia, ++ uint16_t *ret_status_code) { ++ + uint32_t lt_t1, lt_t2, lt_valid = 0, lt_min = UINT32_MAX; + uint16_t iatype, optlen; + size_t iaaddr_offset; +@@ -529,6 +535,14 @@ int dhcp6_option_parse_ia(sd_dhcp6_client *client, DHCP6Option *iaoption, DHCP6I + if (len < DHCP6_OPTION_IA_NA_LEN) + return -ENOBUFS; + ++ /* According to RFC8415, IAs which do not match the client's IAID should be ignored, ++ * but not necessary to ignore or refuse the whole message. */ ++ if (((const struct ia_na*) iaoption->data)->id != iaid) ++ /* ENOANO indicates the option should be ignored. */ ++ return log_dhcp6_client_errno(client, SYNTHETIC_ERRNO(ENOANO), ++ "Received an IA_NA option with a different IAID " ++ "from the one chosen by the client, ignoring."); ++ + iaaddr_offset = DHCP6_OPTION_IA_NA_LEN; + memcpy(&ia->ia_na, iaoption->data, sizeof(ia->ia_na)); + +@@ -547,6 +561,14 @@ int dhcp6_option_parse_ia(sd_dhcp6_client *client, DHCP6Option *iaoption, DHCP6I + if (len < sizeof(ia->ia_pd)) + return -ENOBUFS; + ++ /* According to RFC8415, IAs which do not match the client's IAID should be ignored, ++ * but not necessary to ignore or refuse the whole message. */ ++ if (((const struct ia_pd*) iaoption->data)->id != iaid) ++ /* ENOANO indicates the option should be ignored. */ ++ return log_dhcp6_client_errno(client, SYNTHETIC_ERRNO(ENOANO), ++ "Received an IA_PD option with a different IAID " ++ "from the one chosen by the client, ignoring."); ++ + iaaddr_offset = sizeof(ia->ia_pd); + memcpy(&ia->ia_pd, iaoption->data, sizeof(ia->ia_pd)); + +@@ -564,13 +586,21 @@ int dhcp6_option_parse_ia(sd_dhcp6_client *client, DHCP6Option *iaoption, DHCP6I + if (len < DHCP6_OPTION_IA_TA_LEN) + return -ENOBUFS; + ++ /* According to RFC8415, IAs which do not match the client's IAID should be ignored, ++ * but not necessary to ignore or refuse the whole message. */ ++ if (((const struct ia_ta*) iaoption->data)->id != iaid) ++ /* ENOANO indicates the option should be ignored. */ ++ return log_dhcp6_client_errno(client, SYNTHETIC_ERRNO(ENOANO), ++ "Received an IA_TA option with a different IAID " ++ "from the one chosen by the client, ignoring."); ++ + iaaddr_offset = DHCP6_OPTION_IA_TA_LEN; +- memcpy(&ia->ia_ta.id, iaoption->data, sizeof(ia->ia_ta)); ++ memcpy(&ia->ia_ta, iaoption->data, sizeof(ia->ia_ta)); + + break; + + default: +- return -ENOMSG; ++ return -EINVAL; + } + + ia->type = iatype; +diff --git a/src/libsystemd-network/sd-dhcp6-client.c b/src/libsystemd-network/sd-dhcp6-client.c +index f99c12620b..efbf7d7df3 100644 +--- a/src/libsystemd-network/sd-dhcp6-client.c ++++ b/src/libsystemd-network/sd-dhcp6-client.c +@@ -1119,7 +1119,6 @@ static int client_parse_message( + while (pos < len) { + DHCP6Option *option = (DHCP6Option *) &message->optionspos; + uint16_t optcode, optlen; +- be32_t iaid_lease; + int status; + uint8_t *optval; + +@@ -1198,8 +1197,8 @@ static int client_parse_message( + break; + } + +- r = dhcp6_option_parse_ia(client, option, &lease->ia, &ia_na_status); +- if (r < 0 && r != -ENOMSG) ++ r = dhcp6_option_parse_ia(client, option, client->ia_pd.ia_na.id, &lease->ia, &ia_na_status); ++ if (r < 0 && r != -ENOANO) + return r; + + if (ia_na_status == DHCP6_STATUS_NO_ADDRS_AVAIL) { +@@ -1207,16 +1206,6 @@ static int client_parse_message( + continue; + } + +- r = dhcp6_lease_get_iaid(lease, &iaid_lease); +- if (r < 0) +- return r; +- +- if (client->ia_na.ia_na.id != iaid_lease) { +- log_dhcp6_client(client, "%s has wrong IAID for IA NA", +- dhcp6_message_type_to_string(message->type)); +- return -EINVAL; +- } +- + if (lease->ia.addresses) { + lt_t1 = MIN(lt_t1, be32toh(lease->ia.ia_na.lifetime_t1)); + lt_t2 = MIN(lt_t2, be32toh(lease->ia.ia_na.lifetime_t2)); +@@ -1231,8 +1220,8 @@ static int client_parse_message( + break; + } + +- r = dhcp6_option_parse_ia(client, option, &lease->pd, &ia_pd_status); +- if (r < 0 && r != -ENOMSG) ++ r = dhcp6_option_parse_ia(client, option, client->ia_pd.ia_pd.id, &lease->pd, &ia_pd_status); ++ if (r < 0 && r != -ENOANO) + return r; + + if (ia_pd_status == DHCP6_STATUS_NO_PREFIX_AVAIL) { +@@ -1240,16 +1229,6 @@ static int client_parse_message( + continue; + } + +- r = dhcp6_lease_get_pd_iaid(lease, &iaid_lease); +- if (r < 0) +- return r; +- +- if (client->ia_pd.ia_pd.id != iaid_lease) { +- log_dhcp6_client(client, "%s has wrong IAID for IA PD", +- dhcp6_message_type_to_string(message->type)); +- return -EINVAL; +- } +- + if (lease->pd.addresses) { + lt_t1 = MIN(lt_t1, be32toh(lease->pd.ia_pd.lifetime_t1)); + lt_t2 = MIN(lt_t2, be32toh(lease->pd.ia_pd.lifetime_t2)); +diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c +index a72c13684d..5e3b191595 100644 +--- a/src/libsystemd-network/test-dhcp6-client.c ++++ b/src/libsystemd-network/test-dhcp6-client.c +@@ -287,25 +287,31 @@ static int test_option_status(sd_event *e) { + }; + DHCP6Option *option; + DHCP6IA ia, pd; ++ be32_t iaid; + int r = 0; + + log_debug("/* %s */", __func__); + ++ memcpy(&iaid, option1 + 4, sizeof(iaid)); ++ + zero(ia); + option = (DHCP6Option *)option1; + assert_se(sizeof(option1) == sizeof(DHCP6Option) + be16toh(option->len)); + +- r = dhcp6_option_parse_ia(NULL, option, &ia, NULL); ++ r = dhcp6_option_parse_ia(NULL, option, 0, &ia, NULL); ++ assert_se(r == -ENOANO); ++ ++ r = dhcp6_option_parse_ia(NULL, option, iaid, &ia, NULL); + assert_se(r == 0); + assert_se(ia.addresses == NULL);
View file
_service:tar_scm:backport-sd-dhcp6-client-make-dhcp6_lease_free-accepts-NULL.patch
Added
@@ -0,0 +1,45 @@ +From f160a20a6bf995617cf8a22466638755f9a07813 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 24 Sep 2021 23:45:13 +0900 +Subject: PATCH sd-dhcp6-client: make dhcp6_lease_free() accepts NULL + +(cherry picked from commit 5cf67bb4072f149d0404398bfc359b068312ba28) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/f160a20a6bf995617cf8a22466638755f9a07813 +--- + src/libsystemd-network/sd-dhcp6-lease.c | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) + +diff --git a/src/libsystemd-network/sd-dhcp6-lease.c b/src/libsystemd-network/sd-dhcp6-lease.c +index 8378971422..4804f0941a 100644 +--- a/src/libsystemd-network/sd-dhcp6-lease.c ++++ b/src/libsystemd-network/sd-dhcp6-lease.c +@@ -366,20 +366,18 @@ int sd_dhcp6_lease_get_fqdn(sd_dhcp6_lease *lease, const char **fqdn) { + } + + static sd_dhcp6_lease *dhcp6_lease_free(sd_dhcp6_lease *lease) { +- assert(lease); ++ if (!lease) ++ return NULL; + + free(lease->serverid); + dhcp6_lease_free_ia(&lease->ia); + dhcp6_lease_free_ia(&lease->pd); +- + free(lease->dns); + free(lease->fqdn); +- +- lease->domains = strv_free(lease->domains); +- ++ strv_free(lease->domains); + free(lease->ntp); ++ strv_free(lease->ntp_fqdn); + +- lease->ntp_fqdn = strv_free(lease->ntp_fqdn); + return mfree(lease); + } + +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-dhcp6-client-modernize-dhcp6_option_parse.patch
Added
@@ -0,0 +1,275 @@ +From 1cc074167fd29c6c8c9dc5d7fd6c38e4dd91ca71 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Thu, 23 Sep 2021 14:58:28 +0900 +Subject: PATCH sd-dhcp6-client: modernize dhcp6_option_parse() + +- merge dhcp6_option_parse() with option_parse_hdr(). +- do not assign/update any values on error. +- use assert() instead of assert_return(), as the assertions cannot + be triggered by a library user. + +(cherry picked from commit b89a3758e92894162e3c2dcb594a55acff3274d5) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/1cc074167fd29c6c8c9dc5d7fd6c38e4dd91ca71 +--- + src/libsystemd-network/dhcp6-internal.h | 10 +++- + src/libsystemd-network/dhcp6-option.c | 60 ++++++++++------------ + src/libsystemd-network/sd-dhcp6-lease.c | 37 ++++++------- + src/libsystemd-network/test-dhcp6-client.c | 50 +++++++++--------- + 4 files changed, 76 insertions(+), 81 deletions(-) + +diff --git a/src/libsystemd-network/dhcp6-internal.h b/src/libsystemd-network/dhcp6-internal.h +index 96d7de8cae..8d083d3858 100644 +--- a/src/libsystemd-network/dhcp6-internal.h ++++ b/src/libsystemd-network/dhcp6-internal.h +@@ -101,8 +101,14 @@ int dhcp6_option_append_fqdn(uint8_t **buf, size_t *buflen, const char *fqdn); + int dhcp6_option_append_user_class(uint8_t **buf, size_t *buflen, char * const *user_class); + int dhcp6_option_append_vendor_class(uint8_t **buf, size_t *buflen, char * const *user_class); + int dhcp6_option_append_vendor_option(uint8_t **buf, size_t *buflen, OrderedHashmap *vendor_options); +-int dhcp6_option_parse(uint8_t **buf, size_t *buflen, uint16_t *optcode, +- size_t *optlen, uint8_t **optvalue); ++ ++int dhcp6_option_parse( ++ const uint8_t *buf, ++ size_t buflen, ++ size_t *offset, ++ uint16_t *ret_option_code, ++ size_t *ret_option_data_len, ++ const uint8_t **ret_option_data); + int dhcp6_option_parse_status(DHCP6Option *option, size_t len); + int dhcp6_option_parse_ia(sd_dhcp6_client *client, DHCP6Option *iaoption, be32_t iaid, DHCP6IA *ia, uint16_t *ret_status_code); + int dhcp6_option_parse_ip6addrs(const uint8_t *optval, uint16_t optlen, +diff --git a/src/libsystemd-network/dhcp6-option.c b/src/libsystemd-network/dhcp6-option.c +index 0709cfd4fd..781d391c0c 100644 +--- a/src/libsystemd-network/dhcp6-option.c ++++ b/src/libsystemd-network/dhcp6-option.c +@@ -370,47 +370,39 @@ int dhcp6_option_append_vendor_class(uint8_t **buf, size_t *buflen, char * const + return dhcp6_option_append(buf, buflen, SD_DHCP6_OPTION_VENDOR_CLASS, total, p); + } + +-static int option_parse_hdr(uint8_t **buf, size_t *buflen, uint16_t *optcode, size_t *optlen) { +- DHCP6Option *option = (DHCP6Option*) *buf; +- uint16_t len; +- +- assert_return(buf, -EINVAL); +- assert_return(optcode, -EINVAL); +- assert_return(optlen, -EINVAL); +- +- if (*buflen < offsetof(DHCP6Option, data)) +- return -ENOMSG; +- +- len = be16toh(option->len); +- +- if (len > *buflen) +- return -ENOMSG; +- +- *optcode = be16toh(option->code); +- *optlen = len; ++int dhcp6_option_parse( ++ const uint8_t *buf, ++ size_t buflen, ++ size_t *offset, ++ uint16_t *ret_option_code, ++ size_t *ret_option_data_len, ++ const uint8_t **ret_option_data) { + +- *buf += 4; +- *buflen -= 4; ++ const DHCP6Option *option; ++ size_t len; + +- return 0; +-} ++ assert(buf); ++ assert(offset); ++ assert(ret_option_code); ++ assert(ret_option_data_len); ++ assert(ret_option_data); + +-int dhcp6_option_parse(uint8_t **buf, size_t *buflen, uint16_t *optcode, +- size_t *optlen, uint8_t **optvalue) { +- int r; ++ if (buflen < offsetof(DHCP6Option, data)) ++ return -EBADMSG; + +- assert_return(buf && buflen && optcode && optlen && optvalue, -EINVAL); ++ if (*offset >= buflen - offsetof(DHCP6Option, data)) ++ return -EBADMSG; + +- r = option_parse_hdr(buf, buflen, optcode, optlen); +- if (r < 0) +- return r; ++ option = (const DHCP6Option*) (buf + *offset); ++ len = be16toh(option->len); + +- if (*optlen > *buflen) +- return -ENOBUFS; ++ if (len > buflen - offsetof(DHCP6Option, data) - *offset) ++ return -EBADMSG; + +- *optvalue = *buf; +- *buflen -= *optlen; +- *buf += *optlen; ++ *offset += offsetof(DHCP6Option, data) + len; ++ *ret_option_code = be16toh(option->code); ++ *ret_option_data_len = len; ++ *ret_option_data = option->data; + + return 0; + } +diff --git a/src/libsystemd-network/sd-dhcp6-lease.c b/src/libsystemd-network/sd-dhcp6-lease.c +index 9082185bca..6375a22537 100644 +--- a/src/libsystemd-network/sd-dhcp6-lease.c ++++ b/src/libsystemd-network/sd-dhcp6-lease.c +@@ -259,9 +259,6 @@ int sd_dhcp6_lease_get_domains(sd_dhcp6_lease *lease, char ***domains) { + + int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { + int r; +- uint16_t subopt; +- size_t sublen; +- uint8_t *subval; + + assert_return(lease, -EINVAL); + assert_return(optval, -EINVAL); +@@ -269,10 +266,14 @@ int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { + lease->ntp = mfree(lease->ntp); + lease->ntp_count = 0; + +- while ((r = dhcp6_option_parse(&optval, &optlen, &subopt, &sublen, +- &subval)) >= 0) { +- int s; +- char **servers; ++ for (size_t offset = 0; offset < optlen;) { ++ const uint8_t *subval; ++ size_t sublen; ++ uint16_t subopt; ++ ++ r = dhcp6_option_parse(optval, optlen, &offset, &subopt, &sublen, &subval); ++ if (r < 0) ++ return r; + + switch(subopt) { + case DHCP6_NTP_SUBOPTION_SRV_ADDR: +@@ -280,19 +281,18 @@ int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { + if (sublen != 16) + return 0; + +- s = dhcp6_option_parse_ip6addrs(subval, sublen, +- &lease->ntp, +- lease->ntp_count); +- if (s < 0) +- return s; ++ r = dhcp6_option_parse_ip6addrs(subval, sublen, &lease->ntp, lease->ntp_count); ++ if (r < 0) ++ return r; + +- lease->ntp_count = s; ++ lease->ntp_count = r; + + break; + +- case DHCP6_NTP_SUBOPTION_SRV_FQDN: +- r = dhcp6_option_parse_domainname_list(subval, sublen, +- &servers); ++ case DHCP6_NTP_SUBOPTION_SRV_FQDN: { ++ char **servers; ++ ++ r = dhcp6_option_parse_domainname_list(subval, sublen, &servers); + if (r < 0) + return 0; + +@@ -300,12 +300,9 @@ int dhcp6_lease_set_ntp(sd_dhcp6_lease *lease, uint8_t *optval, size_t optlen) { + lease->ntp_fqdn_count = r; + + break; +- } ++ }} + } + +- if (r != -ENOMSG) +- return r; +- + return 0; + } + +diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c +index 5e3b191595..5d1f709f11 100644 +--- a/src/libsystemd-network/test-dhcp6-client.c ++++ b/src/libsystemd-network/test-dhcp6-client.c
View file
_service:tar_scm:backport-sd-event-don-t-destroy-inotify-data-structures-from-.patch
Added
@@ -0,0 +1,109 @@ +From 439a271943aa182002e5fb64f1a216415e556472 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Tue, 9 Nov 2021 00:11:38 +0100 +Subject: PATCH sd-event: don't destroy inotify data structures from inotify + event handler + +This fixes a bad memory access when we destroy an inotify source handler +from the handler itself, and thus destroy the associated inotify_data +structures. + +Fixes: #20177 +(cherry picked from commit 53baf2efa420cab6c4b1904c9a0c46a0c4ec80a1) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/439a271943aa182002e5fb64f1a216415e556472 +--- + src/libsystemd/sd-event/event-source.h | 5 ++++ + src/libsystemd/sd-event/sd-event.c | 40 +++++++++++++++++++++++--- + 2 files changed, 41 insertions(+), 4 deletions(-) + +diff --git a/src/libsystemd/sd-event/event-source.h b/src/libsystemd/sd-event/event-source.h +index d2dc21470e..7a0f14ecce 100644 +--- a/src/libsystemd/sd-event/event-source.h ++++ b/src/libsystemd/sd-event/event-source.h +@@ -214,6 +214,11 @@ struct inotify_data { + * the events locally if they can't be coalesced). */ + unsigned n_pending; + ++ /* If this counter is non-zero, don't GC the inotify data object even if not used to watch any inode ++ * anymore. This is useful to pin the object for a bit longer, after the last event source needing it ++ * is gone. */ ++ unsigned n_busy; ++ + /* A linked list of all inotify objects with data already read, that still need processing. We keep this list + * to make it efficient to figure out what inotify objects to process data on next. */ + LIST_FIELDS(struct inotify_data, buffered); +diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c +index 99c0acfa54..3b4d938546 100644 +--- a/src/libsystemd/sd-event/sd-event.c ++++ b/src/libsystemd/sd-event/sd-event.c +@@ -1820,6 +1820,29 @@ static void event_free_inode_data( + free(d); + } + ++static void event_gc_inotify_data( ++ sd_event *e, ++ struct inotify_data *d) { ++ ++ assert(e); ++ ++ /* GCs the inotify data object if we don't need it anymore. That's the case if we don't want to watch ++ * any inode with it anymore, which in turn happens if no event source of this priority is interested ++ * in any inode any longer. That said, we maintain an extra busy counter: if non-zero we'll delay GC ++ * (under the expectation that the GC is called again once the counter is decremented). */ ++ ++ if (!d) ++ return; ++ ++ if (!hashmap_isempty(d->inodes)) ++ return; ++ ++ if (d->n_busy > 0) ++ return; ++ ++ event_free_inotify_data(e, d); ++} ++ + static void event_gc_inode_data( + sd_event *e, + struct inode_data *d) { +@@ -1837,8 +1860,7 @@ static void event_gc_inode_data( + inotify_data = d->inotify_data; + event_free_inode_data(e, d); + +- if (inotify_data && hashmap_isempty(inotify_data->inodes)) +- event_free_inotify_data(e, inotify_data); ++ event_gc_inotify_data(e, inotify_data); + } + + static int event_make_inode_data( +@@ -3556,13 +3578,23 @@ static int source_dispatch(sd_event_source *s) { + sz = offsetof(struct inotify_event, name) + d->buffer.ev.len; + assert(d->buffer_filled >= sz); + ++ /* If the inotify callback destroys the event source then this likely means we don't need to ++ * watch the inode anymore, and thus also won't need the inotify object anymore. But if we'd ++ * free it immediately, then we couldn't drop the event from the inotify event queue without ++ * memory corruption anymore, as below. Hence, let's not free it immediately, but mark it ++ * "busy" with a counter (which will ensure it's not GC'ed away prematurely). Let's then ++ * explicitly GC it after we are done dropping the inotify event from the buffer. */ ++ d->n_busy++; + r = s->inotify.callback(s, &d->buffer.ev, s->userdata); ++ d->n_busy--; + +- /* When no event is pending anymore on this inotify object, then let's drop the event from the +- * buffer. */ ++ /* When no event is pending anymore on this inotify object, then let's drop the event from ++ * the inotify event queue buffer. */ + if (d->n_pending == 0) + event_inotify_data_drop(e, d, sz); + ++ /* Now we don't want to access 'd' anymore, it's OK to GC now. */ ++ event_gc_inotify_data(e, d); + break; + } + +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-event-take-ref-on-event-loop-object-before-dispat.patch
Added
@@ -0,0 +1,36 @@ +From a93ddddd00860bda05df72cfd5b80be9b3a93023 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar <msekleta@redhat.com> +Date: Wed, 8 Sep 2021 15:42:11 +0200 +Subject: PATCH sd-event: take ref on event loop object before dispatching + event sources + +Idea is that all public APIs should take reference on objects that get +exposed to user-provided callbacks. We take the reference as a +protection from callbacks dropping it. We used to do this also here in +sd_event_loop(). However, in cleanup portion of f814c871e6 this was +accidentally dropped. + +(cherry picked from commit 9f6ef467818f902fe5369c8e37a39a3901bdcf4f) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/a93ddddd00860bda05df72cfd5b80be9b3a93023 +--- + src/libsystemd/sd-event/sd-event.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c +index e9199deb41..99c0acfa54 100644 +--- a/src/libsystemd/sd-event/sd-event.c ++++ b/src/libsystemd/sd-event/sd-event.c +@@ -4154,7 +4154,7 @@ _public_ int sd_event_loop(sd_event *e) { + assert_return(!event_pid_changed(e), -ECHILD); + assert_return(e->state == SD_EVENT_INITIAL, -EBUSY); + +- _unused_ _cleanup_(sd_event_unrefp) sd_event *ref = NULL; ++ _unused_ _cleanup_(sd_event_unrefp) sd_event *ref = sd_event_ref(e); + + while (e->state != SD_EVENT_FINISHED) { + r = sd_event_run(e, UINT64_MAX); +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-journal-Don-t-compare-hashes-from-different-journ.patch
Added
@@ -0,0 +1,48 @@ +From 2f5b486edfdb6dc3d5465fe7569c19560208813c Mon Sep 17 00:00:00 2001 +From: Daan De Meyer <daan.j.demeyer@gmail.com> +Date: Tue, 14 Sep 2021 15:08:46 +0100 +Subject: PATCH sd-journal: Don't compare hashes from different journal files + +In sd_journal_enumerate_fields(), we check if we've already handled +a field by checking if we can find it in any of the already processed +journal files. We do this by calling +journal_file_find_field_object_with_hash(), which compares the size, +payload and hash of the given field against all fields in a journal file, +trying to find a match. However, since we now use per file hash functions, +hashes for the same fields will differ between different journal files, +meaning we'll never find an actual match. + +To fix the issue(), let's use journal_file_find_field_object() when one +or more of the files we're comparing is using per file keyed hashes. +journal_file_find_field_object() only takes the field payload and size +as arguments and calculates the hash itself using the hash function from +the journal file we're searching in. + +(cherry picked from commit 27bf0ab76e13611dce10210f2a22fb5fba05adbb) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/2f5b486edfdb6dc3d5465fe7569c19560208813c +--- + src/libsystemd/sd-journal/sd-journal.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c +index 5728c537bc..a2fbc1b037 100644 +--- a/src/libsystemd/sd-journal/sd-journal.c ++++ b/src/libsystemd/sd-journal/sd-journal.c +@@ -3158,7 +3158,11 @@ _public_ int sd_journal_enumerate_fields(sd_journal *j, const char **field) { + if (JOURNAL_HEADER_CONTAINS(of->header, n_fields) && le64toh(of->header->n_fields) <= 0) + continue; + +- r = journal_file_find_field_object_with_hash(of, o->field.payload, sz, le64toh(o->field.hash), NULL, NULL); ++ if (!JOURNAL_HEADER_KEYED_HASH(f->header) && !JOURNAL_HEADER_KEYED_HASH(of->header)) ++ r = journal_file_find_field_object_with_hash(of, o->field.payload, sz, ++ le64toh(o->field.hash), NULL, NULL); ++ else ++ r = journal_file_find_field_object(of, o->field.payload, sz, NULL, NULL); + if (r < 0) + return r; + if (r > 0) { +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-journal-Ignore-data-threshold-if-set-to-zero-in-s.patch
Added
@@ -0,0 +1,35 @@ +From 99ae9b83b42abbe54c059ae964b737b64ae17df9 Mon Sep 17 00:00:00 2001 +From: Daan De Meyer <daan.j.demeyer@gmail.com> +Date: Wed, 15 Sep 2021 13:05:46 +0100 +Subject: PATCH sd-journal: Ignore data threshold if set to zero in + sd_journal_enumerate_fields() + +According to the documentation, Setting the data threshold to zero disables the +data threshold alltogether. Let's make sure we actually implement this behaviour +in sd_journal_enumerate_fields() by only applying the data threshold if it exceeds +zero. + +(cherry picked from commit adbd80f51088058d55e703abe0ac11476cfe0ba4) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/99ae9b83b42abbe54c059ae964b737b64ae17df9 +--- + src/libsystemd/sd-journal/sd-journal.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c +index a2fbc1b037..b3240177cb 100644 +--- a/src/libsystemd/sd-journal/sd-journal.c ++++ b/src/libsystemd/sd-journal/sd-journal.c +@@ -3178,7 +3178,7 @@ _public_ int sd_journal_enumerate_fields(sd_journal *j, const char **field) { + if (memchr(o->field.payload, 0, sz)) + return -EBADMSG; + +- if (sz > j->data_threshold) ++ if (j->data_threshold > 0 && sz > j->data_threshold) + sz = j->data_threshold; + + if (!GREEDY_REALLOC(j->fields_buffer, sz + 1)) +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-journal-fix-segfault-when-match_new-fails.patch
Added
@@ -0,0 +1,63 @@ +From 4bf497c3814e2f612cb055b838a656e6e14c0ed0 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Thu, 23 Dec 2021 21:45:29 +0900 +Subject: PATCH sd-journal: fix segfault when match_new() fails + +Fixes #21867. + +(cherry picked from commit 39dfc0de05238410e2cd4d7c0176a3f3994cc563) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/4bf497c3814e2f612cb055b838a656e6e14c0ed0 +--- + src/libsystemd/sd-journal/sd-journal.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c +index 63b8f0dc7b..dd28b8008f 100644 +--- a/src/libsystemd/sd-journal/sd-journal.c ++++ b/src/libsystemd/sd-journal/sd-journal.c +@@ -211,7 +211,7 @@ static Match *match_new(Match *p, MatchType t) { + return m; + } + +-static void match_free(Match *m) { ++static Match *match_free(Match *m) { + assert(m); + + while (m->matches) +@@ -221,14 +221,14 @@ static void match_free(Match *m) { + LIST_REMOVE(matches, m->parent->matches, m); + + free(m->data); +- free(m); ++ return mfree(m); + } + +-static void match_free_if_empty(Match *m) { ++static Match *match_free_if_empty(Match *m) { + if (!m || m->matches) +- return; ++ return m; + +- match_free(m); ++ return match_free(m); + } + + _public_ int sd_journal_add_match(sd_journal *j, const void *data, size_t size) { +@@ -323,9 +323,9 @@ _public_ int sd_journal_add_match(sd_journal *j, const void *data, size_t size) + fail: + match_free(m); + match_free_if_empty(add_here); +- match_free_if_empty(j->level2); +- match_free_if_empty(j->level1); +- match_free_if_empty(j->level0); ++ j->level2 = match_free_if_empty(j->level2); ++ j->level1 = match_free_if_empty(j->level1); ++ j->level0 = match_free_if_empty(j->level0); + + return -ENOMEM; + } +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-journal-free-incomplete-match-on-failure.patch
Added
@@ -0,0 +1,37 @@ +From cd9b726453398bef20c66f30a454eb503f7bcb72 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Thu, 23 Dec 2021 21:35:29 +0900 +Subject: PATCH sd-journal: free incomplete match on failure + +(cherry picked from commit 418cce628cf28d4feaeda60241cf9781f8afbf1c) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/cd9b726453398bef20c66f30a454eb503f7bcb72 +--- + src/libsystemd/sd-journal/sd-journal.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c +index 71875a4dc8..63b8f0dc7b 100644 +--- a/src/libsystemd/sd-journal/sd-journal.c ++++ b/src/libsystemd/sd-journal/sd-journal.c +@@ -232,7 +232,7 @@ static void match_free_if_empty(Match *m) { + } + + _public_ int sd_journal_add_match(sd_journal *j, const void *data, size_t size) { +- Match *l3, *l4, *add_here = NULL, *m; ++ Match *l3, *l4, *add_here = NULL, *m = NULL; + uint64_t hash; + + assert_return(j, -EINVAL); +@@ -321,6 +321,7 @@ _public_ int sd_journal_add_match(sd_journal *j, const void *data, size_t size) + return 0; + + fail: ++ match_free(m); + match_free_if_empty(add_here); + match_free_if_empty(j->level2); + match_free_if_empty(j->level1); +-- +2.33.0 +
View file
_service:tar_scm:backport-sd-netlink-always-append-new-bridge-FDB-entries.patch
Added
@@ -0,0 +1,39 @@ +From f65dedbb8f3bd8a0ec69a02f63f62f339a791423 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 4 Aug 2021 18:16:44 +0900 +Subject: PATCH sd-netlink: always append new bridge FDB entries + +This partially reverts 192a9d95ea3e058afd824d38a9cea16ad0a84a57 (#19432). + +Fixes #20305. + +(cherry picked from commit 74c1ab841fbad9d4f237c819577fcd1d46a072b6) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/f65dedbb8f3bd8a0ec69a02f63f62f339a791423 +--- + src/libsystemd/sd-netlink/rtnl-message.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/libsystemd/sd-netlink/rtnl-message.c b/src/libsystemd/sd-netlink/rtnl-message.c +index e771b95e08..7f83bf58b3 100644 +--- a/src/libsystemd/sd-netlink/rtnl-message.c ++++ b/src/libsystemd/sd-netlink/rtnl-message.c +@@ -443,8 +443,12 @@ int sd_rtnl_message_new_neigh(sd_netlink *rtnl, sd_netlink_message **ret, uint16 + if (r < 0) + return r; + +- if (nlmsg_type == RTM_NEWNEIGH) +- (*ret)->hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_REPLACE; ++ if (nlmsg_type == RTM_NEWNEIGH) { ++ if (ndm_family == AF_BRIDGE) ++ (*ret)->hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_APPEND; ++ else ++ (*ret)->hdr->nlmsg_flags |= NLM_F_CREATE | NLM_F_REPLACE; ++ } + + ndm = NLMSG_DATA((*ret)->hdr); + +-- +2.33.0 +
View file
_service:tar_scm:backport-seccomp-Always-install-filters-for-native-architectu.patch
Added
@@ -0,0 +1,64 @@ +From ba8bce7b562f9ef83a4de697eae2f97cf1806e3d Mon Sep 17 00:00:00 2001 +From: Benjamin Berg <bberg@redhat.com> +Date: Fri, 17 Sep 2021 13:05:32 +0200 +Subject: PATCH seccomp: Always install filters for native architecture + +The commit 6597686865ff ("seccomp: don't install filters for archs that +can't use syscalls") introduced a regression where filters may not be +installed for the "native" architecture. This means that setting +SystemCallArchitectures=native for a unit effectively disables the +SystemCallFilter= and SystemCallLog= options. + +Conceptually, we have two filter stages: + 1. architecture used for syscall (SystemCallArchitectures=) + 2. syscall + architecture combination (SystemCallFilter=) + +The above commit tried to optimize the filter generation by skipping the +second level filtering when it is not required. + +However, systemd will never fully block the "native" architecture using +the first level filter. This makes the code a lot simpler, as systemd +can execve() the target binary using its own architecture. And, it +should be perfectly fine as the "native" architecture will always be the +one with the most restrictive seccomp filtering. + +Said differently, the bug arises because (on x86_64): + 1. x86_64 is permitted by libseccomp already + 2. native != x86_64 + 3. the loop wants to block x86_64 because the permitted set only + contains "native" (i.e. "native" != "x86_64") + 4. x86_64 is marked as blocked in seccomp_local_archs + +Thereby we have an inconsistency, where it is marked as blocked in the +seccomp_local_archs array but it is allowed by libseccomp. i.e. we will +skip generating filter stage 2 without having stage 1 in place. + +The fix is simple, we just skip the native architecture when looping +seccomp_local_archs. This way the inconsistency cannot happen. + +(cherry picked from commit f833df38488ea40fc3d601ccefd64cfa3fce8bb4) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/ba8bce7b562f9ef83a4de697eae2f97cf1806e3d +--- + src/shared/seccomp-util.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c +index 631ca5dd34..31d6b542c0 100644 +--- a/src/shared/seccomp-util.c ++++ b/src/shared/seccomp-util.c +@@ -1789,6 +1789,10 @@ int seccomp_restrict_archs(Set *archs) { + for (unsigned i = 0; seccomp_local_archsi != SECCOMP_LOCAL_ARCH_END; ++i) { + uint32_t arch = seccomp_local_archsi; + ++ /* See above comment, our "native" architecture is never blocked. */ ++ if (arch == seccomp_arch_native()) ++ continue; ++ + /* That architecture might have already been blocked by a previous call to seccomp_restrict_archs. */ + if (arch == SECCOMP_LOCAL_ARCH_BLOCKED) + continue; +-- +2.33.0 +
View file
_service:tar_scm:backport-seccomp-drop-getrandom-from-system-service.patch
Added
@@ -0,0 +1,34 @@ +From 9eb9b07c404be8d59a800c70593809a69f0d0e55 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Tue, 27 Jul 2021 17:10:21 +0200 +Subject: PATCH seccomp: drop getrandom() from @system-service + +It's included in @default now, since +14f4b1b568907350d023d1429c1aa4aaa8925f22, and since @system-service +pulls that in we can drop it from @system-service. + +Follow-up for #20191 + +(cherry picked from commit 67347f37407489a68e12da8f75b78ae1d1168de9) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/9eb9b07c404be8d59a800c70593809a69f0d0e55 +--- + src/shared/seccomp-util.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c +index cad0af89f2..703d5a939c 100644 +--- a/src/shared/seccomp-util.c ++++ b/src/shared/seccomp-util.c +@@ -859,7 +859,6 @@ const SyscallFilterSet syscall_filter_sets_SYSCALL_FILTER_SET_MAX = { + "get_mempolicy\0" + "getcpu\0" + "getpriority\0" +- "getrandom\0" + "ioctl\0" + "ioprio_get\0" + "kcmp\0" +-- +2.33.0 +
View file
_service:tar_scm:backport-seccomp-move-arch_prctl-to-default.patch
Added
@@ -0,0 +1,54 @@ +From cf6d1dcc93ad7caedaa139d3c0377f7524fe1013 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Fri, 7 Jan 2022 15:23:55 +0100 +Subject: PATCH seccomp: move arch_prctl to @default + +It was reported as used by the linker: + +> It is called in the setup of ld-linux-x86-64.so.2 from _dl_sysdep_start. +> My local call stack (with LTO): +> +> #0 init_cpu_features.constprop.0 (/usr/lib64/ld-linux-x86-64.so.2) +> #1 _dl_sysdep_start (/usr/lib64/ld-linux-x86-64.so.2) +> #2 _dl_start (/usr/lib64/ld-linux-x86-64.so.2) +> #3 _start (/usr/lib64/ld-linux-x86-64.so.2) +> +> Looking through the source, I think it's this (links for glibc 2.34): +> - First dl_platform_init calls _dl_x86_init_cpu_features, a wrapper for init_cpu_features. +> - Then init_cpu_features calls get_cet_status. +> - At last, get_cet_status invokes arch_prctl. + +Fixes #22033. + +(cherry picked from commit 5f02870a74aa3a758115cc9bd6d68f239caf8453) +(cherry picked from commit d08f6ff204c8525f7533875128468afb8be60ae0) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/cf6d1dcc93ad7caedaa139d3c0377f7524fe1013 +--- + src/shared/seccomp-util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c +index 2d73354e1a..ccfa4cc56a 100644 +--- a/src/shared/seccomp-util.c ++++ b/src/shared/seccomp-util.c +@@ -283,6 +283,7 @@ const SyscallFilterSet syscall_filter_sets_SYSCALL_FILTER_SET_MAX = { + .name = "@default", + .help = "System calls that are always permitted", + .value = ++ "arch_prctl\0" /* Used during platform-specific initialization by ld-linux.so. */ + "brk\0" + "cacheflush\0" + "clock_getres\0" +@@ -712,7 +713,6 @@ const SyscallFilterSet syscall_filter_sets_SYSCALL_FILTER_SET_MAX = { + .name = "@process", + .help = "Process control, execution, namespacing operations", + .value = +- "arch_prctl\0" + "capget\0" /* Able to query arbitrary processes */ + "clone\0" + "clone3\0" +-- +2.33.0 +
View file
_service:tar_scm:backport-seccomp-move-mprotect-to-default.patch
Added
@@ -0,0 +1,52 @@ +From 0c8195d673f46ab41ffbf7bb0eb54b53f202bb3f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Sat, 13 Nov 2021 16:08:25 +0100 +Subject: PATCH seccomp: move mprotect to @default + +With glibc-2.34.9000-17.fc36.x86_64, dynamically programs newly fail in early +init with a restrictive syscall filter that does not include @system-service. +I think this is caused by 2dd87703d4386f2776c5b5f375a494c91d7f9fe4: + +Author: Florian Weimer <fweimer@redhat.com> +Date: Mon May 10 10:31:41 2021 +0200 + + nptl: Move changing of stack permissions into ld.so + + All the stack lists are now in _rtld_global, so it is possible + to change stack permissions directly from there, instead of + calling into libpthread to do the change. + +It seems that this call will now be very widely used, so let's just move it to +default to avoid too many failures. + +(cherry picked from commit 4728625490b70ac4a686b1655c08ad3fe7b97359) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/0c8195d673f46ab41ffbf7bb0eb54b53f202bb3f +--- + src/shared/seccomp-util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c +index 31d6b542c0..2d73354e1a 100644 +--- a/src/shared/seccomp-util.c ++++ b/src/shared/seccomp-util.c +@@ -324,6 +324,7 @@ const SyscallFilterSet syscall_filter_sets_SYSCALL_FILTER_SET_MAX = { + "membarrier\0" + "mmap\0" + "mmap2\0" ++ "mprotect\0" + "munmap\0" + "nanosleep\0" + "pause\0" +@@ -864,7 +865,6 @@ const SyscallFilterSet syscall_filter_sets_SYSCALL_FILTER_SET_MAX = { + "ioprio_get\0" + "kcmp\0" + "madvise\0" +- "mprotect\0" + "mremap\0" + "name_to_handle_at\0" + "oldolduname\0" +-- +2.33.0 +
View file
_service:tar_scm:backport-seccomp-move-sched_getaffinity-from-system-service-t.patch
Added
@@ -0,0 +1,49 @@ +From 77681242c8c6d7693814b8245e9096e43faa21be Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Tue, 27 Jul 2021 17:11:09 +0200 +Subject: PATCH seccomp: move sched_getaffinity() from @system-service to + @default + +See: https://github.com/systemd/systemd/pull/20191#issuecomment-881982739 + +In general, we shouldn't blanket move syscalls like this into @default, +given that glibc actually does have fallbacks, afaics. However, as +long as the syscalls are "read-only" and thus benign, I figure it's a +safe thing to do. But we should probably stick to a "if in doubt, don't" +rule, and put these syscalls in @system-service as default, but not into +@default. + +I think in the real world @system-service is the sensible group people +should use, and not @default actually. + +(cherry picked from commit 7df660e45682af5c40a236abe1bdc5ddcf3b3533) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/77681242c8c6d7693814b8245e9096e43faa21be +--- + src/shared/seccomp-util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c +index 703d5a939c..631ca5dd34 100644 +--- a/src/shared/seccomp-util.c ++++ b/src/shared/seccomp-util.c +@@ -331,6 +331,7 @@ const SyscallFilterSet syscall_filter_sets_SYSCALL_FILTER_SET_MAX = { + "restart_syscall\0" + "rseq\0" + "rt_sigreturn\0" ++ "sched_getaffinity\0" + "sched_yield\0" + "set_robust_list\0" + "set_thread_area\0" +@@ -874,7 +875,6 @@ const SyscallFilterSet syscall_filter_sets_SYSCALL_FILTER_SET_MAX = { + "remap_file_pages\0" + "sched_get_priority_max\0" + "sched_get_priority_min\0" +- "sched_getaffinity\0" + "sched_getattr\0" + "sched_getparam\0" + "sched_getscheduler\0" +-- +2.33.0 +
View file
_service:tar_scm:backport-shared-condition-avoid-nss-lookup-in-PID1.patch
Added
@@ -0,0 +1,76 @@ +From 03101b5186a43b893165f44726f4865702005d8e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Fri, 7 Oct 2022 17:34:53 +0200 +Subject: PATCH shared/condition: avoid nss lookup in PID1 + +PID 1 is not allowed to do nss lookups because this may take a long time or +even deadlock. + +While at it, the comparisons are reordered to do the "easy" comparisons which +only require a string comparison first. Delay parsing of the UID until it is +really necessary. The result is the same, because we know that "root" and +"nobody" parse as valid. + +(cherry picked from commit 734f96b8490a2c48712ff6754a84fcaeac3d53c1) +(cherry picked from commit 5da595db39e8c6b229dfe388130683ff9a32eda5) +(cherry picked from commit 4ddeea92faf69291449af95dc9ba6440ad06ec1b) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/03101b5186a43b893165f44726f4865702005d8e +--- + src/shared/condition.c | 23 ++++++++++++++--------- + 1 file changed, 14 insertions(+), 9 deletions(-) + +diff --git a/src/shared/condition.c b/src/shared/condition.c +index b0520566ed..ed7de273bf 100644 +--- a/src/shared/condition.c ++++ b/src/shared/condition.c +@@ -373,31 +373,36 @@ static int condition_test_cpus(Condition *c, char **env) { + static int condition_test_user(Condition *c, char **env) { + uid_t id; + int r; +- _cleanup_free_ char *username = NULL; +- const char *u; + + assert(c); + assert(c->parameter); + assert(c->type == CONDITION_USER); + ++ /* Do the quick&easy comparisons first, and only parse the UID later. */ ++ if (streq(c->parameter, "root")) ++ return getuid() == 0 || geteuid() == 0; ++ if (streq(c->parameter, NOBODY_USER_NAME)) ++ return getuid() == UID_NOBODY || geteuid() == UID_NOBODY; ++ if (streq(c->parameter, "@system")) ++ return uid_is_system(getuid()) || uid_is_system(geteuid()); ++ + r = parse_uid(c->parameter, &id); + if (r >= 0) + return id == getuid() || id == geteuid(); + +- if (streq("@system", c->parameter)) +- return uid_is_system(getuid()) || uid_is_system(geteuid()); ++ if (getpid_cached() == 1) /* We already checked for "root" above, and we know that ++ * PID 1 is running as root, hence we know it cannot match. */ ++ return false; + +- username = getusername_malloc(); ++ /* getusername_malloc() may do an nss lookup, which is not allowed in PID 1. */ ++ _cleanup_free_ char *username = getusername_malloc(); + if (!username) + return -ENOMEM; + + if (streq(username, c->parameter)) + return 1; + +- if (getpid_cached() == 1) +- return streq(c->parameter, "root"); +- +- u = c->parameter; ++ const char *u = c->parameter; + r = get_user_creds(&u, &id, NULL, NULL, NULL, USER_CREDS_ALLOW_MISSING); + if (r < 0) + return 0; +-- +2.27.0 +
View file
_service:tar_scm:backport-shared-format-table-allocate-buffer-of-sufficient-si.patch
Added
@@ -0,0 +1,38 @@ +From e6407ca25852dadec355df2e6fdc92d1f189bceb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Mon, 5 Jul 2021 21:29:11 +0200 +Subject: PATCH shared/format-table: allocate buffer of sufficient size + +(cherry picked from commit 6dc57047ff0f1f9e98938ffb172dae06e6868b94) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/e6407ca25852dadec355df2e6fdc92d1f189bceb +--- + src/shared/format-table.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/shared/format-table.c b/src/shared/format-table.c +index c4c3439541..4c4e4593d8 100644 +--- a/src/shared/format-table.c ++++ b/src/shared/format-table.c +@@ -1409,7 +1409,7 @@ static const char *table_data_format(Table *t, TableData *d, bool avoid_uppercas + _cleanup_free_ char *p = NULL; + char *ret; + +- p = new(char, FORMAT_TIMESTAMP_MAX); ++ p = new(char, d->type == TABLE_TIMESTAMP_RELATIVE ? FORMAT_TIMESTAMP_RELATIVE_MAX : FORMAT_TIMESTAMP_MAX); + if (!p) + return NULL; + +@@ -1418,7 +1418,7 @@ static const char *table_data_format(Table *t, TableData *d, bool avoid_uppercas + else if (d->type == TABLE_TIMESTAMP_UTC) + ret = format_timestamp_style(p, FORMAT_TIMESTAMP_MAX, d->timestamp, TIMESTAMP_UTC); + else +- ret = format_timestamp_relative(p, FORMAT_TIMESTAMP_MAX, d->timestamp); ++ ret = format_timestamp_relative(p, FORMAT_TIMESTAMP_RELATIVE_MAX, d->timestamp); + if (!ret) + return "n/a"; + +-- +2.33.0 +
View file
_service:tar_scm:backport-sleep-don-t-skip-resume-device-with-low-priority-ava.patch
Added
@@ -0,0 +1,53 @@ +From 20c776c5e92201e01d4bfbea4ecbc4df758bcf09 Mon Sep 17 00:00:00 2001 +From: Egor <egor@opensrc.club> +Date: Sun, 3 Oct 2021 03:42:50 +0300 +Subject: PATCH sleep: don't skip resume device with low priority/available + space + +this fixes hibernation when there's a higher priority swap preceding +the resume swap in /proc/swaps. + +fixes #19486 + +(cherry picked from commit 936a7cb66a0b423e75ceef87f02537067ad17002) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/20c776c5e92201e01d4bfbea4ecbc4df758bcf09 +--- + src/shared/sleep-config.c | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +diff --git a/src/shared/sleep-config.c b/src/shared/sleep-config.c +index dbaecb3a0f..8ec3d09a58 100644 +--- a/src/shared/sleep-config.c ++++ b/src/shared/sleep-config.c +@@ -392,15 +392,17 @@ int find_hibernate_location(HibernateLocation **ret_hibernate_location) { + } + + /* prefer resume device or highest priority swap with most remaining space */ +- if (hibernate_location && swap->priority < hibernate_location->swap->priority) { +- log_debug("%s: ignoring device with lower priority", swap->device); +- continue; +- } +- if (hibernate_location && +- (swap->priority == hibernate_location->swap->priority +- && swap->size - swap->used < hibernate_location->swap->size - hibernate_location->swap->used)) { +- log_debug("%s: ignoring device with lower usable space", swap->device); +- continue; ++ if (sys_resume == 0) { ++ if (hibernate_location && swap->priority < hibernate_location->swap->priority) { ++ log_debug("%s: ignoring device with lower priority", swap->device); ++ continue; ++ } ++ if (hibernate_location && ++ (swap->priority == hibernate_location->swap->priority ++ && swap->size - swap->used < hibernate_location->swap->size - hibernate_location->swap->used)) { ++ log_debug("%s: ignoring device with lower usable space", swap->device); ++ continue; ++ } + } + + dev_t swap_device; +-- +2.33.0 +
View file
_service:tar_scm:backport-socket-util-introduce-CMSG_SPACE_TIMEVAL-TIMESPEC-ma.patch
Added
@@ -0,0 +1,94 @@ +From d36785cdd845710028ab033f85493572f15cab23 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sun, 29 Aug 2021 20:50:49 +0900 +Subject: PATCH socket-util: introduce CMSG_SPACE_TIMEVAL/TIMESPEC macro to + support additional 64bit timeval or timespec + +Fixes #20482 and #20564. + +(cherry picked from commit 9365e296fe281da45797af89a97627e872fc019d) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/d36785cdd845710028ab033f85493572f15cab23 +--- + src/basic/socket-util.h | 22 ++++++++++++++++++++++ + src/journal/journald-server.c | 2 +- + src/libsystemd-network/icmp6-util.c | 2 +- + src/timesync/timesyncd-manager.c | 2 +- + 4 files changed, 25 insertions(+), 3 deletions(-) + +diff --git a/src/basic/socket-util.h b/src/basic/socket-util.h +index f92e425fd6..09e606614c 100644 +--- a/src/basic/socket-util.h ++++ b/src/basic/socket-util.h +@@ -277,6 +277,28 @@ static inline int getsockopt_int(int fd, int level, int optname, int *ret) { + int socket_bind_to_ifname(int fd, const char *ifname); + int socket_bind_to_ifindex(int fd, int ifindex); + ++/* Define a 64bit version of timeval/timespec in any case, even on 32bit userspace. */ ++struct timeval_large { ++ uint64_t tvl_sec, tvl_usec; ++}; ++struct timespec_large { ++ uint64_t tvl_sec, tvl_nsec; ++}; ++ ++/* glibc duplicates timespec/timeval on certain 32bit archs, once in 32bit and once in 64bit. ++ * See __convert_scm_timestamps() in glibc source code. Hence, we need additional buffer space for them ++ * to prevent from recvmsg_safe() returning -EXFULL. */ ++#define CMSG_SPACE_TIMEVAL \ ++ ((sizeof(struct timeval) == sizeof(struct timeval_large)) ? \ ++ CMSG_SPACE(sizeof(struct timeval)) : \ ++ CMSG_SPACE(sizeof(struct timeval)) + \ ++ CMSG_SPACE(sizeof(struct timeval_large))) ++#define CMSG_SPACE_TIMESPEC \ ++ ((sizeof(struct timespec) == sizeof(struct timespec_large)) ? \ ++ CMSG_SPACE(sizeof(struct timespec)) : \ ++ CMSG_SPACE(sizeof(struct timespec)) + \ ++ CMSG_SPACE(sizeof(struct timespec_large))) ++ + ssize_t recvmsg_safe(int sockfd, struct msghdr *msg, int flags); + + int socket_get_family(int fd, int *ret); +diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c +index a0695ec519..abd52f7c14 100644 +--- a/src/journal/journald-server.c ++++ b/src/journal/journald-server.c +@@ -1277,7 +1277,7 @@ int server_process_datagram( + * identical to NAME_MAX. For now we use that, but this should be updated one day when the final + * limit is known. */ + CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct ucred)) + +- CMSG_SPACE(sizeof(struct timeval)) + ++ CMSG_SPACE_TIMEVAL + + CMSG_SPACE(sizeof(int)) + /* fd */ + CMSG_SPACE(NAME_MAX) /* selinux label */) control; + +diff --git a/src/libsystemd-network/icmp6-util.c b/src/libsystemd-network/icmp6-util.c +index 0b8c3e4cc3..823be0f275 100644 +--- a/src/libsystemd-network/icmp6-util.c ++++ b/src/libsystemd-network/icmp6-util.c +@@ -149,7 +149,7 @@ int icmp6_receive(int fd, void *buffer, size_t size, struct in6_addr *ret_dst, + triple_timestamp *ret_timestamp) { + + CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(int)) + /* ttl */ +- CMSG_SPACE(sizeof(struct timeval))) control; ++ CMSG_SPACE_TIMEVAL) control; + struct iovec iov = {}; + union sockaddr_union sa = {}; + struct msghdr msg = { +diff --git a/src/timesync/timesyncd-manager.c b/src/timesync/timesyncd-manager.c +index 9d874cfc8a..eae14e8fb2 100644 +--- a/src/timesync/timesyncd-manager.c ++++ b/src/timesync/timesyncd-manager.c +@@ -412,7 +412,7 @@ static int manager_receive_response(sd_event_source *source, int fd, uint32_t re + .iov_base = &ntpmsg, + .iov_len = sizeof(ntpmsg), + }; +- CMSG_BUFFER_TYPE(CMSG_SPACE(sizeof(struct timespec))) control; ++ CMSG_BUFFER_TYPE(CMSG_SPACE_TIMESPEC) control; + union sockaddr_union server_addr; + struct msghdr msghdr = { + .msg_iov = &iov, +-- +2.33.0 +
View file
_service:tar_scm:backport-src-boot-efi-linux-fix-linux_exec-prototype.patch
Added
@@ -0,0 +1,48 @@ +From a825ced57fa8533ba54fec4c4476400e122ddbc3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Alfonso=20S=C3=A1nchez-Beato?= + <alfonso.sanchez-beato@canonical.com> +Date: Thu, 19 Aug 2021 12:21:12 +0200 +Subject: PATCH src/boot/efi/linux: fix linux_exec prototype + +Callers to linux_exec() are actually passing an EFI_HANDLE, not a pointer to +it. linux_efi_handover(), which is called by linux_exec(), also expects an +EFI_HANDLE. + +(cherry picked from commit d48f9174cf211a235193963a06b3d28537fc6529) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/a825ced57fa8533ba54fec4c4476400e122ddbc3 +--- + src/boot/efi/linux.c | 2 +- + src/boot/efi/linux.h | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/boot/efi/linux.c b/src/boot/efi/linux.c +index 4d44671315..b5d6120493 100644 +--- a/src/boot/efi/linux.c ++++ b/src/boot/efi/linux.c +@@ -25,7 +25,7 @@ static VOID linux_efi_handover(EFI_HANDLE image, struct boot_params *params) { + handover(image, ST, params); + } + +-EFI_STATUS linux_exec(EFI_HANDLE *image, ++EFI_STATUS linux_exec(EFI_HANDLE image, + CHAR8 *cmdline, UINTN cmdline_len, + UINTN linux_addr, + UINTN initrd_addr, UINTN initrd_size) { +diff --git a/src/boot/efi/linux.h b/src/boot/efi/linux.h +index 09be2de27b..53270e16b3 100644 +--- a/src/boot/efi/linux.h ++++ b/src/boot/efi/linux.h +@@ -83,7 +83,7 @@ struct boot_params { + UINT8 _pad9276; + } __attribute__((packed)); + +-EFI_STATUS linux_exec(EFI_HANDLE *image, ++EFI_STATUS linux_exec(EFI_HANDLE image, + CHAR8 *cmdline, UINTN cmdline_size, + UINTN linux_addr, + UINTN initrd_addr, UINTN initrd_size); +-- +2.33.0 +
View file
_service:tar_scm:backport-stat-util-replace-is_dir-is_dir_fd-by-single-is_dir_.patch
Added
@@ -0,0 +1,85 @@ +From ab77d5f0c18783c273d1b3b0e8126c7019ddb1f8 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Wed, 13 Jul 2022 23:43:36 +0200 +Subject: PATCH stat-util: replace is_dir() + is_dir_fd() by single + is_dir_full() call + +This new call can execute both of the old operations, but also do +generic fstatat() like behaviour. + +(cherry picked from commit a586dc791ca465f4087473d2ad6794b7776aee2d) +(cherry picked from commit 9255fa3a15c5c7dea9ddb2ce5399d3b675f8368b) +(cherry picked from commit a77b81f1240ff7e0ea5d084d61875e1bdefc075d) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/ab77d5f0c18783c273d1b3b0e8126c7019ddb1f8 +--- + src/basic/stat-util.c | 20 ++++++-------------- + src/basic/stat-util.h | 9 +++++++-- + 2 files changed, 13 insertions(+), 16 deletions(-) + +diff --git a/src/basic/stat-util.c b/src/basic/stat-util.c +index 56f7652cec..652cfd1485 100644 +--- a/src/basic/stat-util.c ++++ b/src/basic/stat-util.c +@@ -31,31 +31,23 @@ int is_symlink(const char *path) { + return !!S_ISLNK(info.st_mode); + } + +-int is_dir(const char* path, bool follow) { ++int is_dir_full(int atfd, const char* path, bool follow) { + struct stat st; + int r; + +- assert(path); ++ assert(atfd >= 0 || atfd == AT_FDCWD); ++ assert(atfd >= 0 || path); + +- if (follow) +- r = stat(path, &st); ++ if (path) ++ r = fstatat(atfd, path, &st, follow ? 0 : AT_SYMLINK_NOFOLLOW); + else +- r = lstat(path, &st); ++ r = fstat(atfd, &st); + if (r < 0) + return -errno; + + return !!S_ISDIR(st.st_mode); + } + +-int is_dir_fd(int fd) { +- struct stat st; +- +- if (fstat(fd, &st) < 0) +- return -errno; +- +- return !!S_ISDIR(st.st_mode); +-} +- + int is_device_node(const char *path) { + struct stat info; + +diff --git a/src/basic/stat-util.h b/src/basic/stat-util.h +index a566114f7c..f9a24c8775 100644 +--- a/src/basic/stat-util.h ++++ b/src/basic/stat-util.h +@@ -13,8 +13,13 @@ + #include "missing_stat.h" + + int is_symlink(const char *path); +-int is_dir(const char *path, bool follow); +-int is_dir_fd(int fd); ++int is_dir_full(int atfd, const char *fname, bool follow); ++static inline int is_dir(const char *path, bool follow) { ++ return is_dir_full(AT_FDCWD, path, follow); ++} ++static inline int is_dir_fd(int fd) { ++ return is_dir_full(fd, NULL, false); ++} + int is_device_node(const char *path); + + int dir_is_empty_at(int dir_fd, const char *path); +-- +2.27.0 +
View file
_service:tar_scm:backport-stat-util-specify-O_DIRECTORY-when-reopening-dir-in-.patch
Added
@@ -0,0 +1,36 @@ +From e1e32516f98a1f39ce763545de9a8664526d0b8a Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Thu, 21 Oct 2021 18:07:06 +0200 +Subject: PATCH stat-util: specify O_DIRECTORY when reopening dir in + dir_is_empty_at() + +That way we can fail earlier if the specified fd is not actually a +directory. + +(Also, it's not exactly according to standards to open things without +either O_RDONLY/O_RDWR...) + +(cherry picked from commit b9d06522631a22d242374dc44a74c3b6459e3cb3) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/e1e32516f98a1f39ce763545de9a8664526d0b8a +--- + src/basic/stat-util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/stat-util.c b/src/basic/stat-util.c +index 72a7e4a48b..56f7652cec 100644 +--- a/src/basic/stat-util.c ++++ b/src/basic/stat-util.c +@@ -79,7 +79,7 @@ int dir_is_empty_at(int dir_fd, const char *path) { + } else { + /* Note that DUPing is not enough, as the internal pointer + * would still be shared and moved by FOREACH_DIRENT. */ +- fd = fd_reopen(dir_fd, O_CLOEXEC); ++ fd = fd_reopen(dir_fd, O_RDONLY|O_DIRECTORY|O_CLOEXEC); + if (fd < 0) + return fd; + } +-- +2.33.0 +
View file
_service:tar_scm:backport-syscalls-update-syscall-definitions.patch
Added
@@ -0,0 +1,853 @@ +From f551941e5d7a39312903625d473e1d527358f0e1 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Mon, 3 Jan 2022 03:48:10 +0900 +Subject: PATCH syscalls: update syscall definitions + +(cherry picked from commit 0c718b1a67cd0d3512eafeb4659458694bf3865b) +(cherry picked from commit 7e338876577cb328632ce3e7753c0130b54dd7a2) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/f551941e5d7a39312903625d473e1d527358f0e1 +--- + src/basic/syscalls-alpha.txt | 6 ++++-- + src/basic/syscalls-arc.txt | 6 ++++-- + src/basic/syscalls-arm.txt | 6 ++++-- + src/basic/syscalls-arm64.txt | 6 ++++-- + src/basic/syscalls-i386.txt | 6 ++++-- + src/basic/syscalls-ia64.txt | 6 ++++-- + src/basic/syscalls-m68k.txt | 6 ++++-- + src/basic/syscalls-mips64.txt | 6 ++++-- + src/basic/syscalls-mips64n32.txt | 6 ++++-- + src/basic/syscalls-mipso32.txt | 6 ++++-- + src/basic/syscalls-powerpc.txt | 6 ++++-- + src/basic/syscalls-powerpc64.txt | 6 ++++-- + src/basic/syscalls-riscv32.txt | 8 +++++--- + src/basic/syscalls-riscv64.txt | 6 ++++-- + src/basic/syscalls-s390.txt | 6 ++++-- + src/basic/syscalls-s390x.txt | 6 ++++-- + src/basic/syscalls-sparc.txt | 6 ++++-- + src/basic/syscalls-x86_64.txt | 6 ++++-- + 18 files changed, 73 insertions(+), 37 deletions(-) + +diff --git a/src/basic/syscalls-alpha.txt b/src/basic/syscalls-alpha.txt +index 3bcc357075..5aef86b09e 100644 +--- a/src/basic/syscalls-alpha.txt ++++ b/src/basic/syscalls-alpha.txt +@@ -106,6 +106,7 @@ ftruncate 130 + ftruncate64 + futex 394 + futex_time64 ++futex_waitv 559 + futimesat 454 + get_kernel_syms 309 + get_mempolicy 430 +@@ -203,6 +204,7 @@ madvise 75 + mbind 429 + membarrier 517 + memfd_create 512 ++memfd_secret + memory_ordering + migrate_pages 449 + mincore 375 +@@ -374,7 +376,6 @@ pciconfig_read 345 + pciconfig_write 346 + perf_event_open 493 + perfctr +-perfmonctl + personality 324 + pidfd_getfd 548 + pidfd_open 544 +@@ -394,6 +395,7 @@ preadv 490 + preadv2 520 + prlimit64 496 + process_madvise 550 ++process_mrelease 558 + process_vm_readv 504 + process_vm_writev 505 + pselect6 463 +@@ -404,7 +406,7 @@ pwritev 491 + pwritev2 521 + query_module 347 + quotactl 148 +-quotactl_path ++quotactl_fd 553 + read 3 + readahead 379 + readdir +diff --git a/src/basic/syscalls-arc.txt b/src/basic/syscalls-arc.txt +index e4204fa0f2..f275f104bf 100644 +--- a/src/basic/syscalls-arc.txt ++++ b/src/basic/syscalls-arc.txt +@@ -106,6 +106,7 @@ ftruncate + ftruncate64 46 + futex 98 + futex_time64 422 ++futex_waitv 449 + futimesat + get_kernel_syms + get_mempolicy 236 +@@ -203,6 +204,7 @@ madvise 233 + mbind 235 + membarrier 283 + memfd_create 279 ++memfd_secret + memory_ordering + migrate_pages 238 + mincore 232 +@@ -374,7 +376,6 @@ pciconfig_read + pciconfig_write + perf_event_open 241 + perfctr +-perfmonctl + personality 92 + pidfd_getfd 438 + pidfd_open 434 +@@ -394,6 +395,7 @@ preadv 69 + preadv2 286 + prlimit64 261 + process_madvise 440 ++process_mrelease 448 + process_vm_readv 270 + process_vm_writev 271 + pselect6 72 +@@ -404,7 +406,7 @@ pwritev 70 + pwritev2 287 + query_module + quotactl 60 +-quotactl_path ++quotactl_fd 443 + read 63 + readahead 213 + readdir +diff --git a/src/basic/syscalls-arm.txt b/src/basic/syscalls-arm.txt +index a4847a18b3..9037b28384 100644 +--- a/src/basic/syscalls-arm.txt ++++ b/src/basic/syscalls-arm.txt +@@ -106,6 +106,7 @@ ftruncate 93 + ftruncate64 194 + futex 240 + futex_time64 422 ++futex_waitv 449 + futimesat 326 + get_kernel_syms + get_mempolicy 320 +@@ -203,6 +204,7 @@ madvise 220 + mbind 319 + membarrier 389 + memfd_create 385 ++memfd_secret + memory_ordering + migrate_pages 400 + mincore 219 +@@ -374,7 +376,6 @@ pciconfig_read 272 + pciconfig_write 273 + perf_event_open 364 + perfctr +-perfmonctl + personality 136 + pidfd_getfd 438 + pidfd_open 434 +@@ -394,6 +395,7 @@ preadv 361 + preadv2 392 + prlimit64 369 + process_madvise 440 ++process_mrelease 448 + process_vm_readv 376 + process_vm_writev 377 + pselect6 335 +@@ -404,7 +406,7 @@ pwritev 362 + pwritev2 393 + query_module + quotactl 131 +-quotactl_path ++quotactl_fd 443 + read 3 + readahead 225 + readdir +diff --git a/src/basic/syscalls-arm64.txt b/src/basic/syscalls-arm64.txt +index ef76ffa96f..e91d7cfca4 100644 +--- a/src/basic/syscalls-arm64.txt ++++ b/src/basic/syscalls-arm64.txt +@@ -106,6 +106,7 @@ ftruncate 46 + ftruncate64 + futex 98 + futex_time64 ++futex_waitv 449 + futimesat + get_kernel_syms + get_mempolicy 236 +@@ -203,6 +204,7 @@ madvise 233 + mbind 235 + membarrier 283 + memfd_create 279 ++memfd_secret 447 + memory_ordering + migrate_pages 238 + mincore 232 +@@ -374,7 +376,6 @@ pciconfig_read + pciconfig_write + perf_event_open 241 + perfctr +-perfmonctl + personality 92 + pidfd_getfd 438 + pidfd_open 434 +@@ -394,6 +395,7 @@ preadv 69 + preadv2 286 + prlimit64 261 + process_madvise 440 ++process_mrelease 448
View file
_service:tar_scm:backport-sysext-use-LO_FLAGS_PARTSCAN-when-opening-image.patch
Added
@@ -0,0 +1,46 @@ +From 9370cf015e54e2201227c27271506e63ad8c3e1d Mon Sep 17 00:00:00 2001 +From: Luca Boccassi <luca.boccassi@microsoft.com> +Date: Wed, 19 Jan 2022 00:27:45 +0000 +Subject: PATCH sysext: use LO_FLAGS_PARTSCAN when opening image + +Jan 17 12:34:59 myguest1 (sd-sysext)486: Device '/var/lib/extensions/myext.raw' is loopback block device with partition scanning turned off, please turn it on. + +Fixes https://github.com/systemd/systemd/issues/22146 + +(cherry picked from commit 70a5c6dce0872b3bb0a39be250adde86a0c8f35c) +(cherry picked from commit 4ef7122f3c3328aa01e1ed187a793e7b1595ee87) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/9370cf015e54e2201227c27271506e63ad8c3e1d +--- + src/sysext/sysext.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/sysext/sysext.c b/src/sysext/sysext.c +index 572e4007fe..bcd87ab152 100644 +--- a/src/sysext/sysext.c ++++ b/src/sysext/sysext.c +@@ -2,6 +2,7 @@ + + #include <fcntl.h> + #include <getopt.h> ++#include <linux/loop.h> + #include <sys/mount.h> + #include <unistd.h> + +@@ -523,7 +524,11 @@ static int merge_subprocess(Hashmap *images, const char *workspace) { + if (verity_settings.data_path) + flags |= DISSECT_IMAGE_NO_PARTITION_TABLE; + +- r = loop_device_make_by_path(img->path, O_RDONLY, 0, &d); ++ r = loop_device_make_by_path( ++ img->path, ++ O_RDONLY, ++ FLAGS_SET(flags, DISSECT_IMAGE_NO_PARTITION_TABLE) ? 0 : LO_FLAGS_PARTSCAN, ++ &d); + if (r < 0) + return log_error_errno(r, "Failed to set up loopback device for %s: %m", img->path); + +-- +2.33.0 +
View file
_service:tar_scm:backport-systemctl-allow-set-property-to-be-called-with-a-glo.patch
Added
@@ -0,0 +1,111 @@ +From f8e994d928fc1636f7aefc6dd9ee8374c7cc63f3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Wed, 28 Jul 2021 12:57:10 +0200 +Subject: PATCH systemctl: allow set-property to be called with a glob + pattern +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +We call "systemctl set-property … Markers=+needs-restart" and this should +also work for globs, e.g. "user@*.service" or "syncthing@*.service". + +https://bugzilla.redhat.com/show_bug.cgi?id=1986258 +(cherry picked from commit 23a0ffa59f9cb26c4b016c9fd1a3a70da2607f61) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/f8e994d928fc1636f7aefc6dd9ee8374c7cc63f3 +--- + src/systemctl/systemctl-set-property.c | 53 ++++++++++++++++---------- + 1 file changed, 33 insertions(+), 20 deletions(-) + +diff --git a/src/systemctl/systemctl-set-property.c b/src/systemctl/systemctl-set-property.c +index 183a7b6a8a..5739bac070 100644 +--- a/src/systemctl/systemctl-set-property.c ++++ b/src/systemctl/systemctl-set-property.c +@@ -6,33 +6,20 @@ + #include "systemctl-util.h" + #include "systemctl.h" + +-int set_property(int argc, char *argv, void *userdata) { +- _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL; ++static int set_property_one(sd_bus *bus, const char *name, char **properties) { + _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; +- _cleanup_free_ char *n = NULL; +- UnitType t; +- sd_bus *bus; ++ _cleanup_(sd_bus_message_unrefp) sd_bus_message *m = NULL; + int r; + +- r = acquire_bus(BUS_MANAGER, &bus); +- if (r < 0) +- return r; +- +- polkit_agent_open_maybe(); +- + r = bus_message_new_method_call(bus, &m, bus_systemd_mgr, "SetUnitProperties"); + if (r < 0) + return bus_log_create_error(r); + +- r = unit_name_mangle(argv1, arg_quiet ? 0 : UNIT_NAME_MANGLE_WARN, &n); +- if (r < 0) +- return log_error_errno(r, "Failed to mangle unit name: %m"); +- +- t = unit_name_to_type(n); ++ UnitType t = unit_name_to_type(name); + if (t < 0) +- return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Invalid unit type: %s", n); ++ return log_error_errno(t, "Invalid unit type: %s", name); + +- r = sd_bus_message_append(m, "sb", n, arg_runtime); ++ r = sd_bus_message_append(m, "sb", name, arg_runtime); + if (r < 0) + return bus_log_create_error(r); + +@@ -40,7 +27,7 @@ int set_property(int argc, char *argv, void *userdata) { + if (r < 0) + return bus_log_create_error(r); + +- r = bus_append_unit_property_assignment_many(m, t, strv_skip(argv, 2)); ++ r = bus_append_unit_property_assignment_many(m, t, properties); + if (r < 0) + return r; + +@@ -50,7 +37,33 @@ int set_property(int argc, char *argv, void *userdata) { + + r = sd_bus_call(bus, m, 0, &error, NULL); + if (r < 0) +- return log_error_errno(r, "Failed to set unit properties on %s: %s", n, bus_error_message(&error, r)); ++ return log_error_errno(r, "Failed to set unit properties on %s: %s", ++ name, bus_error_message(&error, r)); + + return 0; + } ++ ++int set_property(int argc, char *argv, void *userdata) { ++ sd_bus *bus; ++ _cleanup_strv_free_ char **names = NULL; ++ char **name; ++ int r, k; ++ ++ r = acquire_bus(BUS_MANAGER, &bus); ++ if (r < 0) ++ return r; ++ ++ polkit_agent_open_maybe(); ++ ++ r = expand_unit_names(bus, STRV_MAKE(argv1), NULL, &names, NULL); ++ if (r < 0) ++ return log_error_errno(r, "Failed to expand '%s' into names: %m", argv1); ++ ++ r = 0; ++ STRV_FOREACH(name, names) { ++ k = set_property_one(bus, *name, strv_skip(argv, 2)); ++ if (k < 0 && r >= 0) ++ r = k; ++ } ++ return r; ++} +-- +2.33.0 +
View file
_service:tar_scm:backport-systemctl-make-timestamp-affect-the-show-verb-as-wel.patch
Added
@@ -0,0 +1,76 @@ +From 99a6dc51727e6c26cf43566de481272773cb1a91 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal <frantisek@sumsal.cz> +Date: Fri, 18 Feb 2022 23:09:18 +0100 +Subject: PATCH systemctl: make `--timestamp=` affect the `show` verb as well + +Currently the `--timestamp=` option has no effect on timestamps shown by +`systemctl show`, let's fix that. + +Spotted in #22567. + +Before: +``` +$ systemctl show --timestamp=us+utc systemd-journald | grep Timestamp= +ExecMainStartTimestamp=Sat 2021-12-11 15:25:57 CET +StateChangeTimestamp=Sat 2021-12-11 15:25:57 CET +InactiveExitTimestamp=Sat 2021-12-11 15:25:57 CET +ActiveEnterTimestamp=Sat 2021-12-11 15:25:57 CET +ActiveExitTimestamp=Sat 2021-12-11 15:25:57 CET +InactiveEnterTimestamp=Sat 2021-12-11 15:25:57 CET +ConditionTimestamp=Sat 2021-12-11 15:25:57 CET +AssertTimestamp=Sat 2021-12-11 15:25:57 CET +``` + +After: +``` +$ systemctl show --timestamp=us+utc systemd-journald | grep Timestamp= +ExecMainStartTimestamp=Sat 2021-12-11 14:25:57.177848 UTC +StateChangeTimestamp=Sat 2021-12-11 14:25:57.196714 UTC +InactiveExitTimestamp=Sat 2021-12-11 14:25:57.177871 UTC +ActiveEnterTimestamp=Sat 2021-12-11 14:25:57.196714 UTC +ActiveExitTimestamp=Sat 2021-12-11 14:25:57.144677 UTC +InactiveEnterTimestamp=Sat 2021-12-11 14:25:57.176331 UTC +ConditionTimestamp=Sat 2021-12-11 14:25:57.176980 UTC +AssertTimestamp=Sat 2021-12-11 14:25:57.176980 UTC + +``` + +(cherry picked from commit a59e5c625da5a6e0c46e493d55f2f4212e9457ca) +(cherry picked from commit e59c381e2321ae9e476c550d5a3d43a1fd0493ac) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/99a6dc51727e6c26cf43566de481272773cb1a91 +--- + src/systemctl/systemctl-show.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c +index dd99bc5323..5b6ee3c518 100644 +--- a/src/systemctl/systemctl-show.c ++++ b/src/systemctl/systemctl-show.c +@@ -1006,6 +1006,22 @@ static int print_property(const char *name, const char *expected_value, sd_bus_m + } + break; + ++ case SD_BUS_TYPE_UINT64: ++ if (endswith(name, "Timestamp")) { ++ char timestamp_strFORMAT_TIMESTAMP_MAX = "n/a"; ++ uint64_t timestamp; ++ ++ r = sd_bus_message_read_basic(m, bus_type, ×tamp); ++ if (r < 0) ++ return r; ++ ++ (void) format_timestamp_style(timestamp_str, sizeof(timestamp_str), timestamp, arg_timestamp_style); ++ bus_print_property_value(name, expected_value, flags, timestamp_str); ++ ++ return 1; ++ } ++ break; ++ + case SD_BUS_TYPE_STRUCT: + + if (contents0 == SD_BUS_TYPE_UINT32 && streq(name, "Job")) { +-- +2.33.0 +
View file
_service:tar_scm:backport-systemctl-only-fall-back-to-local-cgroup-display-if-.patch
Added
@@ -0,0 +1,34 @@ +From 08693ce568f0967046b669fcd99ba0939a1df86d Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Thu, 28 Oct 2021 16:47:40 +0200 +Subject: PATCH systemctl: only fall back to local cgroup display if we talk + to local systemd + +Otherwise we likely show rubbish because even in local containers we +nowadays have cgroup namespacing, hence we likely can't access the +cgroup tree from the host at the same place as inside the container. + +(cherry picked from commit 35ac0260db7b896604d156e9638ad15700083508) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/08693ce568f0967046b669fcd99ba0939a1df86d +--- + src/systemctl/systemctl-show.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c +index 290a501c52..dd99bc5323 100644 +--- a/src/systemctl/systemctl-show.c ++++ b/src/systemctl/systemctl-show.c +@@ -741,7 +741,7 @@ static void print_status_info( + c = 0; + + r = unit_show_processes(bus, i->id, i->control_group, prefix, c, get_output_flags(), &error); +- if (r == -EBADR) { ++ if (r == -EBADR && arg_transport == BUS_TRANSPORT_LOCAL) { + unsigned k = 0; + pid_t extra2; + +-- +2.33.0 +
View file
_service:tar_scm:backport-systemctl-pretty-print-ExtensionImages-property.patch
Added
@@ -0,0 +1,85 @@ +From c4967b69610a75375cdcaafc9a9816ffddaeec38 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi <luca.boccassi@microsoft.com> +Date: Tue, 26 Oct 2021 22:55:30 +0100 +Subject: PATCH systemctl: pretty-print ExtensionImages property + +Complex type, so without explicit support 'systemctl show' just prints unprintable + +(cherry picked from commit 60c16c5cf3458199646cbda9dfe7763b6ba8b62f) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/c4967b69610a75375cdcaafc9a9816ffddaeec38 +--- + src/systemctl/systemctl-show.c | 56 ++++++++++++++++++++++++++++++++++ + 1 file changed, 56 insertions(+) + +diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c +index 1f524626bf..3bc9fd4920 100644 +--- a/src/systemctl/systemctl-show.c ++++ b/src/systemctl/systemctl-show.c +@@ -1694,6 +1694,62 @@ static int print_property(const char *name, const char *expected_value, sd_bus_m + + return 1; + ++ } else if (streq(name, "ExtensionImages")) { ++ _cleanup_free_ char *paths = NULL; ++ ++ r = sd_bus_message_enter_container(m, SD_BUS_TYPE_ARRAY, "(sba(ss))"); ++ if (r < 0) ++ return bus_log_parse_error(r); ++ ++ for (;;) { ++ _cleanup_free_ char *str = NULL; ++ const char *source, *partition, *mount_options; ++ int ignore_enoent; ++ ++ r = sd_bus_message_enter_container(m, 'r', "sba(ss)"); ++ if (r < 0) ++ return bus_log_parse_error(r); ++ if (r == 0) ++ break; ++ ++ r = sd_bus_message_read(m, "sb", &source, &ignore_enoent); ++ if (r < 0) ++ return bus_log_parse_error(r); ++ ++ str = strjoin(ignore_enoent ? "-" : "", source); ++ if (!str) ++ return log_oom(); ++ ++ r = sd_bus_message_enter_container(m, 'a', "(ss)"); ++ if (r < 0) ++ return bus_log_parse_error(r); ++ ++ while ((r = sd_bus_message_read(m, "(ss)", &partition, &mount_options)) > 0) ++ if (!strextend_with_separator(&str, ":", partition, mount_options)) ++ return log_oom(); ++ if (r < 0) ++ return bus_log_parse_error(r); ++ ++ if (!strextend_with_separator(&paths, " ", str)) ++ return log_oom(); ++ ++ r = sd_bus_message_exit_container(m); ++ if (r < 0) ++ return bus_log_parse_error(r); ++ ++ r = sd_bus_message_exit_container(m); ++ if (r < 0) ++ return bus_log_parse_error(r); ++ } ++ ++ r = sd_bus_message_exit_container(m); ++ if (r < 0) ++ return bus_log_parse_error(r); ++ ++ bus_print_property_value(name, expected_value, flags, paths); ++ ++ return 1; ++ + } else if (streq(name, "BPFProgram")) { + const char *a, *p; + +-- +2.33.0 +
View file
_service:tar_scm:backport-systemctl-show-error-when-help-for-unknown-unit-is-r.patch
Added
@@ -0,0 +1,39 @@ +From 486412ad3bba4f1306597302cf66cc4858126243 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Mon, 12 Jul 2021 12:32:39 +0200 +Subject: PATCH systemctl: show error when help for unknown unit is requested + +Fixes #20189. We would only log at debug level and return failure, which looks +like a noop for the user. + +('help' accepts multiple arguments and will show multiple concatenated man +pages in that case. Actually, it will also show multiple concatenated man pages +if the Documentation= setting lists multiple pages. I don't think it's very +terribly useful, but, meh, I don't think we can do much better. If a user +requests a help for a two services, one known and one unknown, there'll now be +a line in the output. It's not very user friendly, but not exactly wrong too.) + +(cherry picked from commit 75312ada5324d8adae3f3a0ed97f0acfc8b8bde5) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/486412ad3bba4f1306597302cf66cc4858126243 +--- + src/systemctl/systemctl-show.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c +index 470ff617d6..1f524626bf 100644 +--- a/src/systemctl/systemctl-show.c ++++ b/src/systemctl/systemctl-show.c +@@ -1915,7 +1915,7 @@ static int show_one( + return log_error_errno(r, "Failed to get properties: %s", bus_error_message(&error, r)); + + if (unit && streq_ptr(info.load_state, "not-found") && streq_ptr(info.active_state, "inactive")) { +- log_full(show_mode == SYSTEMCTL_SHOW_STATUS ? LOG_ERR : LOG_DEBUG, ++ log_full(show_mode == SYSTEMCTL_SHOW_PROPERTIES ? LOG_DEBUG : LOG_ERR, + "Unit %s could not be found.", unit); + + if (show_mode == SYSTEMCTL_SHOW_STATUS) +-- +2.33.0 +
View file
_service:tar_scm:backport-systemctl-small-fixes-for-MountImages-pretty-printin.patch
Added
@@ -0,0 +1,70 @@ +From 1f332abc9f82c653d40e5f3e42b761dca88d31ed Mon Sep 17 00:00:00 2001 +From: Luca Boccassi <luca.boccassi@microsoft.com> +Date: Wed, 27 Oct 2021 11:17:02 +0100 +Subject: PATCH systemctl: small fixes for MountImages pretty printing + +(cherry picked from commit 8ec6108c0bdb5ab2e05bc20ab41ad6653805fd00) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/1f332abc9f82c653d40e5f3e42b761dca88d31ed +--- + src/systemctl/systemctl-show.c | 20 ++++++++++---------- + 1 file changed, 10 insertions(+), 10 deletions(-) + +diff --git a/src/systemctl/systemctl-show.c b/src/systemctl/systemctl-show.c +index 3bc9fd4920..290a501c52 100644 +--- a/src/systemctl/systemctl-show.c ++++ b/src/systemctl/systemctl-show.c +@@ -1649,11 +1649,13 @@ static int print_property(const char *name, const char *expected_value, sd_bus_m + + r = sd_bus_message_enter_container(m, 'r', "ssba(ss)"); + if (r < 0) +- return r; ++ return bus_log_parse_error(r); ++ if (r == 0) ++ break; + + r = sd_bus_message_read(m, "ssb", &source, &destination, &ignore_enoent); +- if (r <= 0) +- break; ++ if (r < 0) ++ return bus_log_parse_error(r); + + str = strjoin(ignore_enoent ? "-" : "", + source, +@@ -1664,27 +1666,25 @@ static int print_property(const char *name, const char *expected_value, sd_bus_m + + r = sd_bus_message_enter_container(m, 'a', "(ss)"); + if (r < 0) +- return r; ++ return bus_log_parse_error(r); + + while ((r = sd_bus_message_read(m, "(ss)", &partition, &mount_options)) > 0) +- if (!strextend_with_separator(&str, ":", partition, ":", mount_options)) ++ if (!strextend_with_separator(&str, ":", partition, mount_options)) + return log_oom(); + if (r < 0) +- return r; ++ return bus_log_parse_error(r); + + if (!strextend_with_separator(&paths, " ", str)) + return log_oom(); + + r = sd_bus_message_exit_container(m); + if (r < 0) +- return r; ++ return bus_log_parse_error(r); + + r = sd_bus_message_exit_container(m); + if (r < 0) +- return r; ++ return bus_log_parse_error(r); + } +- if (r < 0) +- return bus_log_parse_error(r); + + r = sd_bus_message_exit_container(m); + if (r < 0) +-- +2.33.0 +
View file
_service:tar_scm:backport-systemd-analyze-parse-ip_filters_custom_egress-corre.patch
Added
@@ -0,0 +1,31 @@ +From 2d8f28adf58c58d99c19da9d53c6c66a9b952ce4 Mon Sep 17 00:00:00 2001 +From: Maanya Goenka <t-magoenka@microsoft.com> +Date: Tue, 10 Aug 2021 14:30:46 -0700 +Subject: PATCH systemd-analyze: parse ip_filters_custom_egress correctly + +Fixed bug in original assignment of security_info variable: ip_filters_custom_egress. + +(cherry picked from commit 3da57008e743643d45d3dc05eacac1a4623539a4) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/2d8f28adf58c58d99c19da9d53c6c66a9b952ce4 +--- + src/analyze/analyze-security.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c +index f20606c17c..309e9a81b5 100644 +--- a/src/analyze/analyze-security.c ++++ b/src/analyze/analyze-security.c +@@ -1910,7 +1910,7 @@ static int property_read_ip_filters( + if (streq(member, "IPIngressFilterPath")) + info->ip_filters_custom_ingress = !strv_isempty(l); + else if (streq(member, "IPEgressFilterPath")) +- info->ip_filters_custom_ingress = !strv_isempty(l); ++ info->ip_filters_custom_egress = !strv_isempty(l); + + return 0; + } +-- +2.33.0 +
View file
_service:tar_scm:backport-systemd-run-ensure-error-logs-suggest-to-use-user-wh.patch
Added
@@ -0,0 +1,63 @@ +From 8ece102d314cfe92aaa7a7afc853b6921da941c4 Mon Sep 17 00:00:00 2001 +From: Luca Boccassi <luca.boccassi@microsoft.com> +Date: Thu, 30 Dec 2021 00:54:32 +0000 +Subject: PATCH systemd-run: ensure error logs suggest to use '--user' when + appropriate + +Before: + +$ systemd-run --service-type=notify --user false +Job for run-rc3fe52ee6ddd4a6eaaf1a20e0a949cdf.service failed because the control process exited with error code. +See "systemctl status run-rc3fe52ee6ddd4a6eaaf1a20e0a949cdf.service" and "journalctl -xeu run-rc3fe52ee6ddd4a6eaaf1a20e0a949cdf.service" for details. + +After: + +$ systemd-run --service-type=notify --user false +Job for run-r7791e380a7b6400ea01d6a0e5a458b23.service failed because the control process exited with error code. +See "systemctl --user status run-r7791e380a7b6400ea01d6a0e5a458b23.service" and "journalctl --user -xeu run-r7791e380a7b6400ea01d6a0e5a458b23.service" for details. + +Fixes https://github.com/systemd/systemd/issues/21933 + +(cherry picked from commit 466f2351bbb5c0fdc9f153e35506570e59b14c5f) +(cherry picked from commit b59615dc76cf82bd1fca301220ee0b7961cbcacd) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/8ece102d314cfe92aaa7a7afc853b6921da941c4 +--- + src/run/run.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/run/run.c b/src/run/run.c +index 9a7e1efaca..c858bf793d 100644 +--- a/src/run/run.c ++++ b/src/run/run.c +@@ -1228,7 +1228,7 @@ static int start_transient_service( + if (r < 0) + return bus_log_parse_error(r); + +- r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); ++ r = bus_wait_for_jobs_one(w, object, arg_quiet, arg_user ? STRV_MAKE_CONST("--user") : NULL); + if (r < 0) + return r; + } +@@ -1473,7 +1473,7 @@ static int start_transient_scope(sd_bus *bus) { + if (r < 0) + return bus_log_parse_error(r); + +- r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); ++ r = bus_wait_for_jobs_one(w, object, arg_quiet, arg_user ? STRV_MAKE_CONST("--user") : NULL); + if (r < 0) + return r; + +@@ -1693,7 +1693,7 @@ static int start_transient_trigger( + if (r < 0) + return bus_log_parse_error(r); + +- r = bus_wait_for_jobs_one(w, object, arg_quiet, NULL); ++ r = bus_wait_for_jobs_one(w, object, arg_quiet, arg_user ? STRV_MAKE_CONST("--user") : NULL); + if (r < 0) + return r; + +-- +2.33.0 +
View file
_service:tar_scm:backport-sysusers-add-fsync-for-passwd-24324.patch
Added
@@ -0,0 +1,37 @@ +From 3982142116871b3eead4d5833d898f077e7942d4 Mon Sep 17 00:00:00 2001 +From: Avram Lubkin <avylove@rockhopper.net> +Date: Tue, 16 Aug 2022 08:51:21 -0400 +Subject: PATCH sysusers: add fsync for passwd (#24324) + +https://github.com/systemd/systemd/pull/6636 added `fsync()` when +temporary shadow, group, and gshadow files are created, but it was +not added for passwd. As far as I can tell, this seems to have been +an oversight. I'm seeing real world issues where a blank /etc/passwd +file is being created if a machine loses power early in the boot process. + +(cherry picked from commit 19193b489841a7bcccda7122ac0849cf6efe59fd) +(cherry picked from commit 9f2f3911539c453037aecd51f875dfd75ed04113) +(cherry picked from commit 7ca021b87e92a4e775af22c04a2ab2bf404ae313) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/3982142116871b3eead4d5833d898f077e7942d4 +--- + src/sysusers/sysusers.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c +index 669efe4a1d..055eb6775e 100644 +--- a/src/sysusers/sysusers.c ++++ b/src/sysusers/sysusers.c +@@ -487,7 +487,7 @@ static int write_temporary_passwd(const char *passwd_path, FILE **tmpfile, char + break; + } + +- r = fflush_and_check(passwd); ++ r = fflush_sync_and_check(passwd); + if (r < 0) + return log_debug_errno(r, "Failed to flush %s: %m", passwd_tmp); + +-- +2.27.0 +
View file
_service:tar_scm:backport-sysusers-use-filename-if-proc-is-not-mounted.patch
Added
@@ -0,0 +1,34 @@ +From f78a48840205339157b186b7c8e576a3c690f6d9 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Fri, 31 Dec 2021 00:11:01 +0900 +Subject: PATCH sysusers: use filename if /proc is not mounted + +During system install, /proc may not be mounted yet. + +Fixes RHBZ#2036217 (https://bugzilla.redhat.com/show_bug.cgi?id=2036217). + +(cherry picked from commit b78d7f246899687a1697cdcebe93d8512c5e7c4b) +(cherry picked from commit 747b4f1ff8aac3a1b800b0a7ac0edef4af34da70) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/f78a48840205339157b186b7c8e576a3c690f6d9 +--- + src/sysusers/sysusers.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c +index a18634d254..669efe4a1d 100644 +--- a/src/sysusers/sysusers.c ++++ b/src/sysusers/sysusers.c +@@ -267,7 +267,7 @@ static int make_backup(const char *target, const char *x) { + + /* Copy over the access mask. Don't fail on chmod() or chown(). If it stays owned by us and/or + * unreadable by others, then it isn't too bad... */ +- r = fchmod_and_chown(fileno(dst), st.st_mode & 07777, st.st_uid, st.st_gid); ++ r = fchmod_and_chown_with_fallback(fileno(dst), dst_tmp, st.st_mode & 07777, st.st_uid, st.st_gid); + if (r < 0) + log_warning_errno(r, "Failed to change access mode or ownership of %s: %m", backup); + +-- +2.33.0 +
View file
_service:tar_scm:backport-temporarily-disable-test-seccomp.patch
Changed
@@ -4,14 +4,14 @@ Subject: PATCH temporarily disable test-seccomp --- - src/test/test-seccomp.c | 22 +--------------------- - 1 file changed, 1 insertion(+), 21 deletions(-) + src/test/test-seccomp.c | 23 +--------------------- + 1 file changed, 1 insertion(+), 22 deletions(-) diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c index 023c4b6..8d23ab5 100644 --- a/src/test/test-seccomp.c +++ b/src/test/test-seccomp.c -@@ -1154,25 +1154,5 @@ static void test_restrict_suid_sgid(void) { +@@ -1154,26 +1154,5 @@ static void test_restrict_suid_sgid(void) { } int main(int argc, char *argv) { @@ -32,6 +32,7 @@ - test_memory_deny_write_execute_shmat(); - test_restrict_archs(); - test_load_syscall_filter_set_raw(); +- test_native_syscalls_filtered(); - test_lock_personality(); - test_restrict_suid_sgid(); -
View file
_service:tar_scm:backport-test-Check-that-native-architecture-is-always-filter.patch
Added
@@ -0,0 +1,95 @@ +From ef92d7fc97a543d2b7e0730f2b78d8ef2a91959c Mon Sep 17 00:00:00 2001 +From: Benjamin Berg <bberg@redhat.com> +Date: Fri, 17 Sep 2021 14:00:39 +0200 +Subject: PATCH test: Check that "native" architecture is always filtered + +(cherry picked from commit 08bf703cc1511817cdf67543c3b166dc8831ba8c) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/ef92d7fc97a543d2b7e0730f2b78d8ef2a91959c +--- + src/test/test-seccomp.c | 61 +++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 61 insertions(+) + +diff --git a/src/test/test-seccomp.c b/src/test/test-seccomp.c +index 023c4b6e0e..dc3088d4b0 100644 +--- a/src/test/test-seccomp.c ++++ b/src/test/test-seccomp.c +@@ -890,6 +890,66 @@ static void test_load_syscall_filter_set_raw(void) { + assert_se(wait_for_terminate_and_check("syscallrawseccomp", pid, WAIT_LOG) == EXIT_SUCCESS); + } + ++static void test_native_syscalls_filtered(void) { ++ pid_t pid; ++ ++ log_info("/* %s */", __func__); ++ ++ if (!is_seccomp_available()) { ++ log_notice("Seccomp not available, skipping %s", __func__); ++ return; ++ } ++ if (!have_seccomp_privs()) { ++ log_notice("Not privileged, skipping %s", __func__); ++ return; ++ } ++ ++ pid = fork(); ++ assert_se(pid >= 0); ++ ++ if (pid == 0) { ++ _cleanup_set_free_ Set *arch_s = NULL; ++ _cleanup_hashmap_free_ Hashmap *s = NULL; ++ ++ /* Passing "native" or an empty set is equivalent, just do both here. */ ++ assert_se(arch_s = set_new(NULL)); ++ assert_se(seccomp_restrict_archs(arch_s) >= 0); ++ assert_se(set_put(arch_s, SCMP_ARCH_NATIVE) >= 0); ++ assert_se(seccomp_restrict_archs(arch_s) >= 0); ++ ++ assert_se(access("/", F_OK) >= 0); ++ assert_se(poll(NULL, 0, 0) == 0); ++ ++ assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, NULL, scmp_act_kill_process(), true) >= 0); ++ assert_se(access("/", F_OK) >= 0); ++ assert_se(poll(NULL, 0, 0) == 0); ++ ++ assert_se(s = hashmap_new(NULL)); ++#if defined __NR_access && __NR_access >= 0 ++ assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_access + 1), INT_TO_PTR(-1)) >= 0); ++ log_debug("has access()"); ++#endif ++#if defined __NR_faccessat && __NR_faccessat >= 0 ++ assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat + 1), INT_TO_PTR(-1)) >= 0); ++ log_debug("has faccessat()"); ++#endif ++#if defined __NR_faccessat2 && __NR_faccessat2 >= 0 ++ assert_se(hashmap_put(s, UINT32_TO_PTR(__NR_faccessat2 + 1), INT_TO_PTR(-1)) >= 0); ++ log_debug("has faccessat2()"); ++#endif ++ ++ assert_se(!hashmap_isempty(s)); ++ assert_se(seccomp_load_syscall_filter_set_raw(SCMP_ACT_ALLOW, s, SCMP_ACT_ERRNO(EUCLEAN), true) >= 0); ++ ++ assert_se(access("/", F_OK) < 0); ++ assert_se(errno == EUCLEAN); ++ ++ _exit(EXIT_SUCCESS); ++ } ++ ++ assert_se(wait_for_terminate_and_check("nativeseccomp", pid, WAIT_LOG) == EXIT_SUCCESS); ++} ++ + static void test_lock_personality(void) { + unsigned long current; + pid_t pid; +@@ -1171,6 +1231,7 @@ int main(int argc, char *argv) { + test_memory_deny_write_execute_shmat(); + test_restrict_archs(); + test_load_syscall_filter_set_raw(); ++ test_native_syscalls_filtered(); + test_lock_personality(); + test_restrict_suid_sgid(); + +-- +2.33.0 +
View file
_service:tar_scm:backport-test-add-test-case-for-sysv-generator-and-invalid-de.patch
Added
@@ -0,0 +1,210 @@ +From 5f882cc3ab32636d9242effb2cefad20d92d2ec2 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Tue, 15 Nov 2022 21:52:19 +0900 +Subject: PATCH test: add test case for sysv-generator and invalid dependency + +--- + test/units/assert.sh | 58 +++++++++++++++++++ + test/units/testsuite-26.sh | 116 ++++++++++++++++++++++++++++++++++++- + 2 files changed, 172 insertions(+), 2 deletions(-) + create mode 100755 test/units/assert.sh + +diff --git a/test/units/assert.sh b/test/units/assert.sh +new file mode 100755 +index 0000000..2f4d93a +--- /dev/null ++++ b/test/units/assert.sh +@@ -0,0 +1,58 @@ ++#!/usr/bin/env bash ++# SPDX-License-Identifier: LGPL-2.1-or-later ++ ++# utility functions for shell tests ++ ++assert_true() {( ++ set +ex ++ ++ local rc ++ ++ "$@" ++ rc=$? ++ if $rc -ne 0 ; then ++ echo "FAIL: command '$*' failed with exit code $rc" >&2 ++ exit 1 ++ fi ++)} ++ ++ ++assert_eq() {( ++ set +ex ++ ++ if "${1?}" != "${2?}" ; then ++ echo "FAIL: expected: '$2' actual: '$1'" >&2 ++ exit 1 ++ fi ++)} ++ ++assert_in() {( ++ set +ex ++ ++ if ! "${2?}" =~ ${1?} ; then ++ echo "FAIL: '$1' not found in:" >&2 ++ echo "$2" >&2 ++ exit 1 ++ fi ++)} ++ ++assert_not_in() {( ++ set +ex ++ ++ if "${2?}" =~ ${1?} ; then ++ echo "FAIL: '$1' found in:" >&2 ++ echo "$2" >&2 ++ exit 1 ++ fi ++)} ++ ++assert_rc() {( ++ set +ex ++ ++ local rc exp="${1?}" ++ ++ shift ++ "$@" ++ rc=$? ++ assert_eq "$rc" "$exp" ++)} +diff --git a/test/units/testsuite-26.sh b/test/units/testsuite-26.sh +index 7982099..fe6b63b 100755 +--- a/test/units/testsuite-26.sh ++++ b/test/units/testsuite-26.sh +@@ -2,6 +2,11 @@ + set -eux + set -o pipefail + ++# shellcheck source=test/units/assert.sh ++. "$(dirname "$0")"/assert.sh ++ ++: >/failed ++ + # Make sure PATH is set + systemctl show-environment | grep -q '^PATH=' + +@@ -26,6 +31,113 @@ systemctl show-environment | grep '^FOO=$' && exit 1 + systemctl show-environment | grep '^PATH=.*testaddition$' && exit 1 + systemctl show-environment | grep -q '^PATH=' + +-echo OK >/testok ++# test for sysv-generator (issue #24990) ++if -x /usr/lib/systemd/system-generators/systemd-sysv-generator ; then ++ # This is configurable via -Dsysvinit-path=, but we can't get the value ++ # at runtime, so let's just support the two most common paths for now. ++ -d /etc/rc.d/init.d && SYSVINIT_PATH="/etc/rc.d/init.d" || SYSVINIT_PATH="/etc/init.d" ++ ++ # invalid dependency ++ cat >"${SYSVINIT_PATH:?}/issue-24990" <<\EOF ++#!/bin/bash ++ ++### BEGIN INIT INFO ++# Provides:test1 test2 ++# Required-Start:test1 $remote_fs $network ++# Required-Stop:test1 $remote_fs $network ++# Description:Test ++# Short-Description: Test ++### END INIT INFO ++ ++case "$1" in ++ start) ++ echo "Starting issue-24990.service" ++ sleep 1000 & ++ ;; ++ stop) ++ echo "Stopping issue-24990.service" ++ sleep 10 & ++ ;; ++ *) ++ echo "Usage: service test {start|stop|restart|status}" ++ ;; ++esac ++EOF ++ ++ chmod +x "$SYSVINIT_PATH/issue-24990" ++ systemctl daemon-reload ++ -L /run/systemd/generator.late/test1.service ++ -L /run/systemd/generator.late/test2.service ++ assert_eq "$(readlink -f /run/systemd/generator.late/test1.service)" "/run/systemd/generator.late/issue-24990.service" ++ assert_eq "$(readlink -f /run/systemd/generator.late/test2.service)" "/run/systemd/generator.late/issue-24990.service" ++ output=$(systemctl cat issue-24990) ++ assert_in "SourcePath=$SYSVINIT_PATH/issue-24990" "$output" ++ assert_in "Description=LSB: Test" "$output" ++ assert_in "After=test1.service" "$output" ++ assert_in "After=remote-fs.target" "$output" ++ assert_in "After=network-online.target" "$output" ++ assert_in "Wants=network-online.target" "$output" ++ assert_in "ExecStart=$SYSVINIT_PATH/issue-24990 start" "$output" ++ assert_in "ExecStop=$SYSVINIT_PATH/issue-24990 stop" "$output" ++ systemctl status issue-24990 || : ++ systemctl show issue-24990 ++ assert_not_in "issue-24990.service" "$(systemctl show --property=After --value)" ++ assert_not_in "issue-24990.service" "$(systemctl show --property=Before --value)" ++ ++ if ! systemctl is-active network-online.target; then ++ systemctl start network-online.target ++ fi ++ ++ systemctl restart issue-24990 ++ systemctl stop issue-24990 ++ ++ # valid dependency ++ cat >"$SYSVINIT_PATH/issue-24990" <<\EOF ++#!/bin/bash ++ ++### BEGIN INIT INFO ++# Provides:test1 test2 ++# Required-Start:$remote_fs ++# Required-Stop:$remote_fs ++# Description:Test ++# Short-Description: Test ++### END INIT INFO ++ ++case "$1" in ++ start) ++ echo "Starting issue-24990.service" ++ sleep 1000 & ++ ;; ++ stop) ++ echo "Stopping issue-24990.service" ++ sleep 10 & ++ ;; ++ *) ++ echo "Usage: service test {start|stop|restart|status}" ++ ;; ++esac ++EOF ++ ++ chmod +x "$SYSVINIT_PATH/issue-24990" ++ systemctl daemon-reload ++ -L /run/systemd/generator.late/test1.service ++ -L /run/systemd/generator.late/test2.service ++ assert_eq "$(readlink -f /run/systemd/generator.late/test1.service)" "/run/systemd/generator.late/issue-24990.service" ++ assert_eq "$(readlink -f /run/systemd/generator.late/test2.service)" "/run/systemd/generator.late/issue-24990.service" ++ output=$(systemctl cat issue-24990) ++ assert_in "SourcePath=$SYSVINIT_PATH/issue-24990" "$output" ++ assert_in "Description=LSB: Test" "$output" ++ assert_in "After=remote-fs.target" "$output" ++ assert_in "ExecStart=$SYSVINIT_PATH/issue-24990 start" "$output" ++ assert_in "ExecStop=$SYSVINIT_PATH/issue-24990 stop" "$output" ++ systemctl status issue-24990 || : ++ systemctl show issue-24990 ++ assert_not_in "issue-24990.service" "$(systemctl show --property=After --value)" ++ assert_not_in "issue-24990.service" "$(systemctl show --property=Before --value)"
View file
_service:tar_scm:backport-test-add-tests-for-reading-unaligned-data.patch
Added
@@ -0,0 +1,87 @@ +From 61ca9b34258e4786d9a8e68b9b28c4e794a65d1f Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Tue, 28 Sep 2021 00:48:59 +0900 +Subject: PATCH test: add tests for reading unaligned data + +(cherry picked from commit e620104956dff64244c0e73e86c3138c0b13b875) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/61ca9b34258e4786d9a8e68b9b28c4e794a65d1f +--- + src/libsystemd-network/test-dhcp6-client.c | 29 ++++++++++++++++------ + 1 file changed, 21 insertions(+), 8 deletions(-) + +diff --git a/src/libsystemd-network/test-dhcp6-client.c b/src/libsystemd-network/test-dhcp6-client.c +index 5d1f709f11..b22297dcd5 100644 +--- a/src/libsystemd-network/test-dhcp6-client.c ++++ b/src/libsystemd-network/test-dhcp6-client.c +@@ -156,7 +156,7 @@ static int test_parse_domain(sd_event *e) { + + static int test_option(sd_event *e) { + uint8_t packet = { +- 'F', 'O', 'O', ++ 'F', 'O', 'O', 'H', 'O', 'G', 'E', + 0x00, SD_DHCP6_OPTION_ORO, 0x00, 0x07, + 'A', 'B', 'C', 'D', 'E', 'F', 'G', + 0x00, SD_DHCP6_OPTION_VENDOR_CLASS, 0x00, 0x09, +@@ -164,12 +164,13 @@ static int test_option(sd_event *e) { + 'B', 'A', 'R', + }; + uint8_t result = { +- 'F', 'O', 'O', ++ 'F', 'O', 'O', 'H', 'O', 'G', 'E', + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 'B', 'A', 'R', + }; ++ _cleanup_free_ uint8_t *buf = NULL; + size_t offset, pos, optlen, outlen = sizeof(result); + const uint8_t *optval; + uint16_t optcode; +@@ -185,16 +186,28 @@ static int test_option(sd_event *e) { + offset = 3; + assert_se(dhcp6_option_parse(packet, 0, &offset, &optcode, &optlen, &optval) == -EBADMSG); + +- offset = 3; ++ /* Tests for reading unaligned data. */ ++ assert_se(buf = new(uint8_t, sizeof(packet))); ++ for (size_t i = 0; i <= 7; i++) { ++ memcpy(buf, packet + i, sizeof(packet) - i); ++ offset = 7 - i; ++ assert_se(dhcp6_option_parse(buf, sizeof(packet), &offset, &optcode, &optlen, &optval) >= 0); ++ ++ assert_se(optcode == SD_DHCP6_OPTION_ORO); ++ assert_se(optlen == 7); ++ assert_se(optval == buf + 11 - i); ++ } ++ ++ offset = 7; + assert_se(dhcp6_option_parse(packet, sizeof(packet), &offset, &optcode, &optlen, &optval) >= 0); + + assert_se(optcode == SD_DHCP6_OPTION_ORO); + assert_se(optlen == 7); +- assert_se(optval == packet + 7); ++ assert_se(optval == packet + 11); + +- pos = 3; +- outlen -= 3; +- out = &result3; ++ pos = 7; ++ outlen -= 7; ++ out = &resultpos; + + assert_se(dhcp6_option_append(&out, &outlen, optcode, optlen, optval) >= 0); + +@@ -206,7 +219,7 @@ static int test_option(sd_event *e) { + + assert_se(optcode == SD_DHCP6_OPTION_VENDOR_CLASS); + assert_se(optlen == 9); +- assert_se(optval == packet + 18); ++ assert_se(optval == packet + 22); + + assert_se(dhcp6_option_append(&out, &outlen, optcode, optlen, optval) >= 0); + +-- +2.33.0 +
View file
_service:tar_scm:backport-test-do-not-use-alloca-in-function-call.patch
Added
@@ -0,0 +1,39 @@ +From 5f326b0388d4b0a7fcab8cedca255e93a6e311f4 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sun, 24 Oct 2021 00:16:57 +0900 +Subject: PATCH test: do not use alloca() in function call + +(cherry picked from commit 4150584e63562616e16242f7b1016c0e642fb59e) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/5f326b0388d4b0a7fcab8cedca255e93a6e311f4 +--- + src/test/test-path.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/test/test-path.c b/src/test/test-path.c +index 490fb136a7..88457d177f 100644 +--- a/src/test/test-path.c ++++ b/src/test/test-path.c +@@ -306,7 +306,7 @@ static void test_path_unit(Manager *m) { + } + + static void test_path_directorynotempty(Manager *m) { +- const char *test_path = "/tmp/test-path_directorynotempty/"; ++ const char *test_file, *test_path = "/tmp/test-path_directorynotempty/"; + Unit *unit = NULL; + Path *path = NULL; + Service *service = NULL; +@@ -328,7 +328,8 @@ static void test_path_directorynotempty(Manager *m) { + assert_se(access(test_path, F_OK) < 0); + + assert_se(mkdir_p(test_path, 0755) >= 0); +- assert_se(touch(strjoina(test_path, "test_file")) >= 0); ++ test_file = strjoina(test_path, "test_file"); ++ assert_se(touch(test_file) >= 0); + if (check_states(m, path, service, PATH_RUNNING, SERVICE_RUNNING) < 0) + return; + +-- +2.33.0 +
View file
_service:tar_scm:backport-test-fileio-test-read_virtual_file-with-more-files-f.patch
Added
@@ -0,0 +1,53 @@ +From dd6cb364bcc58b390671d4ee2ed7b30f4a5dced8 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Thu, 16 Sep 2021 11:31:52 +0200 +Subject: PATCH test-fileio: test read_virtual_file() with more files from + /proc + +i.e. let's pick some files we know are too large, or where struct stat's +.st_size is zero even though non-empty, and test read_virtual_file() +with that, to ensure things are handled sensibly. Goal is to ensure all +three major codepaths in read_virtual_file() are tested. + +Prompted-by: #20743 +(cherry picked from commit f3b751220bb842ce22a4f607d817f481f0961d40) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/dd6cb364bcc58b390671d4ee2ed7b30f4a5dced8 +--- + src/test/test-fileio.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/test/test-fileio.c b/src/test/test-fileio.c +index 321b544448..c8d5bf6914 100644 +--- a/src/test/test-fileio.c ++++ b/src/test/test-fileio.c +@@ -1028,7 +1028,11 @@ static void test_read_virtual_file(size_t max_size) { + FOREACH_STRING(filename, + "/proc/1/cmdline", + "/etc/nsswitch.conf", +- "/sys/kernel/uevent_seqnum") { ++ "/sys/kernel/uevent_seqnum", ++ "/proc/kcore", ++ "/proc/kallsyms", ++ "/proc/self/exe", ++ "/proc/self/pagemap") { + + _cleanup_free_ char *buf = NULL; + size_t size = 0; +@@ -1036,7 +1040,11 @@ static void test_read_virtual_file(size_t max_size) { + r = read_virtual_file(filename, max_size, &buf, &size); + if (r < 0) { + log_info_errno(r, "read_virtual_file(\"%s\", %zu): %m", filename, max_size); +- assert_se(ERRNO_IS_PRIVILEGE(r) || r == -ENOENT); ++ assert_se(ERRNO_IS_PRIVILEGE(r) || /* /proc/kcore is not accessible to unpriv */ ++ IN_SET(r, ++ -ENOENT, /* Some of the files might be absent */ ++ -EINVAL, /* too small reads from /proc/self/pagemap trigger EINVAL */ ++ -EFBIG)); /* /proc/kcore and /proc/self/pagemap should be too large */ + } else + log_info("read_virtual_file(\"%s\", %zu): %s (%zu bytes)", filename, max_size, r ? "non-truncated" : "truncated", size); + } +-- +2.33.0 +
View file
_service:tar_scm:backport-test-fix-file-descriptor-leak-in-test-catalog.patch
Added
@@ -0,0 +1,40 @@ +From 4ad43ef47147039b63a1a86c08087c7ced97d10c Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Tue, 22 Feb 2022 21:11:51 +0900 +Subject: PATCH test: fix file descriptor leak in test-catalog + +Fixes an issue reported in #22576. + +(cherry picked from commit 62d4b3b36e9aba9e605ba042a75c374155b6e18b) +(cherry picked from commit 92b86911c0c877e6b61d06dfe3ad20046e10d8e8) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/4ad43ef47147039b63a1a86c08087c7ced97d10c +--- + src/libsystemd/sd-journal/test-catalog.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-journal/test-catalog.c b/src/libsystemd/sd-journal/test-catalog.c +index 316c3b1634..ad06221175 100644 +--- a/src/libsystemd/sd-journal/test-catalog.c ++++ b/src/libsystemd/sd-journal/test-catalog.c +@@ -196,6 +196,7 @@ static void test_catalog_file_lang(void) { + + int main(int argc, char *argv) { + _cleanup_(unlink_tempfilep) char database = "/tmp/test-catalog.XXXXXX"; ++ _cleanup_close_ int fd = -1; + _cleanup_free_ char *text = NULL; + int r; + +@@ -218,7 +219,7 @@ int main(int argc, char *argv) { + test_catalog_import_merge(); + test_catalog_import_merge_no_body(); + +- assert_se(mkostemp_safe(database) >= 0); ++ assert_se((fd = mkostemp_safe(database)) >= 0); + + test_catalog_update(database); + +-- +2.33.0 +
View file
_service:tar_scm:backport-test-fix-file-descriptor-leak-in-test-fs-util.patch
Added
@@ -0,0 +1,52 @@ +From 4a247759a008f0a80f03a80c78efcde2e23e5ae5 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Tue, 22 Feb 2022 21:42:22 +0900 +Subject: PATCH test: fix file descriptor leak in test-fs-util + +Fixes an issue reported in #22576. + +(cherry picked from commit 19962747ca86a25e7102c536380bb2e9d7cfee9a) +(cherry picked from commit cfe1cd0a066b29e5508b4a2c388fd919fd5e0c9f) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/4a247759a008f0a80f03a80c78efcde2e23e5ae5 +--- + src/test/test-fs-util.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c +index a24558f25b..98ce3d96ef 100644 +--- a/src/test/test-fs-util.c ++++ b/src/test/test-fs-util.c +@@ -27,10 +27,11 @@ static const char *arg_test_dir = NULL; + + static void test_chase_symlinks(void) { + _cleanup_free_ char *result = NULL; ++ _cleanup_close_ int pfd = -1; + char *temp; + const char *top, *p, *pslash, *q, *qslash; + struct stat st; +- int r, pfd; ++ int r; + + log_info("/* %s */", __func__); + +@@ -318,6 +319,7 @@ static void test_chase_symlinks(void) { + assert_se(fstat(pfd, &st) >= 0); + assert_se(S_ISLNK(st.st_mode)); + result = mfree(result); ++ pfd = safe_close(pfd); + + /* s1 -> s2 -> nonexistent */ + q = strjoina(temp, "/s1"); +@@ -331,6 +333,7 @@ static void test_chase_symlinks(void) { + assert_se(fstat(pfd, &st) >= 0); + assert_se(S_ISLNK(st.st_mode)); + result = mfree(result); ++ pfd = safe_close(pfd); + + /* Test CHASE_STEP */ + +-- +2.33.0 +
View file
_service:tar_scm:backport-test-fix-file-descriptor-leak-in-test-oomd-util.patch
Added
@@ -0,0 +1,54 @@ +From 95def20d81c030e36046770f55840191ff98c91a Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Tue, 22 Feb 2022 21:38:15 +0900 +Subject: PATCH test: fix file descriptor leak in test-oomd-util + +Fixes an issue reported in #22576. + +(cherry picked from commit 282696ce52471f5e3c963b9d98dbc89fba3a1fba) +(cherry picked from commit 55ec995341e6a2d554bc69a1eddb097d21d8084f) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/95def20d81c030e36046770f55840191ff98c91a +--- + src/oom/test-oomd-util.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/oom/test-oomd-util.c b/src/oom/test-oomd-util.c +index a152387a26..2c2ee114b1 100644 +--- a/src/oom/test-oomd-util.c ++++ b/src/oom/test-oomd-util.c +@@ -5,6 +5,7 @@ + #include "alloc-util.h" + #include "cgroup-setup.h" + #include "cgroup-util.h" ++#include "fd-util.h" + #include "fileio.h" + #include "fs-util.h" + #include "oomd-util.h" +@@ -13,6 +14,7 @@ + #include "string-util.h" + #include "strv.h" + #include "tests.h" ++#include "tmpfile-util.h" + + static int fork_and_sleep(unsigned sleep_min) { + usec_t n, timeout, ts; +@@ -244,12 +246,13 @@ static void test_oomd_update_cgroup_contexts_between_hashmaps(void) { + + static void test_oomd_system_context_acquire(void) { + _cleanup_(unlink_tempfilep) char path = "/oomdgetsysctxtestXXXXXX"; ++ _cleanup_close_ int fd = -1; + OomdSystemContext ctx; + + if (geteuid() != 0) + return (void) log_tests_skipped("not root"); + +- assert_se(mkstemp(path)); ++ assert_se((fd = mkostemp_safe(path)) >= 0); + + assert_se(oomd_system_context_acquire("/verylikelynonexistentpath", &ctx) == -ENOENT); + +-- +2.33.0 +
View file
_service:tar_scm:backport-test-fix-file-descriptor-leak-in-test-psi-util.patch
Added
@@ -0,0 +1,47 @@ +From eb760f4875afd75c433961c0a9bf00b1883e5d35 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Tue, 22 Feb 2022 21:46:41 +0900 +Subject: PATCH test: fix file descriptor leak in test-psi-util + +Fixes an issue reported in #22576. + +(cherry picked from commit be99883e131ef422f8278ec1d099520996a78bb0) +(cherry picked from commit 81d3e2abff5f4234e06ceb6590d0c9939d8d97b4) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/eb760f4875afd75c433961c0a9bf00b1883e5d35 +--- + src/test/test-psi-util.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/test/test-psi-util.c b/src/test/test-psi-util.c +index c636cf255b..026f6aa1ab 100644 +--- a/src/test/test-psi-util.c ++++ b/src/test/test-psi-util.c +@@ -3,19 +3,22 @@ + #include <linux/loadavg.h> + + #include "alloc-util.h" ++#include "fd-util.h" + #include "fileio.h" + #include "fs-util.h" + #include "psi-util.h" + #include "tests.h" ++#include "tmpfile-util.h" + + static void test_read_mem_pressure(void) { + _cleanup_(unlink_tempfilep) char path = "/tmp/pressurereadtestXXXXXX"; ++ _cleanup_close_ int fd = -1; + ResourcePressure rp; + + if (geteuid() != 0) + return (void) log_tests_skipped("not root"); + +- assert_se(mkstemp(path)); ++ assert_se((fd = mkostemp_safe(path)) >= 0); + + assert_se(read_resource_pressure("/verylikelynonexistentpath", PRESSURE_TYPE_SOME, &rp) < 0); + assert_se(read_resource_pressure(path, PRESSURE_TYPE_SOME, &rp) < 0); +-- +2.33.0 +
View file
_service:tar_scm:backport-test-fix-file-descriptor-leak-in-test-tmpfiles.c.patch
Added
@@ -0,0 +1,42 @@ +From 40e43b290473aac1737f64b84194c5fc6b8210cf Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Tue, 22 Feb 2022 21:44:58 +0900 +Subject: PATCH test: fix file descriptor leak in test-tmpfiles.c + +Also fixes a typo in assertion. + +Fixes an issure reported in #22576. + +(cherry picked from commit 1da5325d19dee654326e5fa2f61262e5e0a40fff) +(cherry picked from commit d9189c31117e159f7bae9233863aa88a02159e14) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/40e43b290473aac1737f64b84194c5fc6b8210cf +--- + src/test/test-tmpfiles.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/test/test-tmpfiles.c b/src/test/test-tmpfiles.c +index 4c3389af8c..0ac2b7f599 100644 +--- a/src/test/test-tmpfiles.c ++++ b/src/test/test-tmpfiles.c +@@ -37,7 +37,7 @@ int main(int argc, char** argv) { + assert_se(endswith(ans, " (deleted)")); + + fd2 = mkostemp_safe(pattern); +- assert_se(fd >= 0); ++ assert_se(fd2 >= 0); + assert_se(unlink(pattern) == 0); + + assert_se(asprintf(&cmd2, "ls -l /proc/"PID_FMT"/fd/%d", getpid_cached(), fd2) > 0); +@@ -49,6 +49,7 @@ int main(int argc, char** argv) { + pattern = strjoina(p, "/tmpfiles-test"); + assert_se(tempfn_random(pattern, NULL, &d) >= 0); + ++ fd = safe_close(fd); + fd = open_tmpfile_linkable(d, O_RDWR|O_CLOEXEC, &tmp); + assert_se(fd >= 0); + assert_se(write(fd, "foobar\n", 7) == 7); +-- +2.33.0 +
View file
_service:tar_scm:backport-test-journal-flush-allow-testing-against-specific-fi.patch
Added
@@ -0,0 +1,39 @@ +From bb29932a4172810357597175a62cb4c8cbd1087c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Fri, 26 Nov 2021 09:40:51 +0100 +Subject: PATCH test-journal-flush: allow testing against specific files +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +>=0 → ==0 because sd_journal_open* are documented to return 0. + +(cherry picked from commit 0fa167cd58b5a4ffe16a332131df70bf77edddbe) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/bb29932a4172810357597175a62cb4c8cbd1087c +--- + src/libsystemd/sd-journal/test-journal-flush.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/libsystemd/sd-journal/test-journal-flush.c b/src/libsystemd/sd-journal/test-journal-flush.c +index dad277dd66..aa814225dd 100644 +--- a/src/libsystemd/sd-journal/test-journal-flush.c ++++ b/src/libsystemd/sd-journal/test-journal-flush.c +@@ -29,8 +29,11 @@ int main(int argc, char *argv) { + r = journal_file_open(-1, fn, O_CREAT|O_RDWR, 0644, false, 0, false, NULL, NULL, NULL, NULL, &new_journal); + assert_se(r >= 0); + +- r = sd_journal_open(&j, 0); +- assert_se(r >= 0); ++ if (argc > 1) ++ r = sd_journal_open_files(&j, (const char **) strv_skip(argv, 1), 0); ++ else ++ r = sd_journal_open(&j, 0); ++ assert_se(r == 0); + + sd_journal_set_data_threshold(j, 0); + +-- +2.33.0 +
View file
_service:tar_scm:backport-test-journal-flush-do-not-croak-on-corrupted-input-f.patch
Added
@@ -0,0 +1,44 @@ +From 0d98afa9548873669531fb3f8aa0f1ab56455411 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Fri, 26 Nov 2021 09:46:02 +0100 +Subject: PATCH test-journal-flush: do not croak on corrupted input files + +We would fail if the input file was corrupted: +build/test-journal-flush ./system@0005b7dac334f805-0021aca076ae5c5e.journal\~ +journal_file_copy_entry failed: Bad message +Assertion 'r >= 0' failed at src/libsystemd/sd-journal/test-journal-flush.c:55, function main(). Aborting. +1 619472 IOT instruction (core dumped) build/test-journal-flush ./system@0005b7dac334f805-0021aca076ae5c5e.journal\~ + +Let's skip some "reasonable" errors. + +Fixes #17963. + +(cherry picked from commit b4046d55570ff0e23d16f7e2912e7ef0a55b25d8) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/0d98afa9548873669531fb3f8aa0f1ab56455411 +--- + src/libsystemd/sd-journal/test-journal-flush.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/libsystemd/sd-journal/test-journal-flush.c b/src/libsystemd/sd-journal/test-journal-flush.c +index aa814225dd..c6fb65791e 100644 +--- a/src/libsystemd/sd-journal/test-journal-flush.c ++++ b/src/libsystemd/sd-journal/test-journal-flush.c +@@ -51,8 +51,11 @@ int main(int argc, char *argv) { + + r = journal_file_copy_entry(f, new_journal, o, f->current_offset); + if (r < 0) +- log_error_errno(r, "journal_file_copy_entry failed: %m"); +- assert_se(r >= 0); ++ log_warning_errno(r, "journal_file_copy_entry failed: %m"); ++ assert_se(r >= 0 || ++ IN_SET(r, -EBADMSG, /* corrupted file */ ++ -EPROTONOSUPPORT, /* unsupported compression */ ++ -EIO)); /* file rotated */ + + if (++n >= 10000) + break; +-- +2.33.0 +
View file
_service:tar_scm:backport-test-journal-send-close-fd-opend-by-syslog.patch
Added
@@ -0,0 +1,34 @@ +From e1cc12ee2ba089bc126764be509b6b0ed8e8a68b Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 23 Feb 2022 01:52:29 +0900 +Subject: PATCH test-journal-send: close fd opend by syslog() + +Fixes an issue reported in #22576. + +(cherry picked from commit 9048a6ccf3bd4f6794fc1ac9a838e1a0bfbcabf1) +(cherry picked from commit 4d24a369908f9915757632fa196deda14c172f9e) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/e1cc12ee2ba089bc126764be509b6b0ed8e8a68b +--- + src/libsystemd/sd-journal/test-journal-send.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/libsystemd/sd-journal/test-journal-send.c b/src/libsystemd/sd-journal/test-journal-send.c +index 75bd8e7b85..b6644e65c1 100644 +--- a/src/libsystemd/sd-journal/test-journal-send.c ++++ b/src/libsystemd/sd-journal/test-journal-send.c +@@ -90,6 +90,10 @@ static void test_journal_send(void) { + assert_se(sd_journal_sendv(graph2, 1) == 0); + assert_se(sd_journal_sendv(message1, 1) == 0); + assert_se(sd_journal_sendv(message2, 1) == 0); ++ ++ /* The above syslog() opens a fd which is stored in libc, and the valgrind reports the fd is ++ * leaked when we do not call closelog(). */ ++ closelog(); + } + + int main(int argc, char *argv) { +-- +2.33.0 +
View file
_service:tar_scm:backport-test-oomd-util-fix-conditional-jump-on-uninitialised.patch
Added
@@ -0,0 +1,32 @@ +From bb0bb8afe78c699a1334fdd7df78d71427596d2e Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Tue, 22 Feb 2022 20:23:58 +0900 +Subject: PATCH test-oomd-util: fix conditional jump on uninitialised value + +Fixes #22577. + +(cherry picked from commit a6d6a51d83fae32212e1780e71b16517a4df9a57) +(cherry picked from commit b10cc2de7dc6ac8d7d72d576100dd3a37ddb588a) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/bb0bb8afe78c699a1334fdd7df78d71427596d2e +--- + src/oom/test-oomd-util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/oom/test-oomd-util.c b/src/oom/test-oomd-util.c +index 02034c1293..a152387a26 100644 +--- a/src/oom/test-oomd-util.c ++++ b/src/oom/test-oomd-util.c +@@ -283,7 +283,7 @@ static void test_oomd_system_context_acquire(void) { + static void test_oomd_pressure_above(void) { + _cleanup_hashmap_free_ Hashmap *h1 = NULL, *h2 = NULL; + _cleanup_set_free_ Set *t1 = NULL, *t2 = NULL, *t3 = NULL; +- OomdCGroupContext ctx2, *c; ++ OomdCGroupContext ctx2 = {}, *c; + loadavg_t threshold; + + assert_se(store_loadavg_fixed_point(80, 0, &threshold) == 0); +-- +2.33.0 +
View file
_service:tar_scm:backport-test-oomd-util-skip-tests-if-cgroup-memory-controlle.patch
Added
@@ -0,0 +1,43 @@ +From 38787a985396277058a20ac0c6f66fd1377d0737 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sat, 11 Sep 2021 20:37:50 +0900 +Subject: PATCH test-oomd-util: skip tests if cgroup memory controller is not + available + +Fixes #20593 and #20655. + +(cherry picked from commit 8b2e22579a6549ab8423858819703fc142862bcb) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/38787a985396277058a20ac0c6f66fd1377d0737 +--- + src/oom/test-oomd-util.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/oom/test-oomd-util.c b/src/oom/test-oomd-util.c +index 776c65820e..29f2c54ab1 100644 +--- a/src/oom/test-oomd-util.c ++++ b/src/oom/test-oomd-util.c +@@ -90,6 +90,7 @@ static void test_oomd_cgroup_context_acquire_and_insert(void) { + _cleanup_free_ char *cgroup = NULL; + ManagedOOMPreference root_pref; + OomdCGroupContext *c1, *c2; ++ CGroupMask mask; + bool test_xattrs; + int root_xattrs, r; + +@@ -102,6 +103,11 @@ static void test_oomd_cgroup_context_acquire_and_insert(void) { + if (cg_all_unified() <= 0) + return (void) log_tests_skipped("cgroups are not running in unified mode"); + ++ assert_se(cg_mask_supported(&mask) >= 0); ++ ++ if (!FLAGS_SET(mask, CGROUP_MASK_MEMORY)) ++ return (void) log_tests_skipped("cgroup memory controller is not available"); ++ + assert_se(cg_pid_get_path(NULL, 0, &cgroup) >= 0); + + /* If we don't have permissions to set xattrs we're likely in a userns or missing capabilities +-- +2.33.0 +
View file
_service:tar_scm:backport-test-oomd-util-style-fixlets.patch
Added
@@ -0,0 +1,52 @@ +From 76b5fae410a2434e8fadab07700d1480566e8ddd Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Tue, 22 Feb 2022 20:21:45 +0900 +Subject: PATCH test-oomd-util: style fixlets + +(cherry picked from commit d9fe39b24a0a5464c83c7a754752ca21dbd2578f) +(cherry picked from commit 1343c2efd5401aa52f7790fff4ad7e2d70173f01) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/76b5fae410a2434e8fadab07700d1480566e8ddd +--- + src/oom/test-oomd-util.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/src/oom/test-oomd-util.c b/src/oom/test-oomd-util.c +index 29f2c54ab1..02034c1293 100644 +--- a/src/oom/test-oomd-util.c ++++ b/src/oom/test-oomd-util.c +@@ -300,12 +300,11 @@ static void test_oomd_pressure_above(void) { + assert_se(store_loadavg_fixed_point(1, 11, &(ctx1.memory_pressure.avg300)) == 0); + ctx1.mem_pressure_limit = threshold; + +- + /* High memory pressure */ + assert_se(h1 = hashmap_new(&string_hash_ops)); + assert_se(hashmap_put(h1, "/herp.slice", &ctx0) >= 0); + assert_se(oomd_pressure_above(h1, 0 /* duration */, &t1) == 1); +- assert_se(set_contains(t1, &ctx0) == true); ++ assert_se(set_contains(t1, &ctx0)); + assert_se(c = hashmap_get(h1, "/herp.slice")); + assert_se(c->mem_pressure_limit_hit_start > 0); + +@@ -313,14 +312,14 @@ static void test_oomd_pressure_above(void) { + assert_se(h2 = hashmap_new(&string_hash_ops)); + assert_se(hashmap_put(h2, "/derp.slice", &ctx1) >= 0); + assert_se(oomd_pressure_above(h2, 0 /* duration */, &t2) == 0); +- assert_se(t2 == NULL); ++ assert_se(!t2); + assert_se(c = hashmap_get(h2, "/derp.slice")); + assert_se(c->mem_pressure_limit_hit_start == 0); + + /* High memory pressure w/ multiple cgroups */ + assert_se(hashmap_put(h1, "/derp.slice", &ctx1) >= 0); + assert_se(oomd_pressure_above(h1, 0 /* duration */, &t3) == 1); +- assert_se(set_contains(t3, &ctx0) == true); ++ assert_se(set_contains(t3, &ctx0)); + assert_se(set_size(t3) == 1); + assert_se(c = hashmap_get(h1, "/herp.slice")); + assert_se(c->mem_pressure_limit_hit_start > 0); +-- +2.33.0 +
View file
_service:tar_scm:backport-test-use-a-less-restrictive-portable-profile-when-ru.patch
Added
@@ -0,0 +1,92 @@ +From 9dbdd33ffa824934962ebe61d03a9f727a1c416c Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal <frantisek@sumsal.cz> +Date: Thu, 30 Sep 2021 14:14:19 +0200 +Subject: PATCH test: use a less restrictive portable profile when running w/ + sanitizers + +Since f833df3 we now actually use the seccomp rules defined in portable +profiles. However, the default one is too restrictive for sanitizers, as +it blocks certain syscall required by LSan. Mitigate this by using the +'trusted' profile when running TEST-29-PORTABLE under sanitizers. + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/9dbdd33ffa824934962ebe61d03a9f727a1c416c +--- + test/units/testsuite-29.sh | 21 ++++++++++++++------- + 1 file changed, 14 insertions(+), 7 deletions(-) + +diff --git a/test/units/testsuite-29.sh b/test/units/testsuite-29.sh +index 3408e6d71a..549fc2663c 100755 +--- a/test/units/testsuite-29.sh ++++ b/test/units/testsuite-29.sh +@@ -4,9 +4,16 @@ + set -eux + set -o pipefail + ++ARGS=() ++if -v ASAN_OPTIONS || -v UBSAN_OPTIONS ; then ++ # If we're running under sanitizers, we need to use a less restrictive ++ # profile, otherwise LSan syscall would get blocked by seccomp ++ ARGS+=(--profile=trusted) ++fi ++ + export SYSTEMD_LOG_LEVEL=debug + +-portablectl attach --now --runtime /usr/share/minimal_0.raw app0 ++portablectl "${ARGS@}" attach --now --runtime /usr/share/minimal_0.raw app0 + + systemctl is-active app0.service + systemctl is-active app0-foo.service +@@ -16,7 +23,7 @@ systemctl is-active app0-bar.service && exit 1 + set -e + set -o pipefail + +-portablectl reattach --now --runtime /usr/share/minimal_1.raw app0 ++portablectl "${ARGS@}" reattach --now --runtime /usr/share/minimal_1.raw app0 + + systemctl is-active app0.service + systemctl is-active app0-bar.service +@@ -37,7 +44,7 @@ portablectl list | grep -q -F "No images." + unsquashfs -dest /tmp/minimal_0 /usr/share/minimal_0.raw + unsquashfs -dest /tmp/minimal_1 /usr/share/minimal_1.raw + +-portablectl attach --copy=symlink --now --runtime /tmp/minimal_0 app0 ++portablectl "${ARGS@}" attach --copy=symlink --now --runtime /tmp/minimal_0 app0 + + systemctl is-active app0.service + systemctl is-active app0-foo.service +@@ -47,7 +54,7 @@ systemctl is-active app0-bar.service && exit 1 + set -e + set -o pipefail + +-portablectl reattach --now --enable --runtime /tmp/minimal_1 app0 ++portablectl "${ARGS@}" reattach --now --enable --runtime /tmp/minimal_1 app0 + + systemctl is-active app0.service + systemctl is-active app0-bar.service +@@ -66,11 +73,11 @@ portablectl list | grep -q -F "No images." + root="/usr/share/minimal_0.raw" + app1="/usr/share/app1.raw" + +-portablectl attach --now --runtime --extension ${app1} ${root} app1 ++portablectl "${ARGS@}" attach --now --runtime --extension ${app1} ${root} app1 + + systemctl is-active app1.service + +-portablectl reattach --now --runtime --extension ${app1} ${root} app1 ++portablectl "${ARGS@}" reattach --now --runtime --extension ${app1} ${root} app1 + + systemctl is-active app1.service + +@@ -83,7 +90,7 @@ mount ${app1} /tmp/app1 + mount ${root} /tmp/rootdir + mount -t overlay overlay -o lowerdir=/tmp/app1:/tmp/rootdir /tmp/overlay + +-portablectl attach --copy=symlink --now --runtime /tmp/overlay app1 ++portablectl "${ARGS@}" attach --copy=symlink --now --runtime /tmp/overlay app1 + + systemctl is-active app1.service + +-- +2.33.0 +
View file
_service:tar_scm:backport-test-watchdog-mark-as-unsafe.patch
Added
@@ -0,0 +1,36 @@ +From 7f7ad0e691eb2a05e7f319be8d098af760258dcd Mon Sep 17 00:00:00 2001 +From: Mike Gilbert <floppym@gentoo.org> +Date: Tue, 4 Jan 2022 23:43:10 -0500 +Subject: PATCH test-watchdog: mark as unsafe + +If something goes wrong with this test it may result in an unsafe +system restart. Let's avoid running it automatically. + +See https://github.com/systemd/systemd/issues/22001. + +(cherry picked from commit 70652c2a6fa9c06c7faac62f41c72e2e4eaa9340) +(cherry picked from commit 4c0ed19c520a8944f68f613edc3acbd0471dcc81) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/7f7ad0e691eb2a05e7f319be8d098af760258dcd +--- + src/test/meson.build | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/test/meson.build b/src/test/meson.build +index 64dbb82002..a327a1f8f9 100644 +--- a/src/test/meson.build ++++ b/src/test/meson.build +@@ -521,7 +521,8 @@ tests += + , + core_includes, '', 'manual', + +- 'src/test/test-watchdog.c', ++ 'src/test/test-watchdog.c', ++ , , , '', 'unsafe', + + 'src/test/test-sched-prio.c', + libcore, +-- +2.33.0 +
View file
_service:tar_scm:backport-tests-add-test-case-for-UMask-BindPaths-combination.patch
Added
@@ -0,0 +1,61 @@ +From ae53f4b5e48860b473c4d05958486a77f84ecc6d Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Fri, 12 Nov 2021 13:41:59 +0100 +Subject: PATCH tests: add test case for UMask=+BindPaths= combination + +Inspired by the test case described in #19899 + +(cherry picked from commit 875afa02fabe1dad5aa3d1e9bff89d493a369fd0) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/ae53f4b5e48860b473c4d05958486a77f84ecc6d +--- + src/test/test-execute.c | 5 +++++ + test/test-execute/exec-umask-namespace.service | 12 ++++++++++++ + 2 files changed, 17 insertions(+) + create mode 100644 test/test-execute/exec-umask-namespace.service + +diff --git a/src/test/test-execute.c b/src/test/test-execute.c +index 1119ad4acf..88e1b30095 100644 +--- a/src/test/test-execute.c ++++ b/src/test/test-execute.c +@@ -828,6 +828,10 @@ static void test_exec_condition(Manager *m) { + test_service(m, "exec-condition-skip.service", SERVICE_SKIP_CONDITION); + } + ++static void test_exec_umask_namespace(Manager *m) { ++ test(m, "exec-umask-namespace.service", can_unshare ? 0 : EXIT_NAMESPACE, CLD_EXITED); ++} ++ + typedef struct test_entry { + test_function_t f; + const char *name; +@@ -904,6 +908,7 @@ int main(int argc, char *argv) { + entry(test_exec_dynamicuser), + entry(test_exec_specifier), + entry(test_exec_systemcallfilter_system), ++ entry(test_exec_umask_namespace), + {}, + }; + int r; +diff --git a/test/test-execute/exec-umask-namespace.service b/test/test-execute/exec-umask-namespace.service +new file mode 100644 +index 0000000000..8419c86c9a +--- /dev/null ++++ b/test/test-execute/exec-umask-namespace.service +@@ -0,0 +1,12 @@ ++# SPDX-License-Identifier: LGPL-2.1-or-later ++Unit ++Description=Test for UMask= + namespacing ++ ++Service ++ExecStart=/bin/ls -lahd /tmp/subdir ++Type=oneshot ++User=65534 ++Group=65534 ++TemporaryFileSystem=/tmp:ro ++BindPaths=/etc:/tmp/subdir/subsub ++UMask=0007 +-- +2.33.0 +
View file
_service:tar_scm:backport-timesync-check-cmsg-length.patch
Added
@@ -0,0 +1,29 @@ +From 4e9f1d0a28cc29d1f010b05d74898f222d757cc8 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sun, 29 Aug 2021 20:55:44 +0900 +Subject: PATCH timesync: check cmsg length + +(cherry picked from commit 37df6d9b8d3a8b34bec5346766ab8093c0f0fc26) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/4e9f1d0a28cc29d1f010b05d74898f222d757cc8 +--- + src/timesync/timesyncd-manager.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/timesync/timesyncd-manager.c b/src/timesync/timesyncd-manager.c +index eae14e8fb2..648e804105 100644 +--- a/src/timesync/timesyncd-manager.c ++++ b/src/timesync/timesyncd-manager.c +@@ -467,6 +467,8 @@ static int manager_receive_response(sd_event_source *source, int fd, uint32_t re + + switch (cmsg->cmsg_type) { + case SCM_TIMESTAMPNS: ++ assert(cmsg->cmsg_len == CMSG_LEN(sizeof(struct timespec))); ++ + recv_time = (struct timespec *) CMSG_DATA(cmsg); + break; + } +-- +2.33.0 +
View file
_service:tar_scm:backport-timesync-fix-wrong-type-for-receiving-timestamp-in-n.patch
Changed
@@ -1,10 +1,15 @@ -From 6f96bdc58746b1698bf8b3430a6c638f8949daec Mon Sep 17 00:00:00 2001 +From dac54d1aa759255144d9937361289bde57d64118 Mon Sep 17 00:00:00 2001 From: Yu Watanabe <watanabe.yu+github@gmail.com> Date: Fri, 20 Aug 2021 08:40:11 +0900 Subject: PATCH timesync: fix wrong type for receiving timestamp in nanoseconds Fixes #20482. + +(cherry picked from commit 6f96bdc58746b1698bf8b3430a6c638f8949daec) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/dac54d1aa759255144d9937361289bde57d64118 --- src/test/test-sizeof.c | 2 ++ src/timesync/timesyncd-manager.c | 2 +- @@ -23,10 +28,10 @@ return 0; } diff --git a/src/timesync/timesyncd-manager.c b/src/timesync/timesyncd-manager.c -index 1c284f31e3..3a89d9b1fa 100644 +index cb5d42b1d3..9d874cfc8a 100644 --- a/src/timesync/timesyncd-manager.c +++ b/src/timesync/timesyncd-manager.c -@@ -416,7 +416,7 @@ static int manager_receive_response(sd_event_source *source, int fd, uint32_t re +@@ -412,7 +412,7 @@ static int manager_receive_response(sd_event_source *source, int fd, uint32_t re .iov_base = &ntpmsg, .iov_len = sizeof(ntpmsg), }; @@ -36,5 +41,5 @@ struct msghdr msghdr = { .msg_iov = &iov, -- -2.27.0 +2.33.0
View file
_service:tar_scm:backport-tmpfiles-check-the-directory-we-were-supposed-to-cre.patch
Added
@@ -0,0 +1,58 @@ +From 675dd1039c69ff28ce9c7e617fcede80e998b3e9 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Wed, 13 Jul 2022 23:44:45 +0200 +Subject: PATCH tmpfiles: check the directory we were supposed to create, not + its parent + +This current code checks the wrong directory. This was broken in +4c39d899ff00e90b7290e4985696f321d7f2726f which converted the previous +code incorrectly. + +(cherry picked from commit 92631578fff1568fa8e99f96de05baae5b258ffe) +(cherry picked from commit 625472b219a4b1ac64534d38cf6e64b51ab22bbb) +(cherry picked from commit 8b674cf43f1ba8137da3a90c67826f13c865838c) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/675dd1039c69ff28ce9c7e617fcede80e998b3e9 +--- + src/tmpfiles/tmpfiles.c | 17 +++++++---------- + 1 file changed, 7 insertions(+), 10 deletions(-) + +diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c +index 7e85c50634..1bfb1cbe16 100644 +--- a/src/tmpfiles/tmpfiles.c ++++ b/src/tmpfiles/tmpfiles.c +@@ -1666,15 +1666,12 @@ static int create_directory_or_subvolume(const char *path, mode_t mode, bool sub + r = btrfs_is_subvol(empty_to_root(arg_root)) > 0; + } + if (!r) +- /* Don't create a subvolume unless the root directory is +- * one, too. We do this under the assumption that if the +- * root directory is just a plain directory (i.e. very +- * light-weight), we shouldn't try to split it up into +- * subvolumes (i.e. more heavy-weight). Thus, chroot() +- * environments and suchlike will get a full brtfs +- * subvolume set up below their tree only if they +- * specifically set up a btrfs subvolume for the root +- * dir too. */ ++ /* Don't create a subvolume unless the root directory is one, too. We do this under ++ * the assumption that if the root directory is just a plain directory (i.e. very ++ * light-weight), we shouldn't try to split it up into subvolumes (i.e. more ++ * heavy-weight). Thus, chroot() environments and suchlike will get a full brtfs ++ * subvolume set up below their tree only if they specifically set up a btrfs ++ * subvolume for the root dir too. */ + + subvol = false; + else { +@@ -1694,7 +1691,7 @@ static int create_directory_or_subvolume(const char *path, mode_t mode, bool sub + if (!IN_SET(r, -EEXIST, -EROFS)) + return log_error_errno(r, "Failed to create directory or subvolume \"%s\": %m", path); + +- k = is_dir_fd(pfd); ++ k = is_dir_full(pfd, basename(path), /* follow= */ false); + if (k == -ENOENT && r == -EROFS) + return log_error_errno(r, "%s does not exist and cannot be created as the file system is read-only.", path); + if (k < 0) +-- +2.27.0 +
View file
_service:tar_scm:backport-tpm-util-fix-TPM-parameter-handling.patch
Added
@@ -0,0 +1,52 @@ +From 966a8cd270e017928389aa1c3966551b301da5e7 Mon Sep 17 00:00:00 2001 +From: Anatol Pomozov <anatol.pomozov@gmail.com> +Date: Fri, 10 Sep 2021 11:52:55 -0700 +Subject: PATCH tpm-util: fix TPM parameter handling + +cryptenroll allows to specify a custom TPM driver separated from +parameters with colon e.g. `systemd-cryptenroll --tpm2-device=swtpm:` +tells to load swtpm tss driver and use it as a device. + +Unfortunately it does not work, swtpm driver init() fails with + +``` +debug:tcti:src/tss2-tcti/tcti-swtpm.c:570:Tss2_Tcti_Swtpm_Init() Dup'd conf string to: 0x562f91cbc000 +debug:tcti:src/util/key-value-parse.c:85:parse_key_value_string() parsing key/value: swtpm: +WARNING:tcti:src/util/key-value-parse.c:50:parse_key_value() key / value string is invalid +Failed to initialize TCTI context: tcti:A parameter has a bad value +``` + +It turns out that cryptenroll suppose to use the driver name internally +and strip it before passing the rest of parameters to init() function. +Without doing it swtpm receives incorrect key-value property and gets +confused. + +Fix it by passing the correct parameter (without driver name) to the +init() function. + +Fixes #20708 + +(cherry picked from commit 8889564a8da574e4b956e2b6ced34354dee54cd7) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/966a8cd270e017928389aa1c3966551b301da5e7 +--- + src/shared/tpm2-util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c +index df6d2eef58..56a7fe622e 100644 +--- a/src/shared/tpm2-util.c ++++ b/src/shared/tpm2-util.c +@@ -182,7 +182,7 @@ static int tpm2_init(const char *device, struct tpm2_context *ret) { + if (!tcti) + return log_oom(); + +- rc = info->init(tcti, &sz, device); ++ rc = info->init(tcti, &sz, param); + if (rc != TPM2_RC_SUCCESS) + return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), + "Failed to initialize TCTI context: %s", sym_Tss2_RC_Decode(rc)); +-- +2.33.0 +
View file
_service:tar_scm:backport-tree-wide-mark-set-but-not-used-variables-as-unused-.patch
Added
@@ -0,0 +1,546 @@ +From e3516e4fdce54f62819bbb18a9fcdd843544d354 Mon Sep 17 00:00:00 2001 +From: Frantisek Sumsal <frantisek@sumsal.cz> +Date: Wed, 15 Sep 2021 10:56:21 +0200 +Subject: PATCH tree-wide: mark set-but-not-used variables as unused to make + LLVM happy + +LLVM 13 introduced `-Wunused-but-set-variable` diagnostic flag, which +trips over some intentionally set-but-not-used variables or variables +attached to cleanup handlers with side effects (`_cleanup_umask_`, +`_cleanup_(notify_on_cleanup)`, `_cleanup_(restore_sigsetp)`, etc.): + +``` +../src/basic/process-util.c:1257:46: error: variable 'saved_ssp' set but not used -Werror,-Wunused-but-set-variable + _cleanup_(restore_sigsetp) sigset_t *saved_ssp = NULL; + ^ + 1 error generated. +``` + +(cherry picked from commit d7ac09520be8f0d3d94df3dd4fd8a6e7404c0174) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/e3516e4fdce54f62819bbb18a9fcdd843544d354 +--- + src/basic/process-util.c | 2 +- + src/basic/unit-file.c | 3 ++- + src/core/manager.c | 4 ++-- + src/cryptsetup/cryptsetup.c | 2 +- + src/home/homed.c | 2 +- + src/initctl/initctl.c | 2 +- + src/journal-remote/journal-remote-main.c | 2 +- + src/journal-remote/journal-remote.c | 2 +- + src/journal-remote/journal-upload.c | 2 +- + src/journal/journald-server.c | 2 +- + src/libsystemd-network/sd-dhcp-server.c | 6 ++++-- + src/libsystemd/sd-device/sd-device.c | 9 ++++++--- + src/libsystemd/sd-journal/test-catalog.c | 2 +- + src/login/logind-core.c | 2 +- + src/login/logind-session.c | 2 +- + src/login/logind.c | 2 +- + src/network/networkd-dhcp-common.c | 6 ++++-- + src/network/networkd.c | 2 +- + src/network/wait-online/wait-online.c | 2 +- + src/nss-systemd/userdb-glue.c | 4 ++-- + src/oom/oomd-manager.c | 2 +- + src/oom/oomd.c | 2 +- + src/resolve/resolved-dns-cache.c | 2 +- + src/resolve/resolved-dns-query.c | 2 +- + src/resolve/resolved.c | 2 +- + src/shared/barrier.c | 2 +- + src/shared/utmp-wtmp.c | 8 ++++---- + src/timesync/timesyncd.c | 2 +- + src/tty-ask-password-agent/tty-ask-password-agent.c | 3 ++- + src/udev/udevd.c | 3 ++- + src/userdb/userdbd.c | 2 +- + 31 files changed, 50 insertions(+), 40 deletions(-) + +diff --git a/src/basic/process-util.c b/src/basic/process-util.c +index 461bbfe9a5..b76ca6f7c5 100644 +--- a/src/basic/process-util.c ++++ b/src/basic/process-util.c +@@ -1278,7 +1278,7 @@ int safe_fork_full( + + pid_t original_pid, pid; + sigset_t saved_ss, ss; +- _cleanup_(restore_sigsetp) sigset_t *saved_ssp = NULL; ++ _unused_ _cleanup_(restore_sigsetp) sigset_t *saved_ssp = NULL; + bool block_signals = false, block_all = false; + int prio, r; + +diff --git a/src/basic/unit-file.c b/src/basic/unit-file.c +index 0d58b1c4fe..d1e997ec9f 100644 +--- a/src/basic/unit-file.c ++++ b/src/basic/unit-file.c +@@ -286,7 +286,8 @@ int unit_file_build_name_map( + + FOREACH_DIRENT_ALL(de, d, log_warning_errno(errno, "Failed to read \"%s\", ignoring: %m", *dir)) { + char *filename; +- _cleanup_free_ char *_filename_free = NULL, *simplified = NULL; ++ _unused_ _cleanup_free_ char *_filename_free = NULL; ++ _cleanup_free_ char *simplified = NULL; + const char *suffix, *dst = NULL; + bool valid_unit_name; + +diff --git a/src/core/manager.c b/src/core/manager.c +index 34891a8754..abc63a71af 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -1731,7 +1731,7 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) { + + { + /* This block is (optionally) done with the reloading counter bumped */ +- _cleanup_(manager_reloading_stopp) Manager *reloading = NULL; ++ _unused_ _cleanup_(manager_reloading_stopp) Manager *reloading = NULL; + + /* If we will deserialize make sure that during enumeration this is already known, so we increase the + * counter here already */ +@@ -3770,7 +3770,7 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) { + } + + int manager_reload(Manager *m) { +- _cleanup_(manager_reloading_stopp) Manager *reloading = NULL; ++ _unused_ _cleanup_(manager_reloading_stopp) Manager *reloading = NULL; + _cleanup_fdset_free_ FDSet *fds = NULL; + _cleanup_fclose_ FILE *f = NULL; + int r; +diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c +index 0fa41b8360..440f17d017 100644 +--- a/src/cryptsetup/cryptsetup.c ++++ b/src/cryptsetup/cryptsetup.c +@@ -1482,7 +1482,7 @@ static int run(int argc, char *argv) { + verb = argv1; + + if (streq(verb, "attach")) { +- _cleanup_(remove_and_erasep) const char *destroy_key_file = NULL; ++ _unused_ _cleanup_(remove_and_erasep) const char *destroy_key_file = NULL; + _cleanup_(erase_and_freep) void *key_data = NULL; + const char *volume, *source, *key_file, *options; + crypt_status_info status; +diff --git a/src/home/homed.c b/src/home/homed.c +index 807d25e273..579c289a68 100644 +--- a/src/home/homed.c ++++ b/src/home/homed.c +@@ -14,7 +14,7 @@ + + static int run(int argc, char *argv) { + _cleanup_(manager_freep) Manager *m = NULL; +- _cleanup_(notify_on_cleanup) const char *notify_stop = NULL; ++ _unused_ _cleanup_(notify_on_cleanup) const char *notify_stop = NULL; + int r; + + log_setup(); +diff --git a/src/initctl/initctl.c b/src/initctl/initctl.c +index c48fef16ef..a48a8570c4 100644 +--- a/src/initctl/initctl.c ++++ b/src/initctl/initctl.c +@@ -311,7 +311,7 @@ static int process_event(Server *s, struct epoll_event *ev) { + + static int run(int argc, char *argv) { + _cleanup_(server_done) Server server = { .epoll_fd = -1 }; +- _cleanup_(notify_on_cleanup) const char *notify_stop = NULL; ++ _unused_ _cleanup_(notify_on_cleanup) const char *notify_stop = NULL; + int r, n; + + if (argc > 1) +diff --git a/src/journal-remote/journal-remote-main.c b/src/journal-remote/journal-remote-main.c +index 9ff31763da..b46b4fc08e 100644 +--- a/src/journal-remote/journal-remote-main.c ++++ b/src/journal-remote/journal-remote-main.c +@@ -1099,7 +1099,7 @@ static int load_certificates(char **key, char **cert, char **trust) { + + static int run(int argc, char **argv) { + _cleanup_(journal_remote_server_destroy) RemoteServer s = {}; +- _cleanup_(notify_on_cleanup) const char *notify_message = NULL; ++ _unused_ _cleanup_(notify_on_cleanup) const char *notify_message = NULL; + _cleanup_(erase_and_freep) char *key = NULL; + _cleanup_free_ char *cert = NULL, *trust = NULL; + int r; +diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c +index 6e5aebdc48..f530ba3c7e 100644 +--- a/src/journal-remote/journal-remote.c ++++ b/src/journal-remote/journal-remote.c +@@ -272,7 +272,7 @@ int journal_remote_add_source(RemoteServer *s, int fd, char* name, bool own_name + + int journal_remote_add_raw_socket(RemoteServer *s, int fd) { + int r; +- _cleanup_close_ int fd_ = fd; ++ _unused_ _cleanup_close_ int fd_ = fd; + char nameSTRLEN("raw-socket-") + DECIMAL_STR_MAX(int) + 1; + + assert(fd >= 0); +diff --git a/src/journal-remote/journal-upload.c b/src/journal-remote/journal-upload.c +index 2a38d206ea..37660b925a 100644 +--- a/src/journal-remote/journal-upload.c ++++ b/src/journal-remote/journal-upload.c +@@ -820,7 +820,7 @@ static int open_journal(sd_journal **j) { + + static int run(int argc, char **argv) { + _cleanup_(destroy_uploader) Uploader u = {}; +- _cleanup_(notify_on_cleanup) const char *notify_message = NULL; ++ _unused_ _cleanup_(notify_on_cleanup) const char *notify_message = NULL; + bool use_journal; + int r; + +diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c +index 2d1d9e66d7..a212079758 100644 +--- a/src/journal/journald-server.c ++++ b/src/journal/journald-server.c +@@ -910,7 +910,7 @@ static void dispatch_message_real( + pid_t object_pid) { + + char source_timesizeof("_SOURCE_REALTIME_TIMESTAMP=") + DECIMAL_STR_MAX(usec_t); +- _cleanup_free_ char *cmdline1 = NULL, *cmdline2 = NULL; ++ _unused_ _cleanup_free_ char *cmdline1 = NULL, *cmdline2 = NULL; + uid_t journal_uid; + ClientContext *o; + +diff --git a/src/libsystemd-network/sd-dhcp-server.c b/src/libsystemd-network/sd-dhcp-server.c +index 0b3904c02a..070f4ec1c2 100644 +--- a/src/libsystemd-network/sd-dhcp-server.c
View file
_service:tar_scm:backport-tree-wide-use-sd_event_source_disable_unref-where-we.patch
Added
@@ -0,0 +1,158 @@ +From e53bfae86dfb909e0a2eb179328b61f4ed723639 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Mon, 8 Nov 2021 23:07:51 +0100 +Subject: PATCH tree-wide: use sd_event_source_disable_unref() where we can + +(cherry picked from commit 4f538d7b221de5707c1ff422e6e34be795535397) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/e53bfae86dfb909e0a2eb179328b61f4ed723639 +--- + src/journal/journald-stream.c | 7 +---- + src/libsystemd/sd-bus/sd-bus.c | 37 +++++--------------------- + src/libsystemd/sd-resolve/sd-resolve.c | 6 +---- + src/shared/varlink.c | 10 ++----- + 4 files changed, 10 insertions(+), 50 deletions(-) + +diff --git a/src/journal/journald-stream.c b/src/journal/journald-stream.c +index c6720b6b13..ee0fd27f2e 100644 +--- a/src/journal/journald-stream.c ++++ b/src/journal/journald-stream.c +@@ -108,7 +108,6 @@ StdoutStream* stdout_stream_free(StdoutStream *s) { + return NULL; + + if (s->server) { +- + if (s->context) + client_context_release(s->server, s->context); + +@@ -122,11 +121,7 @@ StdoutStream* stdout_stream_free(StdoutStream *s) { + (void) server_start_or_stop_idle_timer(s->server); /* Maybe we are idle now? */ + } + +- if (s->event_source) { +- sd_event_source_set_enabled(s->event_source, SD_EVENT_OFF); +- s->event_source = sd_event_source_unref(s->event_source); +- } +- ++ sd_event_source_disable_unref(s->event_source); + safe_close(s->fd); + free(s->label); + free(s->identifier); +diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c +index a32e2f5e20..79c24fe703 100644 +--- a/src/libsystemd/sd-bus/sd-bus.c ++++ b/src/libsystemd/sd-bus/sd-bus.c +@@ -62,7 +62,6 @@ + + static int bus_poll(sd_bus *bus, bool need_more, uint64_t timeout_usec); + static void bus_detach_io_events(sd_bus *b); +-static void bus_detach_inotify_event(sd_bus *b); + + static thread_local sd_bus *default_system_bus = NULL; + static thread_local sd_bus *default_user_bus = NULL; +@@ -139,7 +138,7 @@ void bus_close_io_fds(sd_bus *b) { + void bus_close_inotify_fd(sd_bus *b) { + assert(b); + +- bus_detach_inotify_event(b); ++ b->inotify_event_source = sd_event_source_disable_unref(b->inotify_event_source); + + b->inotify_fd = safe_close(b->inotify_fd); + b->inotify_watches = mfree(b->inotify_watches); +@@ -3738,15 +3737,8 @@ int bus_attach_io_events(sd_bus *bus) { + static void bus_detach_io_events(sd_bus *bus) { + assert(bus); + +- if (bus->input_io_event_source) { +- sd_event_source_set_enabled(bus->input_io_event_source, SD_EVENT_OFF); +- bus->input_io_event_source = sd_event_source_unref(bus->input_io_event_source); +- } +- +- if (bus->output_io_event_source) { +- sd_event_source_set_enabled(bus->output_io_event_source, SD_EVENT_OFF); +- bus->output_io_event_source = sd_event_source_unref(bus->output_io_event_source); +- } ++ bus->input_io_event_source = sd_event_source_disable_unref(bus->input_io_event_source); ++ bus->output_io_event_source = sd_event_source_disable_unref(bus->output_io_event_source); + } + + int bus_attach_inotify_event(sd_bus *bus) { +@@ -3778,15 +3770,6 @@ int bus_attach_inotify_event(sd_bus *bus) { + return 0; + } + +-static void bus_detach_inotify_event(sd_bus *bus) { +- assert(bus); +- +- if (bus->inotify_event_source) { +- sd_event_source_set_enabled(bus->inotify_event_source, SD_EVENT_OFF); +- bus->inotify_event_source = sd_event_source_unref(bus->inotify_event_source); +- } +-} +- + _public_ int sd_bus_attach_event(sd_bus *bus, sd_event *event, int priority) { + int r; + +@@ -3851,17 +3834,9 @@ _public_ int sd_bus_detach_event(sd_bus *bus) { + return 0; + + bus_detach_io_events(bus); +- bus_detach_inotify_event(bus); +- +- if (bus->time_event_source) { +- sd_event_source_set_enabled(bus->time_event_source, SD_EVENT_OFF); +- bus->time_event_source = sd_event_source_unref(bus->time_event_source); +- } +- +- if (bus->quit_event_source) { +- sd_event_source_set_enabled(bus->quit_event_source, SD_EVENT_OFF); +- bus->quit_event_source = sd_event_source_unref(bus->quit_event_source); +- } ++ bus->inotify_event_source = sd_event_source_disable_unref(bus->inotify_event_source); ++ bus->time_event_source = sd_event_source_disable_unref(bus->time_event_source); ++ bus->quit_event_source = sd_event_source_disable_unref(bus->quit_event_source); + + bus->event = sd_event_unref(bus->event); + return 1; +diff --git a/src/libsystemd/sd-resolve/sd-resolve.c b/src/libsystemd/sd-resolve/sd-resolve.c +index ee973c0692..073b658d3f 100644 +--- a/src/libsystemd/sd-resolve/sd-resolve.c ++++ b/src/libsystemd/sd-resolve/sd-resolve.c +@@ -1285,11 +1285,7 @@ _public_ int sd_resolve_detach_event(sd_resolve *resolve) { + if (!resolve->event) + return 0; + +- if (resolve->event_source) { +- sd_event_source_set_enabled(resolve->event_source, SD_EVENT_OFF); +- resolve->event_source = sd_event_source_unref(resolve->event_source); +- } +- ++ resolve->event_source = sd_event_source_disable_unref(resolve->event_source); + resolve->event = sd_event_unref(resolve->event); + return 1; + } +diff --git a/src/shared/varlink.c b/src/shared/varlink.c +index a57475b5ba..ec062f3da4 100644 +--- a/src/shared/varlink.c ++++ b/src/shared/varlink.c +@@ -2364,14 +2364,8 @@ int varlink_server_detach_event(VarlinkServer *s) { + + assert_return(s, -EINVAL); + +- LIST_FOREACH(sockets, ss, s->sockets) { +- +- if (!ss->event_source) +- continue; +- +- (void) sd_event_source_set_enabled(ss->event_source, SD_EVENT_OFF); +- ss->event_source = sd_event_source_unref(ss->event_source); +- } ++ LIST_FOREACH(sockets, ss, s->sockets) ++ ss->event_source = sd_event_source_disable_unref(ss->event_source); + + sd_event_unref(s->event); + return 0; +-- +2.33.0 +
View file
_service:tar_scm:backport-udev-builtin-input_id-don-t-label-absolute-mice-as-p.patch
Added
@@ -0,0 +1,69 @@ +From c6cdd3489f2abfd0a868ad5d8d42b166d7eec33f Mon Sep 17 00:00:00 2001 +From: Peter Hutterer <peter.hutterer@who-t.net> +Date: Wed, 23 Feb 2022 09:12:43 +1000 +Subject: PATCH udev-builtin-input_id: don't label absolute mice as pointing + sticks + +The Getac UX10 tablet exposes a "CUST0000:00 0EEF:C002 Mouse" device +with BTN_LEFT/RIGHT and ABS_X/Y on the i2c bus. This causes the builtin +to incorrectly label it as pointing stick (all i2c mice are +tagged as ID_INPUT_POINTING_STICK, see 3d7ac1c655ec4). + +Fix this by adding a separate variable for absolute pointing +devices like the VMmouse USB mouse or this Getac tablet - this way we +skip the pointing stick check. + +See https://gitlab.freedesktop.org/libinput/libinput/-/issues/743 +for recordings. + +(cherry picked from commit 8ac9ec4d5c210825759d515422d3e66c20615fc1) +(cherry picked from commit ea5701eb64ff40f915567ae4088ffb7efc0f4155) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/c6cdd3489f2abfd0a868ad5d8d42b166d7eec33f +--- + src/udev/udev-builtin-input_id.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/udev/udev-builtin-input_id.c b/src/udev/udev-builtin-input_id.c +index dda53b6da0..f62dffbc58 100644 +--- a/src/udev/udev-builtin-input_id.c ++++ b/src/udev/udev-builtin-input_id.c +@@ -168,6 +168,7 @@ static bool test_pointers(sd_device *dev, + bool finger_but_no_pen = false; + bool has_mouse_button = false; + bool is_mouse = false; ++ bool is_abs_mouse = false; + bool is_touchpad = false; + bool is_touchscreen = false; + bool is_tablet = false; +@@ -232,7 +233,7 @@ static bool test_pointers(sd_device *dev, + else if (has_mouse_button) + /* This path is taken by VMware's USB mouse, which has + * absolute axes, but no touch/pressure button. */ +- is_mouse = true; ++ is_abs_mouse = true; + else if (has_touch || is_direct) + is_touchscreen = true; + else if (has_joystick_axes_or_buttons) +@@ -264,7 +265,7 @@ static bool test_pointers(sd_device *dev, + + if (is_pointing_stick) + udev_builtin_add_property(dev, test, "ID_INPUT_POINTINGSTICK", "1"); +- if (is_mouse) ++ if (is_mouse || is_abs_mouse) + udev_builtin_add_property(dev, test, "ID_INPUT_MOUSE", "1"); + if (is_touchpad) + udev_builtin_add_property(dev, test, "ID_INPUT_TOUCHPAD", "1"); +@@ -277,7 +278,7 @@ static bool test_pointers(sd_device *dev, + if (is_tablet_pad) + udev_builtin_add_property(dev, test, "ID_INPUT_TABLET_PAD", "1"); + +- return is_tablet || is_mouse || is_touchpad || is_touchscreen || is_joystick || is_pointing_stick; ++ return is_tablet || is_mouse || is_abs_mouse || is_touchpad || is_touchscreen || is_joystick || is_pointing_stick; + } + + /* key like devices */ +-- +2.33.0 +
View file
_service:tar_scm:backport-udev-do-not-try-to-rename-interface-if-it-is-already.patch
Added
@@ -0,0 +1,49 @@ +From 214ea3a26e9cc5dda8530a45a71b052e75a250a4 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sun, 24 Oct 2021 20:43:34 +0900 +Subject: PATCH udev: do not try to rename interface if it is already up + +See dev_change_name() in kernel's net/core/dev.c. + +Fixes #21105. + +(cherry picked from commit 6681eb021a0b56ef0dc849e3b358a515ece16482) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/214ea3a26e9cc5dda8530a45a71b052e75a250a4 +--- + src/udev/udev-event.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c +index b28089be71..9854270b27 100644 +--- a/src/udev/udev-event.c ++++ b/src/udev/udev-event.c +@@ -828,6 +828,7 @@ int udev_event_spawn(UdevEvent *event, + static int rename_netif(UdevEvent *event) { + sd_device *dev = event->dev; + const char *oldname; ++ unsigned flags; + int ifindex, r; + + if (!event->name) +@@ -855,6 +856,16 @@ static int rename_netif(UdevEvent *event) { + return 0; + } + ++ r = rtnl_get_link_info(&event->rtnl, ifindex, NULL, &flags); ++ if (r < 0) ++ return log_device_warning_errno(dev, r, "Failed to get link flags: %m"); ++ ++ if (FLAGS_SET(flags, IFF_UP)) { ++ log_device_info(dev, "Network interface '%s' is already up, refusing to rename to '%s'.", ++ oldname, event->name); ++ return 0; ++ } ++ + /* Set ID_RENAMING boolean property here, and drop it in the corresponding move uevent later. */ + r = device_add_property(dev, "ID_RENAMING", "1"); + if (r < 0) +-- +2.33.0 +
View file
_service:tar_scm:backport-udev-fix-potential-memleak.patch
Changed
@@ -1,17 +1,21 @@ -From 4154524d47d24bcee3ebfed939912a847ebeb1b3 Mon Sep 17 00:00:00 2001 +From f4a8e2c2115fc901e588a1672f129e7e3371f5d7 Mon Sep 17 00:00:00 2001 From: Yu Watanabe <watanabe.yu+github@gmail.com> Date: Fri, 27 Aug 2021 17:27:26 +0900 Subject: PATCH udev: fix potential memleak +(cherry picked from commit 4154524d47d24bcee3ebfed939912a847ebeb1b3) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/f4a8e2c2115fc901e588a1672f129e7e3371f5d7 --- src/udev/udev-builtin-net_id.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c -index 0aede28f7d..9578fa00c3 100644 +index 92917852ba..2699a8929f 100644 --- a/src/udev/udev-builtin-net_id.c +++ b/src/udev/udev-builtin-net_id.c -@@ -101,7 +101,6 @@ static int get_virtfn_info(sd_device *dev, struct netnames *names, struct virtfn +@@ -103,7 +103,6 @@ static int get_virtfn_info(sd_device *dev, struct netnames *names, struct virtfn _cleanup_(sd_device_unrefp) sd_device *physfn_pcidev = NULL; const char *physfn_link_file, *syspath; _cleanup_free_ char *physfn_pci_syspath = NULL; @@ -19,7 +23,7 @@ struct dirent *dent; _cleanup_closedir_ DIR *dir = NULL; char suffixALTIFNAMSIZ; -@@ -132,7 +131,7 @@ static int get_virtfn_info(sd_device *dev, struct netnames *names, struct virtfn +@@ -134,7 +133,7 @@ static int get_virtfn_info(sd_device *dev, struct netnames *names, struct virtfn return -errno; FOREACH_DIRENT_ALL(dent, dir, break) { @@ -29,5 +33,5 @@ if (!startswith(dent->d_name, "virtfn")) continue; -- -2.27.0 +2.33.0
View file
_service:tar_scm:backport-udev-node-add-random-delay-on-conflict-in-updating-d.patch
Added
@@ -0,0 +1,64 @@ +From fca1dafcc29f123aadfd8a2bc5ebfc2468284a6a Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 1 Sep 2021 04:34:48 +0900 +Subject: PATCH udev-node: add random delay on conflict in updating device + node symlink + +To make multiple workers not update the same device node symlink +simultaneously. + +(cherry picked from commit 0063fa23a1384dd4385d03b568dc629916b7e72a) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/fca1dafcc29f123aadfd8a2bc5ebfc2468284a6a +--- + src/udev/udev-node.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c +index 2e7df899e4..d8edf39aec 100644 +--- a/src/udev/udev-node.c ++++ b/src/udev/udev-node.c +@@ -20,12 +20,14 @@ + #include "mkdir.h" + #include "parse-util.h" + #include "path-util.h" ++#include "random-util.h" + #include "selinux-util.h" + #include "smack-util.h" + #include "stat-util.h" + #include "stdio-util.h" + #include "string-util.h" + #include "strxcpyx.h" ++#include "time-util.h" + #include "udev-node.h" + #include "user-util.h" + +@@ -33,6 +35,8 @@ + #define LINK_UPDATE_MAX_RETRIES 128 + #define CREATE_STACK_LINK_MAX_RETRIES 128 + #define UPDATE_TIMESTAMP_MAX_RETRIES 128 ++#define MAX_RANDOM_DELAY (250 * USEC_PER_MSEC) ++#define MIN_RANDOM_DELAY ( 50 * USEC_PER_MSEC) + #define UDEV_NODE_HASH_KEY SD_ID128_MAKE(b9,6a,f1,ce,40,31,44,1a,9e,19,ec,8b,ae,f3,e3,2f) + + static int create_symlink(const char *target, const char *slink) { +@@ -447,6 +451,15 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { + _cleanup_free_ char *target = NULL; + struct stat st1 = {}, st2 = {}; + ++ if (i > 0) { ++ char bufFORMAT_TIMESPAN_MAX; ++ usec_t delay = MIN_RANDOM_DELAY + random_u64_range(MAX_RANDOM_DELAY - MIN_RANDOM_DELAY); ++ ++ log_device_debug(dev, "Directory %s was updated, retrying to update devlink %s after %s.", ++ dirname, slink, format_timespan(buf, sizeof(buf), delay, USEC_PER_MSEC)); ++ (void) usleep(delay); ++ } ++ + if (stat(dirname, &st1) < 0 && errno != ENOENT) + return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname); + +-- +2.33.0 +
View file
_service:tar_scm:backport-udev-node-always-atomically-create-symlink-to-device.patch
Added
@@ -0,0 +1,96 @@ +From 0116618b67980eeb8d82d09050087ed245630efe Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 1 Sep 2021 02:20:33 +0900 +Subject: PATCH udev-node: always atomically create symlink to device node + +By the previous commit, it is not necessary to distinguish if the devlink +already exists. Also, I cannot find any significant advantages of the +previous complecated logic, that is, first try to create directly, and then +fallback to atomically creation. Moreover, such logic increases the chance +of conflicts between multiple udev workers. + +This makes devlinks always created atomically. Hopefully, this reduces the +conflicts between the workers. + +(cherry picked from commit 242d39ebc1391f4734f6e63ff13764de92bc5f70) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/0116618b67980eeb8d82d09050087ed245630efe +--- + src/udev/udev-node.c | 42 +++++++++--------------------------------- + 1 file changed, 9 insertions(+), 33 deletions(-) + +diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c +index 1a34ea8128..46c04fe00b 100644 +--- a/src/udev/udev-node.c ++++ b/src/udev/udev-node.c +@@ -71,6 +71,13 @@ static int node_symlink(sd_device *dev, const char *node, const char *slink) { + assert(node); + assert(slink); + ++ if (lstat(slink, &stats) >= 0) { ++ if (!S_ISLNK(stats.st_mode)) ++ return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EEXIST), ++ "Conflicting inode '%s' found, link to '%s' will not be created.", slink, node); ++ } else if (errno != ENOENT) ++ return log_device_debug_errno(dev, errno, "Failed to lstat() '%s': %m", slink); ++ + r = path_extract_directory(slink, &slink_dirname); + if (r < 0) + return log_device_debug_errno(dev, r, "Failed to get parent directory of '%s': %m", slink); +@@ -80,41 +87,11 @@ static int node_symlink(sd_device *dev, const char *node, const char *slink) { + if (r < 0) + return log_device_debug_errno(dev, r, "Failed to get relative path from '%s' to '%s': %m", slink, node); + +- if (lstat(slink, &stats) >= 0) { +- _cleanup_free_ char *buf = NULL; +- +- if (!S_ISLNK(stats.st_mode)) +- return log_device_debug_errno(dev, SYNTHETIC_ERRNO(EEXIST), +- "Conflicting inode '%s' found, link to '%s' will not be created.", slink, node); +- +- if (readlink_malloc(slink, &buf) >= 0 && +- path_equal(target, buf)) { +- /* preserve link with correct target, do not replace node of other device */ +- log_device_debug(dev, "Preserve already existing symlink '%s' to '%s'", slink, target); +- +- (void) label_fix(slink, LABEL_IGNORE_ENOENT); +- (void) utimensat(AT_FDCWD, slink, NULL, AT_SYMLINK_NOFOLLOW); +- +- return 0; +- } +- } else if (errno == ENOENT) { +- log_device_debug(dev, "Creating symlink '%s' to '%s'", slink, target); +- +- r = create_symlink(target, slink); +- if (r >= 0) +- return 0; +- +- log_device_debug_errno(dev, r, "Failed to create symlink '%s' to '%s', trying to replace '%s': %m", slink, target, slink); +- } else +- return log_device_debug_errno(dev, errno, "Failed to lstat() '%s': %m", slink); +- +- log_device_debug(dev, "Atomically replace '%s'", slink); +- + r = device_get_device_id(dev, &id); + if (r < 0) + return log_device_debug_errno(dev, r, "Failed to get device id: %m"); +- slink_tmp = strjoina(slink, ".tmp-", id); + ++ slink_tmp = strjoina(slink, ".tmp-", id); + (void) unlink(slink_tmp); + + r = create_symlink(target, slink_tmp); +@@ -127,8 +104,7 @@ static int node_symlink(sd_device *dev, const char *node, const char *slink) { + return r; + } + +- /* Tell caller that we replaced already existing symlink. */ +- return 1; ++ return 0; + } + + static int link_find_prioritized(sd_device *dev, bool add, const char *stackdir, char **ret) { +-- +2.33.0 +
View file
_service:tar_scm:backport-udev-node-always-update-timestamp-of-stack-directory.patch
Added
@@ -0,0 +1,150 @@ +From bd4714982537b5fc08b82ccd5f20522231dd5bee Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 1 Sep 2021 12:57:40 +0900 +Subject: PATCH udev-node: always update timestamp of stack directory + +Please see the comments in the code. + +(cherry picked from commit 6df797f75fa08bb1a9e657001229bd47903e6174) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/bd4714982537b5fc08b82ccd5f20522231dd5bee +--- + src/udev/udev-node.c | 90 ++++++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 87 insertions(+), 3 deletions(-) + +diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c +index 5d6aae0bd4..0de848da19 100644 +--- a/src/udev/udev-node.c ++++ b/src/udev/udev-node.c +@@ -32,6 +32,7 @@ + #define CREATE_LINK_MAX_RETRIES 128 + #define LINK_UPDATE_MAX_RETRIES 128 + #define CREATE_STACK_LINK_MAX_RETRIES 128 ++#define UPDATE_TIMESTAMP_MAX_RETRIES 128 + #define UDEV_NODE_HASH_KEY SD_ID128_MAKE(b9,6a,f1,ce,40,31,44,1a,9e,19,ec,8b,ae,f3,e3,2f) + + static int create_symlink(const char *target, const char *slink) { +@@ -285,9 +286,60 @@ toolong: + return size - 1; + } + ++static int update_timestamp(sd_device *dev, const char *path, struct stat *prev) { ++ assert(path); ++ assert(prev); ++ ++ /* Even if a symlink in the stack directory is created/removed, the mtime of the directory may ++ * not be changed. Why? Let's consider the following situation. For simplicity, let's assume ++ * there exist three udev workers (A, B, and C) and all of them calls link_update() for the ++ * same devlink simultaneously. ++ * ++ * 1. B creates/removes a symlink in the stack directory. ++ * 2. A calls the first stat() in the loop of link_update(). ++ * 3. A calls link_find_prioritized(). ++ * 4. C creates/removes another symlink in the stack directory, so the result of the step 3 is outdated. ++ * 5. B and C finish link_update(). ++ * 6. A creates/removes devlink according to the outdated result in the step 3. ++ * 7. A calls the second stat() in the loop of link_update(). ++ * ++ * If these 7 steps are processed in this order within a short time period that kernel's timer ++ * does not increase, then even if the contents in the stack directory is changed, the results ++ * of two stat() called by A shows the same timestamp, and A cannot detect the change. ++ * ++ * By calling this function after creating/removing symlinks in the stack directory, the ++ * timestamp of the stack directory is always increased at least in the above step 5, so A can ++ * detect the update. */ ++ ++ if ((prev->st_mode & S_IFMT) == 0) ++ return 0; /* Does not exist, or previous stat() failed. */ ++ ++ for (unsigned i = 0; i < UPDATE_TIMESTAMP_MAX_RETRIES; i++) { ++ struct stat st; ++ ++ if (stat(path, &st) < 0) ++ return -errno; ++ ++ if (!stat_inode_unmodified(prev, &st)) ++ return 0; ++ ++ log_device_debug(dev, ++ "%s is modified, but its timestamp is not changed, " ++ "updating timestamp after 10ms.", ++ path); ++ ++ (void) usleep(10 * USEC_PER_MSEC); ++ if (utimensat(AT_FDCWD, path, NULL, 0) < 0) ++ return -errno; ++ } ++ ++ return -ELOOP; ++} ++ + static int update_stack_directory(sd_device *dev, const char *dirname, bool add) { + _cleanup_free_ char *filename = NULL, *data = NULL, *buf = NULL; + const char *devname, *id; ++ struct stat st = {}; + int priority, r; + + assert(dev); +@@ -302,10 +354,31 @@ static int update_stack_directory(sd_device *dev, const char *dirname, bool add) + return log_oom_debug(); + + if (!add) { +- if (unlink(filename) < 0 && errno != ENOENT) +- log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename); ++ bool unlink_failed = false; ++ ++ if (stat(dirname, &st) < 0) { ++ if (errno == ENOENT) ++ return 0; /* The stack directory is already removed. That's OK. */ ++ log_device_debug_errno(dev, errno, "Failed to stat %s, ignoring: %m", dirname); ++ } ++ ++ if (unlink(filename) < 0) { ++ unlink_failed = true; ++ if (errno != ENOENT) ++ log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename); ++ } ++ ++ if (rmdir(dirname) >= 0 || errno == ENOENT) ++ return 0; ++ ++ if (unlink_failed) ++ return 0; /* If we failed to remove the symlink, there is almost nothing we can do. */ ++ ++ /* The symlink was removed. Check if the timestamp of directory is changed. */ ++ r = update_timestamp(dev, dirname, &st); ++ if (r < 0 && r != -ENOENT) ++ return log_device_debug_errno(dev, r, "Failed to update timestamp of %s: %m", dirname); + +- (void) rmdir(dirname); + return 0; + } + +@@ -335,12 +408,23 @@ static int update_stack_directory(sd_device *dev, const char *dirname, bool add) + if (r < 0) + return log_device_debug_errno(dev, r, "Failed to create directory %s: %m", dirname); + ++ if (stat(dirname, &st) < 0) { ++ if (errno == ENOENT) ++ continue; ++ return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname); ++ } ++ + if (symlink(data, filename) < 0) { + if (errno == ENOENT) + continue; + return log_device_debug_errno(dev, errno, "Failed to create symbolic link %s: %m", filename); + } + ++ /* The symlink was created. Check if the timestamp of directory is changed. */ ++ r = update_timestamp(dev, dirname, &st); ++ if (r < 0) ++ return log_device_debug_errno(dev, r, "Failed to update timestamp of %s: %m", dirname); ++ + return 0; + } + +-- +2.33.0 +
View file
_service:tar_scm:backport-udev-node-assume-no-new-claim-to-a-symlink-if-run-ud.patch
Added
@@ -0,0 +1,38 @@ +From c9fce59c8f0c471a7a474c6a20cdc340fc53a48d Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Thu, 2 Sep 2021 06:58:59 +0900 +Subject: PATCH udev-node: assume no new claim to a symlink if + /run/udev/links is not updated + +During creating a symlink to a device node, if another device node which +requests the same symlink is added/removed, `stat_inode_unmodified()` +should always detects that. We do not need to continue the loop +unconditionally. + +(cherry picked from commit 8f27311eb2aec2411d1fb7d62e6c9d75d21ae8df) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/c9fce59c8f0c471a7a474c6a20cdc340fc53a48d +--- + src/udev/udev-node.c | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c +index 0de848da19..1a34ea8128 100644 +--- a/src/udev/udev-node.c ++++ b/src/udev/udev-node.c +@@ -491,11 +491,6 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { + r = node_symlink(dev, target, slink); + if (r < 0) + return r; +- if (r == 1) +- /* We have replaced already existing symlink, possibly there is some other device trying +- * to claim the same symlink. Let's do one more iteration to give us a chance to fix +- * the error if other device actually claims the symlink with higher priority. */ +- continue; + + /* Skip the second stat() if the first failed, stat_inode_unmodified() would return false regardless. */ + if ((st1.st_mode & S_IFMT) != 0) { +-- +2.33.0 +
View file
_service:tar_scm:backport-udev-node-check-stack-directory-change-even-if-devli.patch
Added
@@ -0,0 +1,48 @@ +From 982d13d4cfd1513bdbd74ceb8b256bad5cf679d5 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 1 Sep 2021 09:44:26 +0900 +Subject: PATCH udev-node: check stack directory change even if devlink is + removed + +Otherwise, when multiple device additions and removals occur +simultaneously, symlink to unexisting devnode may be created. + +Hopefully fixes #19946. + +(cherry picked from commit 1cd4e325693007b3628f1a27297f0ab7114b24b8) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/982d13d4cfd1513bdbd74ceb8b256bad5cf679d5 +--- + src/udev/udev-node.c | 15 ++++++--------- + 1 file changed, 6 insertions(+), 9 deletions(-) + +diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c +index 46c04fe00b..28e6e8df94 100644 +--- a/src/udev/udev-node.c ++++ b/src/udev/udev-node.c +@@ -468,15 +468,12 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { + if (r < 0) + return r; + +- /* Skip the second stat() if the first failed, stat_inode_unmodified() would return false regardless. */ +- if ((st1.st_mode & S_IFMT) != 0) { +- r = stat(dirname, &st2); +- if (r < 0 && errno != ENOENT) +- return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname); +- +- if (stat_inode_unmodified(&st1, &st2)) +- break; +- } ++ if (stat(dirname, &st2) < 0 && errno != ENOENT) ++ return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname); ++ ++ if (((st1.st_mode & S_IFMT) == 0 && (st2.st_mode & S_IFMT) == 0) || ++ stat_inode_unmodified(&st1, &st2)) ++ return 0; + } + + return i < LINK_UPDATE_MAX_RETRIES ? 0 : -ELOOP; +-- +2.33.0 +
View file
_service:tar_scm:backport-udev-node-do-not-ignore-unexpected-errors-on-removin.patch
Added
@@ -0,0 +1,63 @@ +From 4a0c4d21ca03ffb37da3b5203988156644e13c5e Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sun, 12 Sep 2021 16:14:27 +0900 +Subject: PATCH udev-node: do not ignore unexpected errors on removing + symlink in stack directory + +Only acceptable error here is -ENOENT. + +(cherry picked from commit 0706cdf4ec92d6bd40391da0e81a30d9bf851663) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/4a0c4d21ca03ffb37da3b5203988156644e13c5e +--- + src/udev/udev-node.c | 23 ++++++++++++++--------- + 1 file changed, 14 insertions(+), 9 deletions(-) + +diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c +index 4e4a45bbe9..d9309efa25 100644 +--- a/src/udev/udev-node.c ++++ b/src/udev/udev-node.c +@@ -334,25 +334,30 @@ static int update_stack_directory(sd_device *dev, const char *dirname, bool add) + return log_oom_debug(); + + if (!add) { +- bool unlink_failed = false; ++ int unlink_error = 0, stat_error = 0; + + if (stat(dirname, &st) < 0) { + if (errno == ENOENT) + return 0; /* The stack directory is already removed. That's OK. */ +- log_device_debug_errno(dev, errno, "Failed to stat %s, ignoring: %m", dirname); ++ stat_error = -errno; + } + +- if (unlink(filename) < 0) { +- unlink_failed = true; +- if (errno != ENOENT) +- log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename); +- } ++ if (unlink(filename) < 0) ++ unlink_error = -errno; + + if (rmdir(dirname) >= 0 || errno == ENOENT) + return 0; + +- if (unlink_failed) +- return 0; /* If we failed to remove the symlink, there is almost nothing we can do. */ ++ if (unlink_error < 0) { ++ if (unlink_error == -ENOENT) ++ return 0; ++ ++ /* If we failed to remove the symlink, then there is almost nothing we can do. */ ++ return log_device_debug_errno(dev, unlink_error, "Failed to remove %s: %m", filename); ++ } ++ ++ if (stat_error < 0) ++ return log_device_debug_errno(dev, stat_error, "Failed to stat %s: %m", dirname); + + /* The symlink was removed. Check if the timestamp of directory is changed. */ + r = update_timestamp(dev, dirname, &st); +-- +2.33.0 +
View file
_service:tar_scm:backport-udev-node-drop-redundant-trial-of-devlink-creation.patch
Added
@@ -0,0 +1,84 @@ +From 1df2313e201c39907653a99335b7d21db092fcbc Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 1 Sep 2021 09:29:42 +0900 +Subject: PATCH udev-node: drop redundant trial of devlink creation + +Previously, the devlink was created based on the priority saved in udev +database. So, we needed to reevaluate devlinks after database is saved. + +But now the priority is stored in the symlink under /run/udev/links, and +the loop of devlink creation is controlled with the timestamp of the +directory. So, the double evaluation is not necessary anymore. + +(cherry picked from commit 7920d0a135fb6a08aa0bfc31e9d0a3f589fe7a1f) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/1df2313e201c39907653a99335b7d21db092fcbc +--- + src/udev/udev-event.c | 5 +---- + src/udev/udev-node.c | 12 ++++-------- + 2 files changed, 5 insertions(+), 12 deletions(-) + +diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c +index 8320e96fe2..56fe0a43a7 100644 +--- a/src/udev/udev-event.c ++++ b/src/udev/udev-event.c +@@ -1071,10 +1071,7 @@ int udev_event_execute_rules( + + device_set_is_initialized(dev); + +- /* Yes, we run update_devnode() twice, because in the first invocation, that is before update of udev database, +- * it could happen that two contenders are replacing each other's symlink. Hence we run it again to make sure +- * symlinks point to devices that claim them with the highest priority. */ +- return update_devnode(event); ++ return 0; + } + + void udev_event_execute_run(UdevEvent *event, usec_t timeout_usec, int timeout_signal) { +diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c +index d8edf39aec..52816c72fd 100644 +--- a/src/udev/udev-node.c ++++ b/src/udev/udev-node.c +@@ -416,7 +416,7 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { + _cleanup_free_ char *slink = NULL, *dirname = NULL; + const char *slink_name; + char name_encNAME_MAX+1; +- int i, r, retries; ++ int r; + + assert(dev); + assert(slink_in); +@@ -443,11 +443,7 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { + if (r < 0) + return r; + +- /* If the database entry is not written yet we will just do one iteration and possibly wrong symlink +- * will be fixed in the second invocation. */ +- retries = sd_device_get_is_initialized(dev) > 0 ? LINK_UPDATE_MAX_RETRIES : 1; +- +- for (i = 0; i < retries; i++) { ++ for (unsigned i = 0; i < LINK_UPDATE_MAX_RETRIES; i++) { + _cleanup_free_ char *target = NULL; + struct stat st1 = {}, st2 = {}; + +@@ -473,7 +469,7 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { + log_device_debug_errno(dev, errno, "Failed to remove '%s', ignoring: %m", slink); + + (void) rmdir_parents(slink, "/dev"); +- break; ++ return 0; + } + + r = node_symlink(dev, target, slink); +@@ -488,7 +484,7 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { + return 0; + } + +- return i < LINK_UPDATE_MAX_RETRIES ? 0 : -ELOOP; ++ return -ELOOP; + } + + static int device_get_devpath_by_devnum(sd_device *dev, char **ret) { +-- +2.33.0 +
View file
_service:tar_scm:backport-udev-node-save-information-about-device-node-and-pri.patch
Added
@@ -0,0 +1,254 @@ +From 56c7e4c0873feba9809d4638d64132a61b43f995 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 1 Sep 2021 04:16:21 +0900 +Subject: PATCH udev-node: save information about device node and priority in + symlink + +Previously, we only store device IDs in /run/udev/links, and when +creating/removing device node symlink, we create sd_device object +corresponds to the IDs and read device node and priority from the +object. That requires parsing uevent and udev database files. + +This makes link_find_prioritized() get the most prioritzed device node +without parsing the files. + +(cherry picked from commit 377a83f0d80376456d9be203796f66f543a8b943) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/56c7e4c0873feba9809d4638d64132a61b43f995 +--- + src/udev/udev-node.c | 172 ++++++++++++++++++++++++++++++------------- + 1 file changed, 121 insertions(+), 51 deletions(-) + +diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c +index 4496a2bd9b..5d6aae0bd4 100644 +--- a/src/udev/udev-node.c ++++ b/src/udev/udev-node.c +@@ -18,6 +18,7 @@ + #include "fs-util.h" + #include "hexdecoct.h" + #include "mkdir.h" ++#include "parse-util.h" + #include "path-util.h" + #include "selinux-util.h" + #include "smack-util.h" +@@ -28,9 +29,9 @@ + #include "udev-node.h" + #include "user-util.h" + +-#define CREATE_LINK_MAX_RETRIES 128 +-#define LINK_UPDATE_MAX_RETRIES 128 +-#define TOUCH_FILE_MAX_RETRIES 128 ++#define CREATE_LINK_MAX_RETRIES 128 ++#define LINK_UPDATE_MAX_RETRIES 128 ++#define CREATE_STACK_LINK_MAX_RETRIES 128 + #define UDEV_NODE_HASH_KEY SD_ID128_MAKE(b9,6a,f1,ce,40,31,44,1a,9e,19,ec,8b,ae,f3,e3,2f) + + static int create_symlink(const char *target, const char *slink) { +@@ -175,39 +176,67 @@ static int link_find_prioritized(sd_device *dev, bool add, const char *stackdir, + return r; + + FOREACH_DIRENT_ALL(dent, dir, break) { +- _cleanup_(sd_device_unrefp) sd_device *dev_db = NULL; +- const char *devnode; +- int db_prio = 0; ++ _cleanup_free_ char *path = NULL, *buf = NULL; ++ int tmp_prio; + +- if (dent->d_name0 == '\0') +- break; + if (dent->d_name0 == '.') + continue; + +- log_device_debug(dev, "Found '%s' claiming '%s'", dent->d_name, stackdir); +- +- /* did we find ourself? */ ++ /* skip ourself */ + if (streq(dent->d_name, id)) + continue; + +- if (sd_device_new_from_device_id(&dev_db, dent->d_name) < 0) +- continue; ++ path = path_join(stackdir, dent->d_name); ++ if (!path) ++ return -ENOMEM; + +- if (sd_device_get_devname(dev_db, &devnode) < 0) +- continue; ++ if (readlink_malloc(path, &buf) >= 0) { ++ char *devnode; + +- if (device_get_devlink_priority(dev_db, &db_prio) < 0) +- continue; ++ /* New format. The devnode and priority can be obtained from symlink. */ + +- if (target && db_prio <= priority) +- continue; ++ devnode = strchr(buf, ':'); ++ if (!devnode || devnode == buf) ++ continue; + +- log_device_debug(dev_db, "Device claims priority %i for '%s'", db_prio, stackdir); ++ *(devnode++) = '\0'; ++ if (!path_startswith(devnode, "/dev")) ++ continue; + +- r = free_and_strdup(&target, devnode); +- if (r < 0) +- return r; +- priority = db_prio; ++ if (safe_atoi(buf, &tmp_prio) < 0) ++ continue; ++ ++ if (target && tmp_prio <= priority) ++ continue; ++ ++ r = free_and_strdup(&target, devnode); ++ if (r < 0) ++ return r; ++ } else { ++ _cleanup_(sd_device_unrefp) sd_device *tmp_dev = NULL; ++ const char *devnode; ++ ++ /* Old format. The devnode and priority must be obtained from uevent and ++ * udev database files. */ ++ ++ if (sd_device_new_from_device_id(&tmp_dev, dent->d_name) < 0) ++ continue; ++ ++ if (device_get_devlink_priority(tmp_dev, &tmp_prio) < 0) ++ continue; ++ ++ if (target && tmp_prio <= priority) ++ continue; ++ ++ if (sd_device_get_devname(tmp_dev, &devnode) < 0) ++ continue; ++ ++ r = free_and_strdup(&target, devnode); ++ if (r < 0) ++ return r; ++ } ++ ++ priority = tmp_prio; + } + + *ret = TAKE_PTR(target); +@@ -256,10 +285,72 @@ toolong: + return size - 1; + } + ++static int update_stack_directory(sd_device *dev, const char *dirname, bool add) { ++ _cleanup_free_ char *filename = NULL, *data = NULL, *buf = NULL; ++ const char *devname, *id; ++ int priority, r; ++ ++ assert(dev); ++ assert(dirname); ++ ++ r = device_get_device_id(dev, &id); ++ if (r < 0) ++ return log_device_debug_errno(dev, r, "Failed to get device id: %m"); ++ ++ filename = path_join(dirname, id); ++ if (!filename) ++ return log_oom_debug(); ++ ++ if (!add) { ++ if (unlink(filename) < 0 && errno != ENOENT) ++ log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename); ++ ++ (void) rmdir(dirname); ++ return 0; ++ } ++ ++ r = sd_device_get_devname(dev, &devname); ++ if (r < 0) ++ return log_device_debug_errno(dev, r, "Failed to get device node: %m"); ++ ++ r = device_get_devlink_priority(dev, &priority); ++ if (r < 0) ++ return log_device_debug_errno(dev, r, "Failed to get priority of device node symlink: %m"); ++ ++ if (asprintf(&data, "%i:%s", priority, devname) < 0) ++ return log_oom_debug(); ++ ++ if (readlink_malloc(filename, &buf) >= 0 && streq(buf, data)) ++ return 0; ++ ++ if (unlink(filename) < 0 && errno != ENOENT) ++ log_device_debug_errno(dev, errno, "Failed to remove %s, ignoring: %m", filename); ++ ++ for (unsigned j = 0; j < CREATE_STACK_LINK_MAX_RETRIES; j++) { ++ /* This may fail with -ENOENT when the parent directory is removed during ++ * creating the file by another udevd worker. */ ++ r = mkdir_p(dirname, 0755); ++ if (r == -ENOENT) ++ continue; ++ if (r < 0) ++ return log_device_debug_errno(dev, r, "Failed to create directory %s: %m", dirname); ++ ++ if (symlink(data, filename) < 0) { ++ if (errno == ENOENT) ++ continue; ++ return log_device_debug_errno(dev, errno, "Failed to create symbolic link %s: %m", filename); ++ } ++ ++ return 0; ++ } ++
View file
_service:tar_scm:backport-udev-node-shorten-code-a-bit-and-update-log-message.patch
Added
@@ -0,0 +1,36 @@ +From f27b7c3d26bf90cad9348e7c31a2db4eb3cac42e Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Thu, 2 Sep 2021 08:23:35 +0900 +Subject: PATCH udev-node: shorten code a bit and update log message + +(cherry picked from commit 8424da2de88ceeed7be8544fb69221f0b0ea84ea) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/f27b7c3d26bf90cad9348e7c31a2db4eb3cac42e +--- + src/udev/udev-node.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c +index 28e6e8df94..2e7df899e4 100644 +--- a/src/udev/udev-node.c ++++ b/src/udev/udev-node.c +@@ -447,13 +447,12 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { + _cleanup_free_ char *target = NULL; + struct stat st1 = {}, st2 = {}; + +- r = stat(dirname, &st1); +- if (r < 0 && errno != ENOENT) ++ if (stat(dirname, &st1) < 0 && errno != ENOENT) + return log_device_debug_errno(dev, errno, "Failed to stat %s: %m", dirname); + + r = link_find_prioritized(dev, add, dirname, &target); + if (r < 0) +- return log_device_debug_errno(dev, r, "Failed to determine highest priority for symlink '%s': %m", slink); ++ return log_device_debug_errno(dev, r, "Failed to determine device node with the highest priority for '%s': %m", slink); + if (r == 0) { + log_device_debug(dev, "No reference left for '%s', removing", slink); + +-- +2.33.0 +
View file
_service:tar_scm:backport-udev-node-simplify-the-example-of-race.patch
Added
@@ -0,0 +1,40 @@ +From 76e4e1df71fc26acd2aa2ef2d599da3cdd95a014 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sun, 12 Sep 2021 16:05:51 +0900 +Subject: PATCH udev-node: simplify the example of race + +(cherry picked from commit 3df566a66723490914ef3bae0ca8046044b70dce) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/76e4e1df71fc26acd2aa2ef2d599da3cdd95a014 +--- + src/udev/udev-node.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c +index 52816c72fd..4e4a45bbe9 100644 +--- a/src/udev/udev-node.c ++++ b/src/udev/udev-node.c +@@ -272,14 +272,14 @@ static int update_timestamp(sd_device *dev, const char *path, struct stat *prev) + + /* Even if a symlink in the stack directory is created/removed, the mtime of the directory may + * not be changed. Why? Let's consider the following situation. For simplicity, let's assume +- * there exist three udev workers (A, B, and C) and all of them calls link_update() for the +- * same devlink simultaneously. ++ * there exist two udev workers (A and B) and all of them calls link_update() for the same ++ * devlink simultaneously. + * +- * 1. B creates/removes a symlink in the stack directory. ++ * 1. A creates/removes a symlink in the stack directory. + * 2. A calls the first stat() in the loop of link_update(). + * 3. A calls link_find_prioritized(). +- * 4. C creates/removes another symlink in the stack directory, so the result of the step 3 is outdated. +- * 5. B and C finish link_update(). ++ * 4. B creates/removes another symlink in the stack directory, so the result of the step 3 is outdated. ++ * 5. B finishes link_update(). + * 6. A creates/removes devlink according to the outdated result in the step 3. + * 7. A calls the second stat() in the loop of link_update(). + * +-- +2.33.0 +
View file
_service:tar_scm:backport-udev-node-split-out-permission-handling-from-udev_no.patch
Added
@@ -0,0 +1,309 @@ +From 7534eb17595810512574e930eb114b49ec1d3675 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 1 Sep 2021 09:24:15 +0900 +Subject: PATCH udev-node: split out permission handling from udev_node_add() + +And then merge udev_node_add() and udev_node_update_old_links(). + +(cherry picked from commit 2f48561e0db3cd63f65e9311b4d69282b4ac605d) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/7534eb17595810512574e930eb114b49ec1d3675 +--- + src/udev/udev-event.c | 9 +- + src/udev/udev-node.c | 204 +++++++++++++++++++----------------------- + src/udev/udev-node.h | 12 ++- + 3 files changed, 106 insertions(+), 119 deletions(-) + +diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c +index 9854270b27..8320e96fe2 100644 +--- a/src/udev/udev-event.c ++++ b/src/udev/udev-event.c +@@ -906,9 +906,6 @@ static int update_devnode(UdevEvent *event) { + if (r < 0) + return log_device_error_errno(dev, r, "Failed to get devnum: %m"); + +- /* remove/update possible left-over symlinks from old database entry */ +- (void) udev_node_update_old_links(dev, event->dev_db_clone); +- + if (!uid_is_valid(event->uid)) { + r = device_get_devnode_uid(dev, &event->uid); + if (r < 0 && r != -ENOENT) +@@ -932,7 +929,11 @@ static int update_devnode(UdevEvent *event) { + + bool apply_mac = device_for_action(dev, SD_DEVICE_ADD); + +- return udev_node_add(dev, apply_mac, event->mode, event->uid, event->gid, event->seclabel_list); ++ r = udev_node_apply_permissions(dev, apply_mac, event->mode, event->uid, event->gid, event->seclabel_list); ++ if (r < 0) ++ return log_device_error_errno(dev, r, "Failed to apply devnode permissions: %m"); ++ ++ return udev_node_update(dev, event->dev_db_clone); + } + + static int event_execute_rules_on_remove( +diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c +index 9e52906571..7cc9ee3670 100644 +--- a/src/udev/udev-node.c ++++ b/src/udev/udev-node.c +@@ -356,45 +356,117 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { + return i < LINK_UPDATE_MAX_RETRIES ? 0 : -ELOOP; + } + +-int udev_node_update_old_links(sd_device *dev, sd_device *dev_old) { +- const char *name; ++static int device_get_devpath_by_devnum(sd_device *dev, char **ret) { ++ const char *subsystem; ++ dev_t devnum; ++ int r; ++ ++ assert(dev); ++ assert(ret); ++ ++ r = sd_device_get_subsystem(dev, &subsystem); ++ if (r < 0) ++ return r; ++ ++ r = sd_device_get_devnum(dev, &devnum); ++ if (r < 0) ++ return r; ++ ++ return device_path_make_major_minor(streq(subsystem, "block") ? S_IFBLK : S_IFCHR, devnum, ret); ++} ++ ++int udev_node_update(sd_device *dev, sd_device *dev_old) { ++ _cleanup_free_ char *filename = NULL; ++ const char *devnode, *devlink; + int r; + + assert(dev); + assert(dev_old); + +- /* update possible left-over symlinks */ +- FOREACH_DEVICE_DEVLINK(dev_old, name) { +- const char *name_current; +- bool found = false; ++ r = sd_device_get_devname(dev, &devnode); ++ if (r < 0) ++ return log_device_debug_errno(dev, r, "Failed to get devnode: %m"); + +- /* check if old link name still belongs to this device */ +- FOREACH_DEVICE_DEVLINK(dev, name_current) +- if (streq(name, name_current)) { +- found = true; +- break; +- } ++ if (DEBUG_LOGGING) { ++ const char *id = NULL; + +- if (found) ++ (void) device_get_device_id(dev, &id); ++ log_device_debug(dev, "Handling device node '%s', devnum=%s", devnode, strna(id)); ++ } ++ ++ /* update possible left-over symlinks */ ++ FOREACH_DEVICE_DEVLINK(dev_old, devlink) { ++ /* check if old link name still belongs to this device */ ++ if (device_has_devlink(dev, devlink)) + continue; + + log_device_debug(dev, +- "Updating old device symlink '%s', which is no longer belonging to this device.", +- name); ++ "Removing/updating old device symlink '%s', which is no longer belonging to this device.", ++ devlink); + +- r = link_update(dev, name, false); ++ r = link_update(dev, devlink, /* add = */ false); + if (r < 0) + log_device_warning_errno(dev, r, +- "Failed to update device symlink '%s', ignoring: %m", +- name); ++ "Failed to remove/update device symlink '%s', ignoring: %m", ++ devlink); + } + ++ /* create/update symlinks, add symlinks to name index */ ++ FOREACH_DEVICE_DEVLINK(dev, devlink) { ++ r = link_update(dev, devlink, /* add = */ true); ++ if (r < 0) ++ log_device_warning_errno(dev, r, ++ "Failed to create/update device symlink '%s', ignoring: %m", ++ devlink); ++ } ++ ++ r = device_get_devpath_by_devnum(dev, &filename); ++ if (r < 0) ++ return log_device_debug_errno(dev, r, "Failed to get device path: %m"); ++ ++ /* always add /dev/{block,char}/$major:$minor */ ++ r = node_symlink(dev, devnode, filename); ++ if (r < 0) ++ return log_device_warning_errno(dev, r, "Failed to create device symlink '%s': %m", filename); ++ ++ return 0; ++} ++ ++int udev_node_remove(sd_device *dev) { ++ _cleanup_free_ char *filename = NULL; ++ const char *devlink; ++ int r; ++ ++ assert(dev); ++ ++ /* remove/update symlinks, remove symlinks from name index */ ++ FOREACH_DEVICE_DEVLINK(dev, devlink) { ++ r = link_update(dev, devlink, /* add = */ false); ++ if (r < 0) ++ log_device_warning_errno(dev, r, ++ "Failed to remove/update device symlink '%s', ignoring: %m", ++ devlink); ++ } ++ ++ r = device_get_devpath_by_devnum(dev, &filename); ++ if (r < 0) ++ return log_device_debug_errno(dev, r, "Failed to get device path: %m"); ++ ++ /* remove /dev/{block,char}/$major:$minor */ ++ if (unlink(filename) < 0 && errno != ENOENT) ++ return log_device_debug_errno(dev, errno, "Failed to remove '%s': %m", filename); ++ + return 0; + } + +-static int node_permissions_apply(sd_device *dev, bool apply_mac, +- mode_t mode, uid_t uid, gid_t gid, +- OrderedHashmap *seclabel_list) { ++int udev_node_apply_permissions( ++ sd_device *dev, ++ bool apply_mac, ++ mode_t mode, ++ uid_t uid, ++ gid_t gid, ++ OrderedHashmap *seclabel_list) { ++ + const char *devnode, *subsystem, *id = NULL; + bool apply_mode, apply_uid, apply_gid; + _cleanup_close_ int node_fd = -1; +@@ -511,95 +583,5 @@ static int node_permissions_apply(sd_device *dev, bool apply_mac, + if (r < 0) + log_device_debug_errno(dev, r, "Failed to adjust timestamp of node %s: %m", devnode); + +- return r; +-} +- +-static int xsprintf_dev_num_path_from_sd_device(sd_device *dev, char **ret) { +- const char *subsystem; +- dev_t devnum; +- int r; +-
View file
_service:tar_scm:backport-udev-node-stack-directory-must-exist-when-adding-dev.patch
Added
@@ -0,0 +1,40 @@ +From f16172aeb2349dab0f73a4651f31cd025faab6b7 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 1 Sep 2021 04:14:42 +0900 +Subject: PATCH udev-node: stack directory must exist when adding device node + symlink + +(cherry picked from commit 46070dbf26435ba0def099121f46a6253f3f19b6) + +Conflict:NA +Reference:https://github.com/systemd/systemd-stable/commit/f16172aeb2349dab0f73a4651f31cd025faab6b7 +--- + src/udev/udev-node.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c +index 7cc9ee3670..4496a2bd9b 100644 +--- a/src/udev/udev-node.c ++++ b/src/udev/udev-node.c +@@ -161,12 +161,13 @@ static int link_find_prioritized(sd_device *dev, bool add, const char *stackdir, + + dir = opendir(stackdir); + if (!dir) { +- if (errno == ENOENT) { +- *ret = TAKE_PTR(target); +- return !!*ret; +- } ++ if (add) /* The stack directory must exist. */ ++ return -errno; ++ if (errno != ENOENT) ++ return -errno; + +- return -errno; ++ *ret = NULL; ++ return 0; + } + + r = device_get_device_id(dev, &id); +-- +2.33.0 +
View file
_service:tar_scm:backport-udev-support-by-path-devlink-for-multipath-nvme-bloc.patch
Added
@@ -0,0 +1,132 @@ +From 67c3e1f63a5221b47a8fea85ae421671f29f3b7e Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 21 Sep 2022 02:26:42 +0900 +Subject: PATCH udev: support by-path devlink for multipath nvme block + devices + +If multipath feature is enabled, nvme block devices may belong to the +"nvme-subsystem" subsystem, instead of "nvme" subsystem. +(What a confusing name...) + +Then, the syspath is something like the following, + /sys/devices/virtual/nvme-subsystem/nvme-subsys0/nvme0n1 +Hence, we need to find the 'real parent' device, such as + /sys/devices/pci0000:00/0000:00:1c.4/0000:3c:00.0/nvme/nvme0 + +Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2031810. +Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2124964. +Replaces #24748. + +Conflict:different code contexts, manual synchronization path, and include patch 6209bb and f4a449 to fix coredump in 67c3e1f +Reference:https://github.com/systemd/systemd/commit/67c3e1f63a5221b47a8fea85ae421671f29f3b7e +--- + rules.d/60-persistent-storage.rules | 1 + + src/udev/udev-builtin-path_id.c | 61 +++++++++++++++++++++++++---- + 2 files changed, 54 insertions(+), 8 deletions(-) + +diff --git a/rules.d/60-persistent-storage.rules b/rules.d/60-persistent-storage.rules +index 03f0a619dc..64a2409196 100644 +--- a/rules.d/60-persistent-storage.rules ++++ b/rules.d/60-persistent-storage.rules +@@ -88,6 +88,7 @@ KERNEL=="msblk0-9p0-9|mspblk0-9p0-9", ENV{ID_NAME}=="?*", ENV{ID_SERIAL} + + # by-path + ENV{DEVTYPE}=="disk", DEVPATH!="*/virtual/*", IMPORT{builtin}="path_id" ++ENV{DEVTYPE}=="disk", SUBSYSTEMS=="nvme-subsystem", IMPORT{builtin}="path_id" + KERNEL=="mmcblk0-9boot0-9", ENV{DEVTYPE}=="disk", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}-boot%n" + KERNEL!="mmcblk0-9boot0-9", ENV{DEVTYPE}=="disk", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}" + ENV{DEVTYPE}=="partition", ENV{ID_PATH}=="?*", SYMLINK+="disk/by-path/$env{ID_PATH}-part%n" +diff --git a/src/udev/udev-builtin-path_id.c b/src/udev/udev-builtin-path_id.c +index ce7bc5caf0..7ec2e94583 100644 +--- a/src/udev/udev-builtin-path_id.c ++++ b/src/udev/udev-builtin-path_id.c +@@ -543,19 +543,55 @@ static sd_device *handle_ap(sd_device *parent, char **path) { + return skip_subsystem(parent, "ap"); + } + ++static int find_real_nvme_parent(sd_device *dev, sd_device **ret) { ++ _cleanup_(sd_device_unrefp) sd_device *nvme = NULL; ++ const char *sysname, *end; ++ int r; ++ ++ /* If the device belongs to "nvme-subsystem" (not to be confused with "nvme"), which happens when ++ * NVMe multipathing is enabled in the kernel (/sys/module/nvme_core/parameters/multipath is Y), ++ * then the syspath is something like the following: ++ * /sys/devices/virtual/nvme-subsystem/nvme-subsys0/nvme0n1 ++ * Hence, we need to find the 'real parent' in "nvme" subsystem, e.g, ++ * /sys/devices/pci0000:00/0000:00:1c.4/0000:3c:00.0/nvme/nvme0 */ ++ ++ assert(dev); ++ assert(ret); ++ ++ r = sd_device_get_sysname(dev, &sysname); ++ if (r < 0) ++ return r; ++ ++ /* The sysname format of nvme block device is nvme%dc%dn%dp%d, e.g. nvme0n1p2 or nvme0c1n2. ++ * (Note, nvme device with 'c' can be ignored, as they are hidden. ) ++ * The sysname format of nvme subsystem device is nvme%d. ++ * See nvme_alloc_ns() and nvme_init_ctrl() in drivers/nvme/host/core.c for more details. */ ++ end = startswith(sysname, "nvme"); ++ if (!end) ++ return -ENXIO; ++ ++ end += strspn(end, DIGITS); ++ sysname = strndupa(sysname, end - sysname); ++ ++ r = sd_device_new_from_subsystem_sysname(&nvme, "nvme", sysname); ++ if (r < 0) ++ return r; ++ ++ *ret = TAKE_PTR(nvme); ++ return 0; ++} ++ + static int builtin_path_id(sd_device *dev, int argc, char *argv, bool test) { +- sd_device *parent; +- _cleanup_free_ char *path = NULL; +- _cleanup_free_ char *compat_path = NULL; +- bool supported_transport = false; +- bool supported_parent = false; ++ _cleanup_(sd_device_unrefp) sd_device *dev_other_branch = NULL; ++ _cleanup_free_ char *path = NULL, *compat_path = NULL; ++ bool supported_transport = false, supported_parent = false; + const char *subsystem; ++ int r; + + assert(dev); + + /* walk up the chain of devices and compose path */ +- parent = dev; +- while (parent) { ++ for (sd_device *parent = dev; parent; ) { + const char *subsys, *sysname; + + if (sd_device_get_subsystem(parent, &subsys) < 0 || +@@ -642,13 +678,22 @@ static int builtin_path_id(sd_device *dev, sd_netlink **rtnl, int argc, char *ar + parent = skip_subsystem(parent, "iucv"); + supported_transport = true; + supported_parent = true; +- } else if (streq(subsys, "nvme")) { ++ } else if (STR_IN_SET(subsys, "nvme", "nvme-subsystem")) { + const char *nsid; + + if (sd_device_get_sysattr_value(dev, "nsid", &nsid) >= 0) { + path_prepend(&path, "nvme-%s", nsid); + if (compat_path) + path_prepend(&compat_path, "nvme-%s", nsid); ++ ++ if (streq(subsys, "nvme-subsystem")) { ++ r = find_real_nvme_parent(dev, &dev_other_branch); ++ if (r < 0) ++ return r; ++ ++ parent = dev_other_branch; ++ } ++ + parent = skip_subsystem(parent, "nvme"); + supported_parent = true; + supported_transport = true; +-- +2.33.0 +
View file
_service:tar_scm:backport-udev-when-setting-up-lo-do-not-return-an-error.patch
Added
@@ -0,0 +1,56 @@ +From 5f2582e23f10b46052c7f83b85c1f85184b4cd0f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Mon, 26 Jul 2021 11:46:12 +0200 +Subject: PATCH udev: when setting up lo, do not return an error + +From #20300: +> commit 70f32a260b5ebb68c19ecadf5d69b3844896ba55 +> Author: Yu Watanabe <watanabe.yu+github@gmail.com> +> Date: Sun May 23 16:59:40 2021 +0900 + +> udev/net: do not manage loopback interfaces + +> There are nothing we can configure in udevd for loopback interfaces; +> no ethertool configs can be applied, MAC address, interface name should + +> introduced a regression for 'udevadm test-builtin net_setup_link /sys/class/net/lo/'. +> Prior to this commit this command would exit with 0 whereas after this commit +> it exists with 1. This causes cloud-init on Archlinux to fail as this command +> is run by it and likely also netplan to have networkd rescan and re-apply a +> bunch of things on NICs. + +I think it's reasonable to keep returning 0 here: we are intentatinally doing +nothing for the device, and that is not an error, but a (noop) success. + +Fixes #20300. + +(cherry picked from commit b4f0261337c91157231452b5a258799391d7ae51) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/5f2582e23f10b46052c7f83b85c1f85184b4cd0f +--- + src/udev/udev-builtin-net_setup_link.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/udev/udev-builtin-net_setup_link.c b/src/udev/udev-builtin-net_setup_link.c +index d40251331c..5964e30bf1 100644 +--- a/src/udev/udev-builtin-net_setup_link.c ++++ b/src/udev/udev-builtin-net_setup_link.c +@@ -28,10 +28,12 @@ static int builtin_net_setup_link(sd_device *dev, int argc, char **argv, bool te + + r = link_config_get(ctx, dev, &link); + if (r < 0) { +- if (r == -ENOENT) +- return log_device_debug_errno(dev, r, "No matching link configuration found."); + if (r == -ENODEV) + return log_device_debug_errno(dev, r, "Link vanished while searching for configuration for it."); ++ if (r == -ENOENT) { ++ log_device_debug_errno(dev, r, "No matching link configuration found, ignoring device."); ++ return 0; ++ } + + return log_device_error_errno(dev, r, "Failed to get link config: %m"); + } +-- +2.33.0 +
View file
_service:tar_scm:backport-udevadm-cleanup-db-don-t-delete-information-for-kept.patch
Added
@@ -0,0 +1,123 @@ +From 7a23db67795b6583028b7d7c0d5d8ef63c67d8c9 Mon Sep 17 00:00:00 2001 +From: Martin Wilck <mwilck@suse.com> +Date: Thu, 20 Jan 2022 14:31:45 +0100 +Subject: PATCH udevadm: cleanup-db: don't delete information for kept db + entries + +devices with the db_persist property won't be deleted during database +cleanup. This applies to dm and md devices in particular. +For such devices, we should also keep the files under /run/udev/links, +/run/udev/tags, and /run/udev/watch, to make sure that after restart, +udevd has the same information about the devices as it did before +the cleanup. + +If we don't do this, a lower-priority device that is discovered in +the coldplug phase may take over symlinks from a device that persisted. +Not removing the watches also enables udevd to resume watching a device +after restart. + +Signed-off-by: Martin Wilck <mwilck@suse.com> +(cherry picked from commit 7ec624147a41d80f8e492c9fe19a24e2cda58c25) +(cherry picked from commit ef7ceef26adb714ef44b2fbc07a219c05a012b42) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/7a23db67795b6583028b7d7c0d5d8ef63c67d8c9 +--- + src/udev/udevadm-info.c | 64 +++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 61 insertions(+), 3 deletions(-) + +diff --git a/src/udev/udevadm-info.c b/src/udev/udevadm-info.c +index f05363150e..3314d6335e 100644 +--- a/src/udev/udevadm-info.c ++++ b/src/udev/udevadm-info.c +@@ -248,6 +248,64 @@ static void cleanup_dir(DIR *dir, mode_t mask, int depth) { + } + } + ++/* ++ * Assume that dir is a directory with file names matching udev data base ++ * entries for devices in /run/udev/data (such as "b8:16"), and removes ++ * all files except those that haven't been deleted in /run/udev/data ++ * (i.e. they were skipped during db cleanup because of the db_persist flag). ++ * Returns true if the directory is empty after cleanup. ++ */ ++static bool cleanup_dir_after_db_cleanup(DIR *dir, DIR *datadir) { ++ unsigned int kept = 0; ++ struct dirent *dent; ++ ++ assert(dir && datadir); ++ ++ FOREACH_DIRENT_ALL(dent, dir, break) { ++ struct stat data_stats, link_stats; ++ ++ if (dot_or_dot_dot(dent->d_name)) ++ continue; ++ if (fstatat(dirfd(dir), dent->d_name, &link_stats, AT_SYMLINK_NOFOLLOW) < 0) { ++ if (errno != ENOENT) ++ kept++; ++ continue; ++ } ++ ++ if (fstatat(dirfd(datadir), dent->d_name, &data_stats, 0) < 0) ++ (void) unlinkat(dirfd(dir), dent->d_name, ++ S_ISDIR(link_stats.st_mode) ? AT_REMOVEDIR : 0); ++ else ++ /* The entry still exists under /run/udev/data */ ++ kept++; ++ } ++ ++ return kept == 0; ++} ++ ++static void cleanup_dirs_after_db_cleanup(DIR *dir, DIR *datadir) { ++ struct dirent *dent; ++ ++ assert(dir && datadir); ++ ++ FOREACH_DIRENT_ALL(dent, dir, break) { ++ struct stat stats; ++ ++ if (dot_or_dot_dot(dent->d_name)) ++ continue; ++ if (fstatat(dirfd(dir), dent->d_name, &stats, AT_SYMLINK_NOFOLLOW) < 0) ++ continue; ++ if (S_ISDIR(stats.st_mode)) { ++ _cleanup_closedir_ DIR *dir2 = NULL; ++ ++ dir2 = fdopendir(openat(dirfd(dir), dent->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC)); ++ if (dir2 && cleanup_dir_after_db_cleanup(dir2, datadir)) ++ (void) unlinkat(dirfd(dir), dent->d_name, AT_REMOVEDIR); ++ } else ++ (void) unlinkat(dirfd(dir), dent->d_name, 0); ++ } ++} ++ + static void cleanup_db(void) { + _cleanup_closedir_ DIR *dir1 = NULL, *dir2 = NULL, *dir3 = NULL, *dir4 = NULL, *dir5 = NULL; + +@@ -257,11 +315,11 @@ static void cleanup_db(void) { + + dir2 = opendir("/run/udev/links"); + if (dir2) +- cleanup_dir(dir2, 0, 2); ++ cleanup_dirs_after_db_cleanup(dir2, dir1); + + dir3 = opendir("/run/udev/tags"); + if (dir3) +- cleanup_dir(dir3, 0, 2); ++ cleanup_dirs_after_db_cleanup(dir3, dir1); + + dir4 = opendir("/run/udev/static_node-tags"); + if (dir4) +@@ -269,7 +327,7 @@ static void cleanup_db(void) { + + dir5 = opendir("/run/udev/watch"); + if (dir5) +- cleanup_dir(dir5, 0, 1); ++ cleanup_dir_after_db_cleanup(dir5, dir1); + } + + static int query_device(QueryType query, sd_device* device) { +-- +2.33.0 +
View file
_service:tar_scm:backport-udevadm-cleanup_dir-use-dot_or_dot_dot.patch
Added
@@ -0,0 +1,41 @@ +From 75ff2fb73ed545d0427aea251fae6d55124f0e7c Mon Sep 17 00:00:00 2001 +From: Martin Wilck <mwilck@suse.com> +Date: Fri, 21 Jan 2022 10:44:26 +0100 +Subject: PATCH udevadm: cleanup_dir: use dot_or_dot_dot() + +which is safer than just checking dent0. +Also, fix two style issues. + +(cherry picked from commit 28d6e8545151d413f8614db9fa790f9f9edbb045) +(cherry picked from commit 494e3c0def197abd4ec88f7b0c3ba331a708d81e) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/75ff2fb73ed545d0427aea251fae6d55124f0e7c +--- + src/udev/udevadm-info.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/udev/udevadm-info.c b/src/udev/udevadm-info.c +index fa7f04f14c..f05363150e 100644 +--- a/src/udev/udevadm-info.c ++++ b/src/udev/udevadm-info.c +@@ -224,12 +224,14 @@ static void cleanup_dir(DIR *dir, mode_t mask, int depth) { + if (depth <= 0) + return; + ++ assert(dir); ++ + FOREACH_DIRENT_ALL(dent, dir, break) { + struct stat stats; + +- if (dent->d_name0 == '.') ++ if (dot_or_dot_dot(dent->d_name)) + continue; +- if (fstatat(dirfd(dir), dent->d_name, &stats, AT_SYMLINK_NOFOLLOW) != 0) ++ if (fstatat(dirfd(dir), dent->d_name, &stats, AT_SYMLINK_NOFOLLOW) < 0) + continue; + if ((stats.st_mode & mask) != 0) + continue; +-- +2.33.0 +
View file
_service:tar_scm:backport-umask-util-add-helper-that-resets-umask-until-end-of.patch
Added
@@ -0,0 +1,117 @@ +From 77cfa37459fbd350c67c08597aaa5cc098fcc1ee Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Fri, 12 Nov 2021 11:06:46 +0100 +Subject: PATCH umask-util: add helper that resets umask until end of current + code block + +(cherry picked from commit 52f05ef21d7790f37bc3cd6e54fb9a4bcb16efa5) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/77cfa37459fbd350c67c08597aaa5cc098fcc1ee +--- + src/basic/umask-util.h | 3 +++ + src/nspawn/nspawn.c | 9 +++------ + src/shared/dev-setup.c | 3 +-- + src/test/test-fs-util.c | 3 ++- + 4 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/src/basic/umask-util.h b/src/basic/umask-util.h +index bd7c2bdb8c..90d18f70ba 100644 +--- a/src/basic/umask-util.h ++++ b/src/basic/umask-util.h +@@ -24,3 +24,6 @@ assert_cc((S_IFMT & 0777) == 0); + for (_cleanup_umask_ mode_t _saved_umask_ = umask(mask) | S_IFMT; \ + FLAGS_SET(_saved_umask_, S_IFMT); \ + _saved_umask_ &= 0777) ++ ++#define BLOCK_WITH_UMASK(mask) \ ++ _unused_ _cleanup_umask_ mode_t _saved_umask_ = umask(mask); +diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c +index 575b9da447..1c468b310f 100644 +--- a/src/nspawn/nspawn.c ++++ b/src/nspawn/nspawn.c +@@ -2201,13 +2201,12 @@ static int copy_devnodes(const char *dest) { + "tty\0" + "net/tun\0"; + +- _cleanup_umask_ mode_t u; + const char *d; + int r = 0; + + assert(dest); + +- u = umask(0000); ++ BLOCK_WITH_UMASK(0000); + + /* Create /dev/net, so that we can create /dev/net/tun in it */ + if (userns_mkdir(dest, "/dev/net", 0755, 0, 0) < 0) +@@ -2284,11 +2283,10 @@ static int copy_devnodes(const char *dest) { + } + + static int make_extra_nodes(const char *dest) { +- _cleanup_umask_ mode_t u; + size_t i; + int r; + +- u = umask(0000); ++ BLOCK_WITH_UMASK(0000); + + for (i = 0; i < arg_n_extra_nodes; i++) { + _cleanup_free_ char *path = NULL; +@@ -2485,12 +2483,11 @@ static int setup_kmsg(int kmsg_socket) { + _cleanup_(unlink_and_freep) char *from = NULL; + _cleanup_free_ char *fifo = NULL; + _cleanup_close_ int fd = -1; +- _cleanup_umask_ mode_t u; + int r; + + assert(kmsg_socket >= 0); + +- u = umask(0000); ++ BLOCK_WITH_UMASK(0000); + + /* We create the kmsg FIFO as as temporary file in /run, but immediately delete it after bind mounting it to + * /proc/kmsg. While FIFOs on the reading side behave very similar to /proc/kmsg, their writing side behaves +diff --git a/src/shared/dev-setup.c b/src/shared/dev-setup.c +index b788b06913..0390abbfdc 100644 +--- a/src/shared/dev-setup.c ++++ b/src/shared/dev-setup.c +@@ -81,13 +81,12 @@ int make_inaccessible_nodes( + { "inaccessible/blk", S_IFBLK | 0000 }, + }; + +- _cleanup_umask_ mode_t u; + int r; + + if (!parent_dir) + parent_dir = "/run/systemd"; + +- u = umask(0000); ++ BLOCK_WITH_UMASK(0000); + + /* Set up inaccessible (and empty) file nodes of all types. This are used to as mount sources for over-mounting + * ("masking") file nodes that shall become inaccessible and empty for specific containers or services. We try +diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c +index 08bebcf0e8..a24558f25b 100644 +--- a/src/test/test-fs-util.c ++++ b/src/test/test-fs-util.c +@@ -763,7 +763,6 @@ static void test_rename_noreplace(void) { + + static void test_chmod_and_chown(void) { + _cleanup_(rm_rf_physical_and_freep) char *d = NULL; +- _unused_ _cleanup_umask_ mode_t u = umask(0000); + struct stat st; + const char *p; + +@@ -772,6 +771,8 @@ static void test_chmod_and_chown(void) { + + log_info("/* %s */", __func__); + ++ BLOCK_WITH_UMASK(0000); ++ + assert_se(mkdtemp_malloc(NULL, &d) >= 0); + + p = strjoina(d, "/reg"); +-- +2.33.0 +
View file
_service:tar_scm:backport-unit-coldplug-both-job-and-nop_job-if-possible.patch
Changed
@@ -1,4 +1,4 @@ -From 7dbd330c7ef28852db0fb044503ed6f072477d50 Mon Sep 17 00:00:00 2001 +From 213ae9db6274227636fdca6731511499ed933e61 Mon Sep 17 00:00:00 2001 From: Geass-LL <shenxiaogll@163.com> Date: Fri, 2 Apr 2021 11:27:59 +0800 Subject: PATCH unit: coldplug both job and nop_job if possible @@ -6,15 +6,20 @@ Sometimes, both job and nop_job are deserialized. In this case, if we only cold plug the job, the nop_job will also stuck in the job list. + +(cherry picked from commit 7dbd330c7ef28852db0fb044503ed6f072477d50) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/213ae9db6274227636fdca6731511499ed933e61 --- src/core/unit.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/core/unit.c b/src/core/unit.c -index 7c39e4d0f8..2f7f022ef3 100644 +index e469beb534..38d3eb703f 100644 --- a/src/core/unit.c +++ b/src/core/unit.c -@@ -3588,7 +3588,6 @@ int unit_add_blockdev_dependency(Unit *u, const char *what, UnitDependencyMask m +@@ -3581,7 +3581,6 @@ int unit_add_blockdev_dependency(Unit *u, const char *what, UnitDependencyMask m int unit_coldplug(Unit *u) { int r = 0, q; char **i; @@ -22,7 +27,7 @@ assert(u); -@@ -3611,9 +3610,13 @@ int unit_coldplug(Unit *u) { +@@ -3604,9 +3603,13 @@ int unit_coldplug(Unit *u) { r = q; } @@ -40,5 +45,5 @@ r = q; } -- -2.27.0 +2.33.0
View file
_service:tar_scm:backport-unit-escape.patch
Changed
@@ -12,15 +12,12 @@ index 4e1bb8de24..734acea237 100644 --- a/units/tmp.mount +++ b/units/tmp.mount -@@ -22,7 +22,7 @@ After=swap.target +@@ -22,4 +22,4 @@ After=swap.target What=tmpfs Where=/tmp Type=tmpfs -Options=mode=1777,strictatime,nosuid,nodev,size=50%,nr_inodes=1m +Options=mode=1777,strictatime,nosuid,nodev,size=50%%,nr_inodes=1m - - # Make 'systemctl enable tmp.mount' work: - Install -- 2.27.0
View file
_service:tar_scm:backport-unit-file-avoid-null-in-debugging-logs.patch
Added
@@ -0,0 +1,43 @@ +From e58e1472edc97ff2b234fda60fd0f977f12659fb Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sat, 23 Jul 2022 12:48:35 +0900 +Subject: PATCH unit-file: avoid (null) in debugging logs + +The variable `inst` was set to NULL by TAKE_PTR(). + +This fixes the following log message: +``` +systemd1: Unit getty@tty2.service has alias (null). +``` + +(cherry picked from commit 7c35b78a0b96085e3d634542212c5521bc2a2f21) +(cherry picked from commit 9ac0ad80fe97c22ec3dc4670e859abaae9a1f8bf) +(cherry picked from commit 0e7214c8b5c95bc378ad6b9353e944ec0fba4e21) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/e58e1472edc97ff2b234fda60fd0f977f12659fb +--- + src/basic/unit-file.c | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +diff --git a/src/basic/unit-file.c b/src/basic/unit-file.c +index d1e997ec9f..7b0c932654 100644 +--- a/src/basic/unit-file.c ++++ b/src/basic/unit-file.c +@@ -520,12 +520,9 @@ static int add_names( + continue; + } + +- r = set_consume(*names, TAKE_PTR(inst)); +- if (r > 0) +- log_debug("Unit %s has alias %s.", unit_name, inst); ++ r = add_name(unit_name, names, inst); + } else + r = add_name(unit_name, names, *alias); +- + if (r < 0) + return r; + } +-- +2.27.0 +
View file
_service:tar_scm:backport-unit_is_bound_by_inactive-fix-return-pointer-check.patch
Added
@@ -0,0 +1,37 @@ +From 02d51801672376505f07fae5938e195845f2c7a9 Mon Sep 17 00:00:00 2001 +From: Dominique Martinet <asmadeus@codewreck.org> +Date: Wed, 24 Nov 2021 22:27:22 +0900 +Subject: PATCH unit_is_bound_by_inactive: fix return pointer check + +*ret_culprit should be set if ret_culprit has been passed a non-null value, +checking the previous *ret_culprit value does not make sense. + +This would cause the culprit to not properly be assigned, leading to +pid1 crash when a unit could not be stopped. + +Fixes: #21476 + +(cherry picked from commit 3da361064bf550d1818c7cd800a514326058e5f2) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/02d51801672376505f07fae5938e195845f2c7a9 +--- + src/core/unit.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/unit.c b/src/core/unit.c +index 38d3eb703f..c792bd8e82 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -2118,7 +2118,7 @@ bool unit_is_bound_by_inactive(Unit *u, Unit **ret_culprit) { + continue; + + if (UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other))) { +- if (*ret_culprit) ++ if (ret_culprit) + *ret_culprit = other; + + return true; +-- +2.33.0 +
View file
_service:tar_scm:backport-user-record-disable-two-pbkdf-fields-that-don-t-appl.patch
Added
@@ -0,0 +1,46 @@ +From 5ee578fd13809e08fbda1a9bca2256ffd24e9857 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Tue, 5 Oct 2021 18:24:05 +0200 +Subject: PATCH user-record: disable two pbkdf fields that don't apply for + pkbdf2 + +Fixes: #20830 +(cherry picked from commit 8b4f88d13681c6dec839de06c668d32374d44724) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/5ee578fd13809e08fbda1a9bca2256ffd24e9857 +--- + src/shared/user-record.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/src/shared/user-record.c b/src/shared/user-record.c +index 17460ceaf6..5fb3d4bbf2 100644 +--- a/src/shared/user-record.c ++++ b/src/shared/user-record.c +@@ -1913,9 +1913,9 @@ uint64_t user_record_luks_pbkdf_memory_cost(UserRecord *h) { + assert(h); + + /* Returns a value with kb granularity, since that's what libcryptsetup expects */ +- + if (h->luks_pbkdf_memory_cost == UINT64_MAX) +- return 64*1024*1024; /* We default to 64M, since this should work on smaller systems too */ ++ return streq(user_record_luks_pbkdf_type(h), "pbkdf2") ? 0 : /* doesn't apply for simple pbkdf2 */ ++ 64*1024*1024; /* We default to 64M, since this should work on smaller systems too */ + + return MIN(DIV_ROUND_UP(h->luks_pbkdf_memory_cost, 1024), UINT32_MAX) * 1024; + } +@@ -1923,8 +1923,9 @@ uint64_t user_record_luks_pbkdf_memory_cost(UserRecord *h) { + uint64_t user_record_luks_pbkdf_parallel_threads(UserRecord *h) { + assert(h); + +- if (h->luks_pbkdf_memory_cost == UINT64_MAX) +- return 1; /* We default to 1, since this should work on smaller systems too */ ++ if (h->luks_pbkdf_parallel_threads == UINT64_MAX) ++ return streq(user_record_luks_pbkdf_type(h), "pbkdf2") ? 0 : /* doesn't apply for simple pbkdf2 */ ++ 1; /* We default to 1, since this should work on smaller systems too */ + + return MIN(h->luks_pbkdf_parallel_threads, UINT32_MAX); + } +-- +2.33.0 +
View file
_service:tar_scm:backport-user-record-fix-display-of-access-mode.patch
Added
@@ -0,0 +1,29 @@ +From 9e318d9ff288b2b12b21a534d0cab3b4e153b462 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Fri, 5 Nov 2021 16:36:32 +0100 +Subject: PATCH user-record: fix display of access mode + +(cherry picked from commit 7cdd5c0d4c2213b791d8d22e7dd466a39e9c5db0) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/9e318d9ff288b2b12b21a534d0cab3b4e153b462 +--- + src/shared/user-record-show.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/shared/user-record-show.c b/src/shared/user-record-show.c +index 29790282b4..54ff949ff5 100644 +--- a/src/shared/user-record-show.c ++++ b/src/shared/user-record-show.c +@@ -280,7 +280,7 @@ void user_record_show(UserRecord *hr, bool show_full_group_info) { + printf(" IO Weight: %" PRIu64 "\n", hr->io_weight); + + if (hr->access_mode != MODE_INVALID) +- printf(" Access Mode: 0%03oo\n", user_record_access_mode(hr)); ++ printf(" Access Mode: 0%03o\n", user_record_access_mode(hr)); + + if (storage == USER_LUKS) { + printf("LUKS Discard: online=%s offline=%s\n", yes_no(user_record_luks_discard(hr)), yes_no(user_record_luks_offline_discard(hr))); +-- +2.33.0 +
View file
_service:tar_scm:backport-userdb-fix-type-to-pass-to-connect.patch
Added
@@ -0,0 +1,31 @@ +From 667eab61d4c5520d7875de5df489ec68a4c9f123 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Sat, 16 Oct 2021 05:04:26 +0900 +Subject: PATCH userdb: fix type to pass to connect() + +Fixes https://github.com/systemd/systemd/pull/20613#issuecomment-944621275. + +(cherry picked from commit c14e57356f1e82c35bf3a3e8aaeac134b545801b) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/667eab61d4c5520d7875de5df489ec68a4c9f123 +--- + src/userdb/userdbctl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/userdb/userdbctl.c b/src/userdb/userdbctl.c +index 8db0c34fb5..9ec0ad6c5e 100644 +--- a/src/userdb/userdbctl.c ++++ b/src/userdb/userdbctl.c +@@ -512,7 +512,7 @@ static int display_services(int argc, char *argv, void *userdata) { + if (fd < 0) + return log_error_errno(r, "Failed to allocate AF_UNIX/SOCK_STREAM socket: %m"); + +- if (connect(fd, &sockaddr.un, sockaddr_len) < 0) { ++ if (connect(fd, &sockaddr.sa, sockaddr_len) < 0) { + no = strjoin("No (", errno_to_name(errno), ")"); + if (!no) + return log_oom(); +-- +2.33.0 +
View file
_service:tar_scm:backport-util-another-set-of-CVE-2021-4034-assert-s.patch
Added
@@ -0,0 +1,37 @@ +From 356b1ee1febeecf636eec6b7e08036603bf760d5 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Tue, 1 Feb 2022 12:06:21 +0100 +Subject: PATCH util: another set of CVE-2021-4034 assert()s + +It's a good idea that we validate argc/argv when we are supposed to +store them away. + +(cherry picked from commit 007e03b284e8ffc0b92edb2122cd9d2d16f049ef) +(cherry picked from commit dcba78244e5dc3a4b57fb978a2d21640164c89a2) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/356b1ee1febeecf636eec6b7e08036603bf760d5 +--- + src/basic/util.h | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/basic/util.h b/src/basic/util.h +index b6c51c036e..22fcef719f 100644 +--- a/src/basic/util.h ++++ b/src/basic/util.h +@@ -9,6 +9,12 @@ extern int saved_argc; + extern char **saved_argv; + + static inline void save_argc_argv(int argc, char **argv) { ++ ++ /* Protect against CVE-2021-4034 style attacks */ ++ assert_se(argc > 0); ++ assert_se(argv); ++ assert_se(argv0); ++ + saved_argc = argc; + saved_argv = argv; + } +-- +2.33.0 +
View file
_service:tar_scm:backport-utmp-remove-dev-from-line.patch
Added
@@ -0,0 +1,44 @@ +From 09534e85b5c51c664077637e7e8c7c68dec52972 Mon Sep 17 00:00:00 2001 +From: Vincent Bernat <vincent@bernat.ch> +Date: Mon, 18 Oct 2021 20:58:43 +0200 +Subject: PATCH utmp: remove /dev from line + +utmp(5) says `ut_line` is the device name minus the leading "/dev/". Therefore, +remove it. Without that, when using UtmpMode=user, we get `/dev/tty` in the +output of `last`/`w`. + +(cherry picked from commit 33331d116db2eaf1189ea56ee4b36540179ac3dd) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/09534e85b5c51c664077637e7e8c7c68dec52972 +--- + src/core/execute.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/core/execute.c b/src/core/execute.c +index 2a337b55a2..6ff757ff04 100644 +--- a/src/core/execute.c ++++ b/src/core/execute.c +@@ -4059,13 +4059,17 @@ static int exec_child( + } + } + +- if (context->utmp_id) ++ if (context->utmp_id) { ++ const char *line = context->tty_path ? ++ (path_startswith(context->tty_path, "/dev/") ?: context->tty_path) : ++ NULL; + utmp_put_init_process(context->utmp_id, getpid_cached(), getsid(0), +- context->tty_path, ++ line, + context->utmp_mode == EXEC_UTMP_INIT ? INIT_PROCESS : + context->utmp_mode == EXEC_UTMP_LOGIN ? LOGIN_PROCESS : + USER_PROCESS, + username); ++ } + + if (uid_is_valid(uid)) { + r = chown_terminal(STDIN_FILENO, uid); +-- +2.33.0 +
View file
_service:tar_scm:backport-varlink-disconnect-varlink-link-in-one-more-case.patch
Added
@@ -0,0 +1,41 @@ +From 968f2f3f5a76b05142e1de447bb79f4f97868721 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Thu, 21 Oct 2021 17:29:48 +0200 +Subject: PATCH varlink: disconnect varlink link in one more case + +Previously we'd possibly see POLLHUP on a varlink link, and continue to +run epoll on it even though we have nothing to read nor write anymore. + +Let's fix that, and once we know that there's nothing to write anymore +(or we saw a write error already) we'll disconnect after POLLHUP. + +Fixes: #20062 +(cherry picked from commit 7c26a631ad8bf91016db156b7d299ca68fd7866e) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/968f2f3f5a76b05142e1de447bb79f4f97868721 +--- + src/shared/varlink.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/shared/varlink.c b/src/shared/varlink.c +index 8da568e208..a57475b5ba 100644 +--- a/src/shared/varlink.c ++++ b/src/shared/varlink.c +@@ -417,9 +417,10 @@ static int varlink_test_disconnect(Varlink *v) { + if (IN_SET(v->state, VARLINK_IDLE_CLIENT) && (v->write_disconnected || v->got_pollhup)) + goto disconnect; + +- /* The server is still expecting to write more, but its write end is disconnected and it got a POLLHUP +- * (i.e. from a disconnected client), so disconnect. */ +- if (IN_SET(v->state, VARLINK_PENDING_METHOD, VARLINK_PENDING_METHOD_MORE) && v->write_disconnected && v->got_pollhup) ++ /* We are on the server side and still want to send out more replies, but we saw POLLHUP already, and ++ * either got no buffered bytes to write anymore or already saw a write error. In that case we should ++ * shut down the varlink link. */ ++ if (IN_SET(v->state, VARLINK_PENDING_METHOD, VARLINK_PENDING_METHOD_MORE) && (v->write_disconnected || v->output_buffer_size == 0) && v->got_pollhup) + goto disconnect; + + return 0; +-- +2.33.0 +
View file
_service:tar_scm:backport-veritysetup-print-help-for-help-h-help.patch
Added
@@ -0,0 +1,35 @@ +From 5e5923f272682476c053e5afd705e0f6b4595cbf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl> +Date: Sat, 31 Jul 2021 09:00:11 +0200 +Subject: PATCH veritysetup: print help for --help/-h/help + +In general our commands print help on --help, but here this would trigger +the error that two arguments are needed. Let's make this more user-friendly. + +(cherry picked from commit 5d5e43cc33637a12f743f17294cfbd3ede08a1b3) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/5e5923f272682476c053e5afd705e0f6b4595cbf +--- + src/veritysetup/veritysetup.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/veritysetup/veritysetup.c b/src/veritysetup/veritysetup.c +index 34208dcd87..14d7462ddb 100644 +--- a/src/veritysetup/veritysetup.c ++++ b/src/veritysetup/veritysetup.c +@@ -130,7 +130,10 @@ static int run(int argc, char *argv) { + _cleanup_(crypt_freep) struct crypt_device *cd = NULL; + int r; + +- if (argc <= 1) ++ if (argc <= 1 || ++ strv_contains(strv_skip(argv, 1), "--help") || ++ strv_contains(strv_skip(argv, 1), "-h") || ++ streq(argv1, "help")) + return help(); + + if (argc < 3) +-- +2.33.0 +
View file
_service:tar_scm:backport-virt-Fix-the-detection-for-Hyper-V-VMs.patch
Added
@@ -0,0 +1,45 @@ +From ba22ee4985c6ca690b84fdca36cf012b200a3c4e Mon Sep 17 00:00:00 2001 +From: Boqun Feng <boqun.feng@gmail.com> +Date: Tue, 23 Nov 2021 15:09:26 +0800 +Subject: PATCH virt: Fix the detection for Hyper-V VMs + +Use product_version instead of product_name in DMI table and the string +"Hyper-V" to avoid misdetection. + +Fixes: #21468 + +Signed-off-by: Boqun Feng <boqun.feng@gmail.com> +(cherry picked from commit 76eec0649936d9ae2f9087769f463feaf0cf5cb4) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/ba22ee4985c6ca690b84fdca36cf012b200a3c4e +--- + src/basic/virt.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/basic/virt.c b/src/basic/virt.c +index cc123a286f..bbc583ae52 100644 +--- a/src/basic/virt.c ++++ b/src/basic/virt.c +@@ -146,7 +146,8 @@ static int detect_vm_dmi_vendor(void) { + "/sys/class/dmi/id/product_name", /* Test this before sys_vendor to detect KVM over QEMU */ + "/sys/class/dmi/id/sys_vendor", + "/sys/class/dmi/id/board_vendor", +- "/sys/class/dmi/id/bios_vendor" ++ "/sys/class/dmi/id/bios_vendor", ++ "/sys/class/dmi/id/product_version" /* For Hyper-V VMs test */ + }; + + static const struct { +@@ -165,7 +166,7 @@ static int detect_vm_dmi_vendor(void) { + { "Parallels", VIRTUALIZATION_PARALLELS }, + /* https://wiki.freebsd.org/bhyve */ + { "BHYVE", VIRTUALIZATION_BHYVE }, +- { "Microsoft", VIRTUALIZATION_MICROSOFT }, ++ { "Hyper-V", VIRTUALIZATION_MICROSOFT }, + }; + int r; + +-- +2.33.0 +
View file
_service:tar_scm:backport-virt-Improve-detection-of-EC2-metal-instances.patch
Added
@@ -0,0 +1,81 @@ +From 785e760653cf5249207caa80857956f0096525df Mon Sep 17 00:00:00 2001 +From: Benjamin Herrenschmidt <benh@amazon.com> +Date: Fri, 3 Sep 2021 11:36:46 +1000 +Subject: PATCH virt: Improve detection of EC2 metal instances + +The current detection code relies on /sys/firmware/dmi/entries/0-0/raw +to disambiguate Amazon EC2 virtualized from metal instances. + +Unfortunately this file is root only. Thus on a c6g.metal instance +(aarch64), we observe something like this: + +$ systemd-detect-virt +amazon +$ sudo systemd-detect-virt +none + +Only the latter is correct. + +The right long term fix is to extend the kernel to expose the SMBIOS BIOS +Characteristics properly via /sys/class/dmi, but until this happens (and +for backwards compatibility when it does), we need a plan B. + +This change implements such a workaround by falling back to using the +instance type from DMI and looking at the ".metal" string present on +metal instances. + +Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> +(cherry picked from commit f90eea7d18d9ebe88e6a66cd7a86b618def8945d) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/785e760653cf5249207caa80857956f0096525df +--- + src/basic/virt.c | 32 ++++++++++++++++++++++++++++++-- + 1 file changed, 30 insertions(+), 2 deletions(-) + +diff --git a/src/basic/virt.c b/src/basic/virt.c +index 7e88f09b48..7ed01ba3c9 100644 +--- a/src/basic/virt.c ++++ b/src/basic/virt.c +@@ -235,8 +235,36 @@ static int detect_vm_dmi(void) { + + /* The DMI vendor tables in /sys/class/dmi/id don't help us distinguish between Amazon EC2 + * virtual machines and bare-metal instances, so we need to look at SMBIOS. */ +- if (r == VIRTUALIZATION_AMAZON && detect_vm_smbios() == SMBIOS_VM_BIT_UNSET) +- return VIRTUALIZATION_NONE; ++ if (r == VIRTUALIZATION_AMAZON) { ++ switch (detect_vm_smbios()) { ++ case SMBIOS_VM_BIT_SET: ++ return VIRTUALIZATION_AMAZON; ++ case SMBIOS_VM_BIT_UNSET: ++ return VIRTUALIZATION_NONE; ++ case SMBIOS_VM_BIT_UNKNOWN: { ++ /* The DMI information we are after is only accessible to the root user, ++ * so we fallback to using the product name which is less restricted ++ * to distinguish metal systems from virtualized instances */ ++ _cleanup_free_ char *s = NULL; ++ ++ r = read_full_virtual_file("/sys/class/dmi/id/product_name", &s, NULL); ++ /* In EC2, virtualized is much more common than metal, so if for some reason ++ * we fail to read the DMI data, assume we are virtualized. */ ++ if (r < 0) { ++ log_debug_errno(r, "Can't read /sys/class/dmi/id/product_name," ++ " assuming virtualized: %m"); ++ return VIRTUALIZATION_AMAZON; ++ } ++ if (endswith(truncate_nl(s), ".metal")) { ++ log_debug("DMI product name ends with '.metal', assuming no virtualization"); ++ return VIRTUALIZATION_NONE; ++ } else ++ return VIRTUALIZATION_AMAZON; ++ } ++ default: ++ assert_not_reached("Bad virtualization value"); ++ } ++ } + + /* If we haven't identified a VM, but the firmware indicates that there is one, indicate as much. We + * have no further information about what it is. */ +-- +2.33.0 +
View file
_service:tar_scm:backport-virt-Support-detection-for-ARM64-Hyper-V-guests.patch
Added
@@ -0,0 +1,35 @@ +From 258968ba75bc27d4ea61967b9a27c1f139e89799 Mon Sep 17 00:00:00 2001 +From: Boqun Feng <boqun.feng@gmail.com> +Date: Wed, 13 Oct 2021 11:32:09 +0800 +Subject: PATCH virt: Support detection for ARM64 Hyper-V guests + +The detection of Microsoft Hyper-V VMs is done by cpuid currently, +however there is no cpuid on ARM64. And since ARM64 is now a supported +architecture for Microsoft Hyper-V guests1, then use DMI tables to +detect a Hyper-V guest, which is more generic and works for ARM64. + +1: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7aff79e297ee1aa0126924921fd87a4ae59d2467 + +(cherry picked from commit 506bbc8569014253ea8614b680ccbc4fc2513a87) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/258968ba75bc27d4ea61967b9a27c1f139e89799 +--- + src/basic/virt.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/basic/virt.c b/src/basic/virt.c +index 7ed01ba3c9..0243b2d2a8 100644 +--- a/src/basic/virt.c ++++ b/src/basic/virt.c +@@ -165,6 +165,7 @@ static int detect_vm_dmi_vendor(void) { + { "Parallels", VIRTUALIZATION_PARALLELS }, + /* https://wiki.freebsd.org/bhyve */ + { "BHYVE", VIRTUALIZATION_BHYVE }, ++ { "Microsoft", VIRTUALIZATION_MICROSOFT }, + }; + int r; + +-- +2.33.0 +
View file
_service:tar_scm:backport-virt-detect-OpenStack-Nova-instance.patch
Added
@@ -0,0 +1,95 @@ +From 01d9fbccddd694bc584aed24eaa0543f831dc929 Mon Sep 17 00:00:00 2001 +From: wangyuhang <wangyuhang27@huawei.com> +Date: Tue, 19 Apr 2022 21:05:25 +0800 +Subject: PATCH virt: detect OpenStack Nova instance + +Conflict:add testcase for virt detect OpenStack Nova instance +Reference:https://github.com/systemd/systemd/commit/01d9fbccddd694bc584aed24eaa0543f831dc929 +--- + src/basic/virt.c | 1 + + src/test/meson.build | 14 ++ + src/test/test-virt.c | 39 ++++++++++++++++++++++++++++++ + 3 file changed, 54 insertion(+) + +diff --git a/src/basic/virt.c b/src/basic/virt.c +index 7e88f09..d8740cf 100644 +--- a/src/basic/virt.c ++++ b/src/basic/virt.c +@@ -154,6 +154,7 @@ static int detect_vm_dmi_vendor(void) { + int id; + } dmi_vendor_table = { + { "KVM", VIRTUALIZATION_KVM }, ++ { "OpenStack", VIRTUALIZATION_KVM }, /* Detect OpenStack instance as KVM in non x86 architecture */ + { "Amazon EC2", VIRTUALIZATION_AMAZON }, + { "QEMU", VIRTUALIZATION_QEMU }, + { "VMware", VIRTUALIZATION_VMWARE }, /* https://kb.vmware.com/s/article/1009458 */ + +diff --git a/src/test/meson.build b/src/test/meson.build +index e106059..ea64a12 100644 +--- a/src/test/meson.build ++++ b/src/test/meson.build +@@ -602,6 +602,14 @@ tests += + + 'src/test/test-nscd-flush.c', + , , , 'ENABLE_NSCD', 'manual', ++ ++ 'src/test/test-virt.c', ++ 'src/basic/virt.c', ++ 'src/basic/virt.h', ++ libcore, ++ libshared, ++ , ++ core_includes, + + + ############################################################ + +diff --git a/src/test/test-virt.c b/src/test/test-virt.c +new file mode 100644 +index 0000000..17cc22e +--- /dev/null ++++ b/src/test/test-virt.c +@@ -0,0 +1,39 @@ ++/* SPDX-License-Identifier: LGPL-2.1-or-later */ ++ ++#include <stdio.h> ++#include <unistd.h> ++#include <sched.h> ++ ++#include "string-util.h" ++#include "fileio.h" ++#include "virt.h" ++#include "log.h" ++#include "tests.h" ++ ++static void detect_virt(const char *vendor) { ++ assert_se(write_string_file("/sys/class/dmi/id/product_name", vendor, ++ WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_MKDIR_0755) == 0); ++ ++ assert_se(detect_virtualization() == VIRTUALIZATION_KVM); ++} ++ ++int main(int argc, char *argv) { ++ char template = "/tmp/test-virt.XXXXXX"; ++ assert_se(mkdtemp(template)); ++ ++ if (geteuid() > 0 && unshare(CLONE_NEWUSER) != 0) { ++ (void) log_tests_skipped("Don't have namespace support"); ++ return EXIT_TEST_SKIP; ++ } ++ ++ if (chroot(template) != 0) { ++ (void) log_tests_skipped("Don't have chroot support"); ++ return EXIT_TEST_SKIP; ++ } ++ ++#if defined(__arm__) || defined(__aarch64__) ++ detect_virt("OpenStack Nova"); ++#endif ++ ++ return 0; ++} +\ No newline at end of file +-- +2.27.0 +
View file
_service:tar_scm:backport-wait-online-rename-Manager-elements.patch
Added
@@ -0,0 +1,175 @@ +From 5d4fc5cb2a0d18f8a67468209227a59ec3f30b5f Mon Sep 17 00:00:00 2001 +From: Yu Watanabe <watanabe.yu+github@gmail.com> +Date: Wed, 26 Jan 2022 20:54:39 +0900 +Subject: PATCH wait-online: rename Manager elements + +(cherry picked from commit 5f200833ed0754adaba548b0b617f6c192615acd) +(cherry picked from commit 397ede8dcd29f35350c015f1d945e50c88476a93) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/5d4fc5cb2a0d18f8a67468209227a59ec3f30b5f +--- + src/network/wait-online/link.c | 4 ++-- + src/network/wait-online/manager.c | 33 ++++++++++++++++++------------- + src/network/wait-online/manager.h | 8 ++++---- + 3 files changed, 25 insertions(+), 20 deletions(-) + +diff --git a/src/network/wait-online/link.c b/src/network/wait-online/link.c +index 5a33d563c2..0f5f68e765 100644 +--- a/src/network/wait-online/link.c ++++ b/src/network/wait-online/link.c +@@ -32,7 +32,7 @@ int link_new(Manager *m, Link **ret, int ifindex, const char *ifname) { + .required_operstate = LINK_OPERSTATE_RANGE_DEFAULT, + }; + +- r = hashmap_ensure_put(&m->links, NULL, INT_TO_PTR(ifindex), l); ++ r = hashmap_ensure_put(&m->links_by_index, NULL, INT_TO_PTR(ifindex), l); + if (r < 0) + return r; + +@@ -53,7 +53,7 @@ Link *link_free(Link *l) { + return NULL; + + if (l->manager) { +- hashmap_remove(l->manager->links, INT_TO_PTR(l->ifindex)); ++ hashmap_remove(l->manager->links_by_index, INT_TO_PTR(l->ifindex)); + hashmap_remove(l->manager->links_by_name, l->ifname); + } + +diff --git a/src/network/wait-online/manager.c b/src/network/wait-online/manager.c +index e1df0345c0..d8cf2338b0 100644 +--- a/src/network/wait-online/manager.c ++++ b/src/network/wait-online/manager.c +@@ -21,14 +21,15 @@ static bool manager_ignore_link(Manager *m, Link *link) { + return true; + + /* if interfaces are given on the command line, ignore all others */ +- if (m->interfaces && !hashmap_contains(m->interfaces, link->ifname)) ++ if (m->command_line_interfaces_by_name && ++ !hashmap_contains(m->command_line_interfaces_by_name, link->ifname)) + return true; + + if (!link->required_for_online) + return true; + + /* ignore interfaces we explicitly are asked to ignore */ +- return strv_fnmatch(m->ignore, link->ifname); ++ return strv_fnmatch(m->ignored_interfaces, link->ifname); + } + + static int manager_link_is_online(Manager *m, Link *l, LinkOperationalStateRange s) { +@@ -101,14 +102,14 @@ static int manager_link_is_online(Manager *m, Link *l, LinkOperationalStateRange + bool manager_configured(Manager *m) { + bool one_ready = false; + const char *ifname; +- void *p; + Link *l; + int r; + +- if (!hashmap_isempty(m->interfaces)) { ++ if (!hashmap_isempty(m->command_line_interfaces_by_name)) { ++ LinkOperationalStateRange *range; ++ + /* wait for all the links given on the command line to appear */ +- HASHMAP_FOREACH_KEY(p, ifname, m->interfaces) { +- LinkOperationalStateRange *range = p; ++ HASHMAP_FOREACH_KEY(range, ifname, m->command_line_interfaces_by_name) { + + l = hashmap_get(m->links_by_name, ifname); + if (!l && range->min == LINK_OPERSTATE_MISSING) { +@@ -139,7 +140,7 @@ bool manager_configured(Manager *m) { + + /* wait for all links networkd manages to be in admin state 'configured' + * and at least one link to gain a carrier */ +- HASHMAP_FOREACH(l, m->links) { ++ HASHMAP_FOREACH(l, m->links_by_index) { + if (manager_ignore_link(m, l)) { + log_link_debug(l, "link is ignored"); + continue; +@@ -191,7 +192,7 @@ static int manager_process_link(sd_netlink *rtnl, sd_netlink_message *mm, void * + return 0; + } + +- l = hashmap_get(m->links, INT_TO_PTR(ifindex)); ++ l = hashmap_get(m->links_by_index, INT_TO_PTR(ifindex)); + + switch (type) { + +@@ -294,7 +295,7 @@ static int on_network_event(sd_event_source *s, int fd, uint32_t revents, void * + + sd_network_monitor_flush(m->network_monitor); + +- HASHMAP_FOREACH(l, m->links) { ++ HASHMAP_FOREACH(l, m->links_by_index) { + r = link_update_monitor(l); + if (r < 0 && r != -ENODATA) + log_link_warning_errno(l, r, "Failed to update link state, ignoring: %m"); +@@ -331,10 +332,14 @@ static int manager_network_monitor_listen(Manager *m) { + return 0; + } + +-int manager_new(Manager **ret, Hashmap *interfaces, char **ignore, ++int manager_new(Manager **ret, ++ Hashmap *command_line_interfaces_by_name, ++ char **ignored_interfaces, + LinkOperationalStateRange required_operstate, + AddressFamily required_family, +- bool any, usec_t timeout) { ++ bool any, ++ usec_t timeout) { ++ + _cleanup_(manager_freep) Manager *m = NULL; + int r; + +@@ -345,8 +350,8 @@ int manager_new(Manager **ret, Hashmap *interfaces, char **ignore, + return -ENOMEM; + + *m = (Manager) { +- .interfaces = interfaces, +- .ignore = ignore, ++ .command_line_interfaces_by_name = command_line_interfaces_by_name, ++ .ignored_interfaces = ignored_interfaces, + .required_operstate = required_operstate, + .required_family = required_family, + .any = any, +@@ -384,7 +389,7 @@ Manager* manager_free(Manager *m) { + if (!m) + return NULL; + +- hashmap_free_with_destructor(m->links, link_free); ++ hashmap_free_with_destructor(m->links_by_index, link_free); + hashmap_free(m->links_by_name); + + sd_event_source_unref(m->network_monitor_event_source); +diff --git a/src/network/wait-online/manager.h b/src/network/wait-online/manager.h +index f2e091638c..01ad18f8f6 100644 +--- a/src/network/wait-online/manager.h ++++ b/src/network/wait-online/manager.h +@@ -13,12 +13,12 @@ typedef struct Manager Manager; + typedef struct Link Link; + + struct Manager { +- Hashmap *links; ++ Hashmap *links_by_index; + Hashmap *links_by_name; + + /* Do not free the two members below. */ +- Hashmap *interfaces; +- char **ignore; ++ Hashmap *command_line_interfaces_by_name; ++ char **ignored_interfaces; + + LinkOperationalStateRange required_operstate; + AddressFamily required_family; +@@ -34,7 +34,7 @@ struct Manager { + }; + + Manager* manager_free(Manager *m); +-int manager_new(Manager **ret, Hashmap *interfaces, char **ignore, ++int manager_new(Manager **ret, Hashmap *command_line_interfaces_by_name, char **ignored_interfaces, + LinkOperationalStateRange required_operstate, + AddressFamily required_family, + bool any, usec_t timeout); +-- +2.33.0 +
View file
_service:tar_scm:backport-watchdog-pass-right-error-code-to-log-function-so-th.patch
Added
@@ -0,0 +1,32 @@ +From 11d5f109b04cd61c8bf437065b5e178c485a49b4 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering <lennart@poettering.net> +Date: Wed, 15 Sep 2021 15:43:42 +0200 +Subject: PATCH watchdog: pass right error code to log function so that %m + works + +(cherry picked from commit a4588af942af976c55f72869340c24d5017db278) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/11d5f109b04cd61c8bf437065b5e178c485a49b4 +--- + src/shared/watchdog.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/shared/watchdog.c b/src/shared/watchdog.c +index d33acafe64..8586a88e54 100644 +--- a/src/shared/watchdog.c ++++ b/src/shared/watchdog.c +@@ -47,8 +47,8 @@ static int update_timeout(void) { + flags = WDIOS_ENABLECARD; + if (ioctl(watchdog_fd, WDIOC_SETOPTIONS, &flags) < 0) { + /* ENOTTY means the watchdog is always enabled so we're fine */ +- log_full(ERRNO_IS_NOT_SUPPORTED(errno) ? LOG_DEBUG : LOG_WARNING, +- "Failed to enable hardware watchdog: %m"); ++ log_full_errno(ERRNO_IS_NOT_SUPPORTED(errno) ? LOG_DEBUG : LOG_WARNING, errno, ++ "Failed to enable hardware watchdog, ignoring: %m"); + if (!ERRNO_IS_NOT_SUPPORTED(errno)) + return -errno; + } +-- +2.33.0 +
View file
_service:tar_scm:backport-xdg-autostart-service-Ignore-missing-desktop-sepcifi.patch
Added
@@ -0,0 +1,38 @@ +From 5d3466ec91b05853b815db509b901e6a6d5f4db4 Mon Sep 17 00:00:00 2001 +From: Benjamin Berg <bberg@redhat.com> +Date: Mon, 10 Jan 2022 12:35:46 +0100 +Subject: PATCH xdg-autostart-service: Ignore missing desktop-sepcific + condition binary + +If a desktop specific ExecCondition= binary does not exist, this just +means that the desktop environment is not available. As such, it is not +an error condition that should prevent the service from being installed +in the .wants target. + +Fix this by simply returning zero. + +(cherry picked from commit 6d0aef1dd15088e7379681b3bd93c3cb450f3c55) +(cherry picked from commit 19fbd7764da2e23a89e27b4d95afd77b99f4be87) + +Conflict:NA +Reference:https://github.com/systemd/systemd/commit/5d3466ec91b05853b815db509b901e6a6d5f4db4 +--- + src/xdg-autostart-generator/xdg-autostart-service.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/xdg-autostart-generator/xdg-autostart-service.c b/src/xdg-autostart-generator/xdg-autostart-service.c +index fe73bfe9db..16545beb50 100644 +--- a/src/xdg-autostart-generator/xdg-autostart-service.c ++++ b/src/xdg-autostart-generator/xdg-autostart-service.c +@@ -486,7 +486,7 @@ static int xdg_autostart_generate_desktop_condition( + log_full_errno(r == -ENOENT ? LOG_DEBUG : LOG_WARNING, r, + "%s not found: %m", test_binary); + fprintf(f, "# ExecCondition using %s skipped due to missing binary.\n", test_binary); +- return r; ++ return 0; + } + + e_autostart_condition = cescape(condition); +-- +2.33.0 +
View file
_service:tar_scm:bugfix-also-stop-machine-when-a-machine-un.patch
Added
@@ -0,0 +1,145 @@ +From 89110c823f246d3d2c398652999826107da446bf Mon Sep 17 00:00:00 2001 +From: yangbin <robin.yb@huawei.com> +Date: Tue, 7 Apr 2020 12:01:39 +0800 +Subject: PATCH systemd-machined: Also stop machine when a machine unit is + active but the leader process is exited + +When a VM machine is created in a scenario as below, it will remain in systemd-machined even though it has already been terminated by libvirtd. +1. libvirtd sends a request to systemd-machined with the leader(the PID of the vm) to create a machine. +2. systemd-machined directs the request to systemd +3. systemd constructs a scope and creates cgroup for the machine. the scope unit is then added to job queue and will be started later. +4. the leader process(the PID of the vm) is terminated by libvirtd(due some reason) before the scope is started. +5. Since the scope unit is yet not started, systemd will not destroy the scope althrough it is noticed with the signal event. +6. systemd starts the scope, and now the scope and machine is in active but no leader process exist. +7. systemd-machined will not stop and destroy the machine, and remains in system until the scope is stopped by others or the OS is restarted. + +This patch fix this problem by ansering yes to stop machine in machine_check_gc +when the machine unit is active but the leader process has already exited. + +Change-Id: I80e3c32832f4ecf08b6cb149735978730ce1d1c0 +--- + src/machine/machine.c | 37 ++++++++++++++++++++++++++++++++++++- + src/machine/machined-dbus.c | 35 +++++++++++++++++++++++++++++++++++ + src/machine/machined.h | 1 + + 3 files changed, 72 insertions(+), 1 deletion(-) + +diff --git a/src/machine/machine.c b/src/machine/machine.c +index c0ed24b..b48aee6 100644 +--- a/src/machine/machine.c ++++ b/src/machine/machine.c +@@ -32,6 +32,7 @@ + #include "unit-name.h" + #include "user-util.h" + #include "util.h" ++#include "cgroup-util.h" + + Machine* machine_new(Manager *manager, MachineClass class, const char *name) { + Machine *m; +@@ -523,6 +524,40 @@ int machine_finalize(Machine *m) { + return 0; + } + ++static bool machine_validate_unit(Machine *m) { ++ int r; ++ _cleanup_free_ char *unit = NULL; ++ _cleanup_free_ char *cgroup = NULL; ++ ++ r = cg_pid_get_unit(m->leader, &unit); ++ if (!r && streq(m->unit, unit)) ++ return true; ++ ++ if (r == -ESRCH) { ++ /* the original leader may exit and be replaced with a new leader when qemu hotreplace is performed. ++ * so we don't return true here, otherwise the vm will be added to the gc list. ++ * */ ++ log_info("Machine unit is in active, but the leader process is exited. " ++ "machine: %s, leader: "PID_FMT", unit: %s.", m->name, m->leader, m->unit); ++ } else if (r) { ++ log_info_errno(r, "Can not get unit from cgroup. " ++ "machine: %s, leader: "PID_FMT", unit: %s, error: %m", m->name, m->leader, m->unit); ++ } else if (unit && !streq(m->unit, unit)) { ++ log_info("Machine unit name not match. " ++ "machine: %s, leader: "PID_FMT", machine unit: %s, real unit: %s", m->name, m->leader, m->unit, unit); ++ } ++ ++ r = manager_get_unit_cgroup_path(m->manager, m->unit, &cgroup); ++ if (!r && !isempty(cgroup) && cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, cgroup) > 0) { ++ log_info("Cgroup is empty in the machine unit. " ++ "machine: %s, leader: "PID_FMT", machine unit: %s.", m->name, m->leader, m->unit); ++ /*The vm will be added to gc list only when there is no any process in the scope*/ ++ return false; ++ } ++ ++ return true; ++} ++ + bool machine_may_gc(Machine *m, bool drop_not_started) { + assert(m); + +@@ -535,7 +570,7 @@ bool machine_may_gc(Machine *m, bool drop_not_started) { + if (m->scope_job && manager_job_is_active(m->manager, m->scope_job)) + return false; + +- if (m->unit && manager_unit_is_active(m->manager, m->unit)) ++ if (m->unit && manager_unit_is_active(m->manager, m->unit) && machine_validate_unit(m)) + return false; + + return true; +diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c +index 342b18a..dcc2253 100644 +--- a/src/machine/machined-dbus.c ++++ b/src/machine/machined-dbus.c +@@ -1614,3 +1614,38 @@ int manager_add_machine(Manager *m, const char *name, Machine **_machine) { + + return 0; + } ++ ++int manager_get_unit_cgroup_path(Manager *manager, const char *unit, char **cgroup) { ++ _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; ++ _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; ++ _cleanup_free_ char *path = NULL; ++ const char *cgroup_path = NULL; ++ int r; ++ ++ assert(manager); ++ assert(unit); ++ ++ path = unit_dbus_path_from_name(unit); ++ if (!path) ++ return -ENOMEM; ++ ++ r = sd_bus_get_property( ++ manager->bus, ++ "org.freedesktop.systemd1", ++ path, ++ endswith(unit, ".scope") ? "org.freedesktop.systemd1.Scope" : "org.freedesktop.systemd1.Service", ++ "ControlGroup", ++ &error, ++ &reply, ++ "s"); ++ if (r < 0) { ++ return r; ++ } ++ ++ r = sd_bus_message_read(reply, "s", &cgroup_path); ++ if (r < 0) ++ return -EINVAL; ++ *cgroup = strdup(cgroup_path); ++ ++ return 0; ++} +diff --git a/src/machine/machined.h b/src/machine/machined.h +index 280c32b..6b8d98b 100644 +--- a/src/machine/machined.h ++++ b/src/machine/machined.h +@@ -58,6 +58,7 @@ int manager_kill_unit(Manager *manager, const char *unit, int signo, sd_bus_erro + int manager_unref_unit(Manager *m, const char *unit, sd_bus_error *error); + int manager_unit_is_active(Manager *manager, const char *unit); + int manager_job_is_active(Manager *manager, const char *path); ++int manager_get_unit_cgroup_path(Manager *manager, const char *unit, char **cgroup); + + #if ENABLE_NSCD + int manager_enqueue_nscd_cache_flush(Manager *m); +-- +2.23.0 +
View file
_service:tar_scm:bugfix-for-cgroup-Swap-cgroup-v1-deletion-and-migration.patch
Added
@@ -0,0 +1,40 @@ +From c003873099e47dccf2e57816291bd6b7de4a5790 Mon Sep 17 00:00:00 2001 +From: jiangchuangang <jiangchuangang@huawei.com> +Date: Wed, 13 Jul 2022 21:39:06 +0800 +Subject: PATCH bugfix for cpuset and Delegate + +--- + src/core/cgroup.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 0e4c94d..e887d49 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -1963,6 +1963,8 @@ static int unit_update_cgroup( + u->cgroup_enabled_mask = result_mask; + + migrate_mask = u->cgroup_realized_mask ^ target_mask; ++ if (u->type != UNIT_SLICE && FLAGS_SET(target_mask, CGROUP_MASK_CPUSET)) ++ migrate_mask |= CGROUP_MASK_CPUSET; + } + + /* Keep track that this is now realized */ +@@ -1977,9 +1979,11 @@ static int unit_update_cgroup( + * delegated units. + */ + if (cg_all_unified() == 0) { +- r = cg_migrate_v1_controllers(u->manager->cgroup_supported, migrate_mask, u->cgroup_path, migrate_callback, u); +- if (r < 0) +- log_unit_warning_errno(u, r, "Failed to migrate controller cgroups from %s, ignoring: %m", empty_to_root(u->cgroup_path)); ++ if (!unit_cgroup_delegate(u)) { ++ r = cg_migrate_v1_controllers(u->manager->cgroup_supported, migrate_mask, u->cgroup_path, migrate_callback, u); ++ if (r < 0) ++ log_unit_warning_errno(u, r, "Failed to migrate controller cgroups from %s, ignoring: %m", empty_to_root(u->cgroup_path)); ++ } + + is_root_slice = unit_has_name(u, SPECIAL_ROOT_SLICE); + r = cg_trim_v1_controllers(u->manager->cgroup_supported, ~target_mask, u->cgroup_path, !is_root_slice); +-- +2.33.0 +
View file
_service:tar_scm:change-NTP-server-to-x.pool.ntp.org.patch
Added
@@ -0,0 +1,25 @@ +From bdf0536bace233a0da7e1ff094c8cb81ded18c38 Mon Sep 17 00:00:00 2001 +From: licunlong <licunlong1@huawei.com> +Date: Tue, 23 Feb 2021 15:07:17 +0800 +Subject: PATCH change NTP server to x.pool.ntp.org + +--- + meson_options.txt | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/meson_options.txt b/meson_options.txt +index 163c8df..ba7adf9 100644 +--- a/meson_options.txt ++++ b/meson_options.txt +@@ -312,7 +312,7 @@ option('dns-servers', type : 'string', + value : '1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google 1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google 2606:4700:4700::1111#cloudflare-dns.com 2001:4860:4860::8888#dns.google 2606:4700:4700::1001#cloudflare-dns.com 2001:4860:4860::8844#dns.google') + option('ntp-servers', type : 'string', + description : 'space-separated list of default NTP servers', +- value : 'time1.google.com time2.google.com time3.google.com time4.google.com') ++ value : '0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org') + option('support-url', type : 'string', + description : 'the support URL to show in catalog entries included in systemd', + value : 'https://lists.freedesktop.org/mailman/listinfo/systemd-devel') +-- +2.27.0 +
View file
_service:tar_scm:core-add-OptionalLog-to-allow-users-change-log-level.patch
Added
@@ -0,0 +1,144 @@ +From 637310cf1903f9072a391074a65855fc1c41ae2b Mon Sep 17 00:00:00 2001 +From: licunlong <licunlong1@huawei.com> +Date: Fri, 15 Apr 2022 09:28:15 +0800 +Subject: PATCH core: add OptionalLog to allow users change log level. +This adds log_optional* log_unit_optional* to log messages in LOG_INFO +or LOG_DEBUG. Set "OptionalLog=yes" to log in LOG_INFO. Defaults to no. + +--- + src/basic/log.h | 2 ++ + src/core/dbus-manager.c | 1 + + src/core/main.c | 4 ++++ + src/core/manager.h | 1 + + src/core/mount.c | 2 +- + src/core/system.conf.in | 1 + + src/core/unit.h | 2 ++ + 7 files changed, 12 insertions(+), 1 deletion(-) + +diff --git a/src/basic/log.h b/src/basic/log.h +index 625be22..6ff143f 100644 +--- a/src/basic/log.h ++++ b/src/basic/log.h +@@ -239,6 +239,7 @@ int log_emergency_level(void); + #define log_warning(...) log_full(LOG_WARNING, __VA_ARGS__) + #define log_error(...) log_full(LOG_ERR, __VA_ARGS__) + #define log_emergency(...) log_full(log_emergency_level(), __VA_ARGS__) ++#define log_optional(use_info, ...) log_full(((use_info) ? LOG_INFO : LOG_DEBUG), __VA_ARGS__) + + /* Logging triggered by an errno-like error */ + #define log_debug_errno(error, ...) log_full_errno(LOG_DEBUG, error, __VA_ARGS__) +@@ -235,6 +236,7 @@ int log_emergency_level(void); + #define log_warning_errno(error, ...) log_full_errno(LOG_WARNING, error, __VA_ARGS__) + #define log_error_errno(error, ...) log_full_errno(LOG_ERR, error, __VA_ARGS__) + #define log_emergency_errno(error, ...) log_full_errno(log_emergency_level(), error, __VA_ARGS__) ++#define log_optional_errno(error, use_info, ...) log_full_errno(((use_info) ? LOG_INFO : LOG_DEBUG), error, __VA_ARGS__) + + /* This logs at the specified level the first time it is called, and then + * logs at debug. If the specified level is debug, this logs only the first +diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c +index 184df9d..acf782d 100644 +--- a/src/core/dbus-manager.c ++++ b/src/core/dbus-manager.c +@@ -2656,6 +2656,7 @@ const sd_bus_vtable bus_manager_vtable = { + BUS_PROPERTY_DUAL_TIMESTAMP("InitRDUnitsLoadFinishTimestamp", offsetof(Manager, timestampsMANAGER_TIMESTAMP_INITRD_UNITS_LOAD_FINISH), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_WRITABLE_PROPERTY("LogLevel", "s", bus_property_get_log_level, property_set_log_level, 0, 0), + SD_BUS_WRITABLE_PROPERTY("LogTarget", "s", bus_property_get_log_target, property_set_log_target, 0, 0), ++ SD_BUS_PROPERTY("OptionalLog", "b", bus_property_get_bool, offsetof(Manager, optional_log), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("NNames", "u", property_get_hashmap_size, offsetof(Manager, units), 0), + SD_BUS_PROPERTY("NFailedUnits", "u", property_get_set_size, offsetof(Manager, failed_units), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), + SD_BUS_PROPERTY("NJobs", "u", property_get_hashmap_size, offsetof(Manager, jobs), 0), +diff --git a/src/core/main.c b/src/core/main.c +index 2a6b9b8..15a3cb9 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -110,6 +110,7 @@ static const char *arg_bus_introspect = NULL; + * defaults are assigned in reset_arguments() below. */ + static char *arg_default_unit; + static bool arg_system; ++static bool arg_optional_log; + static bool arg_dump_core; + static int arg_crash_chvt; + static bool arg_crash_shell; +@@ -641,6 +642,7 @@ static int parse_config_file(void) { + { "Manager", "LogColor", config_parse_color, 0, NULL }, + { "Manager", "LogLocation", config_parse_location, 0, NULL }, + { "Manager", "LogTime", config_parse_time, 0, NULL }, ++ { "Manager", "OptionalLog", config_parse_bool, 0, &arg_optional_log }, + { "Manager", "DumpCore", config_parse_bool, 0, &arg_dump_core }, + { "Manager", "CrashChVT", /* legacy */ config_parse_crash_chvt, 0, &arg_crash_chvt }, + { "Manager", "CrashChangeVT", config_parse_crash_chvt, 0, &arg_crash_chvt }, +@@ -748,6 +750,7 @@ static void set_manager_defaults(Manager *m) { + * affect the manager itself, but are just what newly allocated units will have set if they haven't set + * anything else. (Also see set_manager_settings() for the settings that affect the manager's own behaviour) */ + ++ m->optional_log = arg_optional_log; + m->default_timer_accuracy_usec = arg_default_timer_accuracy_usec; + m->default_std_output = arg_default_std_output; + m->default_std_error = arg_default_std_error; +@@ -2327,6 +2330,7 @@ static void reset_arguments(void) { + + /* arg_system — ignore */ + ++ arg_optional_log = false; + arg_dump_core = true; + arg_crash_chvt = -1; + arg_crash_shell = false; +diff --git a/src/core/manager.h b/src/core/manager.h +index c20abd5..543f30c 100644 +--- a/src/core/manager.h ++++ b/src/core/manager.h +@@ -378,6 +378,7 @@ struct Manager { + LogTarget original_log_target; + bool log_level_overridden; + bool log_target_overridden; ++ bool optional_log; + + struct rlimit *rlimit_RLIMIT_MAX; + +diff --git a/src/core/mount.c b/src/core/mount.c +index 9d676c2..dba8566 100644 +--- a/src/core/mount.c ++++ b/src/core/mount.c +@@ -674,7 +674,7 @@ static void mount_set_state(Mount *m, MountState state) { + } + + if (state != old_state) +- log_unit_debug(UNIT(m), "Changed %s -> %s", mount_state_to_string(old_state), mount_state_to_string(state)); ++ log_unit_optional(UNIT(m), UNIT(m)->manager->optional_log, "Changed %s -> %s", mount_state_to_string(old_state), mount_state_to_string(state)); + + unit_notify(UNIT(m), state_translation_tableold_state, state_translation_tablestate, + m->reload_result == MOUNT_SUCCESS ? 0 : UNIT_NOTIFY_RELOAD_FAILURE); +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index d6cc751..f521f3e 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -20,6 +20,7 @@ + #LogColor=yes + #LogLocation=no + #LogTime=no ++#OptionalLog=no + #DumpCore=yes + #ShowStatus=yes + #CrashChangeVT=no +diff --git a/src/core/unit.h b/src/core/unit.h +index 759104f..02f4cb2 100644 +--- a/src/core/unit.h ++++ b/src/core/unit.h +@@ -990,12 +990,14 @@ int unit_thaw_vtable_common(Unit *u); + #define log_unit_notice(unit, ...) log_unit_full(unit, LOG_NOTICE, __VA_ARGS__) + #define log_unit_warning(unit, ...) log_unit_full(unit, LOG_WARNING, __VA_ARGS__) + #define log_unit_error(unit, ...) log_unit_full(unit, LOG_ERR, __VA_ARGS__) ++#define log_unit_optional(unit, use_info, ...) log_unit_full(unit, ((use_info) ? LOG_INFO : LOG_DEBUG), __VA_ARGS__) + + #define log_unit_debug_errno(unit, error, ...) log_unit_full_errno(unit, LOG_DEBUG, error, __VA_ARGS__) + #define log_unit_info_errno(unit, error, ...) log_unit_full_errno(unit, LOG_INFO, error, __VA_ARGS__) + #define log_unit_notice_errno(unit, error, ...) log_unit_full_errno(unit, LOG_NOTICE, error, __VA_ARGS__) + #define log_unit_warning_errno(unit, error, ...) log_unit_full_errno(unit, LOG_WARNING, error, __VA_ARGS__) + #define log_unit_error_errno(unit, error, ...) log_unit_full_errno(unit, LOG_ERR, error, __VA_ARGS__) ++#define log_unit_optional_errno(unit, use_info, error, ...) log_unit_full_errno(unit, ((use_info) ? LOG_INFO : LOG_DEBUG), error, __VA_ARGS__) + + #define log_unit_struct_errno(unit, level, error, ...) \ + ({ \ +-- +2.23.0 +
View file
_service:tar_scm:core-add-invalidate-cgroup-config.patch
Added
@@ -0,0 +1,117 @@ +From d56b3978bbcd28246b3e3ce3f8c958ac95785dd7 Mon Sep 17 00:00:00 2001 +From: fangxiuning <fangxiuning@huawei.com> +Date: Wed, 22 Apr 2020 11:55:18 +0800 +Subject: + After systemd 239 version, a new feature is added to cgroups. +The processes started by users default to the cgroup group belonging +to user.slice, and the processes started by the system default to +system.slice. This is the direction of github systemd evolution. +However, there are still a large number of operations downstream +that systemd does not perceive to modify the cgroup group, +such as directly echo the process number to system.slice. + +For example: +1. sleep 1000 & +2. echo sleep pid > /sys/fs/cgroup/memory/system.slice/task +3. systemctl daemon-reload +4. cat /proc/sleep pid/cgroup +this kind of operation, systemd is not aware of it. +When systemctl disable service or systemctl daemon-reload operation +is executed, systemd will re-attach each process to its original +Under the group(user.slice). + +--- + src/core/main.c | 4 ++++ + src/core/manager.c | 1 + + src/core/manager.h | 1 + + src/core/system.conf.in | 1 + + src/core/unit-serialize.c | 2 +- + 5 files changed, 8 insertions(+), 1 deletion(-) + +diff --git a/src/core/main.c b/src/core/main.c +index 09075ef..a39d7d3 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -154,6 +154,7 @@ static bool arg_default_cpuset_accounting; + static bool arg_default_freezer_accounting; + static bool arg_default_tasks_accounting; + static TasksMax arg_default_tasks_max; ++static bool arg_default_invalidate_cgroup; + static sd_id128_t arg_machine_id; + static EmergencyAction arg_cad_burst_action; + static OOMPolicy arg_default_oom_policy; +@@ -704,6 +705,7 @@ static int parse_config_file(void) { + { "Manager", "DefaultFreezerAccounting", config_parse_bool, 0, &arg_default_freezer_accounting }, + { "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_default_tasks_accounting }, + { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_default_tasks_max }, ++ { "Manager", "DefaultInvalidateCgroup", config_parse_bool, 0, &arg_default_invalidate_cgroup }, + { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, 0, &arg_cad_burst_action }, + { "Manager", "DefaultOOMPolicy", config_parse_oom_policy, 0, &arg_default_oom_policy }, + { "Manager", "DefaultUnitSlice", config_parse_string, 0, &arg_default_unit_slice }, +@@ -780,6 +782,7 @@ static void set_manager_defaults(Manager *m) { + m->default_freezer_accounting = arg_default_freezer_accounting; + m->default_tasks_accounting = arg_default_tasks_accounting; + m->default_tasks_max = arg_default_tasks_max; ++ m->default_invalidate_cgroup = arg_default_invalidate_cgroup; + m->default_oom_policy = arg_default_oom_policy; + + (void) manager_set_default_rlimits(m, arg_default_rlimit); +@@ -2401,6 +2404,7 @@ static void reset_arguments(void) { + arg_default_freezer_accounting = false; + arg_default_tasks_accounting = true; + arg_default_tasks_max = DEFAULT_TASKS_MAX; ++ arg_default_invalidate_cgroup = true; + arg_machine_id = (sd_id128_t) {}; + arg_cad_burst_action = EMERGENCY_ACTION_REBOOT_FORCE; + arg_default_oom_policy = OOM_STOP; +diff --git a/src/core/manager.c b/src/core/manager.c +index 29ef96b..740bad5 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -780,6 +780,7 @@ int manager_new(UnitFileScope scope, ManagerTestRunFlags test_run_flags, Manager + .default_cpuset_accounting = false, + .default_tasks_accounting = true, + .default_tasks_max = TASKS_MAX_UNSET, ++ .default_invalidate_cgroup = true, + .default_timeout_start_usec = DEFAULT_TIMEOUT_USEC, + .default_timeout_stop_usec = DEFAULT_TIMEOUT_USEC, + .default_restart_usec = DEFAULT_RESTART_USEC, +diff --git a/src/core/manager.h b/src/core/manager.h +index 9a38737..485bab1 100644 +--- a/src/core/manager.h ++++ b/src/core/manager.h +@@ -371,6 +371,7 @@ struct Manager { + + TasksMax default_tasks_max; + usec_t default_timer_accuracy_usec; ++ bool default_invalidate_cgroup; + + OOMPolicy default_oom_policy; + +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index f521f3e..c1fd308 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -74,5 +74,6 @@ DefaultLimitMEMLOCK=64M + #DefaultLimitNICE= + #DefaultLimitRTPRIO= + #DefaultLimitRTTIME= ++#DefaultInvalidateCgroup=yes + #DefaultOOMPolicy=stop + DefaultDFXReboot=yes +diff --git a/src/core/unit-serialize.c b/src/core/unit-serialize.c +index 689a536..f3b3e70 100644 +--- a/src/core/unit-serialize.c ++++ b/src/core/unit-serialize.c +@@ -526,7 +526,7 @@ int unit_deserialize(Unit *u, FILE *f, FDSet *fds) { + /* Let's make sure that everything that is deserialized also gets any potential new cgroup settings + * applied after we are done. For that we invalidate anything already realized, so that we can + * realize it again. */ +- if (u->cgroup_realized) { ++ if (u->cgroup_realized && u->manager->default_invalidate_cgroup) { + unit_invalidate_cgroup(u, _CGROUP_MASK_ALL); + unit_invalidate_cgroup_bpf(u); + } +-- +2.27.0 +
View file
_service:tar_scm:core-cgroup-support-cpuset.patch
Added
@@ -0,0 +1,872 @@ +From 2ea8175b3d8ec118fa0f42392485ce0f4308456a Mon Sep 17 00:00:00 2001 +From: licunlong <licunlong1@huawei.com> +Date: Thu, 6 May 2021 09:38:54 +0800 +Subject: PATCH core-cgroup: support cpuset + +This patch add support for cpuset subsystem. +--- + src/basic/cgroup-util.c | 3 +- + src/basic/cgroup-util.h | 10 ++- + src/basic/string-util.c | 42 +++++++++ + src/basic/string-util.h | 2 + + src/core/cgroup.c | 86 ++++++++++++++++--- + src/core/cgroup.h | 10 ++- + src/core/dbus-cgroup.c | 52 +++++++++-- + src/core/dbus-manager.c | 1 + + src/core/load-fragment-gperf.gperf.in | 5 ++ + src/core/load-fragment.c | 73 +++++++++++++++- + src/core/load-fragment.h | 1 + + src/core/main.c | 4 + + src/core/manager.c | 1 + + src/core/manager.h | 1 + + src/core/system.conf.in | 1 + + src/core/unit.c | 1 + + src/shared/bus-unit-util.c | 15 +++- + src/shared/cpu-set-util.c | 1 + + src/test/test-cgroup-mask.c | 5 +- + .../fuzz-unit-file/directives-all.service | 5 ++ + test/fuzz/fuzz-unit-file/directives.mount | 5 ++ + test/fuzz/fuzz-unit-file/directives.scope | 5 ++ + test/fuzz/fuzz-unit-file/directives.service | 5 ++ + test/fuzz/fuzz-unit-file/directives.slice | 5 ++ + test/fuzz/fuzz-unit-file/directives.socket | 5 ++ + test/fuzz/fuzz-unit-file/directives.swap | 5 ++ + 26 files changed, 319 insertions(+), 30 deletions(-) + +diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c +index 1ff6160..01a4181 100644 +--- a/src/basic/cgroup-util.c ++++ b/src/basic/cgroup-util.c +@@ -2155,12 +2155,13 @@ bool fd_is_cgroup_fs(int fd) { + static const char *const cgroup_controller_table_CGROUP_CONTROLLER_MAX = { + CGROUP_CONTROLLER_CPU = "cpu", + CGROUP_CONTROLLER_CPUACCT = "cpuacct", +- CGROUP_CONTROLLER_CPUSET = "cpuset", ++ CGROUP_CONTROLLER_CPUSET2 = "cpuset2", + CGROUP_CONTROLLER_IO = "io", + CGROUP_CONTROLLER_BLKIO = "blkio", + CGROUP_CONTROLLER_MEMORY = "memory", + CGROUP_CONTROLLER_DEVICES = "devices", + CGROUP_CONTROLLER_PIDS = "pids", ++ CGROUP_CONTROLLER_CPUSET = "cpuset", + CGROUP_CONTROLLER_BPF_FIREWALL = "bpf-firewall", + CGROUP_CONTROLLER_BPF_DEVICES = "bpf-devices", + CGROUP_CONTROLLER_BPF_FOREIGN = "bpf-foreign", +diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h +index ce2f4c6..06a23ff 100644 +--- a/src/basic/cgroup-util.h ++++ b/src/basic/cgroup-util.h +@@ -20,12 +20,13 @@ typedef enum CGroupController { + /* Original cgroup controllers */ + CGROUP_CONTROLLER_CPU, + CGROUP_CONTROLLER_CPUACCT, /* v1 only */ +- CGROUP_CONTROLLER_CPUSET, /* v2 only */ ++ CGROUP_CONTROLLER_CPUSET2, /* v2 only */ + CGROUP_CONTROLLER_IO, /* v2 only */ + CGROUP_CONTROLLER_BLKIO, /* v1 only */ + CGROUP_CONTROLLER_MEMORY, + CGROUP_CONTROLLER_DEVICES, /* v1 only */ + CGROUP_CONTROLLER_PIDS, ++ CGROUP_CONTROLLER_CPUSET, + + /* BPF-based pseudo-controllers, v2 only */ + CGROUP_CONTROLLER_BPF_FIREWALL, +@@ -43,22 +44,23 @@ typedef enum CGroupController { + typedef enum CGroupMask { + CGROUP_MASK_CPU = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPU), + CGROUP_MASK_CPUACCT = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPUACCT), +- CGROUP_MASK_CPUSET = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPUSET), ++ CGROUP_MASK_CPUSET2 = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPUSET2), + CGROUP_MASK_IO = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_IO), + CGROUP_MASK_BLKIO = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BLKIO), + CGROUP_MASK_MEMORY = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_MEMORY), + CGROUP_MASK_DEVICES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_DEVICES), + CGROUP_MASK_PIDS = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_PIDS), ++ CGROUP_MASK_CPUSET = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPUSET), + CGROUP_MASK_BPF_FIREWALL = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_FIREWALL), + CGROUP_MASK_BPF_DEVICES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_DEVICES), + CGROUP_MASK_BPF_FOREIGN = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_FOREIGN), + CGROUP_MASK_BPF_SOCKET_BIND = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_SOCKET_BIND), + + /* All real cgroup v1 controllers */ +- CGROUP_MASK_V1 = CGROUP_MASK_CPU|CGROUP_MASK_CPUACCT|CGROUP_MASK_BLKIO|CGROUP_MASK_MEMORY|CGROUP_MASK_DEVICES|CGROUP_MASK_PIDS, ++ CGROUP_MASK_V1 = CGROUP_MASK_CPU|CGROUP_MASK_CPUACCT|CGROUP_MASK_BLKIO|CGROUP_MASK_MEMORY|CGROUP_MASK_CPUSET|CGROUP_MASK_DEVICES|CGROUP_MASK_PIDS, + + /* All real cgroup v2 controllers */ +- CGROUP_MASK_V2 = CGROUP_MASK_CPU|CGROUP_MASK_CPUSET|CGROUP_MASK_IO|CGROUP_MASK_MEMORY|CGROUP_MASK_PIDS, ++ CGROUP_MASK_V2 = CGROUP_MASK_CPU|CGROUP_MASK_CPUSET2|CGROUP_MASK_IO|CGROUP_MASK_MEMORY|CGROUP_MASK_PIDS, + + /* All cgroup v2 BPF pseudo-controllers */ + CGROUP_MASK_BPF = CGROUP_MASK_BPF_FIREWALL|CGROUP_MASK_BPF_DEVICES|CGROUP_MASK_BPF_FOREIGN|CGROUP_MASK_BPF_SOCKET_BIND, +diff --git a/src/basic/string-util.c b/src/basic/string-util.c +index a645958..45f358b 100644 +--- a/src/basic/string-util.c ++++ b/src/basic/string-util.c +@@ -1146,3 +1146,45 @@ int string_contains_word_strv(const char *string, const char *separators, char * + *ret_word = found; + return !!found; + } ++ ++int string_isvalid_interval(const char *instr) ++{ ++ const char *pstr = instr; /* tmp */ ++ const char *pstr_front = instr; /* front char */ ++ const char *pstr_behind = instr; /* behind char */ ++ ++ if (isempty(instr)) ++ { ++ return 1; ++ } ++ ++ while (*pstr != '\0') ++ { ++ /* behind */ ++ pstr_behind = pstr + 1; ++ ++ /* 0-3,4,6,7-10 */ ++ if (((*pstr < '0') || (*pstr > '9')) && ++ (*pstr != '-') && ++ (*pstr != ',')) ++ { ++ return 2; ++ } ++ ++ /* - , must is a num */ ++ if (('-' == *pstr) || (',' == *pstr)) ++ { ++ if ((*pstr_front < '0') || (*pstr_front > '9') || ++ (*pstr_behind < '0') || (*pstr_behind > '9')) ++ { ++ return 3; ++ } ++ } ++ ++ /* front */ ++ pstr_front = pstr; ++ pstr++; ++ } ++ ++ return 0; ++} +diff --git a/src/basic/string-util.h b/src/basic/string-util.h +index 9155e50..338dcd5 100644 +--- a/src/basic/string-util.h ++++ b/src/basic/string-util.h +@@ -242,3 +242,5 @@ int string_contains_word_strv(const char *string, const char *separators, char * + static inline int string_contains_word(const char *string, const char *separators, const char *word) { + return string_contains_word_strv(string, separators, STRV_MAKE(word), NULL); + } ++ ++int string_isvalid_interval(const char *instr); +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index de1d5f4..2c2d1b0 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -246,8 +246,14 @@ void cgroup_context_done(CGroupContext *c) { + while (c->bpf_foreign_programs) + cgroup_context_remove_bpf_foreign_program(c, c->bpf_foreign_programs); + +- cpu_set_reset(&c->cpuset_cpus); +- cpu_set_reset(&c->cpuset_mems); ++ if (c->cpuset_cpus) ++ c->cpuset_cpus = mfree(c->cpuset_cpus); ++ ++ if (c->cpuset_mems) ++ c->cpuset_mems = mfree(c->cpuset_mems); ++ ++ cpu_set_reset(&c->cpuset_cpus2); ++ cpu_set_reset(&c->cpuset_mems2); + } + + static int unit_get_kernel_memory_limit(Unit *u, const char *file, uint64_t *ret) { +@@ -382,7 +388,7 @@ static char *format_cgroup_memory_limit_comparison(char *buf, size_t l, Unit *u, + } + + void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { +- _cleanup_free_ char *disable_controllers_str = NULL, *cpuset_cpus = NULL, *cpuset_mems = NULL; ++ _cleanup_free_ char *disable_controllers_str = NULL, *cpuset_cpus2 = NULL, *cpuset_mems2 = NULL; + CGroupIODeviceLimit *il; + CGroupIODeviceWeight *iw; + CGroupIODeviceLatency *l; +@@ -412,14 +418,15 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + + (void) cg_mask_to_string(c->disable_controllers, &disable_controllers_str); + +- cpuset_cpus = cpu_set_to_range_string(&c->cpuset_cpus); +- cpuset_mems = cpu_set_to_range_string(&c->cpuset_mems); ++ cpuset_cpus2 = cpu_set_to_range_string(&c->cpuset_cpus2); ++ cpuset_mems2 = cpu_set_to_range_string(&c->cpuset_mems2); +
View file
_service:tar_scm:core-cgroup-support-default-slice-for-all-uni.patch
Added
@@ -0,0 +1,216 @@ +From a25f206a49d8a3111ac42791b2eca8a3c9af4991 Mon Sep 17 00:00:00 2001 +From: licunlong <licunlong1@huawei.com> +Date: Thu, 6 May 2021 09:38:55 +0800 +Subject: PATCH core-cgroup: support default slice for all units. + +With this patch, users can specify a default slice for all units by +adding DefaultUnitSlice=xxx.slice in /etc/systemd/system.conf. +--- + src/core/main.c | 22 +++++++++++ + src/core/manager.h | 2 + + src/core/unit.c | 98 ++++++++++++++++++++++++++++++++++++++++++---- + 3 files changed, 114 insertions(+), 8 deletions(-) + +diff --git a/src/core/main.c b/src/core/main.c +index 48e8a4b..c3d9e1c 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -159,6 +159,7 @@ static EmergencyAction arg_cad_burst_action; + static OOMPolicy arg_default_oom_policy; + static CPUSet arg_cpu_affinity; + static NUMAPolicy arg_numa_policy; ++static char *arg_default_unit_slice = NULL; + static usec_t arg_clock_usec; + static void *arg_random_seed; + static size_t arg_random_seed_size; +@@ -705,6 +706,7 @@ static int parse_config_file(void) { + { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_default_tasks_max }, + { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, 0, &arg_cad_burst_action }, + { "Manager", "DefaultOOMPolicy", config_parse_oom_policy, 0, &arg_default_oom_policy }, ++ { "Manager", "DefaultUnitSlice", config_parse_string, 0, &arg_default_unit_slice }, + {} + }; + +@@ -784,6 +786,26 @@ static void set_manager_defaults(Manager *m) { + + (void) manager_default_environment(m); + (void) manager_transient_environment_add(m, arg_default_environment); ++ if (m->default_unit_slice) ++ { ++ free(m->default_unit_slice); ++ m->default_unit_slice = NULL; ++ } ++ ++ if (arg_default_unit_slice) ++ { ++ char *default_unit_slice_tmp = NULL; ++ ++ default_unit_slice_tmp = strdup(arg_default_unit_slice); ++ if (!default_unit_slice_tmp) ++ log_oom(); ++ ++ m->default_unit_slice = default_unit_slice_tmp; ++ ++ /* free */ ++ free(arg_default_unit_slice); ++ arg_default_unit_slice = NULL; ++ } + } + + static void set_manager_settings(Manager *m) { +diff --git a/src/core/manager.h b/src/core/manager.h +index 25d058f..ddddc8e 100644 +--- a/src/core/manager.h ++++ b/src/core/manager.h +@@ -23,6 +23,7 @@ typedef struct Unit Unit; + + /* Enforce upper limit how many names we allow */ + #define MANAGER_MAX_NAMES 131072 /* 128K */ ++#define DEFAULT_UNIT_NAME_LEN_MAX 32 + + typedef struct Manager Manager; + +@@ -445,6 +446,7 @@ struct Manager { + unsigned notifygen; + + bool honor_device_enumeration; ++ char *default_unit_slice; + bool in_manager_catchup; + + VarlinkServer *varlink_server; +diff --git a/src/core/unit.c b/src/core/unit.c +index cbb02ea..e3dee86 100644 +--- a/src/core/unit.c ++++ b/src/core/unit.c +@@ -3316,6 +3316,58 @@ int unit_set_slice(Unit *u, Unit *slice) { + return 1; + } + ++/* system-xxx.slice, xxx must be (a b c/A B C...and 0 1 2...) */ ++static bool slicename_is_valid(const char *slicename) { ++ const char *str_start = "system-"; ++ const char *str_end = ".slice"; ++ const char *str_tmp = NULL; ++ size_t len_in = 0; ++ size_t len_start = 0; ++ size_t len_end = 0; ++ size_t i = 0; ++ ++ if (isempty(slicename)) ++ return false; ++ ++ len_in = strlen(slicename); ++ len_start = strlen(str_start); ++ len_end = strlen(str_end); ++ ++ if (len_in > DEFAULT_UNIT_NAME_LEN_MAX) ++ return false; ++ ++ if (len_in <= len_start + len_end) ++ return false; ++ ++ /* system- */ ++ if (strncmp(slicename, str_start, len_start) != 0) ++ return false; ++ ++ str_tmp = slicename + len_start; ++ ++ len_in = strlen(str_tmp); ++ if (len_in <= len_end) ++ return false; ++ ++ /* .slice */ ++ if (!strneq(str_tmp + len_in - len_end, str_end, len_end)) ++ return false; ++ ++ /* a b c/A B C...and 0 1 2... */ ++ for (i = 0; i < (len_in - len_end); i++) { ++ char c = *(str_tmp + i); ++ ++ if ((c >= 'a' && c <= 'z') || ++ (c >= 'A' && c <= 'Z') || ++ (c >= '0' && c <= '9')) ++ continue; ++ else ++ return false; ++ } ++ ++ return true; ++} ++ + int unit_set_default_slice(Unit *u) { + const char *slice_name; + Unit *slice; +@@ -3326,6 +3378,20 @@ int unit_set_default_slice(Unit *u) { + if (UNIT_GET_SLICE(u)) + return 0; + ++ bool isdefaultslice = false; ++ char *default_unit_slice = u->manager->default_unit_slice; ++ ++ if (default_unit_slice) { ++ isdefaultslice = true; ++ ++ if (streq(default_unit_slice, SPECIAL_SYSTEM_SLICE)) ++ isdefaultslice = false; ++ else if (!slicename_is_valid(default_unit_slice)) { ++ log_error("default unit slice is error. slice name '%s' is invalid.", default_unit_slice); ++ isdefaultslice = false; ++ } ++ } ++ + if (u->instance) { + _cleanup_free_ char *prefix = NULL, *escaped = NULL; + +@@ -3343,24 +3409,40 @@ int unit_set_default_slice(Unit *u) { + if (!escaped) + return -ENOMEM; + +- if (MANAGER_IS_SYSTEM(u->manager)) +- slice_name = strjoina("system-", escaped, ".slice"); +- else ++ if (MANAGER_IS_SYSTEM(u->manager)) { ++ if (isdefaultslice) { ++ _cleanup_free_ char *default_unit_slice_tmp = NULL; ++ ++ default_unit_slice_tmp = strreplace(default_unit_slice, ".slice", "-"); ++ if (!default_unit_slice_tmp) ++ return -ENOMEM; ++ ++ slice_name = strjoina(default_unit_slice_tmp, escaped, ".slice"); ++ } else ++ slice_name = strjoina("system-", escaped, ".slice"); ++ } else + slice_name = strjoina("app-", escaped, ".slice"); + +- } else if (unit_is_extrinsic(u)) ++ } else if (unit_is_extrinsic(u)) { + /* Keep all extrinsic units (e.g. perpetual units and swap and mount units in user mode) in + * the root slice. They don't really belong in one of the subslices. */ + slice_name = SPECIAL_ROOT_SLICE; +- +- else if (MANAGER_IS_SYSTEM(u->manager)) +- slice_name = SPECIAL_SYSTEM_SLICE; +- else ++ isdefaultslice = false; ++ } else if (MANAGER_IS_SYSTEM(u->manager)) { ++ if (isdefaultslice) ++ slice_name = default_unit_slice; ++ else
View file
_service:tar_scm:core-cgroup-support-freezer.patch
Added
@@ -0,0 +1,589 @@ +From 05a0f33b0d0a650b25ce7955a171d725f9c3f5f6 Mon Sep 17 00:00:00 2001 +From: licunlong <licunlong1@huawei.com> +Date: Thu, 6 May 2021 09:38:54 +0800 +Subject: PATCH core-cgroup: support freezer. + +This patch add support for freezer subsystem. +--- + src/basic/cgroup-util.c | 1 + + src/basic/cgroup-util.h | 4 +- + src/core/cgroup.c | 16 +++++++ + src/core/cgroup.h | 4 ++ + src/core/dbus-cgroup.c | 29 +++++++++++++ + src/core/dbus-manager.c | 1 + + src/core/load-fragment-gperf.gperf.in | 2 + + src/core/load-fragment.c | 33 ++++++++++++++ + src/core/load-fragment.h | 1 + + src/core/main.c | 4 ++ + src/core/manager.h | 1 + + src/core/system.conf.in | 1 + + src/core/unit.c | 1 + + src/shared/bus-unit-util.c | 11 +++++ + src/test/meson.build | 6 +++ + src/test/test-cgroup-freezer.c | 43 +++++++++++++++++++ + src/test/test-cgroup-mask.c | 3 +- + .../fuzz-unit-file/directives-all.service | 2 + + test/fuzz/fuzz-unit-file/directives.mount | 2 + + test/fuzz/fuzz-unit-file/directives.scope | 2 + + test/fuzz/fuzz-unit-file/directives.service | 2 + + test/fuzz/fuzz-unit-file/directives.slice | 2 + + test/fuzz/fuzz-unit-file/directives.socket | 2 + + test/fuzz/fuzz-unit-file/directives.swap | 2 + + 24 files changed, 173 insertions(+), 2 deletions(-) + create mode 100644 src/test/test-cgroup-freezer.c + +diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c +index 01a4181..f912b65 100644 +--- a/src/basic/cgroup-util.c ++++ b/src/basic/cgroup-util.c +@@ -2162,6 +2162,7 @@ static const char *const cgroup_controller_table_CGROUP_CONTROLLER_MAX = { + CGROUP_CONTROLLER_DEVICES = "devices", + CGROUP_CONTROLLER_PIDS = "pids", + CGROUP_CONTROLLER_CPUSET = "cpuset", ++ CGROUP_CONTROLLER_FREEZER = "freezer", + CGROUP_CONTROLLER_BPF_FIREWALL = "bpf-firewall", + CGROUP_CONTROLLER_BPF_DEVICES = "bpf-devices", + CGROUP_CONTROLLER_BPF_FOREIGN = "bpf-foreign", +diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h +index 06a23ff..a491eca 100644 +--- a/src/basic/cgroup-util.h ++++ b/src/basic/cgroup-util.h +@@ -27,6 +27,7 @@ typedef enum CGroupController { + CGROUP_CONTROLLER_DEVICES, /* v1 only */ + CGROUP_CONTROLLER_PIDS, + CGROUP_CONTROLLER_CPUSET, ++ CGROUP_CONTROLLER_FREEZER, + + /* BPF-based pseudo-controllers, v2 only */ + CGROUP_CONTROLLER_BPF_FIREWALL, +@@ -51,13 +52,14 @@ typedef enum CGroupMask { + CGROUP_MASK_DEVICES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_DEVICES), + CGROUP_MASK_PIDS = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_PIDS), + CGROUP_MASK_CPUSET = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPUSET), ++ CGROUP_MASK_FREEZER = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_FREEZER), + CGROUP_MASK_BPF_FIREWALL = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_FIREWALL), + CGROUP_MASK_BPF_DEVICES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_DEVICES), + CGROUP_MASK_BPF_FOREIGN = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_FOREIGN), + CGROUP_MASK_BPF_SOCKET_BIND = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_SOCKET_BIND), + + /* All real cgroup v1 controllers */ +- CGROUP_MASK_V1 = CGROUP_MASK_CPU|CGROUP_MASK_CPUACCT|CGROUP_MASK_BLKIO|CGROUP_MASK_MEMORY|CGROUP_MASK_CPUSET|CGROUP_MASK_DEVICES|CGROUP_MASK_PIDS, ++ CGROUP_MASK_V1 = CGROUP_MASK_CPU|CGROUP_MASK_CPUACCT|CGROUP_MASK_BLKIO|CGROUP_MASK_MEMORY|CGROUP_MASK_CPUSET|CGROUP_MASK_FREEZER|CGROUP_MASK_DEVICES|CGROUP_MASK_PIDS, + + /* All real cgroup v2 controllers */ + CGROUP_MASK_V2 = CGROUP_MASK_CPU|CGROUP_MASK_CPUSET2|CGROUP_MASK_IO|CGROUP_MASK_MEMORY|CGROUP_MASK_PIDS, +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 83e94c7..f811a8b 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -139,6 +139,7 @@ void cgroup_context_init(CGroupContext *c) { + .startup_blockio_weight = CGROUP_BLKIO_WEIGHT_INVALID, + + .tasks_max = TASKS_MAX_UNSET, ++ .freezer_state = NULL, + + .moom_swap = MANAGED_OOM_AUTO, + .moom_mem_pressure = MANAGED_OOM_AUTO, +@@ -260,6 +261,9 @@ void cgroup_context_done(CGroupContext *c) { + + cpu_set_reset(&c->cpuset_cpus2); + cpu_set_reset(&c->cpuset_mems2); ++ ++ if (c->freezer_state) ++ c->freezer_state = mfree(c->freezer_state); + } + + static int unit_get_kernel_memory_limit(Unit *u, const char *file, uint64_t *ret) { +@@ -433,6 +437,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + "%sBlockIOAccounting: %s\n" + "%sMemoryAccounting: %s\n" + "%sCPUSetAccounting: %s\n" ++ "%sFreezerAccounting=%s\n" + "%sTasksAccounting: %s\n" + "%sIPAccounting: %s\n" + "%sCPUWeight: %" PRIu64 "\n" +@@ -460,6 +465,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + "%sCPUSetCloneChildren=%s\n" + "%sCPUSetMemMigrate=%s\n" + "%sTasksMax: %" PRIu64 "\n" ++ "%sFreezerState=%s\n" + "%sDevicePolicy: %s\n" + "%sDisableControllers: %s\n" + "%sDelegate: %s\n" +@@ -472,6 +478,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + prefix, yes_no(c->blockio_accounting), + prefix, yes_no(c->memory_accounting), + prefix, yes_no(c->cpuset_accounting), ++ prefix, yes_no(c->freezer_accounting), + prefix, yes_no(c->tasks_accounting), + prefix, yes_no(c->ip_accounting), + prefix, c->cpu_weight, +@@ -499,6 +506,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + prefix, yes_no(c->cpuset_clone_children), + prefix, yes_no(c->cpuset_memory_migrate), + prefix, tasks_max_resolve(&c->tasks_max), ++ prefix, c->freezer_state, + prefix, cgroup_device_policy_to_string(c->device_policy), + prefix, strempty(disable_controllers_str), + prefix, yes_no(c->delegate), +@@ -1566,6 +1574,11 @@ static void cgroup_context_apply( + } + } + ++ if ((apply_mask & CGROUP_MASK_FREEZER) && !is_local_root) { ++ if (c->freezer_state) ++ (void) set_attribute_and_warn(u, "freezer", "freezer.state", c->freezer_state); ++ } ++ + /* On cgroup v2 we can apply BPF everywhere. On cgroup v1 we apply it everywhere except for the root of + * containers, where we leave this to the manager */ + if ((apply_mask & (CGROUP_MASK_DEVICES | CGROUP_MASK_BPF_DEVICES)) && +@@ -1708,6 +1721,9 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) { + c->cpuset_mems) + mask |= CGROUP_MASK_CPUSET; + ++ if (c->freezer_accounting || c->freezer_state) ++ mask |= CGROUP_MASK_FREEZER; ++ + if (c->device_allow || + c->device_policy != CGROUP_DEVICE_POLICY_AUTO) + mask |= CGROUP_MASK_DEVICES | CGROUP_MASK_BPF_DEVICES; +diff --git a/src/core/cgroup.h b/src/core/cgroup.h +index 1e27104..6833d5b 100644 +--- a/src/core/cgroup.h ++++ b/src/core/cgroup.h +@@ -116,6 +116,7 @@ struct CGroupContext { + bool blockio_accounting; + bool memory_accounting; + bool cpuset_accounting; ++ bool freezer_accounting; + bool tasks_accounting; + bool ip_accounting; + +@@ -186,6 +187,9 @@ struct CGroupContext { + /* Common */ + TasksMax tasks_max; + ++ /* Freezer */ ++ char *freezer_state; ++ + /* Settings for systemd-oomd */ + ManagedOOMMode moom_swap; + ManagedOOMMode moom_mem_pressure; +diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c +index 0cdc98c..8527a1a 100644 +--- a/src/core/dbus-cgroup.c ++++ b/src/core/dbus-cgroup.c +@@ -445,6 +445,8 @@ const sd_bus_vtable bus_cgroup_vtable = { + SD_BUS_PROPERTY("CPUSetMems", "s", NULL, offsetof(CGroupContext, cpuset_mems), 0), + SD_BUS_PROPERTY("CPUSetCloneChildren", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_clone_children), 0), + SD_BUS_PROPERTY("CPUSetMemMigrate", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_memory_migrate), 0), ++ SD_BUS_PROPERTY("FreezerAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, freezer_accounting), 0), ++ SD_BUS_PROPERTY("FreezerState", "s", NULL, offsetof(CGroupContext, freezer_state), 0), + SD_BUS_PROPERTY("DevicePolicy", "s", property_get_cgroup_device_policy, offsetof(CGroupContext, device_policy), 0), + SD_BUS_PROPERTY("DeviceAllow", "a(ss)", property_get_device_allow, 0, 0), + SD_BUS_PROPERTY("TasksAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, tasks_accounting), 0), +@@ -1073,6 +1075,9 @@ int bus_cgroup_set_property( + if (streq(name, "CPUSetAccounting")) + return bus_cgroup_set_boolean(u, name, &c->cpuset_accounting, CGROUP_MASK_CPUSET, message, flags, error); + ++ if (streq(name, "FreezerAccounting")) ++ return bus_cgroup_set_boolean(u, name, &c->freezer_accounting, CGROUP_MASK_FREEZER, message, flags, error); ++ + if (STR_IN_SET(name, "CPUSetCpus", "CPUSetMems")) { + const char *cpuset_str = NULL; + +@@ -1107,6 +1112,30 @@ int bus_cgroup_set_property( + if (streq(name, "CPUSetMemMigrate")) + return bus_cgroup_set_boolean(u, name, &c->cpuset_memory_migrate, CGROUP_MASK_CPUSET, message, flags, error); +
View file
_service:tar_scm:core-cgroup-support-memorysw.patch
Added
@@ -0,0 +1,263 @@ +From cfb8a3cf09d9a958388ca1181bb92d9f77ab100e Mon Sep 17 00:00:00 2001 +From: licunlong <licunlong1@huawei.com> +Date: Thu, 6 May 2021 09:38:54 +0800 +Subject: PATCH core-cgroup: support memorysw + +Upstream systemd dosen't support setting memory.memsw.limit_in_bytes. +This patch enables setting memory.memsw.limit_in_bytes by MemoryMemswLimit. +--- + src/core/cgroup.c | 17 +++++++++++++++-- + src/core/cgroup.h | 1 + + src/core/dbus-cgroup.c | 4 ++++ + src/core/load-fragment-gperf.gperf.in | 1 + + src/core/load-fragment.c | 2 ++ + src/shared/bus-print-properties.c | 2 +- + src/shared/bus-unit-util.c | 1 + + test/fuzz/fuzz-unit-file/directives-all.service | 1 + + test/fuzz/fuzz-unit-file/directives.mount | 1 + + test/fuzz/fuzz-unit-file/directives.scope | 1 + + test/fuzz/fuzz-unit-file/directives.service | 1 + + test/fuzz/fuzz-unit-file/directives.slice | 1 + + test/fuzz/fuzz-unit-file/directives.socket | 1 + + test/fuzz/fuzz-unit-file/directives.swap | 1 + + 14 files changed, 32 insertions(+), 3 deletions(-) + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index d9b1d9b..4eedaf7 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -125,6 +125,7 @@ void cgroup_context_init(CGroupContext *c) { + .memory_swap_max = CGROUP_LIMIT_MAX, + + .memory_limit = CGROUP_LIMIT_MAX, ++ .memory_memsw_limit = CGROUP_LIMIT_MAX, + + .io_weight = CGROUP_WEIGHT_INVALID, + .startup_io_weight = CGROUP_WEIGHT_INVALID, +@@ -454,6 +455,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + "%sMemoryMax: %" PRIu64 "%s\n" + "%sMemorySwapMax: %" PRIu64 "%s\n" + "%sMemoryLimit: %" PRIu64 "\n" ++ "%sMemoryMemswLimit=%" PRIu64 "\n" + "%sCPUSetCpus=%s\n" + "%sCPUSetMems=%s\n" + "%sCPUSetCloneChildren=%s\n" +@@ -495,6 +497,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) { + prefix, c->memory_max, format_cgroup_memory_limit_comparison(cdd, sizeof(cdd), u, "MemoryMax"), + prefix, c->memory_swap_max, format_cgroup_memory_limit_comparison(cde, sizeof(cde), u, "MemorySwapMax"), + prefix, c->memory_limit, ++ prefix, c->memory_memsw_limit, + prefix, c->cpuset_cpus, + prefix, c->cpuset_mems, + prefix, yes_no(c->cpuset_clone_children), +@@ -1484,13 +1487,16 @@ static void cgroup_context_apply( + + } else { + char bufDECIMAL_STR_MAX(uint64_t) + 1; +- uint64_t val; ++ uint64_t val, sw_val; + + if (unit_has_unified_memory_config(u)) { + val = c->memory_max; ++ sw_val = CGROUP_LIMIT_MAX; + log_cgroup_compat(u, "Applying MemoryMax=%" PRIi64 " as MemoryLimit=", val); +- } else ++ } else { + val = c->memory_limit; ++ sw_val = c->memory_memsw_limit; ++ } + + if (val == CGROUP_LIMIT_MAX) + strncpy(buf, "-1\n", sizeof(buf)); +@@ -1498,6 +1504,12 @@ static void cgroup_context_apply( + xsprintf(buf, "%" PRIu64 "\n", val); + + (void) set_attribute_and_warn(u, "memory", "memory.limit_in_bytes", buf); ++ ++ if (sw_val == CGROUP_LIMIT_MAX) ++ strncpy(buf, "-1\n", sizeof(buf)); ++ else ++ xsprintf(buf, "%" PRIu64 "\n", sw_val); ++ (void) set_attribute_and_warn(u, "memory", "memory.memsw.limit_in_bytes", buf); + } + } + +@@ -1679,6 +1691,7 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) { + + if (c->memory_accounting || + c->memory_limit != CGROUP_LIMIT_MAX || ++ c->memory_memsw_limit != CGROUP_LIMIT_MAX || + unit_has_unified_memory_config(u)) + mask |= CGROUP_MASK_MEMORY; + +diff --git a/src/core/cgroup.h b/src/core/cgroup.h +index 9177415..1a36c2d 100644 +--- a/src/core/cgroup.h ++++ b/src/core/cgroup.h +@@ -177,6 +177,7 @@ struct CGroupContext { + LIST_HEAD(CGroupBlockIODeviceBandwidth, blockio_device_bandwidths); + + uint64_t memory_limit; ++ uint64_t memory_memsw_limit; + + CGroupDevicePolicy device_policy; + LIST_HEAD(CGroupDeviceAllow, device_allow); +diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c +index 509ae4f..a200710 100644 +--- a/src/core/dbus-cgroup.c ++++ b/src/core/dbus-cgroup.c +@@ -440,6 +440,7 @@ const sd_bus_vtable bus_cgroup_vtable = { + SD_BUS_PROPERTY("MemoryMax", "t", NULL, offsetof(CGroupContext, memory_max), 0), + SD_BUS_PROPERTY("MemorySwapMax", "t", NULL, offsetof(CGroupContext, memory_swap_max), 0), + SD_BUS_PROPERTY("MemoryLimit", "t", NULL, offsetof(CGroupContext, memory_limit), 0), ++ SD_BUS_PROPERTY("MemoryMemswLimit", "t", NULL, offsetof(CGroupContext, memory_memsw_limit), 0), + SD_BUS_PROPERTY("CPUSetAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_accounting), 0), + SD_BUS_PROPERTY("CPUSetCpus", "s", NULL, offsetof(CGroupContext, cpuset_cpus), 0), + SD_BUS_PROPERTY("CPUSetMems", "s", NULL, offsetof(CGroupContext, cpuset_mems), 0), +@@ -1032,6 +1033,9 @@ int bus_cgroup_set_property( + if (streq(name, "MemoryLimit")) + return bus_cgroup_set_memory(u, name, &c->memory_limit, message, flags, error); + ++ if (streq(name, "MemoryMemswLimit")) ++ return bus_cgroup_set_memory(u, name, &c->memory_memsw_limit, message, flags, error); ++ + if (streq(name, "MemoryMinScale")) { + r = bus_cgroup_set_memory_protection_scale(u, name, &c->memory_min, message, flags, error); + if (r > 0) +diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in +index 5b7ecd2..0702aa0 100644 +--- a/src/core/load-fragment-gperf.gperf.in ++++ b/src/core/load-fragment-gperf.gperf.in +@@ -197,6 +197,7 @@ + {{type}}.MemoryMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) + {{type}}.MemorySwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) + {{type}}.MemoryLimit, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) ++{{type}}.MemoryMemswLimit, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context) + {{type}}.CPUSetAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpuset_accounting) + {{type}}.CPUSetCpus, config_parse_cpuset_cpumems, 0, offsetof({{type}}, cgroup_context.cpuset_cpus) + {{type}}.CPUSetMems, config_parse_cpuset_cpumems, 0, offsetof({{type}}, cgroup_context.cpuset_mems) +diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c +index 1fb097d..a2ad32b 100644 +--- a/src/core/load-fragment.c ++++ b/src/core/load-fragment.c +@@ -3716,6 +3716,8 @@ int config_parse_memory_limit( + c->memory_swap_max = bytes; + else if (streq(lvalue, "MemoryLimit")) + c->memory_limit = bytes; ++ else if (streq(lvalue, "MemoryMemswLimit")) ++ c->memory_memsw_limit = bytes; + else + return -EINVAL; + +diff --git a/src/shared/bus-print-properties.c b/src/shared/bus-print-properties.c +index b459219..a16aca8 100644 +--- a/src/shared/bus-print-properties.c ++++ b/src/shared/bus-print-properties.c +@@ -165,7 +165,7 @@ static int bus_print_property(const char *name, const char *expected_value, sd_b + + bus_print_property_value(name, expected_value, flags, "not set"); + +- else if ((STR_IN_SET(name, "DefaultMemoryLow", "DefaultMemoryMin", "MemoryLow", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryLimit", "MemoryAvailable") && u == CGROUP_LIMIT_MAX) || ++ else if ((STR_IN_SET(name, "DefaultMemoryLow", "DefaultMemoryMin", "MemoryLow", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryLimit", "MemoryMemswLimit", "MemoryAvailable") && u == CGROUP_LIMIT_MAX) || + (STR_IN_SET(name, "TasksMax", "DefaultTasksMax") && u == UINT64_MAX) || + (startswith(name, "Limit") && u == UINT64_MAX) || + (startswith(name, "DefaultLimit") && u == UINT64_MAX)) +diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c +index f20fcbf..b4b04e1 100644 +--- a/src/shared/bus-unit-util.c ++++ b/src/shared/bus-unit-util.c +@@ -521,6 +521,7 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons + "MemoryMax", + "MemorySwapMax", + "MemoryLimit", ++ "MemoryMemswLimit", + "TasksMax")) { + + if (streq(eq, "infinity")) { +diff --git a/test/fuzz/fuzz-unit-file/directives-all.service b/test/fuzz/fuzz-unit-file/directives-all.service +index 1cd161d..208c33b 100644 +--- a/test/fuzz/fuzz-unit-file/directives-all.service ++++ b/test/fuzz/fuzz-unit-file/directives-all.service +@@ -158,6 +158,7 @@ MemoryHigh= + MemoryLimit= + MemoryLow= + MemoryMax= ++MemoryMemswLimit= + MemorySwapMax= + MessageQueueMaxMessages= + MessageQueueMessageSize= +diff --git a/test/fuzz/fuzz-unit-file/directives.mount b/test/fuzz/fuzz-unit-file/directives.mount +index 53c035a..0c3cd57 100644 +--- a/test/fuzz/fuzz-unit-file/directives.mount ++++ b/test/fuzz/fuzz-unit-file/directives.mount +@@ -109,6 +109,7 @@ MemoryLimit= + MemoryLow= + MemoryMax= + MemoryMin= ++MemoryMemswLimit= + MemorySwapMax= + MountAPIVFS=
View file
_service:tar_scm:core-update-arg_default_rlimit-in-bump_rlimit.patch
Added
@@ -0,0 +1,24 @@ +From a80954ddf69d90d3b02ab62fb025534862069dc3 Mon Sep 17 00:00:00 2001 +From: licunlong <licunlong1@huawei.com> +Date: Wed, 24 Jun 2020 17:23:03 +0800 +Subject: PATCH core-update-arg_default_rlimit-in-bump_rlimit + +--- + src/core/system.conf.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index a58f65a..4762669 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -61,7 +61,7 @@ + #DefaultLimitNOFILE=1024:{{HIGH_RLIMIT_NOFILE}} + #DefaultLimitAS= + #DefaultLimitNPROC= +-#DefaultLimitMEMLOCK= ++DefaultLimitMEMLOCK=64M + #DefaultLimitLOCKS= + #DefaultLimitSIGPENDING= + #DefaultLimitMSGQUEUE= +-- +2.23.0
View file
_service:tar_scm:delay-to-restart-when-a-service-can-not-be-auto-restarted.patch
Changed
@@ -13,14 +13,14 @@ to handle the time task. This patch fix this problem by delaying 1 second to restart the service to cause STOP job to be scheduled. --- - src/core/service.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) + src/core/service.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/core/service.c b/src/core/service.c -index ad9c028..8217447 100644 +index e368ec8..9b4b5b1 100644 --- a/src/core/service.c +++ b/src/core/service.c -@@ -1716,14 +1716,15 @@ fail: +@@ -2262,13 +2262,17 @@ fail: static void service_enter_restart(Service *s) { _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; int r; @@ -30,14 +30,15 @@ if (unit_has_job_type(UNIT(s), JOB_STOP)) { /* Don't restart things if we are going down anyway */ - log_unit_info(UNIT(s), "Stop job pending for unit, delaying automatic restart."); -- -- r = service_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->restart_usec)); + log_unit_info(UNIT(s), "Stop job pending for unit, skipping automatic restart."); +- return; + restart_usec = (s->restart_usec == 0) ? 1*USEC_PER_SEC : s->restart_usec; + r = service_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), restart_usec)); - if (r < 0) - goto fail; ++ if (r < 0) ++ goto fail; + } + /* Any units that are bound to this service must also be -- 1.8.3.1
View file
_service:tar_scm:delete-journal-files-except-system.journal-when-jour.patch
Added
@@ -0,0 +1,186 @@ +From 02d47bd2108d46cf9790500a7568a7523df485f9 Mon Sep 17 00:00:00 2001 +From: xujing <xujing125@huawei.com> +Date: Fri, 26 Aug 2022 20:32:37 +0800 +Subject: PATCH delete journal files except system.journal when journal~ + is generated + +In the case of time change and system panic, the function of invoking +sd_journal_next to obtain logs may not meet expectations(rsyslog cannot obtain +logs). Therefore, when the journal~ file is generated, delete all journal files +except system.journal, to ensure that the sd_journal_next function meets user +expectations. +--- + meson.build | 2 ++ + src/basic/dirent-util.c | 24 ++++++++++++++++ + src/basic/dirent-util.h | 2 ++ + src/libsystemd/sd-journal/journal-file.c | 35 ++++++++++++++++++++++++ + src/libsystemd/sd-journal/sd-journal.c | 22 --------------- + 5 files changed, 63 insertions(+), 22 deletions(-) + +diff --git a/meson.build b/meson.build +index 278e264..9ab40b6 100644 +--- a/meson.build ++++ b/meson.build +@@ -1644,6 +1644,8 @@ basic_includes = include_directories( + 'src/basic', + 'src/fundamental', + 'src/systemd', ++ 'src/libsystemd/sd-id128', ++ 'src/libsystemd/sd-journal', + '.') + + libsystemd_includes = basic_includes, include_directories( +diff --git a/src/basic/dirent-util.c b/src/basic/dirent-util.c +index f6213a3..b227cae 100644 +--- a/src/basic/dirent-util.c ++++ b/src/basic/dirent-util.c +@@ -6,6 +6,8 @@ + #include "dirent-util.h" + #include "path-util.h" + #include "string-util.h" ++#include "id128-util.h" ++#include "syslog-util.h" + + static int dirent_ensure_type(DIR *d, struct dirent *de) { + struct stat st; +@@ -59,6 +61,28 @@ bool dirent_is_file_with_suffix(const struct dirent *de, const char *suffix) { + return endswith(de->d_name, suffix); + } + ++bool dirent_is_journal_subdir(const struct dirent *de) { ++ const char *e, *n; ++ assert(de); ++ ++ /* returns true if the specified directory entry looks like a directory that might contain journal ++ * files we might be interested in, i.e. is either a 128bit ID or a 128bit ID suffixed by a ++ * namespace. */ ++ ++ if (!IN_SET(de->d_type, DT_DIR, DT_LNK, DT_UNKNOWN)) ++ return false; ++ ++ e = strchr(de->d_name, '.'); ++ if (!e) ++ return id128_is_valid(de->d_name); /* No namespace */ ++ ++ n = strndupa(de->d_name, e - de->d_name); ++ if (!id128_is_valid(n)) ++ return false; ++ ++ return log_namespace_name_valid(e + 1); ++} ++ + struct dirent *readdir_ensure_type(DIR *d) { + struct dirent *de; + +diff --git a/src/basic/dirent-util.h b/src/basic/dirent-util.h +index c7956e7..f72a731 100644 +--- a/src/basic/dirent-util.h ++++ b/src/basic/dirent-util.h +@@ -11,6 +11,8 @@ + bool dirent_is_file(const struct dirent *de) _pure_; + bool dirent_is_file_with_suffix(const struct dirent *de, const char *suffix) _pure_; + ++bool dirent_is_journal_subdir(const struct dirent *de); ++ + struct dirent *readdir_ensure_type(DIR *d); + struct dirent *readdir_no_dot(DIR *dirp); + +diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c +index 6807c46..0abda23 100644 +--- a/src/libsystemd/sd-journal/journal-file.c ++++ b/src/libsystemd/sd-journal/journal-file.c +@@ -33,6 +33,7 @@ + #include "string-util.h" + #include "strv.h" + #include "xattr-util.h" ++#include "dirent-util.h" + + #define DEFAULT_DATA_HASH_TABLE_SIZE (2047ULL*sizeof(HashItem)) + #define DEFAULT_FIELD_HASH_TABLE_SIZE (333ULL*sizeof(HashItem)) +@@ -3781,9 +3782,37 @@ int journal_file_rotate( + return r; + } + ++static void delete_dumped_journal_files(const char *path) { ++ _cleanup_closedir_ DIR *d = NULL; ++ struct dirent *de; ++ ++ d = opendir(path); ++ if (!d) ++ return; ++ ++ FOREACH_DIRENT_ALL(de, d, return) { ++ if (IN_SET(de->d_type, DT_REG, DT_LNK, DT_UNKNOWN) && ++ (endswith(de->d_name, ".journal") || ++ endswith(de->d_name, ".journal~")) && ++ strcmp(de->d_name, "system.journal") != 0) ++ (void) unlinkat_deallocate(dirfd(d), de->d_name, 0); ++ ++ if (dirent_is_journal_subdir(de)) { ++ _cleanup_free_ char *sub_path = NULL; ++ ++ sub_path = path_join(path, de->d_name); ++ if (!sub_path) ++ continue; ++ ++ delete_dumped_journal_files(sub_path); ++ } ++ } ++} ++ + int journal_file_dispose(int dir_fd, const char *fname) { + _cleanup_free_ char *p = NULL; + _cleanup_close_ int fd = -1; ++ dual_timestamp boot_timestamp; + + assert(fname); + +@@ -3804,6 +3833,12 @@ int journal_file_dispose(int dir_fd, const char *fname) { + if (renameat(dir_fd, fname, dir_fd, p) < 0) + return -errno; + ++ dual_timestamp_get(&boot_timestamp); ++ if (boot_timestamp.monotonic < 10*USEC_PER_MINUTE) { ++ delete_dumped_journal_files("/var/log/journal"); ++ return 0; ++ } ++ + /* btrfs doesn't cope well with our write pattern and fragments heavily. Let's defrag all files we rotate */ + fd = openat(dir_fd, p, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW); + if (fd < 0) +diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c +index 1a76bb6..56e1398 100644 +--- a/src/libsystemd/sd-journal/sd-journal.c ++++ b/src/libsystemd/sd-journal/sd-journal.c +@@ -1523,28 +1523,6 @@ static bool dirent_is_journal_file(const struct dirent *de) { + endswith(de->d_name, ".journal~"); + } + +-static bool dirent_is_journal_subdir(const struct dirent *de) { +- const char *e, *n; +- assert(de); +- +- /* returns true if the specified directory entry looks like a directory that might contain journal +- * files we might be interested in, i.e. is either a 128bit ID or a 128bit ID suffixed by a +- * namespace. */ +- +- if (!IN_SET(de->d_type, DT_DIR, DT_LNK, DT_UNKNOWN)) +- return false; +- +- e = strchr(de->d_name, '.'); +- if (!e) +- return id128_is_valid(de->d_name); /* No namespace */ +- +- n = strndupa(de->d_name, e - de->d_name); +- if (!id128_is_valid(n)) +- return false; +- +- return log_namespace_name_valid(e + 1); +-} +- + static int directory_open(sd_journal *j, const char *path, DIR **ret) { + DIR *d; + +-- +2.23.0 +
View file
_service:tar_scm:fix-mount-failed-while-daemon-reexec.patch
Added
@@ -0,0 +1,61 @@ +From e485f8a182f8a141676f7ffe0311a1a4724c3c1a Mon Sep 17 00:00:00 2001 +From: licunlong <licunlong1@huawei.com> +Date: Tue, 28 Jun 2022 21:56:26 +0800 +Subject: PATCH fix mount failed while daemon-reexec + +--- + src/core/manager.c | 1 + + src/core/manager.h | 1 + + src/core/mount.c | 5 ++++- + 3 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/core/manager.c b/src/core/manager.c +index 5dff366..45c4ae0 100644 +--- a/src/core/manager.c ++++ b/src/core/manager.c +@@ -1762,6 +1762,7 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) { + } + + manager_ready(m); ++ m->mountinfo_uptodate = false; + + return 0; + } +diff --git a/src/core/manager.h b/src/core/manager.h +index cf6cd64..663fe8d 100644 +--- a/src/core/manager.h ++++ b/src/core/manager.h +@@ -238,6 +238,7 @@ struct Manager { + /* Data specific to the mount subsystem */ + struct libmnt_monitor *mount_monitor; + sd_event_source *mount_event_source; ++ bool mountinfo_uptodate; + + /* Data specific to the swap filesystem */ + FILE *proc_swaps; +diff --git a/src/core/mount.c b/src/core/mount.c +index 6e514d5..25b0460 100644 +--- a/src/core/mount.c ++++ b/src/core/mount.c +@@ -1684,6 +1684,7 @@ static int mount_load_proc_self_mountinfo(Manager *m, bool set_flags) { + (void) mount_setup_unit(m, device, path, options, fstype, set_flags); + } + ++ m->mountinfo_uptodate = true; + return 0; + } + +@@ -1842,8 +1843,10 @@ static int mount_process_proc_self_mountinfo(Manager *m) { + assert(m); + + r = drain_libmount(m); +- if (r <= 0) ++ if (r < 0) + return r; ++ if (r == 0 && m->mountinfo_uptodate) ++ return 0; + + r = mount_load_proc_self_mountinfo(m, true); + if (r < 0) { +-- +2.33.0
View file
_service:tar_scm:fuser-print-umount-message-to-reboot-umount-msg.patch
Added
@@ -0,0 +1,225 @@ +From 224b51420b0e3b62cda4bb16f31c6d28e96c7123 Mon Sep 17 00:00:00 2001 +From: sunshihao <sunshihao@huawei.com> +Date: Mon, 25 Jan 2021 14:42:23 +0800 +Subject: PATCH fuser: print umount info to /.reboot-umount-msg.log + +The patch tries to save which processes holds the mountpoint +persistently to /.reboot-umount-msg.log, when the system is +suspended during system restart. + +This patch change the value of DefaultDFXReboot that is set in +/etc/systemd/system.conf file from no to yes.The systemd reboot +feature will open when the process start. + +Signed-off-by: sunshihao <sunshihao@huawei.com> +Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com> +Signed-off-by: lixiaokeng <lixiaokeng@huawei.com> +--- + src/core/fuser.c | 57 +++++++++++++++++++++++++++++++++++++---- + src/core/fuser.h | 3 +++ + src/core/job.c | 38 +++++++++++++++++++++++++++ + src/core/system.conf.in | 2 +- + 4 files changed, 94 insertions(+), 6 deletions(-) + +diff --git a/src/core/fuser.c b/src/core/fuser.c +index 0a0c791..dd2ca60 100644 +--- a/src/core/fuser.c ++++ b/src/core/fuser.c +@@ -383,6 +383,8 @@ static void print_matches(const struct name *name) { + static char P_cmd_longMAX_COMM_LEN; + char cmd_pathPATH_MAX; + int r = 0; ++ FILE *fp = NULL; ++ int flag = 0; + + if (name == NULL) { + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, +@@ -390,11 +392,29 @@ static void print_matches(const struct name *name) { + return; + } + ++ /* Write the content in the back of previous one */ ++ fp = fopen(REBOOT_UMOUNT_FILE_NAME, "a+"); ++ ++ /* print the time info to /.reboot-umount-msg.log file */ ++ if (fp == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Open %s failed!", REBOOT_UMOUNT_FILE_NAME); ++ } ++ + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, + "\t\tUSER\t\tPID\tCOMMAND"); + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, + "%s:", name->filename); + ++ /* print the umount fail point to the /.reboot-umount-msg.log file */ ++ if (fp != NULL) { ++ if (strlen(name->filename) <= MOUNT_FILE_NAME_MAX_LEN) { ++ fprintf(fp, "%-20s\t", name->filename); ++ } else { ++ fprintf(fp, "%s\n\t\t\t", name->filename); ++ } ++ } ++ + for (pptr = name->matched_procs; pptr != NULL; pptr = pptr->next) { + if (pwent == NULL || pwent->pw_uid != pptr->uid) + pwent = getpwuid(pptr->uid); //get username +@@ -402,7 +422,7 @@ static void print_matches(const struct name *name) { + r = snprintf(cmd_path, sizeof(cmd_path), "/proc/%d", pptr->pid); + if (r <= 0) { + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, "Can't snprintf /proc/%d.", pptr->pid); +- return; ++ goto out; + } + + read_cmdline(P_cmd_long, sizeof(P_cmd_long), cmd_path, "cmdline", ' '); +@@ -415,22 +435,49 @@ static void print_matches(const struct name *name) { + if (pptr->command == NULL) + continue; + ++ if (flag > 0) { ++ if (fp != NULL) { ++ fprintf(fp, "\t\t\t"); ++ } ++ } else { ++ flag++; ++ } ++ + if (pwent != NULL) { +- if (pptr->pid != 0) ++ if (pptr->pid != 0) { + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, + "\t\t%-s\t\t%-d\t%-s", pwent->pw_name, pptr->pid, pptr->command); +- else ++ if (fp != NULL) { ++ fprintf(fp, "%-s\t\t%-d\t%-s\n", pwent->pw_name, pptr->pid, pptr->command); ++ } ++ } else { + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, + "\t\t%-s\t\t%-s\t%-s", pwent->pw_name, "kernel", pptr->command); ++ if (fp != NULL) { ++ fprintf(fp, "%-s\t\t%-s\t%-s\n", pwent->pw_name, "kernel", pptr->command); ++ } ++ } + } else { +- if (pptr->pid != 0) ++ if (pptr->pid != 0) { + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, + "\t\t%-d\t\t%-d\t%-s", pptr->uid, pptr->pid, pptr->command); +- else ++ if (fp != NULL) { ++ fprintf(fp, "%-d\t\t%-d\t%-s\n", pptr->uid, pptr->pid, pptr->command); ++ } ++ } else { + manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, + "\t\t%-d\t\t%-s\t%-s", pptr->uid, "kernel", pptr->command); ++ if (fp != NULL) { ++ fprintf(fp, "%-d\t\t%-s\t%-s\n", pptr->uid, "kernel", pptr->command); ++ } ++ } + } + } ++ ++out: ++ if (fp != NULL) { ++ fclose(fp); ++ } + } + + static void free_matched_procs(struct procs *matched_procs) { +diff --git a/src/core/fuser.h b/src/core/fuser.h +index b74b879..2729c9b 100644 +--- a/src/core/fuser.h ++++ b/src/core/fuser.h +@@ -14,6 +14,7 @@ + #include <string.h> + #include <limits.h> + #include <errno.h> ++#include <time.h> + + #include "manager.h" + +@@ -51,5 +52,7 @@ struct device { + #define MAX_COMM_LEN 1024 + #define PROC_MOUNTS "/proc/mounts" + #define PROC_SWAPS "/proc/swaps" ++#define REBOOT_UMOUNT_FILE_NAME "/.reboot-umount-msg.log" ++#define MOUNT_FILE_NAME_MAX_LEN 20 + + int fuser(const char *dir); +diff --git a/src/core/job.c b/src/core/job.c +index 3645c11..7a0ed48 100644 +--- a/src/core/job.c ++++ b/src/core/job.c +@@ -31,6 +31,8 @@ + #include "mount.h" + #include "process-util.h" + ++bool g_first_print = true; ++ + Job* job_new_raw(Unit *unit) { + Job *j; + +@@ -682,6 +684,9 @@ static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult + const char *ident, *format; + int r = 0; + pid_t pid; ++ FILE *fp = NULL; ++ time_t tmpt; ++ struct tm local_time; + + assert(u); + assert(t >= 0); +@@ -751,6 +756,39 @@ static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult + ((u->type == UNIT_MOUNT || u->type == UNIT_AUTOMOUNT) && t == JOB_STOP && result == JOB_FAILED)) { + + Mount *m = MOUNT(u); ++ if (g_first_print) { ++ /* Overwrite previous content at the first time */ ++ fp = fopen(REBOOT_UMOUNT_FILE_NAME, "w+"); ++ ++ /* Only get the local time once */ ++ tmpt = time(NULL); ++ if (!localtime_r(&tmpt, &local_time)) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Get local time failed!"); ++ } ++ } ++ ++ /* print the time info to /.reboot-umount-msg.log file */ ++ if (g_first_print && fp == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Open %s failed!", REBOOT_UMOUNT_FILE_NAME); ++ } else if (g_first_print) { ++ /* Only do this part one time */ ++ g_first_print = false; ++ ++ if (chmod(REBOOT_UMOUNT_FILE_NAME, S_IRUSR | S_IWUSR)) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Set %s file attributes failed!", REBOOT_UMOUNT_FILE_NAME);
View file
_service:tar_scm:keep-weight-consistent-with-the-set-value.patch
Added
@@ -0,0 +1,34 @@ +From 7424b6c0f38d4a32fd96e74d7078707c026c6c66 Mon Sep 17 00:00:00 2001 +From: wangyuhang <wangyuhang27@huawei.com> +Date: Thu, 9 Jun 2022 20:10:50 +0800 +Subject: PATCH keep weight consistent with the set value + +--- + src/core/cgroup.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index ee15d50..4c5feef 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -1249,7 +1249,7 @@ static void set_io_weight(Unit *u, uint64_t weight) { + * See also: https://github.com/systemd/systemd/pull/13335 and + * https://github.com/torvalds/linux/commit/65752aef0a407e1ef17ec78a7fc31ba4e0b360f9. + * The range is 1..1000 apparently, and the default is 100. */ +- xsprintf(buf, "%" PRIu64 "\n", BFQ_WEIGHT(weight)); ++ xsprintf(buf, "%" PRIu64 "\n", weight); + (void) set_attribute_and_warn(u, "io", "io.bfq.weight", buf); + + xsprintf(buf, "default %" PRIu64 "\n", weight); +@@ -1262,7 +1262,7 @@ static void set_blkio_weight(Unit *u, uint64_t weight) { + assert(u); + + /* FIXME: see comment in set_io_weight(). */ +- xsprintf(buf, "%" PRIu64 "\n", BFQ_WEIGHT(weight)); ++ xsprintf(buf, "%" PRIu64 "\n", weight); + (void) set_attribute_and_warn(u, "blkio", "blkio.bfq.weight", buf); + + xsprintf(buf, "%" PRIu64 "\n", weight); +-- +2.33.0 +
View file
_service:tar_scm:let-the-child-of-one-unit-don-t-affect-each-other.patch
Added
@@ -0,0 +1,96 @@ +From 8c9de291f2b782f5d7d40447f08553b5e325a34d Mon Sep 17 00:00:00 2001 +From: licunlong <licunlong1@huawei.com> +Date: Fri, 19 Mar 2021 01:29:01 +0800 +Subject: PATCH let the child of one unit don't affect each other. +This should only be used for .slice unit in the Unit section. +To reproduce the problem resolved by this patch, try the following steps: +1. start service A in a slice; +2. change the cgroup property by "echo 512 > service_a/cpu.shares"; +3. systemctl daemon-reload; +4. start service B in a slice; +5. check the cgroup property by "cat service_a/cpu.shares"; +With this directive enabled, the value will stay as 512; if disabled, +if will be restored to the default value of systemd. Defaults to "no". + +--- + src/core/cgroup.c | 3 +++ + src/core/load-fragment-gperf.gperf.in | 1 + + src/core/unit-serialize.c | 2 ++ + src/core/unit.h | 2 ++ + test/fuzz/fuzz-unit-file/directives.service | 1 + + 5 files changed, 9 insertions(+) + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index 4eedaf7..ab6d602 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -2618,6 +2618,9 @@ void unit_add_family_to_cgroup_realize_queue(Unit *u) { + + UNIT_FOREACH_DEPENDENCY(m, u, UNIT_ATOM_SLICE_OF) { + ++ if (u->independent_child) ++ continue; ++ + /* No point in doing cgroup application for units without active processes. */ + if (UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(m))) + continue; +diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in +index 0702aa0..76b1217 100644 +--- a/src/core/load-fragment-gperf.gperf.in ++++ b/src/core/load-fragment-gperf.gperf.in +@@ -286,6 +286,7 @@ Unit.JoinsNamespaceOf, config_parse_unit_deps, + Unit.RequiresOverridable, config_parse_obsolete_unit_deps, UNIT_REQUIRES, 0 + Unit.RequisiteOverridable, config_parse_obsolete_unit_deps, UNIT_REQUISITE, 0 + Unit.RequiresMountsFor, config_parse_unit_requires_mounts_for, 0, 0 ++Unit.IndependentChild, config_parse_bool, 0, offsetof(Unit, independent_child) + Unit.StopWhenUnneeded, config_parse_bool, 0, offsetof(Unit, stop_when_unneeded) + Unit.RefuseManualStart, config_parse_bool, 0, offsetof(Unit, refuse_manual_start) + Unit.RefuseManualStop, config_parse_bool, 0, offsetof(Unit, refuse_manual_stop) +diff --git a/src/core/unit-serialize.c b/src/core/unit-serialize.c +index f3b3e70..b818181 100644 +--- a/src/core/unit-serialize.c ++++ b/src/core/unit-serialize.c +@@ -801,6 +801,7 @@ void unit_dump(Unit *u, FILE *f, const char *prefix) { + if (u->load_state == UNIT_LOADED) { + + fprintf(f, ++ "%s\tIndependentChild:%s\n" + "%s\tStopWhenUnneeded: %s\n" + "%s\tRefuseManualStart: %s\n" + "%s\tRefuseManualStop: %s\n" +@@ -808,6 +809,7 @@ void unit_dump(Unit *u, FILE *f, const char *prefix) { + "%s\tOnSuccessJobMode: %s\n" + "%s\tOnFailureJobMode: %s\n" + "%s\tIgnoreOnIsolate: %s\n", ++ prefix, yes_no(u->independent_child), + prefix, yes_no(u->stop_when_unneeded), + prefix, yes_no(u->refuse_manual_start), + prefix, yes_no(u->refuse_manual_stop), +diff --git a/src/core/unit.h b/src/core/unit.h +index cb85dfc..439714a 100644 +--- a/src/core/unit.h ++++ b/src/core/unit.h +@@ -350,6 +350,8 @@ typedef struct Unit { + sd_id128_t invocation_id; + char invocation_id_stringSD_ID128_STRING_MAX; /* useful when logging */ + ++ bool independent_child; ++ + /* Garbage collect us we nobody wants or requires us anymore */ + bool stop_when_unneeded; + +diff --git a/test/fuzz/fuzz-unit-file/directives.service b/test/fuzz/fuzz-unit-file/directives.service +index 8044977..03eab60 100644 +--- a/test/fuzz/fuzz-unit-file/directives.service ++++ b/test/fuzz/fuzz-unit-file/directives.service +@@ -98,6 +98,7 @@ RefuseManualStop= + ReloadPropagatedFrom= + Requires= + RequiresMountsFor= ++IndependentChild= + RequiresOverridable= + Requisite= + RequisiteOverridable= +-- +2.27.0 +
View file
_service:tar_scm:logind-set-RemoveIPC-to-false-by-default.patch
Changed
@@ -43,7 +43,7 @@ @@ -33,6 +33,6 @@ #IdleActionSec=30min #RuntimeDirectorySize=10% - #RuntimeDirectoryInodes=400k + #RuntimeDirectoryInodesMax= -#RemoveIPC=yes +#RemoveIPC=no #InhibitorsMax=8192
View file
_service:tar_scm:print-the-process-status-to-console-when-shutdown.patch
Added
@@ -0,0 +1,1283 @@ +From 5966f7a3b90ee25f23182e9320621a8477a40a51 Mon Sep 17 00:00:00 2001 +From: jiangchuangang <jiangchuangang@huawei.com> +Date: Thu, 2 Sep 2021 12:14:19 +0800 +Subject: PATCH print process status to console when shutdown + +--- + meson.build | 6 +- + src/basic/process-util.c | 58 ++++ + src/basic/process-util.h | 2 + + src/core/fuser.c | 506 +++++++++++++++++++++++++++++++++ + src/core/fuser.h | 55 ++++ + src/core/job.c | 36 +++ + src/core/main.c | 13 +- + src/core/manager.c | 1 + + src/core/manager.h | 2 + + src/core/meson.build | 2 + + src/core/system.conf.in | 1 + + src/shutdown/meson.build | 10 +- + src/shutdown/process-status.c | 143 ++++++++++ + src/shutdown/process-status.h | 24 ++ + src/shutdown/shutdown.c | 45 +++ + src/shutdown/umount.c | 8 +- + src/test/meson.build | 17 ++ + src/test/test-fuser.c | 14 + + src/test/test-process-status.c | 10 + + 19 files changed, 945 insertions(+), 8 deletions(-) + create mode 100644 src/core/fuser.c + create mode 100644 src/core/fuser.h + create mode 100644 src/shutdown/process-status.c + create mode 100644 src/shutdown/process-status.h + create mode 100644 src/test/test-fuser.c + create mode 100644 src/test/test-process-status.c + +diff --git a/meson.build b/meson.build +index 1c088ba..278e264 100644 +--- a/meson.build ++++ b/meson.build +@@ -3211,8 +3211,10 @@ public_programs += executable( + executable( + 'systemd-shutdown', + systemd_shutdown_sources, +- include_directories : includes, +- link_with : libshared, ++ include_directories : includes, ++ core_includes, ++ link_with : libcore, ++ libshared, + dependencies : libmount, + install_rpath : rootlibexecdir, + install : true, +diff --git a/src/basic/process-util.c b/src/basic/process-util.c +index 14259ea..e28412a 100644 +--- a/src/basic/process-util.c ++++ b/src/basic/process-util.c +@@ -1729,3 +1729,61 @@ static const char* const sched_policy_table = { + }; + + DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(sched_policy, int, INT_MAX); ++ ++unsigned int read_cmdline(char *restrict const dst, unsigned sz, const char* whom, const char *what, char sep) { ++ char pathPATH_MAX; ++ _cleanup_close_ int fd = 0; ++ int len = 0; ++ unsigned n = 0; ++ ++ if (sz <= 0) ++ return 0; ++ ++ if (sz >= INT_MAX) ++ sz = INT_MAX-1; ++ ++ dst0 = '\0'; ++ ++ len = snprintf(path, sizeof(path), "%s/%s", whom, what); ++ if (len <= 0 || (size_t)len >= sizeof(path)) ++ return 0; ++ ++ fd = open(path, O_RDONLY); ++ if (fd == -1) ++ return 0; ++ ++ for (;;) { ++ ssize_t r = read(fd, dst+n, sz-n); ++ ++ if (r == -1) { ++ if (errno == EINTR) ++ continue; ++ break; ++ } ++ ++ if (r <= 0) ++ break; ++ n += r; ++ ++ if (n == sz) { ++ --n; ++ break; ++ } ++ } ++ ++ if (n) { ++ unsigned i = n; ++ ++ while (i && dsti-1 == '\0') ++ --i; ++ ++ while (i--) ++ if (dsti == '\n' || dsti == '\0') dsti = sep; ++ ++ if (dstn-1 == ' ') ++ dstn-1 = '\0'; ++ } ++ ++ dstn = '\0'; ++ return n; ++} +diff --git a/src/basic/process-util.h b/src/basic/process-util.h +index 0e064de..6f9b577 100644 +--- a/src/basic/process-util.h ++++ b/src/basic/process-util.h +@@ -205,3 +205,5 @@ int pidfd_get_pid(int fd, pid_t *ret); + int setpriority_closest(int priority); + + bool invoked_as(char *argv, const char *token); ++ ++unsigned int read_cmdline(char *restrict const dst, unsigned sz, const char* whom, const char *what, char sep); +diff --git a/src/core/fuser.c b/src/core/fuser.c +new file mode 100644 +index 0000000..0a0c791 +--- /dev/null ++++ b/src/core/fuser.c +@@ -0,0 +1,506 @@ ++#include "fuser.h" ++#include "process-util.h" ++ ++static int parse_dir(struct name *this_name, struct inode *match_inode) { ++ if ((this_name == NULL) || (match_inode == NULL)) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't parse dir."); ++ return -1; ++ } ++ ++ if (stat(this_name->filename, &this_name->st) != 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't stat dir %s.", this_name->filename); ++ return -1; ++ } ++ ++ match_inode->name = this_name; ++ match_inode->device = this_name->st.st_dev; ++ match_inode->inode = this_name->st.st_ino; ++ ++ return 0; ++} ++ ++static int parse_mounts(struct name *this_name, struct device *match_device) { ++ if ((this_name == NULL) && (match_device == NULL)) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Can't parse mounts."); ++ return -1; ++ } ++ ++ match_device->name = this_name; ++ ++ if (S_ISBLK(this_name->st.st_mode)) ++ match_device->device = this_name->st.st_rdev; ++ else ++ match_device->device = this_name->st.st_dev; ++ ++ return 0; ++} ++ ++static uid_t getpiduid(const pid_t pid) { ++ char pathnamePATH_MAX; ++ struct stat st; ++ int r = 0; ++ ++ r = snprintf(pathname, sizeof(pathname), "/proc/%d", pid); ++ if (r < 0) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Snprintf run failed in getpiduid."); ++ return 0; ++ } ++ ++ if (stat(pathname, &st) != 0) ++ return 0; ++ ++ return st.st_uid; ++} ++ ++static struct stat *get_pidstat(const pid_t pid) { ++ char pathnamePATH_MAX; ++ struct stat *st = NULL; ++ int r = 0; ++ ++ st = (struct stat *)malloc(sizeof(struct stat)); ++ if (st == NULL) { ++ manager_status_printf(NULL, STATUS_TYPE_NORMAL, NULL, ++ "Malloc failed in get_pidstat.");
View file
_service:tar_scm:print-the-real-reason-for-link-update.patch
Deleted
@@ -1,39 +0,0 @@ -From 7ed8309747a2947ff1ea0f4149e0501f1eb81271 Mon Sep 17 00:00:00 2001 -From: gaoyi <gaoyi15@huawei.com> -Date: Tue, 20 Jul 2021 15:09:28 +0800 -Subject: PATCH print the real reason for link update - -reduce retries to improve performance and print the real -reaseon when the max retries reached ---- - src/udev/udev-node.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git a/src/udev/udev-node.c b/src/udev/udev-node.c -index 9e52906..8b7996d 100644 ---- a/src/udev/udev-node.c -+++ b/src/udev/udev-node.c -@@ -29,7 +29,7 @@ - #include "user-util.h" - - #define CREATE_LINK_MAX_RETRIES 128 --#define LINK_UPDATE_MAX_RETRIES 128 -+#define LINK_UPDATE_MAX_RETRIES 4 - #define TOUCH_FILE_MAX_RETRIES 128 - #define UDEV_NODE_HASH_KEY SD_ID128_MAKE(b9,6a,f1,ce,40,31,44,1a,9e,19,ec,8b,ae,f3,e3,2f) - -@@ -353,7 +353,10 @@ static int link_update(sd_device *dev, const char *slink_in, bool add) { - } - } - -- return i < LINK_UPDATE_MAX_RETRIES ? 0 : -ELOOP; -+ if (i >= LINK_UPDATE_MAX_RETRIES) -+ log_device_debug(dev, "Exceeded max retries for link update"); -+ -+ return 0; - } - - int udev_node_update_old_links(sd_device *dev, sd_device *dev_old) { --- -2.27.0 -
View file
_service:tar_scm:process-util-log-more-information-when-runnin.patch
Added
@@ -0,0 +1,156 @@ +From f4b4008495211c60bda7e1edda45beb36a553bc7 Mon Sep 17 00:00:00 2001 +From: licunlong<licunlong1@huawei.com> +Date: Thu, 14 Jan 2021 15:57:59 +0800 +Subject: PATCH process-util: log more information when running + systemctl. + + Print the PID and its cmdline to the system log when a process + runs systemctl command. +--- + src/basic/process-util.c | 31 +++++++++++++++++++++++++++++++ + src/basic/process-util.h | 1 + + src/systemctl/systemctl.c | 12 ++++++++++++ + src/test/test-process-util.c | 22 ++++++++++++++++++++++ + 4 files changed, 66 insertions(+) + +diff --git a/src/basic/process-util.c b/src/basic/process-util.c +index 5452edd..f137ba0 100644 +--- a/src/basic/process-util.c ++++ b/src/basic/process-util.c +@@ -42,6 +42,7 @@ + #include "stdio-util.h" + #include "string-table.h" + #include "string-util.h" ++#include "strv.h" + #include "terminal-util.h" + #include "user-util.h" + #include "utf8.h" +@@ -189,6 +190,36 @@ int get_process_cmdline(pid_t pid, size_t max_columns, ProcessCmdlineFlags flags + return 0; + } + ++int print_process_cmdline_with_arg(pid_t pid, int argc, char *argv, char *filter) { ++ bool is_filtered = false; ++ int r; ++ const char *arg_cmdline = ""; ++ _cleanup_free_ char *cmdline = NULL; ++ ++ r = get_process_cmdline(pid, SIZE_MAX, 0, &cmdline); ++ if (r < 0) { ++ syslog(LOG_INFO, "Failed to get cmdline of PID %d. Ignoring.", pid); ++ return r; ++ } else { ++ for (int i = 0; i < argc; i++ ) { ++ if (filter && strv_find(filter, argvi)) { ++ is_filtered = true; ++ break; ++ } ++ if (i == 0) { ++ arg_cmdline = strjoina(arg_cmdline, argvi); ++ } else { ++ arg_cmdline = strjoina(arg_cmdline, " ", argvi); ++ } ++ } ++ if (!is_filtered) { ++ syslog(LOG_INFO, "%s called by PID %d (%s)", arg_cmdline, pid, cmdline); ++ } ++ return 0; ++ } ++ ++} ++ + static int update_argv(const char name, size_t l) { + static int can_do = -1; + +diff --git a/src/basic/process-util.h b/src/basic/process-util.h +index 41d4759..4d8147e 100644 +--- a/src/basic/process-util.h ++++ b/src/basic/process-util.h +@@ -38,6 +38,7 @@ typedef enum ProcessCmdlineFlags { + + int get_process_comm(pid_t pid, char **name); + int get_process_cmdline(pid_t pid, size_t max_columns, ProcessCmdlineFlags flags, char **line); ++int print_process_cmdline_with_arg(pid_t pid, int argc, char *argv, char *filter); + int get_process_exe(pid_t pid, char **name); + int get_process_uid(pid_t pid, uid_t *uid); + int get_process_gid(pid_t pid, gid_t *gid); +diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c +index 1c01914..dd5bee9 100644 +--- a/src/systemctl/systemctl.c ++++ b/src/systemctl/systemctl.c +@@ -12,6 +12,7 @@ + + #include <getopt.h> + #include <locale.h> ++#include <sys/types.h> + #include <unistd.h> + + #include "sd-daemon.h" +@@ -9272,6 +9273,14 @@ static int logind_cancel_shutdown(void) { + + static int run(int argc, char *argv) { + int r; ++ pid_t ppid; ++ char *filter = { ++ "status", "show", "cat", ++ "is-active", "is-failed", "is-enabled", "is-system-running", ++ "list-units", "list-sockets", "list-timers", "list-dependencies", ++ "list-unit-files", "list-machines", "list-jobs", ++ "get-default", "show-environment", NULL ++ }; + + setlocale(LC_ALL, ""); + log_parse_environment(); +@@ -9291,6 +9300,9 @@ static int run(int argc, char *argv) { + if (r <= 0) + goto finish; + ++ ppid = getppid(); ++ (void) print_process_cmdline_with_arg(ppid, argc, argv, filter); ++ + if (arg_action != ACTION_SYSTEMCTL && running_in_chroot() > 0) { + if (!arg_quiet) + log_info("Running in chroot, ignoring request."); +diff --git a/src/test/test-process-util.c b/src/test/test-process-util.c +index 8dc9fdd..1cb4ee2 100644 +--- a/src/test/test-process-util.c ++++ b/src/test/test-process-util.c +@@ -601,6 +601,27 @@ static void test_ioprio_class_from_to_string(void) { + } + } + ++static void test_print_process_cmdline_with_arg(pid_t pid) { ++ char *arg_filter_empty = {"", NULL}; ++ char *arg_filter_1_in = {"status", NULL}; ++ char *arg_filter_1_no = {"stop", NULL}; ++ char *arg_filter_2_in = {"restart", "status", NULL}; ++ char *arg_filter_2_no = {"restart", "stop", NULL}; ++ char *arg_var_11 = {"systemctl"}; ++ char *arg_var_1010 = {"systemctl", "restart", "1", "2", "3", "4", "5", "6", "7", "8"}; ++ char *arg_var_filter3 = {"systemctl", "status", "dbus.service"}; ++ assert_se(print_process_cmdline_with_arg(pid, 0, NULL, NULL) >=0); ++ assert_se(print_process_cmdline_with_arg(pid, 1, arg_var_1, NULL) >= 0); ++ assert_se(print_process_cmdline_with_arg(pid, 10, arg_var_10, NULL) >= 0); ++ assert_se(print_process_cmdline_with_arg(897349, 1, arg_var_1, NULL) < 0); ++ assert_se(print_process_cmdline_with_arg(897349, 10, arg_var_10, NULL) < 0); ++ assert_se(print_process_cmdline_with_arg(pid, 3, arg_var_filter, arg_filter_empty) >= 0); ++ assert_se(print_process_cmdline_with_arg(pid, 3, arg_var_filter, arg_filter_1_in) >= 0); ++ assert_se(print_process_cmdline_with_arg(pid, 3, arg_var_filter, arg_filter_1_no) >= 0); ++ assert_se(print_process_cmdline_with_arg(pid, 3, arg_var_filter, arg_filter_2_in) >= 0); ++ assert_se(print_process_cmdline_with_arg(pid, 3, arg_var_filter, arg_filter_2_no) >= 0); ++} ++ + int main(int argc, char *argv) { + log_show_color(true); + test_setup_logging(LOG_INFO); +@@ -627,6 +648,7 @@ int main(int argc, char *argv) { + test_ioprio_class_from_to_string(); + test_setpriority_closest(); + test_get_process_ppid(); ++ test_print_process_cmdline_with_arg(getpid()); + + return 0; + } +-- +2.23.0 +
View file
_service:tar_scm:set-forwardtowall-no-to-avoid-emerg-log-shown-on-she.patch
Added
@@ -0,0 +1,39 @@ +From 22f8c4c2a22d9766d86b23429bd404a0864b0a9e Mon Sep 17 00:00:00 2001 +From: linfeilong <linfeilong@huawei.com> +Date: Sat, 21 Oct 2017 14:48:18 +0800 +Subject: PATCH set forwardtowall no to avoid emerg log shown on shell + +--- + man/journald.conf.xml | 2 +- + src/journal/journald.conf | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/man/journald.conf.xml b/man/journald.conf.xml +index 44fd0d2..8d38fe3 100644 +--- a/man/journald.conf.xml ++++ b/man/journald.conf.xml +@@ -292,7 +292,7 @@ + traditional syslog daemon, to the kernel log buffer (kmsg), to the system console, or sent as wall + messages to all logged-in users. These options take boolean arguments. If forwarding to syslog is + enabled but nothing reads messages from the socket, forwarding to syslog has no effect. By default, +- only forwarding to wall is enabled. These settings may be overridden at boot time with the kernel ++ these four configs are all disabled. These settings may be overridden at boot time with the kernel + command line options <literal>systemd.journald.forward_to_syslog</literal>, + <literal>systemd.journald.forward_to_kmsg</literal>, + <literal>systemd.journald.forward_to_console</literal>, and +diff --git a/src/journal/journald.conf b/src/journal/journald.conf +index 2f1c661..17dda27 100644 +--- a/src/journal/journald.conf ++++ b/src/journal/journald.conf +@@ -32,7 +32,7 @@ + #ForwardToSyslog=no + #ForwardToKMsg=no + #ForwardToConsole=no +-#ForwardToWall=yes ++ForwardToWall=no + #TTYPath=/dev/console + #MaxLevelStore=debug + #MaxLevelSyslog=debug +-- +2.19.1 +
View file
_service:tar_scm:shutdown-reboot-when-recieve-crash-signal.patch
Added
@@ -0,0 +1,63 @@ +From 3ac4d1fc1a067afc0e0d4ca37a44ac252ee8b96b Mon Sep 17 00:00:00 2001 +From: xujing <xujing99@huawei.com> +Date: Tue, 8 Feb 2022 21:02:31 +0800 +Subject: PATCH shutdown: reboot when recieve crash signal + +--- + src/shutdown/shutdown.c | 33 +++++++++++++++++++++++++++++++++ + 1 files changed, 33 insertions(+) + +diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c +index 680de4f..066a03a 100644 +--- a/src/shutdown/shutdown.c ++++ b/src/shutdown/shutdown.c +@@ -307,6 +307,26 @@ static void bump_sysctl_printk_log_level(int min_level) { + log_debug_errno(r, "Failed to bump kernel.printk to %i: %m", min_level + 1); + } + ++_noreturn_ static void crash(int sig) { ++ if (getpid_cached() != 1) ++ /* Pass this on immediately, if this is not PID 1 */ ++ (void) raise(sig); ++ else { ++ bool in_container = detect_container() > 0; ++ ++ log_info("Recieve signal %d.", sig); ++ ++ broadcast_signal(SIGTERM, true, true, arg_timeout); ++ broadcast_signal(SIGKILL, true, false, arg_timeout); ++ ++ if (!in_container) ++ sync_with_progress(); ++ ++ log_info("Rebooting now."); ++ (void) reboot(RB_AUTOBOOT); ++ } ++} ++ + int main(int argc, char *argv) { + bool need_umount, need_swapoff, need_loop_detach, need_dm_detach, need_md_detach, in_container, use_watchdog = false, can_initrd; + _cleanup_free_ char *cgroup = NULL; +@@ -316,6 +336,19 @@ int main(int argc, char *argv) { + usec_t now_time, time_interval; + pid_t pid; + bool fork_failed = false; ++ static const struct sigaction sa = { ++ .sa_handler = crash, ++ .sa_flags = SA_NODEFER, /* So that we can raise the signal again from the signal handler */ ++ }; ++ ++ (void) reset_all_signal_handlers(); ++ (void) ignore_signals(SIGNALS_IGNORE, -1); ++ ++ /* We ignore the return value here, since, we don't mind if we ++ * cannot set up a crash handler */ ++ r = sigaction_many(&sa, SIGNALS_CRASH_HANDLER, -1); ++ if (r < 0) ++ log_debug_errno(r, "I had trouble setting up the crash handler, ignoring: %m"); + + /* The log target defaults to console, but the original systemd process will pass its log target in through a + * command line argument, which will override this default. Also, ensure we'll never log to the journal or +-- +2.23.0 +
View file
_service:tar_scm:support-disable-cgroup-controllers-we-don-t-want.patch
Added
@@ -0,0 +1,216 @@ +From ef31366523d784d92f25abd99b3782acda29a01c Mon Sep 17 00:00:00 2001 +From: xujing <xujing125@huawei.com> +Date: Fri, 8 Jul 2022 19:47:45 +0800 +Subject: PATCH support disable cgroup controllers we don't want + +--- + src/basic/cgroup-util.c | 14 +++++++++++ + src/basic/cgroup-util.h | 1 + + src/core/cgroup.c | 1 + + src/core/main.c | 7 ++++++ + src/core/manager.h | 2 ++ + src/core/system.conf.in | 1 + + src/shared/conf-parser.c | 54 ++++++++++++++++++++++++++++++++++++++++ + src/shared/conf-parser.h | 1 + + 8 files changed, 81 insertions(+) + +diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c +index f912b65..79089ac 100644 +--- a/src/basic/cgroup-util.c ++++ b/src/basic/cgroup-util.c +@@ -1951,6 +1951,20 @@ int cg_mask_supported(CGroupMask *ret) { + return cg_mask_supported_subtree(root, ret); + } + ++int cg_mask_disable_cgroup(CGroupMask disabled, CGroupMask *ret) { ++ int r; ++ ++ r = cg_all_unified(); ++ if (r < 0) ++ return r; ++ ++ /* We only care CGROUP_V1 */ ++ if (r == 0) ++ *ret &= ~disabled; ++ ++ return 0; ++} ++ + int cg_kernel_controllers(Set **ret) { + _cleanup_set_free_free_ Set *controllers = NULL; + _cleanup_fclose_ FILE *f = NULL; +diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h +index a491eca..faa253b 100644 +--- a/src/basic/cgroup-util.h ++++ b/src/basic/cgroup-util.h +@@ -269,6 +269,7 @@ typedef const char* (*cg_migrate_callback_t)(CGroupMask mask, void *userdata); + + int cg_mask_supported(CGroupMask *ret); + int cg_mask_supported_subtree(const char *root, CGroupMask *ret); ++int cg_mask_disable_cgroup(CGroupMask disabled, CGroupMask *ret); + int cg_mask_from_string(const char *s, CGroupMask *ret); + int cg_mask_to_string(CGroupMask mask, char **ret); + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index ab6d602..6101d53 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -3378,6 +3378,7 @@ int manager_setup_cgroup(Manager *m) { + if (r < 0) + return log_error_errno(r, "Failed to determine supported bpf-based pseudo-controllers: %m"); + m->cgroup_supported |= mask; ++ m->system_cgroup_supported = m->cgroup_supported; + + /* 10. Log which controllers are supported */ + for (CGroupController c = 0; c < _CGROUP_CONTROLLER_MAX; c++) +diff --git a/src/core/main.c b/src/core/main.c +index a39d7d3..c4ce9a8 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -145,6 +145,7 @@ static nsec_t arg_timer_slack_nsec; + static usec_t arg_default_timer_accuracy_usec; + static Set* arg_syscall_archs; + static FILE* arg_serialization; ++static CGroupMask arg_disable_cgroup_controllers; + static int arg_default_cpu_accounting; + static bool arg_default_io_accounting; + static bool arg_default_ip_accounting; +@@ -696,6 +697,7 @@ static int parse_config_file(void) { + { "Manager", "DefaultLimitNICE", config_parse_rlimit, RLIMIT_NICE, arg_default_rlimit }, + { "Manager", "DefaultLimitRTPRIO", config_parse_rlimit, RLIMIT_RTPRIO, arg_default_rlimit }, + { "Manager", "DefaultLimitRTTIME", config_parse_rlimit, RLIMIT_RTTIME, arg_default_rlimit }, ++ { "Manager", "DisableCGroupControllers", config_parse_cgroup, 0, &arg_disable_cgroup_controllers }, + { "Manager", "DefaultCPUAccounting", config_parse_tristate, 0, &arg_default_cpu_accounting }, + { "Manager", "DefaultIOAccounting", config_parse_bool, 0, &arg_default_io_accounting }, + { "Manager", "DefaultIPAccounting", config_parse_bool, 0, &arg_default_ip_accounting }, +@@ -767,6 +769,10 @@ static void set_manager_defaults(Manager *m) { + m->default_start_limit_burst = arg_default_start_limit_burst; + m->default_dfx_reboot = arg_default_dfx_reboot; + ++ m->cgroup_disabled = arg_disable_cgroup_controllers; ++ m->cgroup_supported = m->system_cgroup_supported; ++ (void) cg_mask_disable_cgroup(m->cgroup_disabled, &m->cgroup_supported); ++ + /* On 4.15+ with unified hierarchy, CPU accounting is essentially free as it doesn't require the CPU + * controller to be enabled, so the default is to enable it unless we got told otherwise. */ + if (arg_default_cpu_accounting >= 0) +@@ -2395,6 +2401,7 @@ static void reset_arguments(void) { + + /* arg_serialization — ignore */ + ++ arg_disable_cgroup_controllers = 0; + arg_default_cpu_accounting = -1; + arg_default_io_accounting = false; + arg_default_ip_accounting = false; +diff --git a/src/core/manager.h b/src/core/manager.h +index 54c1d3e..1f7d3b5 100644 +--- a/src/core/manager.h ++++ b/src/core/manager.h +@@ -295,6 +295,8 @@ struct Manager { + /* Data specific to the cgroup subsystem */ + Hashmap *cgroup_unit; + CGroupMask cgroup_supported; ++ CGroupMask system_cgroup_supported; ++ CGroupMask cgroup_disabled; + char *cgroup_root; + + /* Notifications from cgroups, when the unified hierarchy is used is done via inotify. */ +diff --git a/src/core/system.conf.in b/src/core/system.conf.in +index c1fd308..2fe6f60 100644 +--- a/src/core/system.conf.in ++++ b/src/core/system.conf.in +@@ -49,6 +49,7 @@ + #DefaultStartLimitIntervalSec=10s + #DefaultStartLimitBurst=5 + #DefaultEnvironment= ++#DisableCGroupControllers=no + #DefaultCPUAccounting=no + #DefaultIOAccounting=no + #DefaultIPAccounting=no +diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c +index d0ac1b2..23fc1f5 100644 +--- a/src/shared/conf-parser.c ++++ b/src/shared/conf-parser.c +@@ -10,6 +10,7 @@ + #include "alloc-util.h" + #include "conf-files.h" + #include "conf-parser.h" ++#include "cgroup-util.h" + #include "def.h" + #include "ether-addr-util.h" + #include "extract-word.h" +@@ -1196,6 +1197,59 @@ int config_parse_rlimit( + return 0; + } + ++int config_parse_cgroup( ++ const char *unit, ++ const char *filename, ++ unsigned line, ++ const char *section, ++ unsigned section_line, ++ const char *lvalue, ++ int ltype, ++ const char *rvalue, ++ void *data, ++ void *userdata) { ++ assert(filename); ++ assert(lvalue); ++ assert(rvalue); ++ assert(data); ++ ++ CGroupMask *disabled_mask = data; ++ int r; ++ ++ for (;;) { ++ _cleanup_free_ char *word = NULL; ++ CGroupController cc; ++ int yes_or_no = 0; ++ ++ r = extract_first_word(&rvalue, &word, NULL, EXTRACT_UNQUOTE|EXTRACT_RETAIN_ESCAPE); ++ if (r == 0) ++ break; ++ if (r == -ENOMEM) ++ return log_oom(); ++ if (r < 0) { ++ log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax, ignoring: %s", rvalue); ++ break; ++ } ++ ++ yes_or_no = parse_boolean(word); ++ if (yes_or_no == 0) { ++ *disabled_mask = 0; ++ break; ++ } else if (yes_or_no == 1) { ++ *disabled_mask = CGROUP_MASK_V1; ++ break; ++ } ++ ++ cc = cgroup_controller_from_string(word); ++ if (cc < 0) { ++ log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse DisableCGroupControllers, ignoring: %s", word); ++ break; ++ } ++ *disabled_mask |= CGROUP_CONTROLLER_TO_MASK(cc); ++ } ++ return 0; ++} ++ + int config_parse_permille(
View file
_service:tar_scm:systemd-core-Add-new-rules-for-lower-priority-events.patch
Added
@@ -0,0 +1,224 @@ +From 135dce487e4637e8afc4090334ccb2cb9feccdf1 Mon Sep 17 00:00:00 2001 +From: yangbin <robin.yb@huawei.com> +Date: Fri, 3 Apr 2020 11:56:41 +0800 +Subject: PATCH systemd-core: Add new rules for lower priority events to + preempt over higher priority events + +1. When a high priority event happenes very frequent, and this event takes long time for execution,systemd will get into busy for handling this event only, and lower priority events will have no any change to dispatch and run. + +2. One example is the event for /proc/self/mountinfo, which have a very high priority with -10. +When there are many mountpoints in mountinfo(for example, there may be many netns mountpoints),this event will take long time to finish. +Then if now there are mountpoints in repeating mounting and unmounting(for example, /run/user/uid mountpoint will be mounted then unmounted when for one su command), +this event will take all time of systemd, and lower priority lower events will not be dispatched anyway. +This will case a very severity problem that zombie process will not be reaped, for the evnet for reaping zombies has a lower priority of -6. + +3. This patch fix this problem by add the following rules to allow lower priority events to preempt over higher priority events. +a) If a higher priority event has already been execute for a certain count in consecutive, it can be preempted by lower priority events. The default value for this count is 10, and can be configured through 'sd_event_source_set_preempt_dispatch_count'. +b) If a lower priority gets into pending for 10 times in consecutive, it can preempt over higher priority events. +c) If a lower priority is in pending, and is not dispatched over 50 iteration, it can preempt over higher priority events. +d) The above rules only works for events with priority equal or higher than 'SD_EVENT_PRIORITY_NORMAL' or evnets with type of SOURCE_DEFER, since SOURCE_DEFER events is used for job running queues. +--- + src/core/mount.c | 4 ++ + src/libsystemd/sd-event/event-source.h | 5 ++ + src/libsystemd/sd-event/sd-event.c | 81 ++++++++++++++++++++++++++ + src/systemd/sd-event.h | 1 + + 4 files changed, 91 insertions(+) + +diff --git a/src/core/mount.c b/src/core/mount.c +index 053deac..de5b745 100644 +--- a/src/core/mount.c ++++ b/src/core/mount.c +@@ -1895,6 +1895,10 @@ static void mount_enumerate(Manager *m) { + goto fail; + } + ++ r = sd_event_source_set_preempt_dispatch_count(m->mount_event_source, 5); ++ if (r < 0) ++ goto fail; ++ + (void) sd_event_source_set_description(m->mount_event_source, "mount-monitor-dispatch"); + } + +diff --git a/src/libsystemd/sd-event/event-source.h b/src/libsystemd/sd-event/event-source.h +index d2dc214..0fa41aa 100644 +--- a/src/libsystemd/sd-event/event-source.h ++++ b/src/libsystemd/sd-event/event-source.h +@@ -70,6 +70,11 @@ struct sd_event_source { + uint64_t pending_iteration; + uint64_t prepare_iteration; + ++ uint64_t preempted_iteration; /*The iteration that dispatched_count is greater than preempt_dispatch_count*/ ++ unsigned pending_count; /*times of pending not dispatched*/ ++ unsigned dispatched_count; /*consecutive dispatched count*/ ++ unsigned preempt_dispatch_count; /*Will be preempted by lower priority if dispatched count reaches to this*/ ++ + sd_event_destroy_t destroy_callback; + + LIST_FIELDS(sd_event_source, sources); +diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c +index e9199de..46f8aff 100644 +--- a/src/libsystemd/sd-event/sd-event.c ++++ b/src/libsystemd/sd-event/sd-event.c +@@ -27,6 +27,11 @@ + #include "strxcpyx.h" + #include "time-util.h" + ++#define DEFAULT_PREEMPTED_ITERATION_COUNT (3) ++#define DEFAULT_PREEMPT_DISPATCH_COUNT (10) ++#define DEFAULT_PREEMPT_PENDING_COUNT (10) ++#define DEFAULT_PREEMPT_ITERATION_COUNT (30) ++ + #define DEFAULT_ACCURACY_USEC (250 * USEC_PER_MSEC) + + static bool EVENT_SOURCE_WATCH_PIDFD(sd_event_source *s) { +@@ -152,6 +157,11 @@ struct sd_event { + + LIST_HEAD(sd_event_source, sources); + ++ /*last dispatched source, its type is sd_event_source, ++ * here use void to avoid accessing its members, ++ * for it may have been freed already.*/ ++ void *last_source; ++ + usec_t last_run_usec, last_log_usec; + unsigned delayssizeof(usec_t) * 8; + }; +@@ -165,6 +175,39 @@ static sd_event *event_resolve(sd_event *e) { + return e == SD_EVENT_DEFAULT ? default_event : e; + } + ++static int preempt_prioq_compare(const sd_event_source *x, const sd_event_source *y) { ++ if((x->priority > SD_EVENT_PRIORITY_NORMAL && x->type != SOURCE_DEFER) ++ || (y->priority > SD_EVENT_PRIORITY_NORMAL && y->type != SOURCE_DEFER)) { ++ return 0; /*only high priority evnets can preempt*/ ++ } ++ ++ if(x->priority <= y->priority) { ++ if(x->dispatched_count >= x->preempt_dispatch_count) ++ return 1; ++ if(y->type != SOURCE_DEFER) { /*pending state for defer event is always true*/ ++ /*y has lower priority, but its pending count is greater than x, so y wins*/ ++ if(y->pending_count >= (x->pending_count + DEFAULT_PREEMPT_PENDING_COUNT)) ++ return 1; ++ /*y has lower priority, but is in pending longer than x, so y wins*/ ++ if(x->pending_iteration >= (y->pending_iteration + DEFAULT_PREEMPT_ITERATION_COUNT)) ++ return 1; ++ } ++ } else { ++ if(y->dispatched_count >= y->preempt_dispatch_count) ++ return -1; ++ if(x->type != SOURCE_DEFER) { /*pending state for defer event is always true*/ ++ /*x has lower priority, but its pending count is greater than y, so x wins*/ ++ if(x->pending_count >= (y->pending_count + DEFAULT_PREEMPT_PENDING_COUNT)) ++ return -1; ++ /*x has lower priority, but is in pending longer than y, so x wins*/ ++ if(y->pending_iteration >= (x->pending_iteration + DEFAULT_PREEMPT_ITERATION_COUNT)) ++ return -1; ++ } ++ } ++ ++ return 0; ++} ++ + static int pending_prioq_compare(const void *a, const void *b) { + const sd_event_source *x = a, *y = b; + int r; +@@ -182,6 +225,10 @@ static int pending_prioq_compare(const void *a, const void *b) { + if (r != 0) + return r; + ++ r = preempt_prioq_compare(a, b); ++ if(r != 0) ++ return r; ++ + /* Lower priority values first */ + r = CMP(x->priority, y->priority); + if (r != 0) +@@ -998,6 +1045,17 @@ static int source_set_pending(sd_event_source *s, bool b) { + assert(s); + assert(s->type != SOURCE_EXIT); + ++ if (b && s->pending == b) ++ s->pending_count++; ++ else ++ s->pending_count = (b ? 1 : 0); ++ if (b && s->preempted_iteration && ++ (s->pending_count >= DEFAULT_PREEMPTED_ITERATION_COUNT || ++ s->event->iteration >= (s->preempted_iteration + DEFAULT_PREEMPTED_ITERATION_COUNT)) ) { ++ s->dispatched_count = 0; ++ s->preempted_iteration = 0; ++ } ++ + if (s->pending == b) + return 0; + +@@ -1057,6 +1115,7 @@ static sd_event_source *source_new(sd_event *e, bool floating, EventSourceType t + .type = type, + .pending_index = PRIOQ_IDX_NULL, + .prepare_index = PRIOQ_IDX_NULL, ++ .preempt_dispatch_count = DEFAULT_PREEMPT_DISPATCH_COUNT, + }; + + if (!floating) +@@ -2370,6 +2429,7 @@ static int event_source_offline( + s->enabled = enabled; + s->ratelimited = ratelimited; + ++ s->pending_count = 0; + switch (s->type) { + + case SOURCE_IO: +@@ -3443,6 +3503,19 @@ static int process_inotify(sd_event *e) { + return done; + } + ++static void source_dispatch_pre(sd_event_source *s) { ++ if(s->event->last_source == s) { ++ s->dispatched_count++; ++ if(s->dispatched_count >= s->preempt_dispatch_count) ++ s->preempted_iteration = s->event->iteration; ++ } else { ++ s->preempted_iteration = 0; ++ s->dispatched_count = 0; ++ } ++ s->event->last_source = s; ++ s->pending_count = 0; ++} ++ + static int source_dispatch(sd_event_source *s) { + _cleanup_(sd_event_unrefp) sd_event *saved_event = NULL; + EventSourceType saved_type; +@@ -3496,6 +3569,7 @@ static int source_dispatch(sd_event_source *s) { + return r; + } + ++ source_dispatch_pre(s); + s->dispatching = true; + + switch (s->type) { +@@ -4449,3 +4523,10 @@ _public_ int sd_event_source_is_ratelimited(sd_event_source *s) {
View file
_service:tar_scm:treat-hyphen-as-valid-hostname-char.patch
Added
@@ -0,0 +1,51 @@ +From c04904a4f54f8949a6a7821a0859e2732366259b Mon Sep 17 00:00:00 2001 +From: licunlong <licunlong1@huawei.com> +Date: Tue, 24 Nov 2020 19:57:38 +0800 +Subject: PATCH treat hyphen as valid hostname char + +--- + src/basic/hostname-util.c | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/src/basic/hostname-util.c b/src/basic/hostname-util.c +index 5bfa028..b80a2b8 100644 +--- a/src/basic/hostname-util.c ++++ b/src/basic/hostname-util.c +@@ -77,6 +77,16 @@ bool valid_ldh_char(char c) { + c == '-'; + } + ++static bool hostname_valid_char(char c) { ++ return ++ (c >= 'a' && c <= 'z') || ++ (c >= 'A' && c <= 'Z') || ++ (c >= '0' && c <= '9') || ++ c == '-' || ++ c == '_' || ++ c == '.'; ++} ++ + bool hostname_is_valid(const char *s, ValidHostnameFlags flags) { + unsigned n_dots = 0; + const char *p; +@@ -117,7 +127,7 @@ bool hostname_is_valid(const char *s, bool allow_trailing_dot) { + hyphen = true; + + } else { +- if (!valid_ldh_char(*p)) ++ if (!hostname_valid_char(*p)) + return false; + + dot = false; +@@ -160,7 +170,7 @@ char* hostname_cleanup(char *s) { + dot = false; + hyphen = true; + +- } else if (valid_ldh_char(*p)) { ++ } else if (hostname_valid_char(*p)) { + *(d++) = *p; + dot = false; + hyphen = false; +-- +2.23.0 +
View file
_service:tar_scm:udev-add-actions-while-rename-netif-failed.patch
Changed
@@ -11,8 +11,8 @@ --- a/src/udev/udev-event.c +++ b/src/udev/udev-event.c @@ -820,6 +820,7 @@ static int rename_netif(UdevEvent *event) { - sd_device *dev = event->dev; const char *oldname; + unsigned flags; int ifindex, r; + char nameIFNAMSIZ;
View file
_service:tar_scm:units-add-Install-section-to-tmp.mount.patch
Changed
@@ -15,7 +15,7 @@ @@ -23,3 +23,7 @@ What=tmpfs Where=/tmp Type=tmpfs - Options=mode=1777,strictatime,nosuid,nodev,size=50%,nr_inodes=400k + Options=mode=1777,strictatime,nosuid,nodev,size=50%%,nr_inodes=1m + +# Make 'systemctl enable tmp.mount' work: +Install
View file
_service
Changed
@@ -2,7 +2,7 @@ <service name="tar_scm"> <param name="scm">git</param> <param name="url">git@gitee.com:src-openeuler/systemd.git</param> - <param name="revision">140a8b19719e89db5a03cb86d10e4411f46577ac</param> + <param name="revision">master</param> <param name="exclude">*</param> <param name="extract">*</param> </service>
View file
_service:tar_scm:udev-40-generic.rules
Added
@@ -0,0 +1,45 @@ +# do not edit this file, it will be overwritten on update + +# CPU hotadd request +SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0", ATTR{online}="1" + +# Memory hotadd request +SUBSYSTEM!="memory", GOTO="memory_hotplug_end" +ACTION!="add", GOTO="memory_hotplug_end" +PROGRAM="/bin/uname -p", RESULT=="s390*", GOTO="memory_hotplug_end" + +ENV{.state}="online" +ATTR{state}=="offline", ATTR{state}="$env{.state}" + +LABEL="memory_hotplug_end" + +# reload sysctl.conf / sysctl.conf.d settings when the bridge module is loaded +ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge" + +# load SCSI generic (sg) driver +SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST!="module/sg", RUN+="/sbin/modprobe -bv sg" +SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_target", TEST!="module/sg", RUN+="/sbin/modprobe -bv sg" + +# Rule for prandom character device node permissions +KERNEL=="prandom", MODE="0644" + + +# Rules for creating the ID_PATH for SCSI devices based on the CCW bus +# using the form: ccw-<BUS_ID>-zfcp-<WWPN>:<LUN> +# +ACTION=="remove", GOTO="zfcp_scsi_device_end" + +# +# Set environment variable "ID_ZFCP_BUS" to "1" if the devices +# (both disk and partition) are SCSI devices based on FCP devices +# +KERNEL=="sd*", SUBSYSTEMS=="ccw", DRIVERS=="zfcp", ENV{.ID_ZFCP_BUS}="1" + +# For SCSI disks +KERNEL=="sd*!0-9", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="disk", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}" + + +# For partitions on a SCSI disk +KERNEL=="sd*0-9", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="partition", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}-part%n" + +LABEL="zfcp_scsi_device_end"
View file
_service:tar_scm:udev-40-openEuler.rules
Deleted
@@ -1,45 +0,0 @@ -# do not edit this file, it will be overwritten on update - -# CPU hotadd request -SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0", ATTR{online}="1" - -# Memory hotadd request -SUBSYSTEM!="memory", GOTO="memory_hotplug_end" -ACTION!="add", GOTO="memory_hotplug_end" -PROGRAM="/bin/uname -p", RESULT=="s390*", GOTO="memory_hotplug_end" - -ENV{.state}="online" -ATTR{state}=="offline", ATTR{state}="$env{.state}" - -LABEL="memory_hotplug_end" - -# reload sysctl.conf / sysctl.conf.d settings when the bridge module is loaded -ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge" - -# load SCSI generic (sg) driver -SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_device", TEST!="module/sg", RUN+="/sbin/modprobe -bv sg" -SUBSYSTEM=="scsi", ENV{DEVTYPE}=="scsi_target", TEST!="module/sg", RUN+="/sbin/modprobe -bv sg" - -# Rule for prandom character device node permissions -KERNEL=="prandom", MODE="0644" - - -# Rules for creating the ID_PATH for SCSI devices based on the CCW bus -# using the form: ccw-<BUS_ID>-zfcp-<WWPN>:<LUN> -# -ACTION=="remove", GOTO="zfcp_scsi_device_end" - -# -# Set environment variable "ID_ZFCP_BUS" to "1" if the devices -# (both disk and partition) are SCSI devices based on FCP devices -# -KERNEL=="sd*", SUBSYSTEMS=="ccw", DRIVERS=="zfcp", ENV{.ID_ZFCP_BUS}="1" - -# For SCSI disks -KERNEL=="sd*!0-9", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="disk", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}" - - -# For partitions on a SCSI disk -KERNEL=="sd*0-9", SUBSYSTEMS=="scsi", ENV{.ID_ZFCP_BUS}=="1", ENV{DEVTYPE}=="partition", SYMLINK+="disk/by-path/ccw-$attr{hba_id}-zfcp-$attr{wwpn}:$attr{fcp_lun}-part%n" - -LABEL="zfcp_scsi_device_end"
View file
_service:tar_scm:udev-61-openeuler-persistent-storage.rules
Deleted
@@ -1,3 +0,0 @@ -# scsi compat links for ATA devices -KERNEL=="sd*!0-9", ENV{ID_BUS}=="ata", PROGRAM="scsi_id --whitelisted --replace-whitespace -p0x80 -d$tempnode", RESULT=="?*", ENV{ID_SCSI_COMPAT}="$result", SYMLINK+="disk/by-id/scsi-$env{ID_SCSI_COMPAT}" -KERNEL=="sd*0-9", ENV{ID_SCSI_COMPAT}=="?*", SYMLINK+="disk/by-id/scsi-$env{ID_SCSI_COMPAT}-part%n"
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2