packages/systemd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update systemd to v255

Browse Source
This commit is contained in:
huyubiao 2024-01-08 19:20:01 +08:00
parent 86198be34c
commit 3aab45c265
41 changed files with 1113 additions and 1964 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
Retry-to-handle-the-uevent-when-worker-is-terminated.patch
View File

@ -5,22 +5,22 @@ Subject: [PATCH] Retry to handle the uevent when worker is terminated abnormal
When processing uevent events fails, retry it.
---
src/udev/udevd.c | 35 +++++++++++++++++++++++++++++++++--
src/udev/udev-manager.c | 35 +++++++++++++++++++++++++++++++++--
1 file changed, 33 insertions(+), 2 deletions(-)
diff --git a/src/udev/udevd.c b/src/udev/udevd.c
index c6d24d9..512192e 100644
--- a/src/udev/udevd.c
+++ b/src/udev/udevd.c
@@ -74,6 +74,7 @@
#include "version.h"
diff --git a/src/udev/udev-manager.c b/src/udev/udev-manager.c
index 8077e51..88023c7 100644
--- a/src/udev/udev-manager.c
+++ b/src/udev/udev-manager.c
@@ -36,6 +36,7 @@
#include "udev-worker.h"
#define WORKER_NUM_MAX 2048U
#define WORKER_NUM_MAX UINT64_C(2048)
+#define UEVENT_MAX_RETRY_TIMES 3
#define EVENT_RETRY_INTERVAL_USEC (200 * USEC_PER_MSEC)
#define EVENT_RETRY_TIMEOUT_USEC (3 * USEC_PER_MINUTE)
@@ -129,6 +130,7 @@ typedef struct Event {
@@ -50,6 +51,7 @@ typedef struct Event {
Manager *manager;
Worker *worker;
EventState state;
@ -28,9 +28,9 @@ index c6d24d9..512192e 100644
sd_device *dev;
@@ -182,6 +184,32 @@ typedef enum EventResult {
_EVENT_RESULT_INVALID = -EINVAL,
} EventResult;
@@ -89,6 +91,32 @@ typedef struct Worker {
Event *event;
} Worker;
+static bool event_retry(Event *event) {
+ if (!event)
@ -61,7 +61,7 @@ index c6d24d9..512192e 100644
static Event *event_free(Event *event) {
if (!event)
return NULL;
@@ -1140,6 +1168,7 @@ static int event_queue_insert(Manager *manager, sd_device *dev) {
@@ -735,6 +763,7 @@ static int event_queue_insert(Manager *manager, sd_device *dev) {
.devpath_old = devpath_old,
.devnode = devnode,
.state = EVENT_QUEUED,
@ -69,15 +69,15 @@ index c6d24d9..512192e 100644
};
if (!manager->events) {
@@ -1513,8 +1542,10 @@ static int on_sigchld(sd_event_source *s, const siginfo_t *si, void *userdata) {
@@ -1126,8 +1155,10 @@ static int on_sigchld(sd_event_source *s, const siginfo_t *si, void *userdata) {
device_delete_db(dev);
device_tag_index(dev, NULL, false);
- /* Forward kernel event to libudev listeners */
- device_broadcast(manager->monitor, dev, result);
- udev_broadcast_result(manager->monitor, dev, result);
+ if (event_retry(worker->event) == false) {
+ /* Forward kernel event to libudev listeners */
+ device_broadcast(manager->monitor, worker->event->dev, result);
+ udev_broadcast_result(manager->monitor, dev, result);
+ }
}

120
add-a-new-switch-to-control-whether-udev-complies-wi.patch
View File

@ -4,48 +4,43 @@ Date: Fri, 7 Jul 2023 16:11:01 +0800
Subject: [PATCH] Add a new switch to control whether udev complies with the
new SAT standards
Reason: Original revisions of the SAT (SCSI-ATA Translation) specification,
udev will identify devices starting with 70 and ending with 00 1d as ATA devices,
Reason: Original revisions of the SAT (SCSI-ATA Translation) specification,
udev will identify devices starting with 70 and ending with 00 1d as ATA devices,
rather than scsi devices, which may have a change in wwn id and affect user usage.
So Add a new switch to control whether udev complies with the new SAT standards
---
src/shared/udev-util.c | 16 ++++++++++++++--
src/shared/udev-util.h | 5 +++--
src/udev/ata_id/ata_id.c | 19 +++++++++++++++++--
src/udev/udevd.c | 3 ++-
4 files changed, 36 insertions(+), 7 deletions(-)
src/shared/udev-util.c | 17 ++++++++++++++++-
src/shared/udev-util.h | 1 +
src/udev/ata_id/ata_id.c | 18 ++++++++++++++++--
3 files changed, 33 insertions(+), 3 deletions(-)
diff --git a/src/shared/udev-util.c b/src/shared/udev-util.c
index f934fc1..2ff4a7c 100644
index cf28ba8..18f03db 100644
--- a/src/shared/udev-util.c
+++ b/src/shared/udev-util.c
@@ -38,9 +38,11 @@ int udev_parse_config_full(
usec_t *ret_exec_delay_usec,
usec_t *ret_event_timeout_usec,
ResolveNameTiming *ret_resolve_name_timing,
- int *ret_timeout_signal) {
+ int *ret_timeout_signal,
+ bool *ret_ignore_newer_SAT) {
@@ -45,11 +45,17 @@ int udev_set_max_log_level(char *str) {
}
_cleanup_free_ char *log_val = NULL, *children_max = NULL, *exec_delay = NULL, *event_timeout = NULL, *resolve_names = NULL, *timeout_signal = NULL;
int udev_parse_config(void) {
+ return udev_parse_config_full(NULL);
+}
+
+int udev_parse_config_full(bool *ret_ignore_newer_SAT) {
_cleanup_free_ char *log_val = NULL;
+ _cleanup_free_ char *ignore_newer_SAT = NULL;
int r;
r = parse_env_file(NULL, "/etc/udev/udev.conf",
@@ -49,7 +51,8 @@ int udev_parse_config_full(
"exec_delay", &exec_delay,
"event_timeout", &event_timeout,
"resolve_names", &resolve_names,
- "timeout_signal", &timeout_signal);
+ "timeout_signal", &timeout_signal,
- "udev_log", &log_val);
+ "udev_log", &log_val,
+ "ignore_newer_SAT", &ignore_newer_SAT);
if (r == -ENOENT)
return 0;
if (r < 0)
@@ -118,6 +121,15 @@ int udev_parse_config_full(
*ret_timeout_signal = r;
}
@@ -60,6 +66,15 @@ int udev_parse_config(void) {
log_syntax(NULL, LOG_WARNING, "/etc/udev/udev.conf", 0, r,
"Failed to set udev log level '%s', ignoring: %m", log_val);
+ if (ret_ignore_newer_SAT && ignore_newer_SAT) {
+ r = parse_boolean(ignore_newer_SAT);
@ -60,31 +55,25 @@ index f934fc1..2ff4a7c 100644
}
diff --git a/src/shared/udev-util.h b/src/shared/udev-util.h
index 276686d..9695c64 100644
index 651d335..ee1dbe5 100644
--- a/src/shared/udev-util.h
+++ b/src/shared/udev-util.h
@@ -30,10 +30,11 @@ int udev_parse_config_full(
usec_t *ret_exec_delay_usec,
usec_t *ret_event_timeout_usec,
ResolveNameTiming *ret_resolve_name_timing,
- int *ret_timeout_signal);
+ int *ret_timeout_signal,
+ bool *ret_ignore_newer_SAT);
@@ -8,6 +8,7 @@
static inline int udev_parse_config(void) {
- return udev_parse_config_full(NULL, NULL, NULL, NULL, NULL);
+ return udev_parse_config_full(NULL, NULL, NULL, NULL, NULL, NULL);
}
int udev_set_max_log_level(char *str);
int udev_parse_config(void);
+int udev_parse_config_full(bool *ret_ignore_newer_SAT);
int device_wait_for_initialization(sd_device *device, const char *subsystem, usec_t timeout_usec, sd_device **ret);
int device_wait_for_devlink(const char *path, const char *subsystem, usec_t timeout_usec, sd_device **ret);
diff --git a/src/udev/ata_id/ata_id.c b/src/udev/ata_id/ata_id.c
index 1fc27f4..10a3464 100644
index 0b1f0b7..92f87d9 100644
--- a/src/udev/ata_id/ata_id.c
+++ b/src/udev/ata_id/ata_id.c
@@ -28,9 +28,13 @@
#include "log.h"
@@ -31,9 +31,13 @@
#include "memory-util.h"
#include "udev-util.h"
#include "unaligned.h"
+#include "proc-cmdline.h"
+#include "string-util.h"
@ -92,27 +81,24 @@ index 1fc27f4..10a3464 100644
+static bool arg_ignore_newer_SAT = false;
+
static int disk_scsi_inquiry_command(
int fd,
void *buf,
@@ -163,7 +167,7 @@ static int disk_identify_command(
static bool arg_export = false;
static const char *arg_device = NULL;
@@ -159,7 +163,7 @@ static int disk_identify_command(
return log_debug_errno(errno, "ioctl v3 failed: %m");
} else {
if (!((sense[0] & 0x7f) == 0x72 && desc[0] == 0x9 && desc[1] == 0x0c) &&
- !((sense[0] & 0x7f) == 0x70 && sense[12] == 0x00 && sense[13] == 0x1d))
+ (arg_ignore_newer_SAT || !((sense[0] & 0x7f) == 0x70 && sense[12] == 0x00 && sense[13] == 0x1d)))
return log_debug_errno(SYNTHETIC_ERRNO(EIO), "ioctl v4 failed: %m");
}
if (!((sense[0] & 0x7f) == 0x72 && desc[0] == 0x9 && desc[1] == 0x0c) &&
- !((sense[0] & 0x7f) == 0x70 && sense[12] == 0x00 && sense[13] == 0x1d)) {
+ (arg_ignore_newer_SAT || !((sense[0] & 0x7f) == 0x70 && sense[12] == 0x00 && sense[13] == 0x1d))) {
errno = EIO;
return -1;
}
@@ -407,12 +411,23 @@ int main(int argc, char *argv[]) {
{ "help", no_argument, NULL, 'h' },
{}
};
+ int r;
@@ -410,10 +414,20 @@ static int run(int argc, char *argv[]) {
int r;
log_set_target(LOG_TARGET_AUTO);
- udev_parse_config();
+ udev_parse_config_full(NULL, NULL, NULL, NULL, NULL, &arg_ignore_newer_SAT);
+ udev_parse_config_full(&arg_ignore_newer_SAT);
log_parse_environment();
log_open();
@ -120,29 +106,15 @@ index 1fc27f4..10a3464 100644
+ * set arg_ignore_newer_SAT to true and ignoring the new SAT standard
+ */
+ if (!arg_ignore_newer_SAT) {
+ r = proc_cmdline_get_bool("udev.ignore_newer_SAT", &arg_ignore_newer_SAT);
+ r = proc_cmdline_get_bool("udev.ignore_newer_SAT", /* flags = */ 0, &arg_ignore_newer_SAT);
+ if (r < 0) {
+ log_warning_errno(r, "Failed to parse udev.ignore_newer_SAT kernel command line argument, ignoring: %m");
+ }
+ }
+
for (;;) {
int option;
diff --git a/src/udev/udevd.c b/src/udev/udevd.c
index 023fe55..34bc6ee 100644
--- a/src/udev/udevd.c
+++ b/src/udev/udevd.c
@@ -2073,7 +2073,8 @@ int run_udevd(int argc, char *argv[]) {
log_set_target(LOG_TARGET_AUTO);
log_open();
- udev_parse_config_full(&arg_children_max, &arg_exec_delay_usec, &arg_event_timeout_usec, &arg_resolve_name_timing, &arg_timeout_signal);
+ /* ignore_newer_SAT only valid in ata_id.c */
+ udev_parse_config_full(&arg_children_max, &arg_exec_delay_usec, &arg_event_timeout_usec, &arg_resolve_name_timing, &arg_timeout_signal, NULL);
log_parse_environment();
log_open(); /* Done again to update after reading configuration. */
r = parse_argv(argc, argv);
if (r <= 0)
return r;
--
2.33.0

39
backport-CVE-2023-7008.patch
View File

@ -1,39 +0,0 @@
From 3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 20 Dec 2023 16:44:14 +0100
Subject: [PATCH] resolved: actually check authenticated flag of SOA
transaction
Fixes #25676
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1
---
src/resolve/resolved-dns-transaction.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index 696fce532a..fe88e502e7 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -2808,7 +2808,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *
if (r == 0)
continue;
- return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
+ return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
}
return true;
@@ -2835,7 +2835,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *
/* We found the transaction that was supposed to find the SOA RR for us. It was
* successful, but found no RR for us. This means we are not at a zone cut. In this
* case, we require authentication if the SOA lookup was authenticated too. */
- return FLAGS_SET(t->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
+ return FLAGS_SET(dt->answer_query_flags, SD_RESOLVED_AUTHENTICATED);
}
return true;
--
2.33.0

39
backport-Limit-rlim_max-in-rlimit_nofile_safe-to-nr_open.patch
View File

@ -1,39 +0,0 @@
From f470dafddcd688c3ea6031d4bbcbf934fd094711 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 25 Aug 2023 13:55:36 +0200
Subject: [PATCH] Limit rlim_max in rlimit_nofile_safe() to nr_open
We might inherit a max rlim value that's larger than the kernel's
maximum (nr_open). This will cause setrlimit() to fail as the given
maximum is larger than the kernel's maximum. To get around this,
let's limit the max rlim we pass to rlimit() to the value of nr_open.
Should fix #28965
Conflict:NA
Reference:https://github.com/systemd/systemd-stable/commit/f470dafddcd688c3ea6031d4bbcbf934fd094711
---
src/basic/rlimit-util.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/basic/rlimit-util.c b/src/basic/rlimit-util.c
index 91424cd3cc..a0ffb24626 100644
--- a/src/basic/rlimit-util.c
+++ b/src/basic/rlimit-util.c
@@ -401,7 +401,11 @@ int rlimit_nofile_safe(void) {
if (rl.rlim_cur <= FD_SETSIZE)
return 0;
- rl.rlim_cur = FD_SETSIZE;
+ /* So we might have inherited a hard limit that's larger than the kernel's maximum limit as stored in
+ * /proc/sys/fs/nr_open. If we pass this hard limit unmodified to setrlimit(), we'll get EPERM. To
+ * make sure that doesn't happen, let's limit our hard limit to the value from nr_open. */
+ rl.rlim_max = MIN(rl.rlim_max, (rlim_t) read_nr_open());
+ rl.rlim_cur = MIN((rlim_t) FD_SETSIZE, rl.rlim_max);
if (setrlimit(RLIMIT_NOFILE, &rl) < 0)
return log_debug_errno(errno, "Failed to lower RLIMIT_NOFILE's soft limit to " RLIM_FMT ": %m", rl.rlim_cur);
--
2.39.1

73
backport-bus-add-some-minimal-bounds-check-on-signatures.patch
View File

@ -1,73 +0,0 @@
From d80cc39558ec7e596d594d1aadc4df81262611f8 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Sun, 16 Jul 2023 01:10:47 +0100
Subject: [PATCH] bus: add some minimal bounds check on signatures
CID#1491292
CID#1491291
CID#1491290
CID#1491289
CID#1491284
CID#1491281
CID#1491280
CID#1491278
Conflict:NA
Reference:https://github.com/systemd/systemd-stable/commit/d80cc39558ec7e596d594d1aadc4df81262611f8
---
src/busctl/busctl.c | 5 ++++-
src/libsystemd/sd-bus/bus-message.c | 6 ++++++
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/src/busctl/busctl.c b/src/busctl/busctl.c
index 72eed36335..c1a0479015 100644
--- a/src/busctl/busctl.c
+++ b/src/busctl/busctl.c
@@ -1627,8 +1627,11 @@ static int message_append_cmdline(sd_bus_message *m, const char *signature, char
p--;
r = signature_element_length(signature, &k);
- if (r < 0)
+ if (r < 0 || k < 2) {
+ if (r >= 0 && k < 2)
+ r = -ERANGE;
return log_error_errno(r, "Invalid struct/dict entry signature: %m");
+ }
{
char s[k-1];
diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c
index 3cf1419a14..f1cf6a8cc4 100644
--- a/src/libsystemd/sd-bus/bus-message.c
+++ b/src/libsystemd/sd-bus/bus-message.c
@@ -2027,6 +2027,8 @@ _public_ int sd_bus_message_appendv(
r = signature_element_length(t, &k);
if (r < 0)
return r;
+ if (k < 2)
+ return -ERANGE;
{
char s[k - 1];
@@ -3470,6 +3472,8 @@ _public_ int sd_bus_message_readv(
r = signature_element_length(t, &k);
if (r < 0)
return r;
+ if (k < 2)
+ return -ERANGE;
{
char s[k - 1];
@@ -3650,6 +3654,8 @@ _public_ int sd_bus_message_skip(sd_bus_message *m, const char *types) {
r = signature_element_length(types, &k);
if (r < 0)
return r;
+ if (k < 2)
+ return -ERANGE;
{
char s[k-1];
--
2.39.1

83
backport-core-only-refuse-Type-dbus-service-enqueuing-if-dbus.patch
View File

@ -1,83 +0,0 @@
From bee6e755bb8e53a7a436e221b015ce0232ed87c0 Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Wed, 10 May 2023 13:54:15 +0800
Subject: [PATCH] core: only refuse Type=dbus service enqueuing if dbus has
stop job
Follow-up for #27579
In #27579 we refused all StartUnit requests for Type=dbus units
if dbus is not running, which means if dbus is manually stopped,
user can't use systemctl to start Type=dbus units again, which
is incorrect.
The only culprit that leads to the cancellation of the whole
transaction mentioned in #26799 is job type conflict on dbus.
So let's relax the restriction and only refuse job enqueuing
if dbus has a stop job.
To summarize, the case we want to avoid is:
1. dbus has a stop job installed
2. StartUnit/ActivationRequest is received
3. Type=dbus service gets started, which has Requires=dbus.socket
4. dbus is pulled in again, resulting in job type conflict
What we can support is:
1. dbus is already stopped
2. StartUnit is received (possibly through systemctl, i.e. on private bus)
3. Type=dbus service gets started, which will wait for dbus to start
4. dbus is started again, thus the job for Type=dbus service
Replaces #27590
Fixes #27588
---
src/core/dbus-unit.c | 31 ++++++++++++++++++++++++-------
1 file changed, 24 insertions(+), 7 deletions(-)
diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
index 5b89c76586..59d541ebfe 100644
--- a/src/core/dbus-unit.c
+++ b/src/core/dbus-unit.c
@@ -1875,13 +1875,30 @@ int bus_unit_queue_job(
(type == JOB_STOP && u->refuse_manual_stop) ||
(IN_SET(type, JOB_RESTART, JOB_TRY_RESTART) && (u->refuse_manual_start || u->refuse_manual_stop)) ||
(type == JOB_RELOAD_OR_START && job_type_collapse(type, u) == JOB_START && u->refuse_manual_start))
- return sd_bus_error_setf(error, BUS_ERROR_ONLY_BY_DEPENDENCY, "Operation refused, unit %s may be requested by dependency only (it is configured to refuse manual start/stop).", u->id);
-
- /* dbus-broker issues StartUnit for activation requests, so let's apply the same check
- * used in signal_activation_request(). */
- if (type == JOB_START && u->type == UNIT_SERVICE &&
- SERVICE(u)->type == SERVICE_DBUS && !manager_dbus_is_running(u->manager))
- return sd_bus_error_set(error, BUS_ERROR_SHUTTING_DOWN, "Refusing activation, D-Bus is not running.");
+ return sd_bus_error_setf(error,
+ BUS_ERROR_ONLY_BY_DEPENDENCY,
+ "Operation refused, unit %s may be requested by dependency only (it is configured to refuse manual start/stop).",
+ u->id);
+
+ /* dbus-broker issues StartUnit for activation requests, and Type=dbus services automatically
+ * gain dependency on dbus.socket. Therefore, if dbus has a pending stop job, the new start
+ * job that pulls in dbus again would cause job type conflict. Let's avoid that by rejecting
+ * job enqueuing early.
+ *
+ * Note that unlike signal_activation_request(), we can't use unit_inactive_or_pending()
+ * here. StartUnit is a more generic interface, and thus users are allowed to use e.g. systemctl
+ * to start Type=dbus services even when dbus is inactive. */
+ if (type == JOB_START && u->type == UNIT_SERVICE && SERVICE(u)->type == SERVICE_DBUS)
+ FOREACH_STRING(dbus_unit, SPECIAL_DBUS_SOCKET, SPECIAL_DBUS_SERVICE) {
+ Unit *dbus;
+
+ dbus = manager_get_unit(u->manager, dbus_unit);
+ if (dbus && unit_stop_pending(dbus))
+ return sd_bus_error_setf(error,
+ BUS_ERROR_SHUTTING_DOWN,
+ "Operation for unit %s refused, D-Bus is shutting down.",
+ u->id);
+ }
r = sd_bus_message_new_method_return(message, &reply);
if (r < 0)
--
2.33.0

152
backport-core-path-do-not-enqueue-new-job-in-.trigger_notify-.patch
View File

@ -1,152 +0,0 @@
From bc6377762c210d1bdd7fd2465930731d87dda576 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sat, 29 Apr 2023 04:31:53 +0900
Subject: [PATCH] core/path: do not enqueue new job in .trigger_notify callback
Otherwise,
1. X.path triggered X.service, and the service has waiting start job,
2. systemctl stop X.service
3. the waiting start job is cancelled to install new stop job,
4. path_trigger_notify() is called, and may reinstall new start job,
5. the stop job cannot be installed, and triggeres assertion.
So, instead, let's add a defer event source, then enqueue the new start
job after the stop (or any other type) job finished.
Fixes https://github.com/systemd/systemd/issues/24577#issuecomment-1522628906.
Conflict:NA
Reference:https://github.com/systemd/systemd-stable/commit/bc6377762c210d1bdd7fd2465930731d87dda576
---
src/core/path.c | 68 +++++++++++++++++++++++++++++++++++++++++++++----
src/core/path.h | 2 ++
2 files changed, 65 insertions(+), 5 deletions(-)
diff --git a/src/core/path.c b/src/core/path.c
index 9f6a246ab0..c95663c3aa 100644
--- a/src/core/path.c
+++ b/src/core/path.c
@@ -10,6 +10,7 @@
#include "dbus-path.h"
#include "dbus-unit.h"
#include "escape.h"
+#include "event-util.h"
#include "fd-util.h"
#include "glob-util.h"
#include "inotify-util.h"
@@ -300,6 +301,7 @@ static void path_done(Unit *u) {
assert(p);
+ p->trigger_notify_event_source = sd_event_source_disable_unref(p->trigger_notify_event_source);
path_free_specs(p);
}
@@ -575,6 +577,9 @@ static void path_enter_waiting(Path *p, bool initial, bool from_trigger_notify)
Unit *trigger;
int r;
+ if (p->trigger_notify_event_source)
+ (void) event_source_disable(p->trigger_notify_event_source);
+
/* If the triggered unit is already running, so are we */
trigger = UNIT_TRIGGER(UNIT(p));
if (trigger && !UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(trigger))) {
@@ -799,8 +804,28 @@ fail:
return 0;
}
-static void path_trigger_notify(Unit *u, Unit *other) {
+static void path_trigger_notify_impl(Unit *u, Unit *other, bool on_defer);
+
+static int path_trigger_notify_on_defer(sd_event_source *s, void *userdata) {
+ Path *p = ASSERT_PTR(userdata);
+ Unit *trigger;
+
+ assert(s);
+
+ trigger = UNIT_TRIGGER(UNIT(p));
+ if (!trigger) {
+ log_unit_error(UNIT(p), "Unit to trigger vanished.");
+ path_enter_dead(p, PATH_FAILURE_RESOURCES);
+ return 0;
+ }
+
+ path_trigger_notify_impl(UNIT(p), trigger, /* on_defer = */ true);
+ return 0;
+}
+
+static void path_trigger_notify_impl(Unit *u, Unit *other, bool on_defer) {
Path *p = PATH(u);
+ int r;
assert(u);
assert(other);
@@ -826,13 +851,46 @@ static void path_trigger_notify(Unit *u, Unit *other) {
if (p->state == PATH_RUNNING &&
UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other))) {
- log_unit_debug(UNIT(p), "Got notified about unit deactivation.");
- path_enter_waiting(p, false, true);
+ if (!on_defer)
+ log_unit_debug(u, "Got notified about unit deactivation.");
} else if (p->state == PATH_WAITING &&
!UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(other))) {
- log_unit_debug(UNIT(p), "Got notified about unit activation.");
- path_enter_waiting(p, false, true);
+ if (!on_defer)
+ log_unit_debug(u, "Got notified about unit activation.");
+ } else
+ return;
+
+ if (on_defer) {
+ path_enter_waiting(p, /* initial = */ false, /* from_trigger_notify = */ true);
+ return;
}
+
+ /* Do not call path_enter_waiting() directly from path_trigger_notify(), as this may be called by
+ * job_install() -> job_finish_and_invalidate() -> unit_trigger_notify(), and path_enter_waiting()
+ * may install another job and will trigger assertion in job_install().
+ * https://github.com/systemd/systemd/issues/24577#issuecomment-1522628906
+ * Hence, first setup defer event source here, and call path_enter_waiting() slightly later. */
+ if (p->trigger_notify_event_source) {
+ r = sd_event_source_set_enabled(p->trigger_notify_event_source, SD_EVENT_ONESHOT);
+ if (r < 0) {
+ log_unit_warning_errno(u, r, "Failed to enable event source for triggering notify: %m");
+ path_enter_dead(p, PATH_FAILURE_RESOURCES);
+ return;
+ }
+ } else {
+ r = sd_event_add_defer(u->manager->event, &p->trigger_notify_event_source, path_trigger_notify_on_defer, p);
+ if (r < 0) {
+ log_unit_warning_errno(u, r, "Failed to allocate event source for triggering notify: %m");
+ path_enter_dead(p, PATH_FAILURE_RESOURCES);
+ return;
+ }
+
+ (void) sd_event_source_set_description(p->trigger_notify_event_source, "path-trigger-notify");
+ }
+}
+
+static void path_trigger_notify(Unit *u, Unit *other) {
+ path_trigger_notify_impl(u, other, /* on_defer = */ false);
}
static void path_reset_failed(Unit *u) {
diff --git a/src/core/path.h b/src/core/path.h
index c76103cc12..cb5b662911 100644
--- a/src/core/path.h
+++ b/src/core/path.h
@@ -65,6 +65,8 @@ struct Path {
PathResult result;
RateLimit trigger_limit;
+
+ sd_event_source *trigger_notify_event_source;
};
struct ActivationDetailsPath {
--
2.39.1

43
backport-core-refuse-dbus-activation-if-dbus-is-not-running.patch
View File

@ -1,43 +0,0 @@
From 53964fd26b4a01191609ffc064aa8ccccd28e377 Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Tue, 9 May 2023 00:07:45 +0800
Subject: [PATCH] core: refuse dbus activation if dbus is not running
dbus-broker issues StartUnit directly for activation requests,
so let's add a check on bus state in bus_unit_queue_job to refuse
that if dbus is not running.
Replaces #27570
Closes #26799
---
src/core/dbus-unit.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
index c42ae5e..295e271 100644
--- a/src/core/dbus-unit.c
+++ b/src/core/dbus-unit.c
@@ -21,6 +21,7 @@
#include "path-util.h"
#include "process-util.h"
#include "selinux-access.h"
+#include "service.h"
#include "signal-util.h"
#include "special.h"
#include "string-table.h"
@@ -1880,6 +1881,12 @@ int bus_unit_queue_job(
(type == JOB_RELOAD_OR_START && job_type_collapse(type, u) == JOB_START && u->refuse_manual_start))
return sd_bus_error_setf(error, BUS_ERROR_ONLY_BY_DEPENDENCY, "Operation refused, unit %s may be requested by dependency only (it is configured to refuse manual start/stop).", u->id);
+ /* dbus-broker issues StartUnit for activation requests, so let's apply the same check
+ * used in signal_activation_request(). */
+ if (type == JOB_START && u->type == UNIT_SERVICE &&
+ SERVICE(u)->type == SERVICE_DBUS && !manager_dbus_is_running(u->manager))
+ return sd_bus_error_set(error, BUS_ERROR_SHUTTING_DOWN, "Refusing activation, D-Bus is not running.");
+
r = sd_bus_message_new_method_return(message, &reply);
if (r < 0)
return r;
--
2.33.0

44
backport-hostname-Make-sure-we-pass-error-to-bus_verify_polki.patch
View File

@ -1,44 +0,0 @@
From b56ee692334231f0312c2fd142b9f2a84da14ac9 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 24 Aug 2023 09:00:04 +0200
Subject: [PATCH] hostname: Make sure we pass error to
bus_verify_polkit_async()
Fixes #28943
Conflict:NA
Reference:https://github.com/systemd/systemd-stable/commit/b56ee692334231f0312c2fd142b9f2a84da14ac9
---
src/hostname/hostnamed.c | 2 +-
src/shared/bus-polkit.c | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/hostname/hostnamed.c b/src/hostname/hostnamed.c
index 9ef45f8e75..85904aabe9 100644
--- a/src/hostname/hostnamed.c
+++ b/src/hostname/hostnamed.c
@@ -1318,7 +1318,7 @@ static int method_describe(sd_bus_message *m, void *userdata, sd_bus_error *erro
false,
UID_INVALID,
&c->polkit_registry,
- NULL);
+ error);
if (r == 0)
return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
diff --git a/src/shared/bus-polkit.c b/src/shared/bus-polkit.c
index 3ff2726d4a..904b897984 100644
--- a/src/shared/bus-polkit.c
+++ b/src/shared/bus-polkit.c
@@ -480,6 +480,7 @@ int bus_verify_polkit_async(
assert(call);
assert(action);
assert(registry);
+ assert(ret_error);
r = check_good_user(call, good_user);
if (r != 0)
--
2.39.1

88
backport-journalctl-verify-that-old-entries-are-not-sealed-wi.patch
View File

@ -1,88 +0,0 @@
From 9627e6a72f9c5c336a285b11515bda49345e7bfe Mon Sep 17 00:00:00 2001
From: felixdoerre <felixdoerre@users.noreply.github.com>
Date: Fri, 6 Oct 2023 05:18:21 +0200
Subject: [PATCH] journalctl: verify that old entries are not sealed with too
recent key (#28885)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When verifying seals produced with forward secure sealing, the verification
currently does not check that old entries are only sealed with the key for
their epoch and not a more recent one. This missing check allows an attacker
to remove seals, and create new ones with the currently available key, and
verify will claim everything is in order, although all entries could have
been modified.
This resolves CVE-2023-31439.
Co-authored-by: Felix Dörre <felix.doerre@kit.edu>
(cherry picked from commit 3846d3aa292a6daa1916f667bdd79ebee9cb4ac4)
(cherry picked from commit ea67d4755b5d81a42a9013d6ce72c9cf7adb56b9)
(cherry picked from commit e140c1d10b04c757832adf2366ed6fbdfb2e92c9)
---
src/libsystemd/sd-journal/journal-verify.c | 26 ++++++++++++++++++++--
1 file changed, 24 insertions(+), 2 deletions(-)
diff --git a/src/libsystemd/sd-journal/journal-verify.c b/src/libsystemd/sd-journal/journal-verify.c
index ad4039dee0f..fe4465c5e65 100644
--- a/src/libsystemd/sd-journal/journal-verify.c
+++ b/src/libsystemd/sd-journal/journal-verify.c
@@ -820,6 +820,7 @@ int journal_file_verify(
uint64_t p = 0, last_epoch = 0, last_tag_realtime = 0, last_sealed_realtime = 0;
uint64_t entry_seqnum = 0, entry_monotonic = 0, entry_realtime = 0;
+ usec_t min_entry_realtime = USEC_INFINITY, max_entry_realtime = 0;
sd_id128_t entry_boot_id = {}; /* Unnecessary initialization to appease gcc */
bool entry_seqnum_set = false, entry_monotonic_set = false, entry_realtime_set = false, found_main_entry_array = false;
uint64_t n_objects = 0, n_entries = 0, n_data = 0, n_fields = 0, n_data_hash_tables = 0, n_field_hash_tables = 0, n_entry_arrays = 0, n_tags = 0;
@@ -1071,6 +1072,9 @@ int journal_file_verify(
entry_realtime = le64toh(o->entry.realtime);
entry_realtime_set = true;
+ max_entry_realtime = MAX(max_entry_realtime, le64toh(o->entry.realtime));
+ min_entry_realtime = MIN(min_entry_realtime, le64toh(o->entry.realtime));
+
n_entries++;
break;
@@ -1136,12 +1140,13 @@ int journal_file_verify(
#if HAVE_GCRYPT
if (JOURNAL_HEADER_SEALED(f->header)) {
- uint64_t q, rt;
+ uint64_t q, rt, rt_end;
debug(p, "Checking tag %"PRIu64"...", le64toh(o->tag.seqnum));
rt = f->fss_start_usec + le64toh(o->tag.epoch) * f->fss_interval_usec;
- if (entry_realtime_set && entry_realtime >= rt + f->fss_interval_usec) {
+ rt_end = usec_add(rt, f->fss_interval_usec);
+ if (entry_realtime_set && entry_realtime >= rt_end) {
error(p,
"tag/entry realtime timestamp out of synchronization (%"PRIu64" >= %"PRIu64")",
entry_realtime,
@@ -1149,6 +1154,23 @@ int journal_file_verify(
r = -EBADMSG;
goto fail;
}
+ if (max_entry_realtime >= rt_end) {
+ error(p,
+ "Entry realtime (%"PRIu64", %s) is too late with respect to tag (%"PRIu64", %s)",
+ max_entry_realtime, FORMAT_TIMESTAMP(max_entry_realtime),
+ rt_end, FORMAT_TIMESTAMP(rt_end));
+ r = -EBADMSG;
+ goto fail;
+ }
+ if (min_entry_realtime < rt) {
+ error(p,
+ "Entry realtime (%"PRIu64", %s) is too early with respect to tag (%"PRIu64", %s)",
+ min_entry_realtime, FORMAT_TIMESTAMP(min_entry_realtime),
+ rt, FORMAT_TIMESTAMP(rt));
+ r = -EBADMSG;
+ goto fail;
+ }
+ min_entry_realtime = USEC_INFINITY;
/* OK, now we know the epoch. So let's now set
* it, and calculate the HMAC for everything

66
backport-resolved-fix-use-of-ERRNO_IS_DISCONNECT.patch
View File

@ -1,66 +0,0 @@
From 0bdea17c0aa37c4cdf586c072a7b35f8d0598cc3 Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@strace.io>
Date: Fri, 7 Jul 2023 08:00:00 +0000
Subject: [PATCH] resolved: fix use of ERRNO_IS_DISCONNECT()
Given that ERRNO_IS_DISCONNECT() also matches positive values,
make sure this macro is not called with arguments that do not have
errno semantics.
In this case the argument passed to ERRNO_IS_DISCONNECT() is the value
returned by manager_recv() which can legitimately return 1 without errno
semantics, so fix this by moving ERRNO_IS_DISCONNECT() invocation to the
branch where the return value is known to be negative.
Conflict:NA
Reference:https://github.com/systemd/systemd-stable/commit/0bdea17c0aa37c4cdf586c072a7b35f8d0598cc3
---
src/resolve/resolved-dns-transaction.c | 27 ++++++++++++--------------
1 file changed, 12 insertions(+), 15 deletions(-)
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index a5293357c0..323786896b 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -1367,25 +1367,22 @@ static int on_dns_packet(sd_event_source *s, int fd, uint32_t revents, void *use
assert(t->scope);
r = manager_recv(t->scope->manager, fd, DNS_PROTOCOL_DNS, &p);
- if (ERRNO_IS_DISCONNECT(r)) {
- usec_t usec;
-
- /* UDP connection failures get reported via ICMP and then are possibly delivered to us on the
- * next recvmsg(). Treat this like a lost packet. */
+ if (r < 0) {
+ if (ERRNO_IS_DISCONNECT(r)) {
+ usec_t usec;
- log_debug_errno(r, "Connection failure for DNS UDP packet: %m");
- assert_se(sd_event_now(t->scope->manager->event, CLOCK_BOOTTIME, &usec) >= 0);
- dns_server_packet_lost(t->server, IPPROTO_UDP, t->current_feature_level);
+ /* UDP connection failures get reported via ICMP and then are possibly delivered to us on the
+ * next recvmsg(). Treat this like a lost packet. */
- dns_transaction_close_connection(t, /* use_graveyard = */ false);
+ log_debug_errno(r, "Connection failure for DNS UDP packet: %m");
+ assert_se(sd_event_now(t->scope->manager->event, CLOCK_BOOTTIME, &usec) >= 0);
+ dns_server_packet_lost(t->server, IPPROTO_UDP, t->current_feature_level);
- if (dns_transaction_limited_retry(t)) /* Try a different server */
- return 0;
+ dns_transaction_close_connection(t, /* use_graveyard = */ false);
- dns_transaction_complete_errno(t, r);
- return 0;
- }
- if (r < 0) {
+ if (dns_transaction_limited_retry(t)) /* Try a different server */
+ return 0;
+ }
dns_transaction_complete_errno(t, r);
return 0;
}
--
2.39.1

48
backport-rules-go-to-the-end-of-rules-indeed-when-dm-is-suspe.patch
View File

@ -1,48 +0,0 @@
From c1a2ada89708d6aeeada496712cb24a4a58e75cc Mon Sep 17 00:00:00 2001
From: janana <40876700+jiayi0118@users.noreply.github.com>
Date: Wed, 29 Nov 2023 11:36:52 +0800
Subject: [PATCH] rules: go to the end of rules indeed when dm is suspended
The previous patch 466266c does not make sense indeed, that is to say, if the SYSTEMD_READY is not recorded in the database, the GOTO="systemd_end" will not be applied.
The IMPORT{db} is actually a matching token, it returns false when there is no SYSTEMD_READY recorded in the database.
The previous patch 466266c tended to inherit the state of SYSTEMD_READY from the database and skip to the end of current rule file. But when the database does not contain SYSTEMD_READY, e.g., the dm-* is not set db_persistent during initrd and the database will be cleared after switching root, the following rules will still be applied not as expected.
---
rules.d/99-systemd.rules.in | 4 +++-
test/fuzz/fuzz-udev-rules/99-systemd.rules | 4 +++-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/rules.d/99-systemd.rules.in b/rules.d/99-systemd.rules.in
index 9bf02a705f..455a2368eb 100644
--- a/rules.d/99-systemd.rules.in
+++ b/rules.d/99-systemd.rules.in
@@ -19,7 +19,9 @@ SUBSYSTEM=="ubi", TAG+="systemd"
SUBSYSTEM=="block", TAG+="systemd"
# We can't make any conclusions about suspended DM devices so let's just import previous SYSTEMD_READY state and skip other rules
-SUBSYSTEM=="block", ENV{DM_SUSPENDED}=="1", IMPORT{db}="SYSTEMD_READY", GOTO="systemd_end"
+SUBSYSTEM=="block", ENV{DM_SUSPENDED}=="1", IMPORT{db}="SYSTEMD_READY"
+SUBSYSTEM=="block", ENV{DM_SUSPENDED}=="1", GOTO="systemd_end"
+
SUBSYSTEM=="block", ACTION=="add", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0"
# Ignore encrypted devices with no identified superblock on it, since
diff --git a/test/fuzz/fuzz-udev-rules/99-systemd.rules b/test/fuzz/fuzz-udev-rules/99-systemd.rules
index 278383b02c..5f29d709ae 100644
--- a/test/fuzz/fuzz-udev-rules/99-systemd.rules
+++ b/test/fuzz/fuzz-udev-rules/99-systemd.rules
@@ -17,7 +17,9 @@ SUBSYSTEM=="ubi", TAG+="systemd"
SUBSYSTEM=="block", TAG+="systemd"
# We can't make any conclusions about suspended DM devices so let's just import previous SYSTEMD_READY state and skip other rules
-SUBSYSTEM=="block", ENV{DM_SUSPENDED}=="1", IMPORT{db}="SYSTEMD_READY", GOTO="systemd_end"
+SUBSYSTEM=="block", ENV{DM_SUSPENDED}=="1", IMPORT{db}="SYSTEMD_READY"
+SUBSYSTEM=="block", ENV{DM_SUSPENDED}=="1", GOTO="systemd_end"
+
SUBSYSTEM=="block", ACTION=="add", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0"
# Ignore encrypted devices with no identified superblock on it, since
--
2.33.0

49
backport-sd-bus-fix-use-of-ERRNO_IS_DISCONNECT.patch
View File

@ -1,49 +0,0 @@
From bb228f0ebc9b691ee2a871bffbf949936568f3ea Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@strace.io>
Date: Fri, 7 Jul 2023 08:00:00 +0000
Subject: [PATCH] sd-bus: fix use of ERRNO_IS_DISCONNECT()
Given that ERRNO_IS_DISCONNECT() also matches positive values,
make sure this macro is not called with arguments that do not have
errno semantics.
In this case the argument passed to ERRNO_IS_DISCONNECT() is the value
returned by bus_socket_process_watch_bind(), bus_socket_process_opening(),
and bus_socket_process_authenticating() which can legitimately return
positive values without errno semantics, so fix this by moving the
ERRNO_IS_DISCONNECT() invocation to the branch where the return value
is known to be negative.
Conflict:NA
Reference:https://github.com/systemd/systemd-stable/commit/bb228f0ebc9b691ee2a871bffbf949936568f3ea
---
src/libsystemd/sd-bus/sd-bus.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c
index 2758309ac5..a250e7b81a 100644
--- a/src/libsystemd/sd-bus/sd-bus.c
+++ b/src/libsystemd/sd-bus/sd-bus.c
@@ -3284,11 +3284,13 @@ static int bus_process_internal(sd_bus *bus, sd_bus_message **ret) {
assert_not_reached();
}
- if (ERRNO_IS_DISCONNECT(r)) {
- bus_enter_closing(bus);
- r = 1;
- } else if (r < 0)
- return r;
+ if (r < 0) {
+ if (ERRNO_IS_DISCONNECT(r)) {
+ bus_enter_closing(bus);
+ r = 1;
+ } else
+ return r;
+ }
if (ret)
*ret = NULL;
--
2.39.1

59
backport-sd-event-always-initialize-sd_event.perturb.patch
View File

@ -1,59 +0,0 @@
From f1a8b69808777aff37c036fd94a0275873d12407 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 23 Feb 2023 07:31:01 +0900
Subject: [PATCH] sd-event: always initialize sd_event.perturb
If the boot ID cannot be obtained, let's first fallback to the machine
ID, and if still cannot, then let's use 0.
Otherwise, no timer event source cannot be triggered.
Fixes #26549.
(cherry picked from commit 6d2326e036ceed30f9ccdb0266713c10a44dcf6c)
(cherry picked from commit 58c821af607b61738b7b72ad1452e70f648689a6)
(cherry picked from commit 78976199b2e016600c3f7cf8f39747c9ef6c853b)
(cherry picked from commit ac04d804c30f519918866fb4eeb3bc4a9cbadd43)
---
src/libsystemd/sd-event/sd-event.c | 21 ++++++++++-----------
1 file changed, 10 insertions(+), 11 deletions(-)
diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
index 89accdce00..37565b17be 100644
--- a/src/libsystemd/sd-event/sd-event.c
+++ b/src/libsystemd/sd-event/sd-event.c
@@ -1126,22 +1126,21 @@ _public_ int sd_event_add_io(
}
static void initialize_perturb(sd_event *e) {
- sd_id128_t bootid = {};
+ sd_id128_t id = {};
- /* When we sleep for longer, we try to realign the wakeup to
- the same time within each minute/second/250ms, so that
- events all across the system can be coalesced into a single
- CPU wakeup. However, let's take some system-specific
- randomness for this value, so that in a network of systems
- with synced clocks timer events are distributed a
- bit. Here, we calculate a perturbation usec offset from the
- boot ID. */
+ /* When we sleep for longer, we try to realign the wakeup to the same time within each
+ * minute/second/250ms, so that events all across the system can be coalesced into a single CPU
+ * wakeup. However, let's take some system-specific randomness for this value, so that in a network
+ * of systems with synced clocks timer events are distributed a bit. Here, we calculate a
+ * perturbation usec offset from the boot ID (or machine ID if failed, e.g. /proc is not mounted). */
if (_likely_(e->perturb != USEC_INFINITY))
return;
- if (sd_id128_get_boot(&bootid) >= 0)
- e->perturb = (bootid.qwords[0] ^ bootid.qwords[1]) % USEC_PER_MINUTE;
+ if (sd_id128_get_boot(&id) >= 0 || sd_id128_get_machine(&id) > 0)
+ e->perturb = (id.qwords[0] ^ id.qwords[1]) % USEC_PER_MINUTE;
+ else
+ e->perturb = 0; /* This is a super early process without /proc and /etc ?? */
}
static int event_setup_timer_fd(
--
2.33.0

31
backport-sd-event-fix-error-handling.patch
View File

@ -1,31 +0,0 @@
From 056fbe84ef67168adcaf41baa37de1b712f6fb74 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 23 Feb 2023 07:31:01 +0900
Subject: [PATCH] sd-event: fix error handling
Follow-up for 6d2326e036ceed30f9ccdb0266713c10a44dcf6c.
(cherry picked from commit 1912f790fee9e0182acd77b77496f500094a140d)
(cherry picked from commit a719c2ec2f410f8b979cec04dcdac9af470ee52b)
(cherry picked from commit dd6561ff3e12314d41954b7ea8e3627101931a18)
(cherry picked from commit 8be4af42044969bc268b32ffe9570cee733fecf6)
---
src/libsystemd/sd-event/sd-event.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
index 37565b17be..df4d9037ac 100644
--- a/src/libsystemd/sd-event/sd-event.c
+++ b/src/libsystemd/sd-event/sd-event.c
@@ -1137,7 +1137,7 @@ static void initialize_perturb(sd_event *e) {
if (_likely_(e->perturb != USEC_INFINITY))
return;
- if (sd_id128_get_boot(&id) >= 0 || sd_id128_get_machine(&id) > 0)
+ if (sd_id128_get_boot(&id) >= 0 || sd_id128_get_machine(&id) >= 0)
e->perturb = (id.qwords[0] ^ id.qwords[1]) % USEC_PER_MINUTE;
else
e->perturb = 0; /* This is a super early process without /proc and /etc ?? */
--
2.33.0

44
backport-socket-fix-use-of-ERRNO_IS_DISCONNECT.patch
View File

@ -1,44 +0,0 @@
From d5f8890bbf375075c7042b31ff6e79ad491df04c Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@strace.io>
Date: Fri, 7 Jul 2023 08:00:00 +0000
Subject: [PATCH] socket: fix use of ERRNO_IS_DISCONNECT()
Given that ERRNO_IS_DISCONNECT() also matches positive values,
make sure this macro is not called with arguments that do not have
errno semantics.
In this case the argument passed to ERRNO_IS_DISCONNECT() is the value
returned by socket_acquire_peer() which can legitimately return 1
without errno semantics, so fix this by moving ERRNO_IS_DISCONNECT()
invocation to the branch where the return value is known to be negative.
Conflict:NA
Reference:https://github.com/systemd/systemd-stable/commit/d5f8890bbf375075c7042b31ff6e79ad491df04c
---
src/core/socket.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/core/socket.c b/src/core/socket.c
index d72194f20b..03b8cbd164 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -2358,10 +2358,12 @@ static void socket_enter_running(Socket *s, int cfd_in) {
if (s->max_connections_per_source > 0) {
r = socket_acquire_peer(s, cfd, &p);
- if (ERRNO_IS_DISCONNECT(r))
- return;
- if (r < 0) /* We didn't have enough resources to acquire peer information, let's fail. */
+ if (r < 0) {
+ if (ERRNO_IS_DISCONNECT(r))
+ return;
+ /* We didn't have enough resources to acquire peer information, let's fail. */
goto fail;
+ }
if (r > 0 && p->n_ref > s->max_connections_per_source) {
_cleanup_free_ char *t = NULL;
--
2.39.1

33
backport-udev-builtin-net_id-fix-potential-buffer-overflow.patch
View File

@ -1,33 +0,0 @@
From 5660e68d651545b43e13a51b068e64022637a6c6 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 28 Sep 2022 18:09:29 +0900
Subject: [PATCH] udev-builtin-net_id: fix potential buffer overflow
Conflict:NA
Reference:https://github.com/systemd/systemd-stable/commit/5660e68d651545b43e13a51b068e64022637a6c6
---
src/udev/udev-builtin-net_id.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/udev/udev-builtin-net_id.c b/src/udev/udev-builtin-net_id.c
index 4936ba518a..d1f343573d 100644
--- a/src/udev/udev-builtin-net_id.c
+++ b/src/udev/udev-builtin-net_id.c
@@ -948,11 +948,11 @@ static int names_usb(sd_device *dev, NetNames *names) {
/* append USB config number, suppress the common config == 1 */
if (!streq(config, "1"))
- l = strpcpyl(&s, sizeof(names->usb_ports), "c", config, NULL);
+ l = strpcpyl(&s, l, "c", config, NULL);
/* append USB interface number, suppress the interface == 0 */
if (!streq(interf, "0"))
- l = strpcpyl(&s, sizeof(names->usb_ports), "i", interf, NULL);
+ l = strpcpyl(&s, l, "i", interf, NULL);
if (l == 0)
return log_device_debug_errno(dev, SYNTHETIC_ERRNO(ENAMETOOLONG),
"Generated USB name would be too long.");
--
2.39.1

47
backport-udev-raise-RLIMIT_NOFILE-as-high-as-we-can.patch
View File

@ -1,47 +0,0 @@
From 1617424ce76d797d081dd6cb1082b954c4d2bf38 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 26 Sep 2023 09:52:05 +0200
Subject: [PATCH] udev: raise RLIMIT_NOFILE as high as we can
We might need a lot of fds on large systems, hence raise RLIMIT_NOFILE
to what the service manager allows us, which is quite a lot these days.
udev already sets FORK_RLIMIT_NOFILE_SAFE when forking of chilren, thus
ensuring that forked off processes get their RLIMIT_NOFILE soft limit
reset to 1K for compat with crappy old select().
Replaces: #29298
Fixes: #28583
Conflict:code context adaptation
Reference:https://github.com/systemd/systemd-stable/commit/1617424ce76d797d081dd6cb1082b954c4d2bf38
---
src/udev/udevd.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/udev/udevd.c b/src/udev/udevd.c
index 257336aec6..2ed4282253 100644
--- a/src/udev/udevd.c
+++ b/src/udev/udevd.c
@@ -18,6 +18,7 @@
#include "pretty-print.h"
#include "proc-cmdline.h"
#include "process-util.h"
+#include "rlimit-util.h"
#include "selinux-util.h"
#include "signal-util.h"
#include "socket-util.h"
@@ -365,6 +366,9 @@ int run_udevd(int argc, char *argv[]) {
if (r < 0)
return r;
+ /* Make sure we can have plenty fds (for example for pidfds) */
+ (void) rlimit_nofile_bump(-1);
+
r = RET_NERRNO(mkdir("/run/udev", 0755));
if (r < 0 && r != -EEXIST)
return log_error_errno(r, "Failed to create /run/udev: %m");
--
2.39.1

35
backport-units-modprobe-.service-don-t-unescape-instance-name.patch
View File

@ -1,35 +0,0 @@
From 540b3c5d53f7b5889247e9cb4aea62d3983a48b8 Mon Sep 17 00:00:00 2001
From: Martin Wilck <mwilck@suse.com>
Date: Fri, 20 Oct 2023 16:25:15 +0200
Subject: [PATCH] units: modprobe@.service: don't unescape instance name
modprobe treats "-" and "_" interchangeably, thereby avoiding frequent
errors because some module names contain dashes and others underscores.
Because modprobe@.service unescapes the instance name, an attempt to
start "modprobe@dm-crypt.service" will run "modprobe -abq dm/crypt",
which is doomed to fail. "modprobe@dm_crypt.service" will work as
expected. Thus unescaping the instance name has surprising side effects.
Use "%i" instead.
(cherry picked from commit bf25cf6c49253e922524dfa0e7960f554838f18b)
(cherry picked from commit c98d0130dc8efd826cd85020337353cdbe644bb4)
(cherry picked from commit 6d5eba0814e7dfc15ebb68ca5afdabab214c9da6)
---
units/modprobe@.service | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/units/modprobe@.service b/units/modprobe@.service
index 85a2c08dee..fe631fffeb 100644
--- a/units/modprobe@.service
+++ b/units/modprobe@.service
@@ -17,4 +17,4 @@ StartLimitIntervalSec=0
[Service]
Type=oneshot
-ExecStart=-/sbin/modprobe -abq %I
+ExecStart=-/sbin/modprobe -abq %i
--
2.33.0

22
bugfix-also-stop-machine-when-a-machine-un.patch
View File

@ -24,10 +24,10 @@ Change-Id: I80e3c32832f4ecf08b6cb149735978730ce1d1c0
3 files changed, 72 insertions(+), 1 deletion(-)
diff --git a/src/machine/machine.c b/src/machine/machine.c
index c08a645..02fd9f7 100644
index 44ff5c1..2519fd7 100644
--- a/src/machine/machine.c
+++ b/src/machine/machine.c
@@ -32,6 +32,7 @@
@@ -34,6 +34,7 @@
#include "tmpfile-util.h"
#include "unit-name.h"
#include "user-util.h"
@ -35,7 +35,7 @@ index c08a645..02fd9f7 100644
DEFINE_TRIVIAL_CLEANUP_FUNC(Machine*, machine_free);
@@ -520,6 +521,40 @@ int machine_finalize(Machine *m) {
@@ -534,6 +535,40 @@ int machine_finalize(Machine *m) {
return 0;
}
@ -44,7 +44,7 @@ index c08a645..02fd9f7 100644
+ _cleanup_free_ char *unit = NULL;
+ _cleanup_free_ char *cgroup = NULL;
+
+ r = cg_pid_get_unit(m->leader, &unit);
+ r = cg_pid_get_unit(m->leader.pid, &unit);
+ if (!r && streq(m->unit, unit))
+ return true;
+
@ -53,19 +53,19 @@ index c08a645..02fd9f7 100644
+ * so we don't return true here, otherwise the vm will be added to the gc list.
+ * */
+ log_info("Machine unit is in active, but the leader process is exited. "
+ "machine: %s, leader: "PID_FMT", unit: %s.", m->name, m->leader, m->unit);
+ "machine: %s, leader: "PID_FMT", unit: %s.", m->name, m->leader.pid, m->unit);
+ } else if (r) {
+ log_info_errno(r, "Can not get unit from cgroup. "
+ "machine: %s, leader: "PID_FMT", unit: %s, error: %m", m->name, m->leader, m->unit);
+ "machine: %s, leader: "PID_FMT", unit: %s, error: %m", m->name, m->leader.pid, m->unit);
+ } else if (unit && !streq(m->unit, unit)) {
+ log_info("Machine unit name not match. "
+ "machine: %s, leader: "PID_FMT", machine unit: %s, real unit: %s", m->name, m->leader, m->unit, unit);
+ "machine: %s, leader: "PID_FMT", machine unit: %s, real unit: %s", m->name, m->leader.pid, m->unit, unit);
+ }
+
+ r = manager_get_unit_cgroup_path(m->manager, m->unit, &cgroup);
+ if (!r && !isempty(cgroup) && cg_is_empty_recursive(SYSTEMD_CGROUP_CONTROLLER, cgroup) > 0) {
+ log_info("Cgroup is empty in the machine unit. "
+ "machine: %s, leader: "PID_FMT", machine unit: %s.", m->name, m->leader, m->unit);
+ "machine: %s, leader: "PID_FMT", machine unit: %s.", m->name, m->leader.pid, m->unit);
+ /*The vm will be added to gc list only when there is no any process in the scope*/
+ return false;
+ }
@ -76,7 +76,7 @@ index c08a645..02fd9f7 100644
bool machine_may_gc(Machine *m, bool drop_not_started) {
assert(m);
@@ -532,7 +567,7 @@ bool machine_may_gc(Machine *m, bool drop_not_started) {
@@ -546,7 +581,7 @@ bool machine_may_gc(Machine *m, bool drop_not_started) {
if (m->scope_job && manager_job_is_active(m->manager, m->scope_job))
return false;
@ -86,10 +86,10 @@ index c08a645..02fd9f7 100644
return true;
diff --git a/src/machine/machined-dbus.c b/src/machine/machined-dbus.c
index 0c157a9..10d370f 100644
index 9fec047..938f42b 100644
--- a/src/machine/machined-dbus.c
+++ b/src/machine/machined-dbus.c
@@ -1509,3 +1509,38 @@ int manager_add_machine(Manager *m, const char *name, Machine **_machine) {
@@ -1514,3 +1514,38 @@ int manager_add_machine(Manager *m, const char *name, Machine **_machine) {
return 0;
}

92
core-add-OptionalLog-to-allow-users-change-log-level.patch
View File

@ -4,22 +4,22 @@ Date: Fri, 15 Apr 2022 09:28:15 +0800
Subject: [PATCH] core: add OptionalLog to allow users change log level.
This adds log_optional* log_unit_optional* to log messages in LOG_INFO
or LOG_DEBUG. Set "OptionalLog=yes" to log in LOG_INFO. Defaults to no.
---
src/basic/log.h | 2 ++
src/core/dbus-manager.c | 1 +
src/core/main.c | 4 ++++
src/core/main.c | 1 +
src/core/manager.c | 2 ++
src/core/manager.h | 1 +
src/core/mount.c | 2 +-
src/core/system.conf.in | 1 +
src/core/unit.h | 2 ++
7 files changed, 12 insertions(+), 1 deletion(-)
8 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/src/basic/log.h b/src/basic/log.h
index f73d4c4..d341681 100644
index 9008d47..bf6aa8e 100644
--- a/src/basic/log.h
+++ b/src/basic/log.h
@@ -243,6 +243,7 @@ int log_emergency_level(void);
@@ -245,6 +245,7 @@ int log_emergency_level(void);
#define log_warning(...) log_full(LOG_WARNING, __VA_ARGS__)
#define log_error(...) log_full(LOG_ERR, __VA_ARGS__)
#define log_emergency(...) log_full(log_emergency_level(), __VA_ARGS__)
@ -27,7 +27,7 @@ index f73d4c4..d341681 100644
/* Logging triggered by an errno-like error */
#define log_debug_errno(error, ...) log_full_errno(LOG_DEBUG, error, __VA_ARGS__)
@@ -251,6 +252,7 @@ int log_emergency_level(void);
@@ -253,6 +254,7 @@ int log_emergency_level(void);
#define log_warning_errno(error, ...) log_full_errno(LOG_WARNING, error, __VA_ARGS__)
#define log_error_errno(error, ...) log_full_errno(LOG_ERR, error, __VA_ARGS__)
#define log_emergency_errno(error, ...) log_full_errno(log_emergency_level(), error, __VA_ARGS__)
@ -36,83 +36,79 @@ index f73d4c4..d341681 100644
/* This logs at the specified level the first time it is called, and then
* logs at debug. If the specified level is debug, this logs only the first
diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
index 7e57a32..9ca392b 100644
index 0f9d4e8..a644e86 100644
--- a/src/core/dbus-manager.c
+++ b/src/core/dbus-manager.c
@@ -2870,6 +2870,7 @@ const sd_bus_vtable bus_manager_vtable[] = {
@@ -2963,6 +2963,7 @@ const sd_bus_vtable bus_manager_vtable[] = {
BUS_PROPERTY_DUAL_TIMESTAMP("InitRDUnitsLoadFinishTimestamp", offsetof(Manager, timestamps[MANAGER_TIMESTAMP_INITRD_UNITS_LOAD_FINISH]), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_WRITABLE_PROPERTY("LogLevel", "s", bus_property_get_log_level, property_set_log_level, 0, 0),
SD_BUS_WRITABLE_PROPERTY("LogTarget", "s", bus_property_get_log_target, property_set_log_target, 0, 0),
+ SD_BUS_PROPERTY("OptionalLog", "b", bus_property_get_bool, offsetof(Manager, optional_log), SD_BUS_VTABLE_PROPERTY_CONST),
+ SD_BUS_PROPERTY("OptionalLog", "b", bus_property_get_bool, offsetof(Manager, defaults.optional_log), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("NNames", "u", property_get_hashmap_size, offsetof(Manager, units), 0),
SD_BUS_PROPERTY("NFailedUnits", "u", property_get_set_size, offsetof(Manager, failed_units), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
SD_BUS_PROPERTY("NJobs", "u", property_get_hashmap_size, offsetof(Manager, jobs), 0),
diff --git a/src/core/main.c b/src/core/main.c
index eaae658..809ed76 100644
index 96b0a11..c4379cf 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -119,6 +119,7 @@ static const char *arg_bus_introspect = NULL;
* defaults are assigned in reset_arguments() below. */
static char *arg_default_unit;
static bool arg_system;
+static bool arg_optional_log;
bool arg_dump_core;
int arg_crash_chvt;
bool arg_crash_shell;
@@ -626,6 +627,7 @@ static int parse_config_file(void) {
@@ -617,6 +617,7 @@ static int parse_config_file(void) {
{ "Manager", "LogColor", config_parse_color, 0, NULL },
{ "Manager", "LogLocation", config_parse_location, 0, NULL },
{ "Manager", "LogTime", config_parse_time, 0, NULL },
+ { "Manager", "OptionalLog", config_parse_bool, 0, &arg_optional_log },
+ { "Manager", "OptionalLog", config_parse_bool, 0, &arg_defaults.optional_log },
{ "Manager", "DumpCore", config_parse_bool, 0, &arg_dump_core },
{ "Manager", "CrashChVT", /* legacy */ config_parse_crash_chvt, 0, &arg_crash_chvt },
{ "Manager", "CrashChangeVT", config_parse_crash_chvt, 0, &arg_crash_chvt },
@@ -745,6 +747,7 @@ static void set_manager_defaults(Manager *m) {
* affect the manager itself, but are just what newly allocated units will have set if they haven't set
* anything else. (Also see set_manager_settings() for the settings that affect the manager's own behaviour) */
diff --git a/src/core/manager.c b/src/core/manager.c
index 3d14ea1..59170af 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -4200,6 +4200,7 @@ int manager_set_unit_defaults(Manager *m, const UnitDefaults *defaults) {
m->defaults.ip_accounting = defaults->ip_accounting;
+ m->optional_log = arg_optional_log;
m->default_timer_accuracy_usec = arg_default_timer_accuracy_usec;
m->default_std_output = arg_default_std_output;
m->default_std_error = arg_default_std_error;
@@ -2423,6 +2426,7 @@ static void reset_arguments(void) {
m->defaults.tasks_max = defaults->tasks_max;
+ m->defaults.optional_log = defaults->optional_log;
m->defaults.timer_accuracy_usec = defaults->timer_accuracy_usec;
/* arg_system — ignore */
m->defaults.oom_policy = defaults->oom_policy;
@@ -4971,6 +4972,7 @@ void unit_defaults_init(UnitDefaults *defaults, RuntimeScope scope) {
.ip_accounting = false,
+ arg_optional_log = false;
arg_dump_core = true;
arg_crash_chvt = -1;
arg_crash_shell = false;
.tasks_max = DEFAULT_TASKS_MAX,
+ .optional_log = false,
.timer_accuracy_usec = 1 * USEC_PER_MINUTE,
.memory_pressure_watch = CGROUP_PRESSURE_WATCH_AUTO,
diff --git a/src/core/manager.h b/src/core/manager.h
index d3f6aa2..814421f 100644
index 93e9d2a..6dd1a18 100644
--- a/src/core/manager.h
+++ b/src/core/manager.h
@@ -385,6 +385,7 @@ struct Manager {
LogTarget original_log_target;
bool log_level_overridden;
bool log_target_overridden;
@@ -181,6 +181,7 @@ typedef struct UnitDefaults {
usec_t memory_pressure_threshold_usec;
char *smack_process_label;
+ bool optional_log;
struct rlimit *rlimit[_RLIMIT_MAX];
} UnitDefaults;
diff --git a/src/core/mount.c b/src/core/mount.c
index af0eae6..3751cb4 100644
index 52bd53e..26cade1 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -756,7 +756,7 @@ static void mount_set_state(Mount *m, MountState state) {
@@ -781,7 +781,7 @@ static void mount_set_state(Mount *m, MountState state) {
}
if (state != old_state)
- log_unit_debug(UNIT(m), "Changed %s -> %s", mount_state_to_string(old_state), mount_state_to_string(state));
+ log_unit_optional(UNIT(m), UNIT(m)->manager->optional_log, "Changed %s -> %s", mount_state_to_string(old_state), mount_state_to_string(state));
+ log_unit_optional(UNIT(m), UNIT(m)->manager->defaults.optional_log, "Changed %s -> %s", mount_state_to_string(old_state), mount_state_to_string(state));
unit_notify(UNIT(m), state_translation_table[old_state], state_translation_table[state],
m->reload_result == MOUNT_SUCCESS ? 0 : UNIT_NOTIFY_RELOAD_FAILURE);
unit_notify(UNIT(m), state_translation_table[old_state], state_translation_table[state], m->reload_result == MOUNT_SUCCESS);
}
diff --git a/src/core/system.conf.in b/src/core/system.conf.in
index 066a9a7..564d146 100644
index dbdc47c..a55106c 100644
--- a/src/core/system.conf.in
+++ b/src/core/system.conf.in
@@ -20,6 +20,7 @@
@@ -22,6 +22,7 @@
#LogColor=yes
#LogLocation=no
#LogTime=no
@ -121,10 +117,10 @@ index 066a9a7..564d146 100644
#ShowStatus=yes
#CrashChangeVT=no
diff --git a/src/core/unit.h b/src/core/unit.h
index 58417eb..cc65d93 100644
index 60bc2e3..afa4387 100644
--- a/src/core/unit.h
+++ b/src/core/unit.h
@@ -1097,12 +1097,14 @@ Condition *unit_find_failed_condition(Unit *u);
@@ -1132,12 +1132,14 @@ int unit_compare_priority(Unit *a, Unit *b);
#define log_unit_notice(unit, ...) log_unit_full(unit, LOG_NOTICE, __VA_ARGS__)
#define log_unit_warning(unit, ...) log_unit_full(unit, LOG_WARNING, __VA_ARGS__)
#define log_unit_error(unit, ...) log_unit_full(unit, LOG_ERR, __VA_ARGS__)

112
core-add-invalidate-cgroup-config.patch
View File

@ -1,8 +1,8 @@
From d56b3978bbcd28246b3e3ce3f8c958ac95785dd7 Mon Sep 17 00:00:00 2001
From: fangxiuning <fangxiuning@huawei.com>
Date: Wed, 22 Apr 2020 11:55:18 +0800
Subject:
After systemd 239 version, a new feature is added to cgroups.
Subject:
After systemd 239 version, a new feature is added to cgroups.
The processes started by users default to the cgroup group belonging
to user.slice, and the processes started by the system default to
system.slice. This is the direction of github systemd evolution.
@ -21,98 +21,82 @@ is executed, systemd will re-attach each process to its original
Under the group(user.slice).
---
src/core/main.c | 4 ++++
src/core/manager.c | 1 +
src/core/main.c | 1 +
src/core/manager.c | 2 ++
src/core/manager.h | 1 +
src/core/system.conf.in | 1 +
src/core/unit-serialize.c | 2 +-
5 files changed, 8 insertions(+), 1 deletion(-)
5 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/core/main.c b/src/core/main.c
index 500691a..c6638a0 100644
index e9f56fa..964adb5 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -166,6 +166,7 @@ static bool arg_default_cpuset_accounting;
static bool arg_default_freezer_accounting;
static bool arg_default_tasks_accounting;
static TasksMax arg_default_tasks_max;
+static bool arg_default_invalidate_cgroup;
static sd_id128_t arg_machine_id;
static EmergencyAction arg_cad_burst_action;
static OOMPolicy arg_default_oom_policy;
@@ -692,6 +693,7 @@ static int parse_config_file(void) {
{ "Manager", "DefaultFreezerAccounting", config_parse_bool, 0, &arg_default_freezer_accounting },
{ "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_default_tasks_accounting },
{ "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_default_tasks_max },
+ { "Manager", "DefaultInvalidateCgroup", config_parse_bool, 0, &arg_default_invalidate_cgroup },
{ "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, arg_system, &arg_cad_burst_action },
{ "Manager", "DefaultOOMPolicy", config_parse_oom_policy, 0, &arg_default_oom_policy },
{ "Manager", "DefaultOOMScoreAdjust", config_parse_oom_score_adjust, 0, NULL },
@@ -778,6 +780,7 @@ static void set_manager_defaults(Manager *m) {
m->default_freezer_accounting = arg_default_freezer_accounting;
m->default_tasks_accounting = arg_default_tasks_accounting;
m->default_tasks_max = arg_default_tasks_max;
+ m->default_invalidate_cgroup = arg_default_invalidate_cgroup;
m->default_oom_policy = arg_default_oom_policy;
m->default_oom_score_adjust_set = arg_default_oom_score_adjust_set;
m->default_oom_score_adjust = arg_default_oom_score_adjust;
@@ -2500,6 +2503,7 @@ static void reset_arguments(void) {
arg_default_freezer_accounting = false;
arg_default_tasks_accounting = true;
arg_default_tasks_max = DEFAULT_TASKS_MAX;
+ arg_default_invalidate_cgroup = true;
arg_machine_id = (sd_id128_t) {};
arg_cad_burst_action = EMERGENCY_ACTION_REBOOT_FORCE;
arg_default_oom_policy = OOM_STOP;
@@ -684,6 +684,7 @@ static int parse_config_file(void) {
{ "Manager", "DefaultFreezerAccounting", config_parse_bool, 0, &arg_defaults.freezer_accounting },
{ "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_defaults.tasks_accounting },
{ "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_defaults.tasks_max },
+ { "Manager", "DefaultInvalidateCgroup", config_parse_bool, 0, &arg_defaults.invalidate_cgroup },
{ "Manager", "DefaultMemoryPressureThresholdSec", config_parse_sec, 0, &arg_defaults.memory_pressure_threshold_usec },
{ "Manager", "DefaultMemoryPressureWatch", config_parse_memory_pressure_watch, 0, &arg_defaults.memory_pressure_watch },
{ "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, arg_runtime_scope, &arg_cad_burst_action },
diff --git a/src/core/manager.c b/src/core/manager.c
index 4fa20f8..1a5dcd8 100644
index 59170af..57dd3d1 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -837,6 +837,7 @@ int manager_new(LookupScope scope, ManagerTestRunFlags test_run_flags, Manager *
.default_cpuset_accounting = false,
.default_tasks_accounting = true,
.default_tasks_max = TASKS_MAX_UNSET,
+ .default_invalidate_cgroup = true,
.default_timeout_start_usec = manager_default_timeout(scope == LOOKUP_SCOPE_SYSTEM),
.default_timeout_stop_usec = manager_default_timeout(scope == LOOKUP_SCOPE_SYSTEM),
.default_restart_usec = DEFAULT_RESTART_USEC,
@@ -4200,6 +4200,7 @@ int manager_set_unit_defaults(Manager *m, const UnitDefaults *defaults) {
m->defaults.ip_accounting = defaults->ip_accounting;
m->defaults.tasks_max = defaults->tasks_max;
+ m->defaults.invalidate_cgroup = defaults->invalidate_cgroup;
m->defaults.optional_log = defaults->optional_log;
m->defaults.timer_accuracy_usec = defaults->timer_accuracy_usec;
@@ -4969,6 +4970,7 @@ void unit_defaults_init(UnitDefaults *defaults, RuntimeScope scope) {
.io_accounting = false,
.blockio_accounting = false,
.tasks_accounting = true,
+ .invalidate_cgroup = true,
.ip_accounting = false,
.tasks_max = DEFAULT_TASKS_MAX,
diff --git a/src/core/manager.h b/src/core/manager.h
index 9e391b1..ea95efe 100644
index 3c954af..0c9a2ea 100644
--- a/src/core/manager.h
+++ b/src/core/manager.h
@@ -377,6 +377,7 @@ struct Manager {
TasksMax default_tasks_max;
usec_t default_timer_accuracy_usec;
+ bool default_invalidate_cgroup;
OOMPolicy default_oom_policy;
int default_oom_score_adjust;
@@ -173,6 +173,7 @@ typedef struct UnitDefaults {
CGroupTasksMax tasks_max;
usec_t timer_accuracy_usec;
+ bool invalidate_cgroup;
OOMPolicy oom_policy;
int oom_score_adjust;
diff --git a/src/core/system.conf.in b/src/core/system.conf.in
index 564d146..11936cd 100644
index a55106c..f48452d 100644
--- a/src/core/system.conf.in
+++ b/src/core/system.conf.in
@@ -76,6 +76,7 @@ DefaultLimitMEMLOCK=64M
@@ -78,6 +78,7 @@ DefaultLimitMEMLOCK=64M
#DefaultLimitNICE=
#DefaultLimitRTPRIO=
#DefaultLimitRTTIME=
+#DefaultInvalidateCgroup=yes
#DefaultMemoryPressureThresholdSec=200ms
#DefaultMemoryPressureWatch=auto
#DefaultOOMPolicy=stop
DefaultDFXReboot=yes
#DefaultSmackProcessLabel=
diff --git a/src/core/unit-serialize.c b/src/core/unit-serialize.c
index 21457dc..0398ec8 100644
index fe4221c..091e7b6 100644
--- a/src/core/unit-serialize.c
+++ b/src/core/unit-serialize.c
@@ -548,7 +548,7 @@ int unit_deserialize(Unit *u, FILE *f, FDSet *fds) {
@@ -574,7 +574,7 @@ int unit_deserialize_state(Unit *u, FILE *f, FDSet *fds) {
/* Let's make sure that everything that is deserialized also gets any potential new cgroup settings
* applied after we are done. For that we invalidate anything already realized, so that we can
* realize it again. */
- if (u->cgroup_realized) {
+ if (u->cgroup_realized && u->manager->default_invalidate_cgroup) {
+ if (u->cgroup_realized && u->manager->defaults.invalidate_cgroup) {
unit_invalidate_cgroup(u, _CGROUP_MASK_ALL);
unit_invalidate_cgroup_bpf(u);
}
--
--
2.33.0

412
core-cgroup-support-cpuset.patch
View File

@ -13,11 +13,12 @@ This patch add support for cpuset subsystem.
src/core/cgroup.h | 14 ++-
src/core/dbus-cgroup.c | 60 ++++++++--
src/core/dbus-manager.c | 1 +
src/core/execute-serialize.c | 44 +++----
src/core/load-fragment-gperf.gperf.in | 13 +-
src/core/load-fragment.c | 69 +++++++++++
src/core/load-fragment.h | 1 +
src/core/main.c | 4 +
src/core/manager.c | 1 +
src/core/main.c | 1 +
src/core/manager.c | 2 +
src/core/manager.h | 1 +
src/core/system.conf.in | 1 +
src/core/unit.c | 1 +
@ -25,13 +26,13 @@ This patch add support for cpuset subsystem.
src/shared/cpu-set-util.c | 1 +
src/test/test-cgroup-mask.c | 5 +-
.../fuzz-unit-file/directives-all.service | 5 +
20 files changed, 309 insertions(+), 51 deletions(-)
21 files changed, 329 insertions(+), 73 deletions(-)
diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
index feda596..1bb07f7 100644
index 18b16ec..abd1f91 100644
--- a/src/basic/cgroup-util.c
+++ b/src/basic/cgroup-util.c
@@ -2248,12 +2248,13 @@ bool fd_is_cgroup_fs(int fd) {
@@ -2352,12 +2352,13 @@ bool fd_is_cgroup_fs(int fd) {
static const char *const cgroup_controller_table[_CGROUP_CONTROLLER_MAX] = {
[CGROUP_CONTROLLER_CPU] = "cpu",
[CGROUP_CONTROLLER_CPUACCT] = "cpuacct",
@ -47,10 +48,10 @@ index feda596..1bb07f7 100644
[CGROUP_CONTROLLER_BPF_DEVICES] = "bpf-devices",
[CGROUP_CONTROLLER_BPF_FOREIGN] = "bpf-foreign",
diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h
index b69f168..764d47a 100644
index 6ab14c7..99be6b8 100644
--- a/src/basic/cgroup-util.h
+++ b/src/basic/cgroup-util.h
@@ -21,12 +21,13 @@ typedef enum CGroupController {
@@ -22,12 +22,13 @@ typedef enum CGroupController {
/* Original cgroup controllers */
CGROUP_CONTROLLER_CPU,
CGROUP_CONTROLLER_CPUACCT, /* v1 only */
@ -65,7 +66,7 @@ index b69f168..764d47a 100644
/* BPF-based pseudo-controllers, v2 only */
CGROUP_CONTROLLER_BPF_FIREWALL,
@@ -48,12 +49,13 @@ typedef enum CGroupController {
@@ -49,12 +50,13 @@ typedef enum CGroupController {
typedef enum CGroupMask {
CGROUP_MASK_CPU = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPU),
CGROUP_MASK_CPUACCT = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPUACCT),
@ -80,7 +81,7 @@ index b69f168..764d47a 100644
CGROUP_MASK_BPF_FIREWALL = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_FIREWALL),
CGROUP_MASK_BPF_DEVICES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_DEVICES),
CGROUP_MASK_BPF_FOREIGN = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_FOREIGN),
@@ -61,10 +63,10 @@ typedef enum CGroupMask {
@@ -62,10 +64,10 @@ typedef enum CGroupMask {
CGROUP_MASK_BPF_RESTRICT_NETWORK_INTERFACES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_RESTRICT_NETWORK_INTERFACES),
/* All real cgroup v1 controllers */
@ -94,10 +95,10 @@ index b69f168..764d47a 100644
/* All cgroup v2 BPF pseudo-controllers */
CGROUP_MASK_BPF = CGROUP_MASK_BPF_FIREWALL|CGROUP_MASK_BPF_DEVICES|CGROUP_MASK_BPF_FOREIGN|CGROUP_MASK_BPF_SOCKET_BIND|CGROUP_MASK_BPF_RESTRICT_NETWORK_INTERFACES,
diff --git a/src/basic/string-util.c b/src/basic/string-util.c
index ad8c986..755ad11 100644
index 7329bfa..0fecb40 100644
--- a/src/basic/string-util.c
+++ b/src/basic/string-util.c
@@ -1159,6 +1159,48 @@ int string_contains_word_strv(const char *string, const char *separators, char *
@@ -1295,6 +1295,48 @@ int string_contains_word_strv(const char *string, const char *separators, char *
return !!found;
}
@ -147,10 +148,10 @@ index ad8c986..755ad11 100644
if (!s1 && !s2)
return true;
diff --git a/src/basic/string-util.h b/src/basic/string-util.h
index e0a47a2..b025c06 100644
index b6d8be3..c6773d3 100644
--- a/src/basic/string-util.h
+++ b/src/basic/string-util.h
@@ -235,6 +235,7 @@ static inline int string_contains_word(const char *string, const char *separator
@@ -270,6 +270,7 @@ static inline int string_contains_word(const char *string, const char *separator
return string_contains_word_strv(string, separators, STRV_MAKE(word), NULL);
}
@ -159,23 +160,23 @@ index e0a47a2..b025c06 100644
char *string_replace_char(char *str, char old_char, char new_char);
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index f6ae2ab..a6396e1 100644
index 78bc551..cd1e97d 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -90,8 +90,8 @@ bool unit_has_startup_cgroup_constraints(Unit *u) {
@@ -91,8 +91,8 @@ bool unit_has_startup_cgroup_constraints(Unit *u) {
return c->startup_cpu_shares != CGROUP_CPU_SHARES_INVALID ||
c->startup_io_weight != CGROUP_WEIGHT_INVALID ||
c->startup_blockio_weight != CGROUP_BLKIO_WEIGHT_INVALID ||
- c->startup_cpuset_cpus.set ||
- c->startup_cpuset_mems.set;
- c->startup_cpuset_mems.set ||
+ c->startup_cpuset_cpus2.set ||
+ c->startup_cpuset_mems2.set;
}
+ c->startup_cpuset_mems2.set ||
c->startup_memory_high_set ||
c->startup_memory_max_set ||
c->startup_memory_swap_max_set||
@@ -293,10 +293,16 @@ void cgroup_context_done(CGroupContext *c) {
bool unit_has_host_root_cgroup(Unit *u) {
@@ -277,10 +277,16 @@ void cgroup_context_done(CGroupContext *c) {
c->restrict_network_interfaces = set_free(c->restrict_network_interfaces);
c->restrict_network_interfaces = set_free_free(c->restrict_network_interfaces);
- cpu_set_reset(&c->cpuset_cpus);
- cpu_set_reset(&c->startup_cpuset_cpus);
@ -191,21 +192,21 @@ index f6ae2ab..a6396e1 100644
+ cpu_set_reset(&c->startup_cpuset_cpus2);
+ cpu_set_reset(&c->cpuset_mems2);
+ cpu_set_reset(&c->startup_cpuset_mems2);
}
static int unit_get_kernel_memory_limit(Unit *u, const char *file, uint64_t *ret) {
@@ -415,7 +421,7 @@ static char *format_cgroup_memory_limit_comparison(char *buf, size_t l, Unit *u,
c->delegate_subgroup = mfree(c->delegate_subgroup);
@@ -496,7 +502,7 @@ CGroupDevicePermissions cgroup_device_permissions_from_string(const char *s) {
}
void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) {
- _cleanup_free_ char *disable_controllers_str = NULL, *cpuset_cpus = NULL, *cpuset_mems = NULL, *startup_cpuset_cpus = NULL, *startup_cpuset_mems = NULL;
+ _cleanup_free_ char *disable_controllers_str = NULL, *cpuset_cpus2 = NULL, *cpuset_mems2 = NULL, *startup_cpuset_cpus2 = NULL, *startup_cpuset_mems2 = NULL;
- _cleanup_free_ char *disable_controllers_str = NULL, *delegate_controllers_str = NULL, *cpuset_cpus = NULL, *cpuset_mems = NULL, *startup_cpuset_cpus = NULL, *startup_cpuset_mems = NULL;
+ _cleanup_free_ char *disable_controllers_str = NULL, *delegate_controllers_str = NULL, *cpuset_cpus2 = NULL, *cpuset_mems2 = NULL, *startup_cpuset_cpus2 = NULL, *startup_cpuset_mems2 = NULL;
CGroupContext *c;
struct in_addr_prefix *iaai;
@@ -434,16 +440,17 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) {
(void) cg_mask_to_string(c->disable_controllers, &disable_controllers_str);
@@ -525,16 +531,17 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) {
/* "Delegate=" means "yes, but no controllers". Show this as "(none)". */
const char *delegate_str = delegate_controllers_str ?: c->delegate ? "(none)" : "no";
- cpuset_cpus = cpu_set_to_range_string(&c->cpuset_cpus);
- startup_cpuset_cpus = cpu_set_to_range_string(&c->startup_cpuset_cpus);
@ -225,9 +226,9 @@ index f6ae2ab..a6396e1 100644
"%sTasksAccounting: %s\n"
"%sIPAccounting: %s\n"
"%sCPUWeight: %" PRIu64 "\n"
@@ -469,6 +476,10 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) {
"%sMemorySwapMax: %" PRIu64 "%s\n"
@@ -565,6 +572,10 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) {
"%sMemoryZSwapMax: %" PRIu64 "%s\n"
"%sStartupMemoryZSwapMax: %" PRIu64 "%s\n"
"%sMemoryLimit: %" PRIu64 "\n"
+ "%sCPUSetCpus=%s\n"
+ "%sCPUSetMems=%s\n"
@ -236,7 +237,7 @@ index f6ae2ab..a6396e1 100644
"%sTasksMax: %" PRIu64 "\n"
"%sDevicePolicy: %s\n"
"%sDisableControllers: %s\n"
@@ -481,6 +492,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) {
@@ -579,6 +590,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) {
prefix, yes_no(c->io_accounting),
prefix, yes_no(c->blockio_accounting),
prefix, yes_no(c->memory_accounting),
@ -244,7 +245,7 @@ index f6ae2ab..a6396e1 100644
prefix, yes_no(c->tasks_accounting),
prefix, yes_no(c->ip_accounting),
prefix, c->cpu_weight,
@@ -489,10 +501,10 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) {
@@ -587,10 +599,10 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) {
prefix, c->startup_cpu_shares,
prefix, FORMAT_TIMESPAN(c->cpu_quota_per_sec_usec, 1),
prefix, FORMAT_TIMESPAN(c->cpu_quota_period_usec, 1),
@ -259,18 +260,18 @@ index f6ae2ab..a6396e1 100644
prefix, c->io_weight,
prefix, c->startup_io_weight,
prefix, c->blockio_weight,
@@ -506,6 +518,10 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) {
prefix, c->memory_swap_max, format_cgroup_memory_limit_comparison(cde, sizeof(cde), u, "MemorySwapMax"),
prefix, c->memory_zswap_max, format_cgroup_memory_limit_comparison(cde, sizeof(cde), u, "MemoryZSwapMax"),
@@ -609,6 +621,10 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) {
prefix, c->memory_zswap_max, format_cgroup_memory_limit_comparison(cdj, sizeof(cdj), u, "MemoryZSwapMax"),
prefix, c->startup_memory_zswap_max, format_cgroup_memory_limit_comparison(cdk, sizeof(cdk), u, "StartupMemoryZSwapMax"),
prefix, c->memory_limit,
+ prefix, c->cpuset_cpus,
+ prefix, c->cpuset_mems,
+ prefix, yes_no(c->cpuset_clone_children),
+ prefix, yes_no(c->cpuset_memory_migrate),
prefix, tasks_max_resolve(&c->tasks_max),
prefix, cgroup_tasks_max_resolve(&c->tasks_max),
prefix, cgroup_device_policy_to_string(c->device_policy),
prefix, strempty(disable_controllers_str),
@@ -921,11 +937,11 @@ static bool cgroup_context_has_cpu_shares(CGroupContext *c) {
@@ -1113,11 +1129,11 @@ static bool cgroup_context_has_cpu_shares(CGroupContext *c) {
}
static bool cgroup_context_has_allowed_cpus(CGroupContext *c) {
@ -283,8 +284,8 @@ index f6ae2ab..a6396e1 100644
+ return c->cpuset_mems2.set || c->startup_cpuset_mems2.set;
}
static uint64_t cgroup_context_cpu_weight(CGroupContext *c, ManagerState state) {
@@ -950,18 +966,18 @@ static uint64_t cgroup_context_cpu_shares(CGroupContext *c, ManagerState state)
uint64_t cgroup_context_cpu_weight(CGroupContext *c, ManagerState state) {
@@ -1144,18 +1160,18 @@ static uint64_t cgroup_context_cpu_shares(CGroupContext *c, ManagerState state)
static CPUSet *cgroup_context_allowed_cpus(CGroupContext *c, ManagerState state) {
if (IN_SET(state, MANAGER_STARTING, MANAGER_INITIALIZING, MANAGER_STOPPING) &&
@ -309,7 +310,7 @@ index f6ae2ab..a6396e1 100644
}
usec_t cgroup_cpu_adjust_period(usec_t period, usec_t quota, usec_t resolution, usec_t max_period) {
@@ -1495,7 +1511,7 @@ static void cgroup_context_apply(
@@ -1727,7 +1743,7 @@ static void cgroup_context_apply(
}
}
@ -318,7 +319,7 @@ index f6ae2ab..a6396e1 100644
cgroup_apply_unified_cpuset(u, cgroup_context_allowed_cpus(c, state), "cpuset.cpus");
cgroup_apply_unified_cpuset(u, cgroup_context_allowed_mems(c, state), "cpuset.mems");
}
@@ -1667,6 +1683,45 @@ static void cgroup_context_apply(
@@ -1902,6 +1918,45 @@ static void cgroup_context_apply(
}
}
@ -364,7 +365,7 @@ index f6ae2ab..a6396e1 100644
/* On cgroup v2 we can apply BPF everywhere. On cgroup v1 we apply it everywhere except for the root of
* containers, where we leave this to the manager */
if ((apply_mask & (CGROUP_MASK_DEVICES | CGROUP_MASK_BPF_DEVICES)) &&
@@ -1808,7 +1863,7 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) {
@@ -2045,7 +2100,7 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) {
mask |= CGROUP_MASK_CPU;
if (cgroup_context_has_allowed_cpus(c) || cgroup_context_has_allowed_mems(c))
@ -373,7 +374,7 @@ index f6ae2ab..a6396e1 100644
if (cgroup_context_has_io_config(c) || cgroup_context_has_blockio_config(c))
mask |= CGROUP_MASK_IO | CGROUP_MASK_BLKIO;
@@ -1818,6 +1873,11 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) {
@@ -2055,6 +2110,11 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) {
unit_has_unified_memory_config(u))
mask |= CGROUP_MASK_MEMORY;
@ -385,7 +386,7 @@ index f6ae2ab..a6396e1 100644
if (c->device_allow ||
c->device_policy != CGROUP_DEVICE_POLICY_AUTO)
mask |= CGROUP_MASK_DEVICES | CGROUP_MASK_BPF_DEVICES;
@@ -4286,7 +4346,7 @@ int unit_get_cpuset(Unit *u, CPUSet *cpus, const char *name) {
@@ -4597,7 +4657,7 @@ int unit_get_cpuset(Unit *u, CPUSet *cpus, const char *name) {
if (!u->cgroup_path)
return -ENODATA;
@ -395,10 +396,10 @@ index f6ae2ab..a6396e1 100644
r = cg_all_unified();
diff --git a/src/core/cgroup.h b/src/core/cgroup.h
index d137e3a..501cba4 100644
index f1b674b..04a7f25 100644
--- a/src/core/cgroup.h
+++ b/src/core/cgroup.h
@@ -115,6 +115,7 @@ struct CGroupContext {
@@ -134,6 +134,7 @@ struct CGroupContext {
bool io_accounting;
bool blockio_accounting;
bool memory_accounting;
@ -406,7 +407,7 @@ index d137e3a..501cba4 100644
bool tasks_accounting;
bool ip_accounting;
@@ -131,10 +132,10 @@ struct CGroupContext {
@@ -151,10 +152,10 @@ struct CGroupContext {
usec_t cpu_quota_per_sec_usec;
usec_t cpu_quota_period_usec;
@ -421,9 +422,9 @@ index d137e3a..501cba4 100644
uint64_t io_weight;
uint64_t startup_io_weight;
@@ -151,6 +152,11 @@ struct CGroupContext {
uint64_t memory_swap_max;
@@ -177,6 +178,11 @@ struct CGroupContext {
uint64_t memory_zswap_max;
uint64_t startup_memory_zswap_max;
+ char *cpuset_cpus;
+ char *cpuset_mems;
@ -432,12 +433,12 @@ index d137e3a..501cba4 100644
+
bool default_memory_min_set:1;
bool default_memory_low_set:1;
bool memory_min_set:1;
bool default_startup_memory_low_set:1;
diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c
index b5484ed..c3b140e 100644
index 4237e69..05fd445 100644
--- a/src/core/dbus-cgroup.c
+++ b/src/core/dbus-cgroup.c
@@ -441,10 +441,10 @@ const sd_bus_vtable bus_cgroup_vtable[] = {
@@ -453,10 +453,10 @@ const sd_bus_vtable bus_cgroup_vtable[] = {
SD_BUS_PROPERTY("StartupCPUShares", "t", NULL, offsetof(CGroupContext, startup_cpu_shares), 0),
SD_BUS_PROPERTY("CPUQuotaPerSecUSec", "t", bus_property_get_usec, offsetof(CGroupContext, cpu_quota_per_sec_usec), 0),
SD_BUS_PROPERTY("CPUQuotaPeriodUSec", "t", bus_property_get_usec, offsetof(CGroupContext, cpu_quota_period_usec), 0),
@ -452,9 +453,9 @@ index b5484ed..c3b140e 100644
SD_BUS_PROPERTY("IOAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, io_accounting), 0),
SD_BUS_PROPERTY("IOWeight", "t", NULL, offsetof(CGroupContext, io_weight), 0),
SD_BUS_PROPERTY("StartupIOWeight", "t", NULL, offsetof(CGroupContext, startup_io_weight), 0),
@@ -470,6 +470,11 @@ const sd_bus_vtable bus_cgroup_vtable[] = {
SD_BUS_PROPERTY("MemorySwapMax", "t", NULL, offsetof(CGroupContext, memory_swap_max), 0),
@@ -488,6 +488,11 @@ const sd_bus_vtable bus_cgroup_vtable[] = {
SD_BUS_PROPERTY("MemoryZSwapMax", "t", NULL, offsetof(CGroupContext, memory_zswap_max), 0),
SD_BUS_PROPERTY("StartupMemoryZSwapMax", "t", NULL, offsetof(CGroupContext, startup_memory_zswap_max), 0),
SD_BUS_PROPERTY("MemoryLimit", "t", NULL, offsetof(CGroupContext, memory_limit), 0),
+ SD_BUS_PROPERTY("CPUSetAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_accounting), 0),
+ SD_BUS_PROPERTY("CPUSetCpus", "s", NULL, offsetof(CGroupContext, cpuset_cpus), 0),
@ -464,7 +465,7 @@ index b5484ed..c3b140e 100644
SD_BUS_PROPERTY("DevicePolicy", "s", property_get_cgroup_device_policy, offsetof(CGroupContext, device_policy), 0),
SD_BUS_PROPERTY("DeviceAllow", "a(ss)", property_get_device_allow, 0, 0),
SD_BUS_PROPERTY("TasksAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, tasks_accounting), 0),
@@ -1129,6 +1134,43 @@ int bus_cgroup_set_property(
@@ -1279,6 +1284,43 @@ int bus_cgroup_set_property(
if (streq(name, "MemoryLimitScale"))
return bus_cgroup_set_memory_scale(u, name, &c->memory_limit, message, flags, error);
@ -508,7 +509,7 @@ index b5484ed..c3b140e 100644
if (streq(name, "TasksAccounting"))
return bus_cgroup_set_boolean(u, name, &c->tasks_accounting, CGROUP_MASK_PIDS, message, flags, error);
@@ -1208,13 +1250,13 @@ int bus_cgroup_set_property(
@@ -1358,13 +1400,13 @@ int bus_cgroup_set_property(
return -ENOMEM;
if (streq(name, "AllowedCPUs"))
@ -526,32 +527,155 @@ index b5484ed..c3b140e 100644
assert(set);
@@ -1222,7 +1264,7 @@ int bus_cgroup_set_property(
@@ -1372,7 +1414,7 @@ int bus_cgroup_set_property(
*set = new_set;
new_set = (CPUSet) {};
- unit_invalidate_cgroup(u, CGROUP_MASK_CPUSET);
+ unit_invalidate_cgroup(u, CGROUP_MASK_CPUSET2);
unit_write_settingf(u, flags, name, "%s=%s", name, setstr);
unit_write_settingf(u, flags, name, "%s=\n%s=%s", name, name, setstr);
}
diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
index c4f205b..d6f45a7 100644
index 745f5cc..fc49e7d 100644
--- a/src/core/dbus-manager.c
+++ b/src/core/dbus-manager.c
@@ -2910,6 +2910,7 @@ const sd_bus_vtable bus_manager_vtable[] = {
SD_BUS_PROPERTY("DefaultCPUAccounting", "b", bus_property_get_bool, offsetof(Manager, default_cpu_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("DefaultBlockIOAccounting", "b", bus_property_get_bool, offsetof(Manager, default_blockio_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("DefaultMemoryAccounting", "b", bus_property_get_bool, offsetof(Manager, default_memory_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
+ SD_BUS_PROPERTY("DefaultCpusetAccounting", "b", bus_property_get_bool, offsetof(Manager, default_cpuset_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("DefaultTasksAccounting", "b", bus_property_get_bool, offsetof(Manager, default_tasks_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("DefaultLimitCPU", "t", bus_property_get_rlimit, offsetof(Manager, rlimit[RLIMIT_CPU]), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("DefaultLimitCPUSoft", "t", bus_property_get_rlimit, offsetof(Manager, rlimit[RLIMIT_CPU]), SD_BUS_VTABLE_PROPERTY_CONST),
@@ -3005,6 +3005,7 @@ const sd_bus_vtable bus_manager_vtable[] = {
SD_BUS_PROPERTY("DefaultIOAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.io_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("DefaultIPAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.ip_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("DefaultMemoryAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.memory_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
+ SD_BUS_PROPERTY("DefaultCpusetAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.cpuset_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("DefaultTasksAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.tasks_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("DefaultLimitCPU", "t", bus_property_get_rlimit, offsetof(Manager, defaults.rlimit[RLIMIT_CPU]), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("DefaultLimitCPUSoft", "t", bus_property_get_rlimit, offsetof(Manager, defaults.rlimit[RLIMIT_CPU]), SD_BUS_VTABLE_PROPERTY_CONST),
diff --git a/src/core/execute-serialize.c b/src/core/execute-serialize.c
index 6c19cd4..e585188 100644
--- a/src/core/execute-serialize.c
+++ b/src/core/execute-serialize.c
@@ -21,8 +21,8 @@
static int exec_cgroup_context_serialize(const CGroupContext *c, FILE *f) {
_cleanup_free_ char *disable_controllers_str = NULL, *delegate_controllers_str = NULL,
- *cpuset_cpus = NULL, *cpuset_mems = NULL, *startup_cpuset_cpus = NULL,
- *startup_cpuset_mems = NULL;
+ *cpuset_cpus2 = NULL, *cpuset_mems2 = NULL, *startup_cpuset_cpus2 = NULL,
+ *startup_cpuset_mems2 = NULL;
char *iface;
struct in_addr_prefix *iaai;
int r;
@@ -96,35 +96,35 @@ static int exec_cgroup_context_serialize(const CGroupContext *c, FILE *f) {
return r;
}
- cpuset_cpus = cpu_set_to_range_string(&c->cpuset_cpus);
- if (!cpuset_cpus)
+ cpuset_cpus2 = cpu_set_to_range_string(&c->cpuset_cpus2);
+ if (!cpuset_cpus2)
return log_oom_debug();
- r = serialize_item(f, "exec-cgroup-context-allowed-cpus", cpuset_cpus);
+ r = serialize_item(f, "exec-cgroup-context-allowed-cpus", cpuset_cpus2);
if (r < 0)
return r;
- startup_cpuset_cpus = cpu_set_to_range_string(&c->startup_cpuset_cpus);
- if (!startup_cpuset_cpus)
+ startup_cpuset_cpus2 = cpu_set_to_range_string(&c->startup_cpuset_cpus2);
+ if (!startup_cpuset_cpus2)
return log_oom_debug();
- r = serialize_item(f, "exec-cgroup-context-startup-allowed-cpus", startup_cpuset_cpus);
+ r = serialize_item(f, "exec-cgroup-context-startup-allowed-cpus", startup_cpuset_cpus2);
if (r < 0)
return r;
- cpuset_mems = cpu_set_to_range_string(&c->cpuset_mems);
- if (!cpuset_mems)
+ cpuset_mems2 = cpu_set_to_range_string(&c->cpuset_mems2);
+ if (!cpuset_mems2)
return log_oom_debug();
- r = serialize_item(f, "exec-cgroup-context-allowed-memory-nodes", cpuset_mems);
+ r = serialize_item(f, "exec-cgroup-context-allowed-memory-nodes", cpuset_mems2);
if (r < 0)
return r;
- startup_cpuset_mems = cpu_set_to_range_string(&c->startup_cpuset_mems);
- if (!startup_cpuset_mems)
+ startup_cpuset_mems2 = cpu_set_to_range_string(&c->startup_cpuset_mems2);
+ if (!startup_cpuset_mems2)
return log_oom_debug();
- r = serialize_item(f, "exec-cgroup-context-startup-allowed-memory-nodes", startup_cpuset_mems);
+ r = serialize_item(f, "exec-cgroup-context-startup-allowed-memory-nodes", startup_cpuset_mems2);
if (r < 0)
return r;
@@ -555,12 +555,12 @@ static int exec_cgroup_context_deserialize(CGroupContext *c, FILE *f) {
if (r < 0)
return r;
} else if ((val = startswith(l, "exec-cgroup-context-allowed-cpus="))) {
- if (c->cpuset_cpus.set)
+ if (c->cpuset_cpus2.set)
return -EINVAL; /* duplicated */
r = parse_cpu_set_full(
val,
- &c->cpuset_cpus,
+ &c->cpuset_cpus2,
/* warn= */ false,
/* unit= */ NULL,
/* filename= */ NULL,
@@ -569,12 +569,12 @@ static int exec_cgroup_context_deserialize(CGroupContext *c, FILE *f) {
if (r < 0)
return r;
} else if ((val = startswith(l, "exec-cgroup-context-startup-allowed-cpus="))) {
- if (c->startup_cpuset_cpus.set)
+ if (c->startup_cpuset_cpus2.set)
return -EINVAL; /* duplicated */
r = parse_cpu_set_full(
val,
- &c->startup_cpuset_cpus,
+ &c->startup_cpuset_cpus2,
/* warn= */ false,
/* unit= */ NULL,
/* filename= */ NULL,
@@ -583,12 +583,12 @@ static int exec_cgroup_context_deserialize(CGroupContext *c, FILE *f) {
if (r < 0)
return r;
} else if ((val = startswith(l, "exec-cgroup-context-allowed-memory-nodes="))) {
- if (c->cpuset_mems.set)
+ if (c->cpuset_mems2.set)
return -EINVAL; /* duplicated */
r = parse_cpu_set_full(
val,
- &c->cpuset_mems,
+ &c->cpuset_mems2,
/* warn= */ false,
/* unit= */ NULL,
/* filename= */ NULL,
@@ -597,12 +597,12 @@ static int exec_cgroup_context_deserialize(CGroupContext *c, FILE *f) {
if (r < 0)
return r;
} else if ((val = startswith(l, "exec-cgroup-context-startup-allowed-memory-nodes="))) {
- if (c->startup_cpuset_mems.set)
+ if (c->startup_cpuset_mems2.set)
return -EINVAL; /* duplicated */
r = parse_cpu_set_full(
val,
- &c->startup_cpuset_mems,
+ &c->startup_cpuset_mems2,
/* warn= */ false,
/* unit= */ NULL,
/* filename= */ NULL,
diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in
index 3ea3ca3..8600faa 100644
index 45f9ab0..1e46af4 100644
--- a/src/core/load-fragment-gperf.gperf.in
+++ b/src/core/load-fragment-gperf.gperf.in
@@ -187,10 +187,10 @@
@@ -194,10 +194,10 @@
{%- macro CGROUP_CONTEXT_CONFIG_ITEMS(type) -%}
{{type}}.Slice, config_parse_unit_slice, 0, 0
@ -566,9 +690,9 @@ index 3ea3ca3..8600faa 100644
{{type}}.CPUAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpu_accounting)
{{type}}.CPUWeight, config_parse_cg_cpu_weight, 0, offsetof({{type}}, cgroup_context.cpu_weight)
{{type}}.StartupCPUWeight, config_parse_cg_cpu_weight, 0, offsetof({{type}}, cgroup_context.startup_cpu_weight)
@@ -208,6 +208,11 @@
{{type}}.MemorySwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context)
@@ -221,6 +221,11 @@
{{type}}.MemoryZSwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context)
{{type}}.StartupMemoryZSwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context)
{{type}}.MemoryLimit, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context)
+{{type}}.CPUSetAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpuset_accounting)
+{{type}}.CPUSetCpus, config_parse_cpuset_cpumems, 0, offsetof({{type}}, cgroup_context.cpuset_cpus)
@ -579,10 +703,10 @@ index 3ea3ca3..8600faa 100644
{{type}}.DevicePolicy, config_parse_device_policy, 0, offsetof({{type}}, cgroup_context.device_policy)
{{type}}.IOAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.io_accounting)
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index ce15758..b0feac7 100644
index 6e3a22b..cbc75e1 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -3864,6 +3864,75 @@ int config_parse_memory_limit(
@@ -3904,6 +3904,75 @@ int config_parse_memory_limit(
return 0;
}
@ -659,82 +783,66 @@ index ce15758..b0feac7 100644
const char *unit,
const char *filename,
diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h
index 11d43dd..405681f 100644
index 6919805..0b77c8b 100644
--- a/src/core/load-fragment.h
+++ b/src/core/load-fragment.h
@@ -81,6 +81,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_cg_weight);
@@ -84,6 +84,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_cg_weight);
CONFIG_PARSER_PROTOTYPE(config_parse_cg_cpu_weight);
CONFIG_PARSER_PROTOTYPE(config_parse_cpu_shares);
CONFIG_PARSER_PROTOTYPE(config_parse_memory_limit);
+CONFIG_PARSER_PROTOTYPE(config_parse_cpuset_cpumems);
CONFIG_PARSER_PROTOTYPE(config_parse_tasks_max);
CONFIG_PARSER_PROTOTYPE(config_parse_delegate);
CONFIG_PARSER_PROTOTYPE(config_parse_managed_oom_mode);
CONFIG_PARSER_PROTOTYPE(config_parse_delegate_subgroup);
diff --git a/src/core/main.c b/src/core/main.c
index c6d16b2..e64882c 100644
index 62112dc..de3f536 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -160,6 +160,7 @@ static bool arg_default_io_accounting;
static bool arg_default_ip_accounting;
static bool arg_default_blockio_accounting;
static bool arg_default_memory_accounting;
+static bool arg_default_cpuset_accounting;
static bool arg_default_tasks_accounting;
static TasksMax arg_default_tasks_max;
static sd_id128_t arg_machine_id;
@@ -681,6 +682,7 @@ static int parse_config_file(void) {
{ "Manager", "DefaultIPAccounting", config_parse_bool, 0, &arg_default_ip_accounting },
{ "Manager", "DefaultBlockIOAccounting", config_parse_bool, 0, &arg_default_blockio_accounting },
{ "Manager", "DefaultMemoryAccounting", config_parse_bool, 0, &arg_default_memory_accounting },
+ { "Manager", "DefaultCpusetAccounting", config_parse_bool, 0, &arg_default_cpuset_accounting },
{ "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_default_tasks_accounting },
{ "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_default_tasks_max },
{ "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, arg_system, &arg_cad_burst_action },
@@ -762,6 +764,7 @@ static void set_manager_defaults(Manager *m) {
m->default_ip_accounting = arg_default_ip_accounting;
m->default_blockio_accounting = arg_default_blockio_accounting;
m->default_memory_accounting = arg_default_memory_accounting;
+ m->default_cpuset_accounting = arg_default_cpuset_accounting;
m->default_tasks_accounting = arg_default_tasks_accounting;
m->default_tasks_max = arg_default_tasks_max;
m->default_oom_policy = arg_default_oom_policy;
@@ -2457,6 +2460,7 @@ static void reset_arguments(void) {
arg_default_ip_accounting = false;
arg_default_blockio_accounting = false;
arg_default_memory_accounting = MEMORY_ACCOUNTING_DEFAULT;
+ arg_default_cpuset_accounting = false;
arg_default_tasks_accounting = true;
arg_default_tasks_max = DEFAULT_TASKS_MAX;
arg_machine_id = (sd_id128_t) {};
@@ -678,6 +678,7 @@ static int parse_config_file(void) {
{ "Manager", "DefaultIPAccounting", config_parse_bool, 0, &arg_defaults.ip_accounting },
{ "Manager", "DefaultBlockIOAccounting", config_parse_bool, 0, &arg_defaults.blockio_accounting },
{ "Manager", "DefaultMemoryAccounting", config_parse_bool, 0, &arg_defaults.memory_accounting },
+ { "Manager", "DefaultCpusetAccounting", config_parse_bool, 0, &arg_defaults.cpuset_accounting },
{ "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_defaults.tasks_accounting },
{ "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_defaults.tasks_max },
{ "Manager", "DefaultMemoryPressureThresholdSec", config_parse_sec, 0, &arg_defaults.memory_pressure_threshold_usec },
diff --git a/src/core/manager.c b/src/core/manager.c
index 2c8c726..011de6b 100644
index ce20d6b..03508c7 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -833,6 +833,7 @@ int manager_new(LookupScope scope, ManagerTestRunFlags test_run_flags, Manager *
@@ -4192,6 +4192,7 @@ int manager_set_unit_defaults(Manager *m, const UnitDefaults *defaults) {
.default_timer_accuracy_usec = USEC_PER_MINUTE,
.default_memory_accounting = MEMORY_ACCOUNTING_DEFAULT,
+ .default_cpuset_accounting = false,
.default_tasks_accounting = true,
.default_tasks_max = TASKS_MAX_UNSET,
.default_timeout_start_usec = manager_default_timeout(scope == LOOKUP_SCOPE_SYSTEM),
m->defaults.cpu_accounting = defaults->cpu_accounting;
m->defaults.memory_accounting = defaults->memory_accounting;
+ m->defaults.cpuset_accounting = defaults->cpuset_accounting;
m->defaults.io_accounting = defaults->io_accounting;
m->defaults.blockio_accounting = defaults->blockio_accounting;
m->defaults.tasks_accounting = defaults->tasks_accounting;
@@ -4961,6 +4962,7 @@ void unit_defaults_init(UnitDefaults *defaults, RuntimeScope scope) {
* controller to be enabled, so the default is to enable it unless we got told otherwise. */
.cpu_accounting = cpu_accounting_is_cheap(),
.memory_accounting = MEMORY_ACCOUNTING_DEFAULT,
+ .cpuset_accounting = false,
.io_accounting = false,
.blockio_accounting = false,
.tasks_accounting = true,
diff --git a/src/core/manager.h b/src/core/manager.h
index e7b594f..c4edacc 100644
index d96eb7b..e560811 100644
--- a/src/core/manager.h
+++ b/src/core/manager.h
@@ -365,6 +365,7 @@ struct Manager {
@@ -165,6 +165,7 @@ typedef struct UnitDefaults {
bool memory_accounting;
bool io_accounting;
bool blockio_accounting;
+ bool cpuset_accounting;
bool tasks_accounting;
bool ip_accounting;
bool default_cpu_accounting;
bool default_memory_accounting;
+ bool default_cpuset_accounting;
bool default_io_accounting;
bool default_blockio_accounting;
bool default_tasks_accounting;
diff --git a/src/core/system.conf.in b/src/core/system.conf.in
index 1349b1f..a0ef2bf 100644
index 90109ad..69ea5d6 100644
--- a/src/core/system.conf.in
+++ b/src/core/system.conf.in
@@ -55,6 +55,7 @@
@@ -57,6 +57,7 @@
#DefaultIOAccounting=no
#DefaultIPAccounting=no
#DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }}
@ -743,34 +851,34 @@ index 1349b1f..a0ef2bf 100644
#DefaultTasksMax=80%
#DefaultLimitCPU=
diff --git a/src/core/unit.c b/src/core/unit.c
index 5e230ef..9ac41b4 100644
index 69fc998..38017d0 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -179,6 +179,7 @@ static void unit_init(Unit *u) {
cc->io_accounting = u->manager->default_io_accounting;
cc->blockio_accounting = u->manager->default_blockio_accounting;
cc->memory_accounting = u->manager->default_memory_accounting;
+ cc->cpuset_accounting = u->manager->default_cpuset_accounting;
cc->tasks_accounting = u->manager->default_tasks_accounting;
cc->ip_accounting = u->manager->default_ip_accounting;
@@ -188,6 +188,7 @@ static void unit_init(Unit *u) {
cc->io_accounting = u->manager->defaults.io_accounting;
cc->blockio_accounting = u->manager->defaults.blockio_accounting;
cc->memory_accounting = u->manager->defaults.memory_accounting;
+ cc->cpuset_accounting = u->manager->defaults.cpuset_accounting;
cc->tasks_accounting = u->manager->defaults.tasks_accounting;
cc->ip_accounting = u->manager->defaults.ip_accounting;
diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
index 1e95e36..e1aed3d 100644
index 4ee9706..a8f493e 100644
--- a/src/shared/bus-unit-util.c
+++ b/src/shared/bus-unit-util.c
@@ -481,7 +481,10 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
"IOAccounting",
@@ -566,7 +566,10 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
"BlockIOAccounting",
"TasksAccounting",
- "IPAccounting"))
+ "IPAccounting",
"IPAccounting",
- "CoredumpReceive"))
+ "CoredumpReceive",
+ "CPUSetAccounting",
+ "CPUSetCloneChildren",
+ "CPUSetMemMigrate"))
return bus_append_parse_boolean(m, field, eq);
if (STR_IN_SET(field, "CPUWeight",
@@ -587,6 +590,16 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
@@ -672,6 +675,16 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
return bus_append_parse_size(m, field, eq, 1024);
}
@ -788,7 +896,7 @@ index 1e95e36..e1aed3d 100644
if (isempty(eq))
r = sd_bus_message_append(m, "(sv)", "CPUQuotaPerSecUSec", "t", USEC_INFINITY);
diff --git a/src/shared/cpu-set-util.c b/src/shared/cpu-set-util.c
index 34c13cf..68da01b 100644
index d096576..356a46a 100644
--- a/src/shared/cpu-set-util.c
+++ b/src/shared/cpu-set-util.c
@@ -7,6 +7,7 @@
@ -800,17 +908,17 @@ index 34c13cf..68da01b 100644
#include "errno-util.h"
#include "extract-word.h"
diff --git a/src/test/test-cgroup-mask.c b/src/test/test-cgroup-mask.c
index 57483f7..e969569 100644
index bfc8fac..37ec6d6 100644
--- a/src/test/test-cgroup-mask.c
+++ b/src/test/test-cgroup-mask.c
@@ -55,6 +55,7 @@ TEST_RET(cgroup_mask, .sd_booted = true) {
* else. */
m->default_cpu_accounting =
m->default_memory_accounting =
+ m->default_cpuset_accounting =
m->default_blockio_accounting =
m->default_io_accounting =
m->default_tasks_accounting = false;
m->defaults.cpu_accounting =
m->defaults.memory_accounting =
+ m->defaults.cpuset_accounting =
m->defaults.blockio_accounting =
m->defaults.io_accounting =
m->defaults.tasks_accounting = false;
@@ -140,10 +141,10 @@ static void test_cg_mask_to_string_one(CGroupMask mask, const char *t) {
TEST(cg_mask_to_string) {
@ -825,7 +933,7 @@ index 57483f7..e969569 100644
test_cg_mask_to_string_one(CGROUP_MASK_BLKIO, "blkio");
test_cg_mask_to_string_one(CGROUP_MASK_MEMORY, "memory");
diff --git a/test/fuzz/fuzz-unit-file/directives-all.service b/test/fuzz/fuzz-unit-file/directives-all.service
index f8237d7..dcf99e1 100644
index 4bdc48a..0e953f2 100644
--- a/test/fuzz/fuzz-unit-file/directives-all.service
+++ b/test/fuzz/fuzz-unit-file/directives-all.service
@@ -52,6 +52,11 @@ BusName=

62
core-cgroup-support-default-slice-for-all-uni.patch
View File

@ -12,29 +12,29 @@ adding DefaultUnitSlice=xxx.slice in /etc/systemd/system.conf.
3 files changed, 115 insertions(+), 8 deletions(-)
diff --git a/src/core/main.c b/src/core/main.c
index 809ed76..500691a 100644
index c4379cf..e9f56fa 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -171,6 +171,7 @@ static EmergencyAction arg_cad_burst_action;
static OOMPolicy arg_default_oom_policy;
@@ -147,6 +147,7 @@ static sd_id128_t arg_machine_id;
static EmergencyAction arg_cad_burst_action;
static CPUSet arg_cpu_affinity;
static NUMAPolicy arg_numa_policy;
+static char *arg_default_unit_slice = NULL;
static usec_t arg_clock_usec;
static void *arg_random_seed;
static size_t arg_random_seed_size;
@@ -694,6 +695,7 @@ static int parse_config_file(void) {
{ "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, arg_system, &arg_cad_burst_action },
{ "Manager", "DefaultOOMPolicy", config_parse_oom_policy, 0, &arg_default_oom_policy },
@@ -688,6 +689,7 @@ static int parse_config_file(void) {
{ "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, arg_runtime_scope, &arg_cad_burst_action },
{ "Manager", "DefaultOOMPolicy", config_parse_oom_policy, 0, &arg_defaults.oom_policy },
{ "Manager", "DefaultOOMScoreAdjust", config_parse_oom_score_adjust, 0, NULL },
+ { "Manager", "DefaultUnitSlice", config_parse_string, 0, &arg_default_unit_slice },
{ "Manager", "ReloadLimitIntervalSec", config_parse_sec, 0, &arg_reload_limit_interval_sec },
{ "Manager", "ReloadLimitBurst", config_parse_unsigned, 0, &arg_reload_limit_burst },
#if ENABLE_SMACK
@@ -786,6 +788,26 @@ static void set_manager_defaults(Manager *m) {
(void) manager_default_environment(m);
(void) manager_transient_environment_add(m, arg_default_environment);
@@ -756,6 +758,26 @@ static void set_manager_defaults(Manager *m) {
r = manager_transient_environment_add(m, arg_default_environment);
if (r < 0)
log_warning_errno(r, "Failed to add to transient environment, ignoring: %m");
+ if (m->default_unit_slice)
+ {
+ free(m->default_unit_slice);
@ -56,37 +56,37 @@ index 809ed76..500691a 100644
+ arg_default_unit_slice = NULL;
+ }
}
static void set_manager_settings(Manager *m) {
diff --git a/src/core/manager.h b/src/core/manager.h
index 814421f..9e391b1 100644
index 6dd1a18..3c954af 100644
--- a/src/core/manager.h
+++ b/src/core/manager.h
@@ -22,6 +22,7 @@ typedef struct Unit Unit;
@@ -23,6 +23,7 @@ typedef struct Unit Unit;
/* Enforce upper limit how many names we allow */
#define MANAGER_MAX_NAMES 131072 /* 128K */
+#define DEFAULT_UNIT_NAME_LEN_MAX 32
typedef struct Manager Manager;
@@ -455,6 +456,8 @@ struct Manager {
/* On sigrtmin+18, private commands */
enum {
@@ -481,6 +482,8 @@ struct Manager {
unsigned sigchldgen;
unsigned notifygen;
+ char *default_unit_slice;
+
VarlinkServer *varlink_server;
/* When we're a system manager, this object manages the subscription from systemd-oomd to PID1 that's
* used to report changes in ManagedOOM settings (systemd server - oomd client). When
diff --git a/src/core/unit.c b/src/core/unit.c
index eef05d0..cc74a43 100644
index c069018..24d7060 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -3340,6 +3340,58 @@ int unit_set_slice(Unit *u, Unit *slice) {
@@ -3545,6 +3545,58 @@ int unit_set_slice(Unit *u, Unit *slice) {
return 1;
}
+/* system-xxx.slice, xxx must be (a b c/A B C...and 0 1 2...) */
+static bool slicename_is_valid(const char *slicename) {
+ const char *str_start = "system-";
@ -142,10 +142,10 @@ index eef05d0..cc74a43 100644
int unit_set_default_slice(Unit *u) {
const char *slice_name;
Unit *slice;
@@ -3353,6 +3405,20 @@ int unit_set_default_slice(Unit *u) {
@@ -3558,6 +3610,20 @@ int unit_set_default_slice(Unit *u) {
if (UNIT_GET_SLICE(u))
return 0;
+ bool isdefaultslice = false;
+ char *default_unit_slice = u->manager->default_unit_slice;
+
@ -162,11 +162,11 @@ index eef05d0..cc74a43 100644
+
if (u->instance) {
_cleanup_free_ char *prefix = NULL, *escaped = NULL;
@@ -3370,24 +3436,40 @@ int unit_set_default_slice(Unit *u) {
@@ -3575,24 +3641,40 @@ int unit_set_default_slice(Unit *u) {
if (!escaped)
return -ENOMEM;
- if (MANAGER_IS_SYSTEM(u->manager))
- slice_name = strjoina("system-", escaped, ".slice");
- else
@ -183,7 +183,7 @@ index eef05d0..cc74a43 100644
+ slice_name = strjoina("system-", escaped, ".slice");
+ } else
slice_name = strjoina("app-", escaped, ".slice");
- } else if (unit_is_extrinsic(u))
+ } else if (unit_is_extrinsic(u)) {
/* Keep all extrinsic units (e.g. perpetual units and swap and mount units in user mode) in
@ -203,15 +203,15 @@ index eef05d0..cc74a43 100644
slice_name = SPECIAL_APP_SLICE;
+ isdefaultslice = false;
+ }
r = manager_load_unit(u->manager, slice_name, NULL, NULL, &slice);
if (r < 0)
return r;
+ if (isdefaultslice)
+ slice->default_dependencies=false;
return unit_set_slice(u, slice);
}
--
--
2.33.0

250
core-cgroup-support-freezer.patch
View File

@ -14,23 +14,24 @@ This patch add support for freezer subsystem.
src/core/load-fragment-gperf.gperf.in | 2 +
src/core/load-fragment.c | 33 ++++++++++++++
src/core/load-fragment.h | 1 +
src/core/main.c | 4 ++
src/core/main.c | 1 +
src/core/manager.c | 2 +
src/core/manager.h | 1 +
src/core/system.conf.in | 1 +
src/core/unit.c | 1 +
src/shared/bus-unit-util.c | 11 +++++
src/test/meson.build | 6 +++
src/test/meson.build | 3 ++
src/test/test-cgroup-freezer.c | 43 +++++++++++++++++++
src/test/test-cgroup-mask.c | 3 +-
.../fuzz-unit-file/directives-all.service | 2 +
18 files changed, 161 insertions(+), 2 deletions(-)
19 files changed, 157 insertions(+), 2 deletions(-)
create mode 100644 src/test/test-cgroup-freezer.c
diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
index 1bb07f7..ac25693 100644
index abd1f91..3e60488 100644
--- a/src/basic/cgroup-util.c
+++ b/src/basic/cgroup-util.c
@@ -2255,6 +2255,7 @@ static const char *const cgroup_controller_table[_CGROUP_CONTROLLER_MAX] = {
@@ -2359,6 +2359,7 @@ static const char *const cgroup_controller_table[_CGROUP_CONTROLLER_MAX] = {
[CGROUP_CONTROLLER_DEVICES] = "devices",
[CGROUP_CONTROLLER_PIDS] = "pids",
[CGROUP_CONTROLLER_CPUSET] = "cpuset",
@ -39,10 +40,10 @@ index 1bb07f7..ac25693 100644
[CGROUP_CONTROLLER_BPF_DEVICES] = "bpf-devices",
[CGROUP_CONTROLLER_BPF_FOREIGN] = "bpf-foreign",
diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h
index 764d47a..147c956 100644
index 99be6b8..eb7ace5 100644
--- a/src/basic/cgroup-util.h
+++ b/src/basic/cgroup-util.h
@@ -28,6 +28,7 @@ typedef enum CGroupController {
@@ -29,6 +29,7 @@ typedef enum CGroupController {
CGROUP_CONTROLLER_DEVICES, /* v1 only */
CGROUP_CONTROLLER_PIDS,
CGROUP_CONTROLLER_CPUSET,
@ -50,7 +51,7 @@ index 764d47a..147c956 100644
/* BPF-based pseudo-controllers, v2 only */
CGROUP_CONTROLLER_BPF_FIREWALL,
@@ -56,6 +57,7 @@ typedef enum CGroupMask {
@@ -57,6 +58,7 @@ typedef enum CGroupMask {
CGROUP_MASK_DEVICES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_DEVICES),
CGROUP_MASK_PIDS = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_PIDS),
CGROUP_MASK_CPUSET = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_CPUSET),
@ -58,7 +59,7 @@ index 764d47a..147c956 100644
CGROUP_MASK_BPF_FIREWALL = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_FIREWALL),
CGROUP_MASK_BPF_DEVICES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_DEVICES),
CGROUP_MASK_BPF_FOREIGN = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_FOREIGN),
@@ -63,7 +65,7 @@ typedef enum CGroupMask {
@@ -64,7 +66,7 @@ typedef enum CGroupMask {
CGROUP_MASK_BPF_RESTRICT_NETWORK_INTERFACES = CGROUP_CONTROLLER_TO_MASK(CGROUP_CONTROLLER_BPF_RESTRICT_NETWORK_INTERFACES),
/* All real cgroup v1 controllers */
@ -68,28 +69,28 @@ index 764d47a..147c956 100644
/* All real cgroup v2 controllers */
CGROUP_MASK_V2 = CGROUP_MASK_CPU|CGROUP_MASK_CPUSET2|CGROUP_MASK_IO|CGROUP_MASK_MEMORY|CGROUP_MASK_PIDS,
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index a6396e1..7d1e59b 100644
index cd1e97d..3e47f76 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -162,6 +162,7 @@ void cgroup_context_init(CGroupContext *c) {
@@ -179,6 +179,7 @@ void cgroup_context_init(CGroupContext *c) {
.startup_blockio_weight = CGROUP_BLKIO_WEIGHT_INVALID,
.tasks_max = TASKS_MAX_UNSET,
.tasks_max = CGROUP_TASKS_MAX_UNSET,
+ .freezer_state = NULL,
.moom_swap = MANAGED_OOM_AUTO,
.moom_mem_pressure = MANAGED_OOM_AUTO,
@@ -287,6 +288,9 @@ void cgroup_context_done(CGroupContext *c) {
cpu_set_reset(&c->startup_cpuset_cpus2);
@@ -304,6 +305,9 @@ void cgroup_context_done(CGroupContext *c) {
cpu_set_reset(&c->cpuset_mems2);
cpu_set_reset(&c->startup_cpuset_mems2);
+
+ if (c->freezer_state)
+ c->freezer_state = mfree(c->freezer_state);
}
+
c->delegate_subgroup = mfree(c->delegate_subgroup);
static int unit_get_kernel_memory_limit(Unit *u, const char *file, uint64_t *ret) {
@@ -451,6 +455,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) {
nft_set_context_clear(&c->nft_set_context);
@@ -542,6 +546,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) {
"%sBlockIOAccounting: %s\n"
"%sMemoryAccounting: %s\n"
"%sCPUSetAccounting: %s\n"
@ -97,7 +98,7 @@ index a6396e1..7d1e59b 100644
"%sTasksAccounting: %s\n"
"%sIPAccounting: %s\n"
"%sCPUWeight: %" PRIu64 "\n"
@@ -481,6 +486,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) {
@@ -577,6 +582,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) {
"%sCPUSetCloneChildren=%s\n"
"%sCPUSetMemMigrate=%s\n"
"%sTasksMax: %" PRIu64 "\n"
@ -105,7 +106,7 @@ index a6396e1..7d1e59b 100644
"%sDevicePolicy: %s\n"
"%sDisableControllers: %s\n"
"%sDelegate: %s\n"
@@ -493,6 +499,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) {
@@ -591,6 +597,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) {
prefix, yes_no(c->blockio_accounting),
prefix, yes_no(c->memory_accounting),
prefix, yes_no(c->cpuset_accounting),
@ -113,15 +114,15 @@ index a6396e1..7d1e59b 100644
prefix, yes_no(c->tasks_accounting),
prefix, yes_no(c->ip_accounting),
prefix, c->cpu_weight,
@@ -523,6 +530,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) {
@@ -626,6 +633,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) {
prefix, yes_no(c->cpuset_clone_children),
prefix, yes_no(c->cpuset_memory_migrate),
prefix, tasks_max_resolve(&c->tasks_max),
prefix, cgroup_tasks_max_resolve(&c->tasks_max),
+ prefix, c->freezer_state,
prefix, cgroup_device_policy_to_string(c->device_policy),
prefix, strempty(disable_controllers_str),
prefix, yes_no(c->delegate),
@@ -1722,6 +1730,11 @@ static void cgroup_context_apply(
prefix, delegate_str,
@@ -1957,6 +1965,11 @@ static void cgroup_context_apply(
}
}
@ -133,7 +134,7 @@ index a6396e1..7d1e59b 100644
/* On cgroup v2 we can apply BPF everywhere. On cgroup v1 we apply it everywhere except for the root of
* containers, where we leave this to the manager */
if ((apply_mask & (CGROUP_MASK_DEVICES | CGROUP_MASK_BPF_DEVICES)) &&
@@ -1878,6 +1891,9 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) {
@@ -2115,6 +2128,9 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) {
c->cpuset_mems)
mask |= CGROUP_MASK_CPUSET;
@ -144,10 +145,10 @@ index a6396e1..7d1e59b 100644
c->device_policy != CGROUP_DEVICE_POLICY_AUTO)
mask |= CGROUP_MASK_DEVICES | CGROUP_MASK_BPF_DEVICES;
diff --git a/src/core/cgroup.h b/src/core/cgroup.h
index 501cba4..2251548 100644
index 04a7f25..7fb792a 100644
--- a/src/core/cgroup.h
+++ b/src/core/cgroup.h
@@ -116,6 +116,7 @@ struct CGroupContext {
@@ -135,6 +135,7 @@ struct CGroupContext {
bool blockio_accounting;
bool memory_accounting;
bool cpuset_accounting;
@ -155,9 +156,9 @@ index 501cba4..2251548 100644
bool tasks_accounting;
bool ip_accounting;
@@ -196,6 +197,9 @@ struct CGroupContext {
@@ -228,6 +229,9 @@ struct CGroupContext {
/* Common */
TasksMax tasks_max;
CGroupTasksMax tasks_max;
+ /* Freezer */
+ char *freezer_state;
@ -166,10 +167,10 @@ index 501cba4..2251548 100644
ManagedOOMMode moom_swap;
ManagedOOMMode moom_mem_pressure;
diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c
index c3b140e..c51a8b7 100644
index 05fd445..052049c 100644
--- a/src/core/dbus-cgroup.c
+++ b/src/core/dbus-cgroup.c
@@ -475,6 +475,8 @@ const sd_bus_vtable bus_cgroup_vtable[] = {
@@ -493,6 +493,8 @@ const sd_bus_vtable bus_cgroup_vtable[] = {
SD_BUS_PROPERTY("CPUSetMems", "s", NULL, offsetof(CGroupContext, cpuset_mems), 0),
SD_BUS_PROPERTY("CPUSetCloneChildren", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_clone_children), 0),
SD_BUS_PROPERTY("CPUSetMemMigrate", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_memory_migrate), 0),
@ -178,7 +179,7 @@ index c3b140e..c51a8b7 100644
SD_BUS_PROPERTY("DevicePolicy", "s", property_get_cgroup_device_policy, offsetof(CGroupContext, device_policy), 0),
SD_BUS_PROPERTY("DeviceAllow", "a(ss)", property_get_device_allow, 0, 0),
SD_BUS_PROPERTY("TasksAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, tasks_accounting), 0),
@@ -1137,6 +1139,9 @@ int bus_cgroup_set_property(
@@ -1287,6 +1289,9 @@ int bus_cgroup_set_property(
if (streq(name, "CPUSetAccounting"))
return bus_cgroup_set_boolean(u, name, &c->cpuset_accounting, CGROUP_MASK_CPUSET, message, flags, error);
@ -188,7 +189,7 @@ index c3b140e..c51a8b7 100644
if (STR_IN_SET(name, "CPUSetCpus", "CPUSetMems")) {
const char *cpuset_str = NULL;
@@ -1171,6 +1176,30 @@ int bus_cgroup_set_property(
@@ -1321,6 +1326,30 @@ int bus_cgroup_set_property(
if (streq(name, "CPUSetMemMigrate"))
return bus_cgroup_set_boolean(u, name, &c->cpuset_memory_migrate, CGROUP_MASK_CPUSET, message, flags, error);
@ -220,22 +221,22 @@ index c3b140e..c51a8b7 100644
return bus_cgroup_set_boolean(u, name, &c->tasks_accounting, CGROUP_MASK_PIDS, message, flags, error);
diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
index d6f45a7..7e57a32 100644
index fc49e7d..0f9d4e8 100644
--- a/src/core/dbus-manager.c
+++ b/src/core/dbus-manager.c
@@ -2911,6 +2911,7 @@ const sd_bus_vtable bus_manager_vtable[] = {
SD_BUS_PROPERTY("DefaultBlockIOAccounting", "b", bus_property_get_bool, offsetof(Manager, default_blockio_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("DefaultMemoryAccounting", "b", bus_property_get_bool, offsetof(Manager, default_memory_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("DefaultCpusetAccounting", "b", bus_property_get_bool, offsetof(Manager, default_cpuset_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
+ SD_BUS_PROPERTY("DefaultFreezerAccounting", "b", bus_property_get_bool, offsetof(Manager, default_freezer_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("DefaultTasksAccounting", "b", bus_property_get_bool, offsetof(Manager, default_tasks_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("DefaultLimitCPU", "t", bus_property_get_rlimit, offsetof(Manager, rlimit[RLIMIT_CPU]), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("DefaultLimitCPUSoft", "t", bus_property_get_rlimit, offsetof(Manager, rlimit[RLIMIT_CPU]), SD_BUS_VTABLE_PROPERTY_CONST),
@@ -3006,6 +3006,7 @@ const sd_bus_vtable bus_manager_vtable[] = {
SD_BUS_PROPERTY("DefaultIPAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.ip_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("DefaultMemoryAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.memory_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("DefaultCpusetAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.cpuset_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
+ SD_BUS_PROPERTY("DefaultFreezerAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.freezer_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("DefaultTasksAccounting", "b", bus_property_get_bool, offsetof(Manager, defaults.tasks_accounting), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("DefaultLimitCPU", "t", bus_property_get_rlimit, offsetof(Manager, defaults.rlimit[RLIMIT_CPU]), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("DefaultLimitCPUSoft", "t", bus_property_get_rlimit, offsetof(Manager, defaults.rlimit[RLIMIT_CPU]), SD_BUS_VTABLE_PROPERTY_CONST),
diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in
index 8600faa..eb68807 100644
index 1e46af4..1e5b7ab 100644
--- a/src/core/load-fragment-gperf.gperf.in
+++ b/src/core/load-fragment-gperf.gperf.in
@@ -213,6 +213,8 @@
@@ -226,6 +226,8 @@
{{type}}.CPUSetMems, config_parse_cpuset_cpumems, 0, offsetof({{type}}, cgroup_context.cpuset_mems)
{{type}}.CPUSetCloneChildren, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpuset_clone_children)
{{type}}.CPUSetMemMigrate, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpuset_memory_migrate)
@ -245,10 +246,10 @@ index 8600faa..eb68807 100644
{{type}}.DevicePolicy, config_parse_device_policy, 0, offsetof({{type}}, cgroup_context.device_policy)
{{type}}.IOAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.io_accounting)
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index b0feac7..d01b6c4 100644
index cbc75e1..8648fb1 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -3933,6 +3933,39 @@ int config_parse_cpuset_cpumems(
@@ -3973,6 +3973,39 @@ int config_parse_cpuset_cpumems(
return 0;
}
@ -289,70 +290,66 @@ index b0feac7..d01b6c4 100644
const char *unit,
const char *filename,
diff --git a/src/core/load-fragment.h b/src/core/load-fragment.h
index 405681f..d5437ea 100644
index 0b77c8b..f9ffbf4 100644
--- a/src/core/load-fragment.h
+++ b/src/core/load-fragment.h
@@ -82,6 +82,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_cg_cpu_weight);
@@ -85,6 +85,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_cg_cpu_weight);
CONFIG_PARSER_PROTOTYPE(config_parse_cpu_shares);
CONFIG_PARSER_PROTOTYPE(config_parse_memory_limit);
CONFIG_PARSER_PROTOTYPE(config_parse_cpuset_cpumems);
+CONFIG_PARSER_PROTOTYPE(config_parse_freezer_state);
CONFIG_PARSER_PROTOTYPE(config_parse_tasks_max);
CONFIG_PARSER_PROTOTYPE(config_parse_delegate);
CONFIG_PARSER_PROTOTYPE(config_parse_managed_oom_mode);
CONFIG_PARSER_PROTOTYPE(config_parse_delegate_subgroup);
diff --git a/src/core/main.c b/src/core/main.c
index e64882c..9f62b9d 100644
index de3f536..96b0a11 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -161,6 +161,7 @@ static bool arg_default_ip_accounting;
static bool arg_default_blockio_accounting;
static bool arg_default_memory_accounting;
static bool arg_default_cpuset_accounting;
+static bool arg_default_freezer_accounting;
static bool arg_default_tasks_accounting;
static TasksMax arg_default_tasks_max;
static sd_id128_t arg_machine_id;
@@ -683,6 +684,7 @@ static int parse_config_file(void) {
{ "Manager", "DefaultBlockIOAccounting", config_parse_bool, 0, &arg_default_blockio_accounting },
{ "Manager", "DefaultMemoryAccounting", config_parse_bool, 0, &arg_default_memory_accounting },
{ "Manager", "DefaultCpusetAccounting", config_parse_bool, 0, &arg_default_cpuset_accounting },
+ { "Manager", "DefaultFreezerAccounting", config_parse_bool, 0, &arg_default_freezer_accounting },
{ "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_default_tasks_accounting },
{ "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_default_tasks_max },
{ "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, arg_system, &arg_cad_burst_action },
@@ -765,6 +767,7 @@ static void set_manager_defaults(Manager *m) {
m->default_blockio_accounting = arg_default_blockio_accounting;
m->default_memory_accounting = arg_default_memory_accounting;
m->default_cpuset_accounting = arg_default_cpuset_accounting;
+ m->default_freezer_accounting = arg_default_freezer_accounting;
m->default_tasks_accounting = arg_default_tasks_accounting;
m->default_tasks_max = arg_default_tasks_max;
m->default_oom_policy = arg_default_oom_policy;
@@ -2461,6 +2464,7 @@ static void reset_arguments(void) {
arg_default_blockio_accounting = false;
arg_default_memory_accounting = MEMORY_ACCOUNTING_DEFAULT;
arg_default_cpuset_accounting = false;
+ arg_default_freezer_accounting = false;
arg_default_tasks_accounting = true;
arg_default_tasks_max = DEFAULT_TASKS_MAX;
arg_machine_id = (sd_id128_t) {};
@@ -679,6 +679,7 @@ static int parse_config_file(void) {
{ "Manager", "DefaultBlockIOAccounting", config_parse_bool, 0, &arg_defaults.blockio_accounting },
{ "Manager", "DefaultMemoryAccounting", config_parse_bool, 0, &arg_defaults.memory_accounting },
{ "Manager", "DefaultCpusetAccounting", config_parse_bool, 0, &arg_defaults.cpuset_accounting },
+ { "Manager", "DefaultFreezerAccounting", config_parse_bool, 0, &arg_defaults.freezer_accounting },
{ "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_defaults.tasks_accounting },
{ "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_defaults.tasks_max },
{ "Manager", "DefaultMemoryPressureThresholdSec", config_parse_sec, 0, &arg_defaults.memory_pressure_threshold_usec },
diff --git a/src/core/manager.c b/src/core/manager.c
index 03508c7..3d14ea1 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -4193,6 +4193,7 @@ int manager_set_unit_defaults(Manager *m, const UnitDefaults *defaults) {
m->defaults.cpu_accounting = defaults->cpu_accounting;
m->defaults.memory_accounting = defaults->memory_accounting;
m->defaults.cpuset_accounting = defaults->cpuset_accounting;
+ m->defaults.freezer_accounting = defaults->freezer_accounting;
m->defaults.io_accounting = defaults->io_accounting;
m->defaults.blockio_accounting = defaults->blockio_accounting;
m->defaults.tasks_accounting = defaults->tasks_accounting;
@@ -4963,6 +4964,7 @@ void unit_defaults_init(UnitDefaults *defaults, RuntimeScope scope) {
.cpu_accounting = cpu_accounting_is_cheap(),
.memory_accounting = MEMORY_ACCOUNTING_DEFAULT,
.cpuset_accounting = false,
+ .freezer_accounting = false,
.io_accounting = false,
.blockio_accounting = false,
.tasks_accounting = true,
diff --git a/src/core/manager.h b/src/core/manager.h
index c4edacc..0196c52 100644
index e560811..93e9d2a 100644
--- a/src/core/manager.h
+++ b/src/core/manager.h
@@ -366,6 +366,7 @@ struct Manager {
bool default_cpu_accounting;
bool default_memory_accounting;
bool default_cpuset_accounting;
+ bool default_freezer_accounting;
bool default_io_accounting;
bool default_blockio_accounting;
bool default_tasks_accounting;
@@ -166,6 +166,7 @@ typedef struct UnitDefaults {
bool io_accounting;
bool blockio_accounting;
bool cpuset_accounting;
+ bool freezer_accounting;
bool tasks_accounting;
bool ip_accounting;
diff --git a/src/core/system.conf.in b/src/core/system.conf.in
index a0ef2bf..a44511b 100644
index 69ea5d6..dbdc47c 100644
--- a/src/core/system.conf.in
+++ b/src/core/system.conf.in
@@ -56,6 +56,7 @@
@@ -58,6 +58,7 @@
#DefaultIPAccounting=no
#DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }}
#DefaultCpusetAccounting=
@ -361,30 +358,30 @@ index a0ef2bf..a44511b 100644
#DefaultTasksMax=80%
#DefaultLimitCPU=
diff --git a/src/core/unit.c b/src/core/unit.c
index 9ac41b4..eef05d0 100644
index 38017d0..c069018 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -180,6 +180,7 @@ static void unit_init(Unit *u) {
cc->blockio_accounting = u->manager->default_blockio_accounting;
cc->memory_accounting = u->manager->default_memory_accounting;
cc->cpuset_accounting = u->manager->default_cpuset_accounting;
+ cc->freezer_accounting = u->manager->default_freezer_accounting;
cc->tasks_accounting = u->manager->default_tasks_accounting;
cc->ip_accounting = u->manager->default_ip_accounting;
@@ -189,6 +189,7 @@ static void unit_init(Unit *u) {
cc->blockio_accounting = u->manager->defaults.blockio_accounting;
cc->memory_accounting = u->manager->defaults.memory_accounting;
cc->cpuset_accounting = u->manager->defaults.cpuset_accounting;
+ cc->freezer_accounting = u->manager->defaults.freezer_accounting;
cc->tasks_accounting = u->manager->defaults.tasks_accounting;
cc->ip_accounting = u->manager->defaults.ip_accounting;
diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
index e1aed3d..a174e3e 100644
index a8f493e..6390986 100644
--- a/src/shared/bus-unit-util.c
+++ b/src/shared/bus-unit-util.c
@@ -483,6 +483,7 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
"TasksAccounting",
@@ -568,6 +568,7 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
"IPAccounting",
"CoredumpReceive",
"CPUSetAccounting",
+ "FreezerAccounting",
"CPUSetCloneChildren",
"CPUSetMemMigrate"))
return bus_append_parse_boolean(m, field, eq);
@@ -600,6 +601,16 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
@@ -685,6 +686,16 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
return 1;
}
@ -402,22 +399,19 @@ index e1aed3d..a174e3e 100644
if (isempty(eq))
r = sd_bus_message_append(m, "(sv)", "CPUQuotaPerSecUSec", "t", USEC_INFINITY);
diff --git a/src/test/meson.build b/src/test/meson.build
index 34dbd6d..be99212 100644
index a59461a..a7ca76e 100644
--- a/src/test/meson.build
+++ b/src/test/meson.build
@@ -525,6 +525,12 @@ tests += [
[],
core_includes],
+ [files('test-cgroup-freezer.c'),
+ [libcore,
+ libshared],
+ [],
+ core_includes],
+
[files('test-cgroup-unit-default.c'),
[libcore,
libshared],
@@ -484,6 +484,9 @@ executables += [
'sources' : files('test-cgroup-mask.c'),
'dependencies' : common_test_dependencies,
},
+ core_test_template + {
+ 'sources' : files('test-cgroup-freezer.c'),
+ },
core_test_template + {
'sources' : files('test-cgroup-unit-default.c'),
},
diff --git a/src/test/test-cgroup-freezer.c b/src/test/test-cgroup-freezer.c
new file mode 100644
index 0000000..a533d16
@ -468,17 +462,17 @@ index 0000000..a533d16
+ return 0;
+}
diff --git a/src/test/test-cgroup-mask.c b/src/test/test-cgroup-mask.c
index e969569..e76f252 100644
index 37ec6d6..e0574d9 100644
--- a/src/test/test-cgroup-mask.c
+++ b/src/test/test-cgroup-mask.c
@@ -56,6 +56,7 @@ TEST_RET(cgroup_mask, .sd_booted = true) {
m->default_cpu_accounting =
m->default_memory_accounting =
m->default_cpuset_accounting =
+ m->default_freezer_accounting =
m->default_blockio_accounting =
m->default_io_accounting =
m->default_tasks_accounting = false;
m->defaults.cpu_accounting =
m->defaults.memory_accounting =
m->defaults.cpuset_accounting =
+ m->defaults.freezer_accounting =
m->defaults.blockio_accounting =
m->defaults.io_accounting =
m->defaults.tasks_accounting = false;
@@ -141,7 +142,7 @@ static void test_cg_mask_to_string_one(CGroupMask mask, const char *t) {
TEST(cg_mask_to_string) {
@ -489,7 +483,7 @@ index e969569..e76f252 100644
test_cg_mask_to_string_one(CGROUP_MASK_CPUACCT, "cpuacct");
test_cg_mask_to_string_one(CGROUP_MASK_CPUSET2, "cpuset2");
diff --git a/test/fuzz/fuzz-unit-file/directives-all.service b/test/fuzz/fuzz-unit-file/directives-all.service
index dcf99e1..1a5cd5d 100644
index 0e953f2..123c98e 100644
--- a/test/fuzz/fuzz-unit-file/directives-all.service
+++ b/test/fuzz/fuzz-unit-file/directives-all.service
@@ -115,6 +115,8 @@ FileDescriptorName=

110
core-cgroup-support-memorysw.patch
View File

@ -10,47 +10,47 @@ This patch enables setting memory.memsw.limit_in_bytes by MemoryMemswLimit.
src/core/cgroup.h | 1 +
src/core/dbus-cgroup.c | 4 ++++
src/core/load-fragment-gperf.gperf.in | 1 +
src/core/load-fragment.c | 10 ++++++----
src/core/load-fragment.c | 2 ++
src/shared/bus-print-properties.c | 2 +-
src/shared/bus-unit-util.c | 1 +
test/fuzz/fuzz-unit-file/directives-all.service | 1 +
8 files changed, 30 insertions(+), 7 deletions(-)
8 files changed, 26 insertions(+), 3 deletions(-)
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index 7d1e59b..f827219 100644
index 9e472ca..9de2283 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -154,6 +154,7 @@ void cgroup_context_init(CGroupContext *c) {
.memory_zswap_max = CGROUP_LIMIT_MAX,
@@ -171,6 +171,7 @@ void cgroup_context_init(CGroupContext *c) {
.startup_memory_zswap_max = CGROUP_LIMIT_MAX,
.memory_limit = CGROUP_LIMIT_MAX,
+ .memory_memsw_limit = CGROUP_LIMIT_MAX,
.io_weight = CGROUP_WEIGHT_INVALID,
.startup_io_weight = CGROUP_WEIGHT_INVALID,
@@ -481,6 +482,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) {
"%sMemorySwapMax: %" PRIu64 "%s\n"
@@ -577,6 +578,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) {
"%sMemoryZSwapMax: %" PRIu64 "%s\n"
"%sStartupMemoryZSwapMax: %" PRIu64 "%s\n"
"%sMemoryLimit: %" PRIu64 "\n"
+ "%sMemoryMemswLimit=%" PRIu64 "\n"
"%sCPUSetCpus=%s\n"
"%sCPUSetMems=%s\n"
"%sCPUSetCloneChildren=%s\n"
@@ -525,6 +527,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) {
prefix, c->memory_swap_max, format_cgroup_memory_limit_comparison(cde, sizeof(cde), u, "MemorySwapMax"),
prefix, c->memory_zswap_max, format_cgroup_memory_limit_comparison(cde, sizeof(cde), u, "MemoryZSwapMax"),
@@ -628,6 +630,7 @@ void cgroup_context_dump(Unit *u, FILE* f, const char *prefix) {
prefix, c->memory_zswap_max, format_cgroup_memory_limit_comparison(cdj, sizeof(cdj), u, "MemoryZSwapMax"),
prefix, c->startup_memory_zswap_max, format_cgroup_memory_limit_comparison(cdk, sizeof(cdk), u, "StartupMemoryZSwapMax"),
prefix, c->memory_limit,
+ prefix, c->memory_memsw_limit,
prefix, c->cpuset_cpus,
prefix, c->cpuset_mems,
prefix, yes_no(c->cpuset_clone_children),
@@ -1673,14 +1676,17 @@ static void cgroup_context_apply(
@@ -1908,14 +1911,17 @@ static void cgroup_context_apply(
} else {
char buf[DECIMAL_STR_MAX(uint64_t) + 1];
- uint64_t val;
+ uint64_t val, sw_val;
if (unit_has_unified_memory_config(u)) {
val = c->memory_max;
+ sw_val = CGROUP_LIMIT_MAX;
@ -61,12 +61,12 @@ index 7d1e59b..f827219 100644
val = c->memory_limit;
+ sw_val = c->memory_memsw_limit;
+ }
if (val == CGROUP_LIMIT_MAX)
strncpy(buf, "-1\n", sizeof(buf));
@@ -1688,6 +1694,12 @@ static void cgroup_context_apply(
@@ -1923,6 +1929,12 @@ static void cgroup_context_apply(
xsprintf(buf, "%" PRIu64 "\n", val);
(void) set_attribute_and_warn(u, "memory", "memory.limit_in_bytes", buf);
+
+ if (sw_val == CGROUP_LIMIT_MAX)
@ -76,43 +76,43 @@ index 7d1e59b..f827219 100644
+ (void) set_attribute_and_warn(u, "memory", "memory.memsw.limit_in_bytes", buf);
}
}
@@ -1883,6 +1895,7 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) {
@@ -2120,6 +2132,7 @@ static CGroupMask unit_get_cgroup_mask(Unit *u) {
if (c->memory_accounting ||
c->memory_limit != CGROUP_LIMIT_MAX ||
+ c->memory_memsw_limit != CGROUP_LIMIT_MAX ||
unit_has_unified_memory_config(u))
mask |= CGROUP_MASK_MEMORY;
diff --git a/src/core/cgroup.h b/src/core/cgroup.h
index 2251548..313b63c 100644
index 7fb792a..b585fdb 100644
--- a/src/core/cgroup.h
+++ b/src/core/cgroup.h
@@ -187,6 +187,7 @@ struct CGroupContext {
@@ -219,6 +219,7 @@ struct CGroupContext {
LIST_HEAD(CGroupBlockIODeviceBandwidth, blockio_device_bandwidths);
uint64_t memory_limit;
+ uint64_t memory_memsw_limit;
CGroupDevicePolicy device_policy;
LIST_HEAD(CGroupDeviceAllow, device_allow);
diff --git a/src/core/dbus-cgroup.c b/src/core/dbus-cgroup.c
index c51a8b7..e54657e 100644
index 052049c..e0a64e4 100644
--- a/src/core/dbus-cgroup.c
+++ b/src/core/dbus-cgroup.c
@@ -470,6 +470,7 @@ const sd_bus_vtable bus_cgroup_vtable[] = {
SD_BUS_PROPERTY("MemorySwapMax", "t", NULL, offsetof(CGroupContext, memory_swap_max), 0),
@@ -488,6 +488,7 @@ const sd_bus_vtable bus_cgroup_vtable[] = {
SD_BUS_PROPERTY("MemoryZSwapMax", "t", NULL, offsetof(CGroupContext, memory_zswap_max), 0),
SD_BUS_PROPERTY("StartupMemoryZSwapMax", "t", NULL, offsetof(CGroupContext, startup_memory_zswap_max), 0),
SD_BUS_PROPERTY("MemoryLimit", "t", NULL, offsetof(CGroupContext, memory_limit), 0),
+ SD_BUS_PROPERTY("MemoryMemswLimit", "t", NULL, offsetof(CGroupContext, memory_memsw_limit), 0),
SD_BUS_PROPERTY("CPUSetAccounting", "b", bus_property_get_bool, offsetof(CGroupContext, cpuset_accounting), 0),
SD_BUS_PROPERTY("CPUSetCpus", "s", NULL, offsetof(CGroupContext, cpuset_cpus), 0),
SD_BUS_PROPERTY("CPUSetMems", "s", NULL, offsetof(CGroupContext, cpuset_mems), 0),
@@ -1093,6 +1094,9 @@ int bus_cgroup_set_property(
@@ -1243,6 +1244,9 @@ int bus_cgroup_set_property(
if (streq(name, "MemoryLimit"))
return bus_cgroup_set_memory(u, name, &c->memory_limit, message, flags, error);
+ if (streq(name, "MemoryMemswLimit"))
+ return bus_cgroup_set_memory(u, name, &c->memory_memsw_limit, message, flags, error);
+
@ -120,57 +120,57 @@ index c51a8b7..e54657e 100644
r = bus_cgroup_set_memory_protection_scale(u, name, &c->memory_min, message, flags, error);
if (r > 0)
diff --git a/src/core/load-fragment-gperf.gperf.in b/src/core/load-fragment-gperf.gperf.in
index eb68807..c1bc771 100644
index 1e5b7ab..160c891 100644
--- a/src/core/load-fragment-gperf.gperf.in
+++ b/src/core/load-fragment-gperf.gperf.in
@@ -208,6 +208,7 @@
{{type}}.MemorySwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context)
@@ -221,6 +221,7 @@
{{type}}.MemoryZSwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context)
{{type}}.StartupMemoryZSwapMax, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context)
{{type}}.MemoryLimit, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context)
+{{type}}.MemoryMemswLimit, config_parse_memory_limit, 0, offsetof({{type}}, cgroup_context)
{{type}}.CPUSetAccounting, config_parse_bool, 0, offsetof({{type}}, cgroup_context.cpuset_accounting)
{{type}}.CPUSetCpus, config_parse_cpuset_cpumems, 0, offsetof({{type}}, cgroup_context.cpuset_cpus)
{{type}}.CPUSetMems, config_parse_cpuset_cpumems, 0, offsetof({{type}}, cgroup_context.cpuset_mems)
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index d01b6c4..8d2171f 100644
index 8648fb1..aaf906f 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -3854,6 +3854,8 @@ int config_parse_memory_limit(
c->memory_swap_max = bytes;
else if (streq(lvalue, "MemoryZSwapMax"))
@@ -3891,6 +3891,8 @@ int config_parse_memory_limit(
c->startup_memory_swap_max_set = true;
} else if (streq(lvalue, "MemoryZSwapMax"))
c->memory_zswap_max = bytes;
+ else if (streq(lvalue, "MemoryMemswLimit"))
+ c->memory_memsw_limit = bytes;
else if (streq(lvalue, "MemoryLimit")) {
log_syntax(unit, LOG_WARNING, filename, line, 0,
"Unit uses MemoryLimit=; please use MemoryMax= instead. Support for MemoryLimit= will be removed soon.");
else if (streq(lvalue, "StartupMemoryZSwapMax")) {
c->startup_memory_zswap_max = bytes;
c->startup_memory_zswap_max_set = true;
diff --git a/src/shared/bus-print-properties.c b/src/shared/bus-print-properties.c
index 9369866..9e26b71 100644
index 6704e1e..0cded0c 100644
--- a/src/shared/bus-print-properties.c
+++ b/src/shared/bus-print-properties.c
@@ -162,7 +162,7 @@ static int bus_print_property(const char *name, const char *expected_value, sd_b
@@ -164,7 +164,7 @@ static int bus_print_property(const char *name, const char *expected_value, sd_b
bus_print_property_value(name, expected_value, flags, "[not set]");
- else if ((STR_IN_SET(name, "DefaultMemoryLow", "DefaultMemoryMin", "MemoryLow", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryZSwapMax", "MemoryLimit", "MemoryAvailable") && u == CGROUP_LIMIT_MAX) ||
+ else if ((STR_IN_SET(name, "DefaultMemoryLow", "DefaultMemoryMin", "MemoryLow", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryZSwapMax", "MemoryLimit", "MemoryMemswLimit", "MemoryAvailable") && u == CGROUP_LIMIT_MAX) ||
- else if ((ENDSWITH_SET(name, "MemoryLow", "MemoryMin", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryZSwapMax", "MemoryLimit") &&
+ else if ((ENDSWITH_SET(name, "MemoryLow", "MemoryMin", "MemoryHigh", "MemoryMax", "MemorySwapMax", "MemoryZSwapMax", "MemoryLimit", "MemoryMemswLimit") &&
u == CGROUP_LIMIT_MAX) ||
(STR_IN_SET(name, "TasksMax", "DefaultTasksMax") && u == UINT64_MAX) ||
(startswith(name, "Limit") && u == UINT64_MAX) ||
(startswith(name, "DefaultLimit") && u == UINT64_MAX))
diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
index a174e3e..984dfa9 100644
index 6390986..3f97ada 100644
--- a/src/shared/bus-unit-util.c
+++ b/src/shared/bus-unit-util.c
@@ -547,6 +547,7 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
@@ -632,6 +632,7 @@ static int bus_append_cgroup_property(sd_bus_message *m, const char *field, cons
"MemorySwapMax",
"MemoryZSwapMax",
"MemoryLimit",
+ "MemoryMemswLimit",
"TasksMax")) {
if (streq(eq, "infinity")) {
diff --git a/test/fuzz/fuzz-unit-file/directives-all.service b/test/fuzz/fuzz-unit-file/directives-all.service
index 1a5cd5d..59c693d 100644
index 123c98e..397b5da 100644
--- a/test/fuzz/fuzz-unit-file/directives-all.service
+++ b/test/fuzz/fuzz-unit-file/directives-all.service
@@ -166,6 +166,7 @@ MemoryHigh=
@ -178,9 +178,9 @@ index 1a5cd5d..59c693d 100644
MemoryLow=
MemoryMax=
+MemoryMemswLimit=
MemoryPressureThresholdSec=
MemoryPressureWatch=
MemorySwapMax=
MemoryZSwapMax=
MessageQueueMaxMessages=
--
--
2.33.0

19
delay-to-restart-when-a-service-can-not-be-auto-restarted.patch
View File

@ -13,14 +13,14 @@ is same(both with 0), so the STOP job has no chance to be scheduled, and systemd
to handle the time task.
This patch fix this problem by delaying 1 second to restart the service to cause STOP job to be scheduled.
---
src/core/service.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
src/core/service.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/core/service.c b/src/core/service.c
index e368ec8..9b4b5b1 100644
index b9eb40c..47e9d63 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -2262,13 +2262,17 @@ fail:
@@ -2507,13 +2507,20 @@ fail:
static void service_enter_restart(Service *s) {
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
int r;
@ -34,11 +34,14 @@ index e368ec8..9b4b5b1 100644
- return;
+ restart_usec = (s->restart_usec == 0) ? 1*USEC_PER_SEC : s->restart_usec;
+ r = service_arm_timer(s, /* relative= */ false, usec_add(now(CLOCK_MONOTONIC), restart_usec));
+ if (r < 0)
+ goto fail;
+ if (r < 0) {
+ log_unit_warning(UNIT(s), "Failed to schedule restart job: %s", bus_error_message(&error, r));
+ service_enter_dead(s, SERVICE_FAILURE_RESOURCES, /* allow_restart= */ false);
+ return;
+ }
}
/* Any units that are bound to this service must also be
/* Any units that are bound to this service must also be restarted. We use JOB_START for ourselves
--
1.8.3.1
2.33.0

36
delete-journal-files-except-system.journal-when-jour.patch
View File

@ -10,19 +10,18 @@ logs). Therefore, when the journal~ file is generated, delete all journal files
except system.journal, to ensure that the sd_journal_next function meets user
expectations.
---
meson.build | 3 ++-
meson.build | 2 ++
src/basic/dirent-util.c | 24 +++++++++++++++++
src/basic/dirent-util.h | 2 ++
src/libsystemd/sd-journal/journal-file.c | 34 ++++++++++++++++++++++++
src/libsystemd/sd-journal/sd-journal.c | 22 ---------------
src/test/meson.build | 2 +-
6 files changed, 63 insertions(+), 23 deletions(-)
5 files changed, 62 insertions(+), 22 deletions(-)
diff --git a/meson.build b/meson.build
index 0372b17..8b1ce23 100644
index 7419e2b..4d6ce88 100644
--- a/meson.build
+++ b/meson.build
@@ -2001,6 +2001,8 @@ basic_includes = include_directories(
@@ -1893,6 +1893,8 @@ basic_includes = include_directories(
'src/basic',
'src/fundamental',
'src/systemd',
@ -31,15 +30,6 @@ index 0372b17..8b1ce23 100644
'.')
libsystemd_includes = [basic_includes, include_directories(
@@ -1801,7 +1801,7 @@ test_dlopen = executable(
'test-dlopen',
test_dlopen_c,
include_directories : includes,
- link_with : [libbasic],
+ link_with : [libbasic, libsystemd_static],
dependencies : [libdl],
build_by_default : want_tests != 'false')
diff --git a/src/basic/dirent-util.c b/src/basic/dirent-util.c
index 17df6a2..e362554 100644
--- a/src/basic/dirent-util.c
@ -83,7 +73,7 @@ index 17df6a2..e362554 100644
int r;
diff --git a/src/basic/dirent-util.h b/src/basic/dirent-util.h
index 0f1fb23..2effce3 100644
index 0a2fcbf..de6edb2 100644
--- a/src/basic/dirent-util.h
+++ b/src/basic/dirent-util.h
@@ -12,6 +12,8 @@ bool dirent_is_file(const struct dirent *de) _pure_;
@ -96,10 +86,10 @@ index 0f1fb23..2effce3 100644
struct dirent *readdir_no_dot(DIR *dirp);
diff --git a/src/libsystemd/sd-journal/journal-file.c b/src/libsystemd/sd-journal/journal-file.c
index 9e6bf6e..561a705 100644
index 93a3717..40347e9 100644
--- a/src/libsystemd/sd-journal/journal-file.c
+++ b/src/libsystemd/sd-journal/journal-file.c
@@ -38,6 +38,7 @@
@@ -40,6 +40,7 @@
#include "sync-util.h"
#include "user-util.h"
#include "xattr-util.h"
@ -107,7 +97,7 @@ index 9e6bf6e..561a705 100644
#define DEFAULT_DATA_HASH_TABLE_SIZE (2047ULL*sizeof(HashItem))
#define DEFAULT_FIELD_HASH_TABLE_SIZE (333ULL*sizeof(HashItem))
@@ -4069,8 +4070,35 @@ int journal_file_archive(JournalFile *f, char **ret_previous_path) {
@@ -4385,8 +4386,35 @@ int journal_file_archive(JournalFile *f, char **ret_previous_path) {
return 0;
}
@ -143,11 +133,11 @@ index 9e6bf6e..561a705 100644
assert(fname);
@@ -4091,6 +4119,12 @@ int journal_file_dispose(int dir_fd, const char *fname) {
@@ -4407,6 +4435,12 @@ int journal_file_dispose(int dir_fd, const char *fname) {
if (renameat(dir_fd, fname, dir_fd, p) < 0)
return -errno;
+ dual_timestamp_get(&boot_timestamp);
+ dual_timestamp_now(&boot_timestamp);
+ if (boot_timestamp.monotonic < 10*USEC_PER_MINUTE) {
+ delete_dumped_journal_files("/var/log/journal");
+ return 0;
@ -157,10 +147,10 @@ index 9e6bf6e..561a705 100644
}
diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c
index f6090dd..8b83f65 100644
index 494313d..33334ef 100644
--- a/src/libsystemd/sd-journal/sd-journal.c
+++ b/src/libsystemd/sd-journal/sd-journal.c
@@ -1510,28 +1510,6 @@ static bool dirent_is_journal_file(const struct dirent *de) {
@@ -1647,28 +1647,6 @@ static bool dirent_is_journal_file(const struct dirent *de) {
endswith(de->d_name, ".journal~");
}
@ -169,7 +159,7 @@ index f6090dd..8b83f65 100644
- assert(de);
-
- /* returns true if the specified directory entry looks like a directory that might contain journal
- * files we might be interested in, i.e. is either a 128bit ID or a 128bit ID suffixed by a
- * files we might be interested in, i.e. is either a 128-bit ID or a 128-bit ID suffixed by a
- * namespace. */
-
- if (!IN_SET(de->d_type, DT_DIR, DT_LNK, DT_UNKNOWN))

14
fuser-print-umount-message-to-reboot-umount-msg.patch
View File

@ -148,7 +148,7 @@ index b74b879..2729c9b 100644
int fuser(const char *dir);
diff --git a/src/core/job.c b/src/core/job.c
index d7ad85a..ee48860 100644
index 34513bc..73c992a 100644
--- a/src/core/job.c
+++ b/src/core/job.c
@@ -31,6 +31,8 @@
@ -160,7 +160,7 @@ index d7ad85a..ee48860 100644
Job* job_new_raw(Unit *unit) {
Job *j;
@@ -706,6 +708,9 @@ static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult
@@ -734,6 +736,9 @@ static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult
const char *ident, *format;
int r = 0;
pid_t pid;
@ -170,7 +170,7 @@ index d7ad85a..ee48860 100644
assert(u);
assert(t >= 0);
@@ -807,6 +812,39 @@ static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult
@@ -835,6 +840,39 @@ static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult
((u->type == UNIT_MOUNT || u->type == UNIT_AUTOMOUNT) && t == JOB_STOP && result == JOB_FAILED)) {
Mount *m = MOUNT(u);
@ -211,12 +211,12 @@ index d7ad85a..ee48860 100644
r = safe_fork("(fuser-shutdown)", FORK_RESET_SIGNALS, &pid);
if (r < 0) {
diff --git a/src/core/system.conf.in b/src/core/system.conf.in
index e9a5420..066a9a7 100644
index 3495b8e..74a25ce 100644
--- a/src/core/system.conf.in
+++ b/src/core/system.conf.in
@@ -76,7 +76,7 @@ DefaultLimitMEMLOCK=64M
#DefaultLimitRTPRIO=
#DefaultLimitRTTIME=
@@ -80,7 +80,7 @@ DefaultLimitMEMLOCK=64M
#DefaultMemoryPressureThresholdSec=200ms
#DefaultMemoryPressureWatch=auto
#DefaultOOMPolicy=stop
-#DefaultDFXReboot=no
+DefaultDFXReboot=yes

23
logind-set-RemoveIPC-to-false-by-default.patch
View File

@ -11,23 +11,23 @@ Resolves: #1523233
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/man/logind.conf.xml b/man/logind.conf.xml
index b00daf366d..a9fed78aa6 100644
index 72f657c..0b5c060 100644
--- a/man/logind.conf.xml
+++ b/man/logind.conf.xml
@@ -340,7 +340,7 @@
@@ -363,7 +363,7 @@
user fully logs out. Takes a boolean argument. If enabled, the user may not consume IPC resources after the
last of the user's sessions terminated. This covers System V semaphores, shared memory and message queues, as
well as POSIX shared memory and message queues. Note that IPC objects of the root user and other system users
- are excluded from the effect of this setting. Defaults to <literal>yes</literal>.</para></listitem>
+ are excluded from the effect of this setting. Defaults to <literal>no</literal>.</para></listitem>
</varlistentry>
- are excluded from the effect of this setting. Defaults to <literal>yes</literal>.</para>
+ are excluded from the effect of this setting. Defaults to <literal>no</literal>.</para>
<varlistentry>
<xi:include href="version-info.xml" xpointer="v212"/></listitem>
</varlistentry>
diff --git a/src/login/logind-core.c b/src/login/logind-core.c
index 4289461df6..556945be20 100644
index f15008e..08ee25c 100644
--- a/src/login/logind-core.c
+++ b/src/login/logind-core.c
@@ -35,7 +35,7 @@ void manager_reset_config(Manager *m) {
@@ -36,7 +36,7 @@ void manager_reset_config(Manager *m) {
m->n_autovts = 6;
m->reserve_vt = 6;
@ -37,10 +37,10 @@ index 4289461df6..556945be20 100644
m->user_stop_delay = 10 * USEC_PER_SEC;
diff --git a/src/login/logind.conf.in b/src/login/logind.conf.in
index ed1084b06e..07ff0d195e 100644
index e5fe924..ead4fda 100644
--- a/src/login/logind.conf.in
+++ b/src/login/logind.conf.in
@@ -33,6 +33,6 @@
@@ -45,7 +45,7 @@
#IdleActionSec=30min
#RuntimeDirectorySize=10%
#RuntimeDirectoryInodesMax=
@ -48,6 +48,7 @@ index ed1084b06e..07ff0d195e 100644
+#RemoveIPC=no
#InhibitorsMax=8192
#SessionsMax=8192
#StopIdleSessionSec=infinity
--
2.23.0
2.33.0

38
pid1-bump-DefaultTasksMax-to-80-of-the-kernel-pid.ma.patch
View File

@ -5,16 +5,16 @@ Subject: [PATCH] pid1 bump DefaultTasksMax to 80% of the kernel pid.max value
---
man/systemd-system.conf.xml | 2 +-
src/core/main.c | 2 +-
src/core/manager.c | 2 +-
src/core/system.conf.in | 2 +-
units/user-.slice.d/10-defaults.conf | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml
index c11dd46..b259631 100644
index 3c06b65..72f366e 100644
--- a/man/systemd-system.conf.xml
+++ b/man/systemd-system.conf.xml
@@ -389,7 +389,7 @@
@@ -501,7 +501,7 @@
<listitem><para>Configure the default value for the per-unit <varname>TasksMax=</varname> setting. See
<citerefentry><refentrytitle>systemd.resource-control</refentrytitle><manvolnum>5</manvolnum></citerefentry>
for details. This setting applies to all unit types that support resource control settings, with the exception
@ -23,24 +23,24 @@ index c11dd46..b259631 100644
and root cgroup <varname>pids.max</varname>.
Kernel has a default value for <varname>kernel.pid_max=</varname> and an algorithm of counting in case of more than 32 cores.
For example, with the default <varname>kernel.pid_max=</varname>, <varname>DefaultTasksMax=</varname> defaults to 4915,
diff --git a/src/core/main.c b/src/core/main.c
index da6c50a..f4fe751 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -92,7 +92,7 @@
#include <sanitizer/lsan_interface.h>
#endif
diff --git a/src/core/manager.c b/src/core/manager.c
index 45c8966..ce20d6b 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -114,7 +114,7 @@
/* How many units and jobs to process of the bus queue before returning to the event loop. */
#define MANAGER_BUS_MESSAGE_BUDGET 100U
-#define DEFAULT_TASKS_MAX ((TasksMax) { 15U, 100U }) /* 15% */
+#define DEFAULT_TASKS_MAX ((TasksMax) { 80U, 100U }) /* 80% */
-#define DEFAULT_TASKS_MAX ((CGroupTasksMax) { 15U, 100U }) /* 15% */
+#define DEFAULT_TASKS_MAX ((CGroupTasksMax) { 80U, 100U }) /* 80% */
static enum {
ACTION_RUN,
static int manager_dispatch_notify_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
static int manager_dispatch_cgroups_agent_fd(sd_event_source *source, int fd, uint32_t revents, void *userdata);
diff --git a/src/core/system.conf.in b/src/core/system.conf.in
index e88280b..f2c75fc 100644
index 05eb681..472d1ca 100644
--- a/src/core/system.conf.in
+++ b/src/core/system.conf.in
@@ -54,7 +54,7 @@
@@ -58,7 +58,7 @@
#DefaultIPAccounting=no
#DefaultMemoryAccounting={{ 'yes' if MEMORY_ACCOUNTING_DEFAULT else 'no' }}
#DefaultTasksAccounting=yes
@ -50,15 +50,15 @@ index e88280b..f2c75fc 100644
#DefaultLimitFSIZE=
#DefaultLimitDATA=
diff --git a/units/user-.slice.d/10-defaults.conf b/units/user-.slice.d/10-defaults.conf
index cb3651b..be8fa28 100644
index f688eac..20c39ec 100644
--- a/units/user-.slice.d/10-defaults.conf
+++ b/units/user-.slice.d/10-defaults.conf
@@ -14,4 +14,4 @@ After=systemd-user-sessions.service
@@ -13,4 +13,4 @@ Documentation=man:user@.service(5)
StopWhenUnneeded=yes
[Slice]
-TasksMax=33%
+TasksMax=80%
--
2.27.0
2.33.0

336
print-the-process-status-to-console-when-shutdown.patch
View File

@ -4,26 +4,26 @@ Date: Thu, 2 Sep 2021 12:14:19 +0800
Subject: [PATCH] print process status to console when shutdown
---
meson.build | 6 +-
src/basic/getopt-defs.h | 6 +-
src/basic/process-util.c | 58 ++++
src/basic/process-util.h | 2 +
src/core/fuser.c | 506 +++++++++++++++++++++++++++++++++
src/core/fuser.h | 55 ++++
src/core/job.c | 36 +++
src/core/main.c | 13 +-
src/core/manager.c | 1 +
src/core/main.c | 10 +-
src/core/manager.c | 4 +
src/core/manager.h | 2 +
src/core/meson.build | 1 +
src/core/system.conf.in | 1 +
src/shutdown/meson.build | 9 +-
src/shutdown/meson.build | 13 +
src/shutdown/process-status.c | 143 ++++++++++
src/shutdown/process-status.h | 24 ++
src/shutdown/shutdown.c | 45 +++
src/shutdown/shutdown.c | 43 +++
src/shutdown/umount.c | 5 +
src/test/meson.build | 15 +
src/test/meson.build | 25 ++
src/test/test-fuser.c | 14 +
src/test/test-process-status.c | 10 +
19 files changed, 939 insertions(+), 7 deletions(-)
19 files changed, 953 insertions(+), 5 deletions(-)
create mode 100644 src/core/fuser.c
create mode 100644 src/core/fuser.h
create mode 100644 src/shutdown/process-status.c
@ -31,28 +31,32 @@ Subject: [PATCH] print process status to console when shutdown
create mode 100644 src/test/test-fuser.c
create mode 100644 src/test/test-process-status.c
diff --git a/meson.build b/meson.build
index bfc8685..0372b17 100644
--- a/meson.build
+++ b/meson.build
@@ -3882,8 +3882,10 @@ endif
executable(
'systemd-shutdown',
systemd_shutdown_sources,
- include_directories : includes,
- link_with : [libshared],
+ include_directories : [includes,
+ core_includes],
+ link_with : [libcore,
+ libshared],
dependencies : [libmount,
versiondep],
install_rpath : rootpkglibdir,
diff --git a/src/basic/getopt-defs.h b/src/basic/getopt-defs.h
index 3efeb6d..dfd17b5 100644
--- a/src/basic/getopt-defs.h
+++ b/src/basic/getopt-defs.h
@@ -37,7 +37,8 @@
#define SHUTDOWN_GETOPT_ARGS \
ARG_EXIT_CODE, \
- ARG_TIMEOUT
+ ARG_TIMEOUT, \
+ ARG_DFX_REBOOT
#define COMMON_GETOPT_OPTIONS \
{ "log-level", required_argument, NULL, ARG_LOG_LEVEL }, \
@@ -72,4 +73,5 @@
#define SHUTDOWN_GETOPT_OPTIONS \
{ "exit-code", required_argument, NULL, ARG_EXIT_CODE }, \
- { "timeout", required_argument, NULL, ARG_TIMEOUT }
+ { "timeout", required_argument, NULL, ARG_TIMEOUT }, \
+ { "dfx-reboot", required_argument, NULL, ARG_DFX_REBOOT }
diff --git a/src/basic/process-util.c b/src/basic/process-util.c
index b6bf83c..eb48f4d 100644
index 201c559..4e93c9b 100644
--- a/src/basic/process-util.c
+++ b/src/basic/process-util.c
@@ -1569,3 +1569,61 @@ static const char* const sched_policy_table[] = {
@@ -2060,3 +2060,61 @@ static const char* const sched_policy_table[] = {
};
DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(sched_policy, int, INT_MAX);
@ -115,15 +119,18 @@ index b6bf83c..eb48f4d 100644
+ return n;
+}
diff --git a/src/basic/process-util.h b/src/basic/process-util.h
index 96da0bb..55cb72b 100644
index af6cba1..060c0c2 100644
--- a/src/basic/process-util.h
+++ b/src/basic/process-util.h
@@ -189,3 +189,5 @@ int pidfd_verify_pid(int pidfd, pid_t pid);
int setpriority_closest(int priority);
@@ -218,6 +218,8 @@ int setpriority_closest(int priority);
_noreturn_ void freeze(void);
+
+unsigned int read_cmdline(char *restrict const dst, unsigned sz, const char* whom, const char *what, char sep);
+
int get_process_threads(pid_t pid);
int is_reaper_process(void);
diff --git a/src/core/fuser.c b/src/core/fuser.c
new file mode 100644
index 0000000..e943469
@ -698,7 +705,7 @@ index 0000000..b74b879
+
+int fuser(const char *dir);
diff --git a/src/core/job.c b/src/core/job.c
index 032554a..d7ad85a 100644
index e7d1f65..b86aadd 100644
--- a/src/core/job.c
+++ b/src/core/job.c
@@ -27,6 +27,9 @@
@ -711,7 +718,7 @@ index 032554a..d7ad85a 100644
Job* job_new_raw(Unit *unit) {
Job *j;
@@ -701,6 +704,8 @@ static const char* job_done_mid(JobType type, JobResult result) {
@@ -729,6 +732,8 @@ static const char* job_done_mid(JobType type, JobResult result) {
static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult result) {
_cleanup_free_ char *free_ident = NULL;
const char *ident, *format;
@ -720,12 +727,12 @@ index 032554a..d7ad85a 100644
assert(u);
assert(t >= 0);
@@ -797,6 +802,37 @@ static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult
@@ -825,6 +830,37 @@ static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult
"See 'systemctl status %s' for details.", quoted);
}
}
+
+ if (FLAGS_SET(manager_state(u->manager), MANAGER_STOPPING) && u->manager->default_dfx_reboot &&
+ if (FLAGS_SET(manager_state(u->manager), MANAGER_STOPPING) && u->manager->defaults.dfx_reboot &&
+ ((u->type == UNIT_MOUNT || u->type == UNIT_AUTOMOUNT) && t == JOB_STOP && result == JOB_FAILED)) {
+
+ Mount *m = MOUNT(u);
@ -759,104 +766,87 @@ index 032554a..d7ad85a 100644
static int job_perform_on_unit(Job **j) {
diff --git a/src/core/main.c b/src/core/main.c
index 9f62b9d..eaae658 100644
index 96b0a11..ddbabaa 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -123,6 +123,7 @@ bool arg_dump_core;
int arg_crash_chvt;
bool arg_crash_shell;
bool arg_crash_reboot;
+static bool arg_default_dfx_reboot;
static char *arg_confirm_spawn;
static ShowStatus arg_show_status;
static StatusUnitFormat arg_status_unit_format;
@@ -630,6 +631,7 @@ static int parse_config_file(void) {
@@ -622,6 +622,7 @@ static int parse_config_file(void) {
{ "Manager", "CrashChangeVT", config_parse_crash_chvt, 0, &arg_crash_chvt },
{ "Manager", "CrashShell", config_parse_bool, 0, &arg_crash_shell },
{ "Manager", "CrashReboot", config_parse_bool, 0, &arg_crash_reboot },
+ { "Manager", "DefaultDFXReboot", config_parse_bool, 0, &arg_default_dfx_reboot },
+ { "Manager", "DefaultDFXReboot", config_parse_bool, 0, &arg_defaults.dfx_reboot },
{ "Manager", "ShowStatus", config_parse_show_status, 0, &arg_show_status },
{ "Manager", "StatusUnitFormat", config_parse_status_unit_format, 0, &arg_status_unit_format },
{ "Manager", "CPUAffinity", config_parse_cpu_affinity2, 0, &arg_cpu_affinity },
@@ -754,6 +756,7 @@ static void set_manager_defaults(Manager *m) {
m->default_restart_usec = arg_default_restart_usec;
m->default_start_limit_interval = arg_default_start_limit_interval;
m->default_start_limit_burst = arg_default_start_limit_burst;
+ m->default_dfx_reboot = arg_default_dfx_reboot;
@@ -1471,7 +1472,8 @@ static int become_shutdown(int objective, int retval) {
/* On 4.15+ with unified hierarchy, CPU accounting is essentially free as it doesn't require the CPU
* controller to be enabled, so the default is to enable it unless we got told otherwise. */
@@ -1512,19 +1515,21 @@ static int become_shutdown(int objective, int retval) {
char log_level[DECIMAL_STR_MAX(int) + 1],
exit_code[DECIMAL_STR_MAX(uint8_t) + 1],
- timeout[DECIMAL_STR_MAX(usec_t) + 1];
+ timeout[DECIMAL_STR_MAX(usec_t) + 1],
+ dfx_reboot[DECIMAL_STR_MAX(bool)+1];
- const char* command_line[13] = {
+ const char* command_line[15] = {
SYSTEMD_SHUTDOWN_BINARY_PATH,
table[objective],
"--timeout", timeout,
"--log-level", log_level,
+ "--dfx-reboot", dfx_reboot,
"--log-target",
};
char log_level[STRLEN("--log-level=") + DECIMAL_STR_MAX(int)],
timeout[STRLEN("--timeout=") + DECIMAL_STR_MAX(usec_t) + STRLEN("us")],
- exit_code[STRLEN("--exit-code=") + DECIMAL_STR_MAX(uint8_t)];
+ exit_code[STRLEN("--exit-code=") + DECIMAL_STR_MAX(uint8_t)],
+ dfx_reboot[STRLEN("--dfx-reboot=") + DECIMAL_STR_MAX(bool)];
_cleanup_strv_free_ char **env_block = NULL;
usec_t watchdog_timer = 0;
- size_t pos = 7;
+ size_t pos = 9;
int r;
@@ -1482,15 +1484,17 @@ static int become_shutdown(int objective, int retval) {
assert(objective >= 0 && objective < _MANAGER_OBJECTIVE_MAX);
@@ -1534,6 +1539,7 @@ static int become_shutdown(int objective, int retval) {
xsprintf(log_level, "--log-level=%d", log_get_max_level());
xsprintf(timeout, "--timeout=%" PRI_USEC "us", arg_defaults.timeout_stop_usec);
+ xsprintf(dfx_reboot, "--dfx-reboot=%d", arg_defaults.dfx_reboot);
xsprintf(log_level, "%d", log_get_max_level());
xsprintf(timeout, "%" PRI_USEC "us", arg_default_timeout_stop_usec);
+ xsprintf(dfx_reboot, "%d", arg_default_dfx_reboot);
- const char* command_line[10] = {
+ const char* command_line[11] = {
SYSTEMD_SHUTDOWN_BINARY_PATH,
table[objective],
log_level,
timeout,
+ dfx_reboot,
/* Note that the last position is a terminator and must contain NULL. */
};
- size_t pos = 4;
+ size_t pos = 5;
switch (log_get_target()) {
@@ -2421,6 +2427,7 @@ static void reset_arguments(void) {
arg_crash_chvt = -1;
arg_crash_shell = false;
arg_crash_reboot = false;
+ arg_default_dfx_reboot = false;
arg_confirm_spawn = mfree(arg_confirm_spawn);
arg_show_status = _SHOW_STATUS_INVALID;
arg_status_unit_format = STATUS_UNIT_FORMAT_DEFAULT;
assert(command_line[pos-1]);
assert(!command_line[pos]);
diff --git a/src/core/manager.c b/src/core/manager.c
index 011de6b..4fa20f8 100644
index b29d4e1..53fd07d 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -828,6 +828,7 @@ int manager_new(LookupScope scope, ManagerTestRunFlags test_run_flags, Manager *
*m = (Manager) {
.unit_file_scope = scope,
.objective = _MANAGER_OBJECTIVE_INVALID,
+ .default_dfx_reboot = false,
@@ -4206,6 +4206,8 @@ int manager_set_unit_defaults(Manager *m, const UnitDefaults *defaults) {
m->defaults.oom_score_adjust = defaults->oom_score_adjust;
m->defaults.oom_score_adjust_set = defaults->oom_score_adjust_set;
.status_unit_format = STATUS_UNIT_FORMAT_DEFAULT,
+ m->defaults.dfx_reboot = defaults->dfx_reboot;
+
m->defaults.memory_pressure_watch = defaults->memory_pressure_watch;
m->defaults.memory_pressure_threshold_usec = defaults->memory_pressure_threshold_usec;
@@ -4978,6 +4980,8 @@ void unit_defaults_init(UnitDefaults *defaults, RuntimeScope scope) {
.oom_policy = OOM_STOP,
.oom_score_adjust_set = false,
+
+ .dfx_reboot = false,
};
}
diff --git a/src/core/manager.h b/src/core/manager.h
index 0196c52..d3f6aa2 100644
index 93e9d2a..19fb33b 100644
--- a/src/core/manager.h
+++ b/src/core/manager.h
@@ -339,6 +339,8 @@ struct Manager {
/* Have we ever changed the "kernel.pid_max" sysctl? */
bool sysctl_pid_max_changed;
@@ -177,6 +177,8 @@ typedef struct UnitDefaults {
int oom_score_adjust;
bool oom_score_adjust_set;
+ bool default_dfx_reboot;
+ bool dfx_reboot;
+
ManagerTestRunFlags test_run_flags;
CGroupPressureWatch memory_pressure_watch;
usec_t memory_pressure_threshold_usec;
/* If non-zero, exit with the following value when the systemd
diff --git a/src/core/meson.build b/src/core/meson.build
index 981b46f..b03fcdd 100644
index 7701d3d..83103ef 100644
--- a/src/core/meson.build
+++ b/src/core/meson.build
@@ -66,6 +66,7 @@ libcore_sources = files(
@@ -68,6 +68,7 @@ libcore_sources = files(
'unit-printf.c',
'unit-serialize.c',
'unit.c',
@ -865,41 +855,59 @@ index 981b46f..b03fcdd 100644
if conf.get('BPF_FRAMEWORK') == 1
diff --git a/src/core/system.conf.in b/src/core/system.conf.in
index a44511b..e9a5420 100644
index dbdc47c..3495b8e 100644
--- a/src/core/system.conf.in
+++ b/src/core/system.conf.in
@@ -76,6 +76,7 @@ DefaultLimitMEMLOCK=64M
#DefaultLimitRTPRIO=
#DefaultLimitRTTIME=
@@ -80,6 +80,7 @@ DefaultLimitMEMLOCK=64M
#DefaultMemoryPressureThresholdSec=200ms
#DefaultMemoryPressureWatch=auto
#DefaultOOMPolicy=stop
+#DefaultDFXReboot=no
#DefaultSmackProcessLabel=
#ReloadLimitIntervalSec=
#ReloadLimitBurst=
diff --git a/src/shutdown/meson.build b/src/shutdown/meson.build
index d62032a..0ec8e76 100644
index 219f9fd..c932e28 100644
--- a/src/shutdown/meson.build
+++ b/src/shutdown/meson.build
@@ -1,13 +1,18 @@
@@ -1,5 +1,7 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
+shutdown_includes = [includes, include_directories('.')]
+
systemd_shutdown_sources = files(
'detach-dm.c',
'detach-loopback.c',
@@ -7,12 +9,18 @@ systemd_shutdown_sources = files(
'detach-swap.c',
'shutdown.c',
'umount.c',
+ 'process-status.c',
)
tests += [
[files('test-umount.c',
'umount.c'),
- [],
- [libmount]],
+ [libshared,
+ libcore],
+ [libmount],
+ core_includes],
executables += [
libexec_template + {
'name' : 'systemd-shutdown',
'sources' : systemd_shutdown_sources,
+ 'include_directories' : core_includes,
+ 'link_with' : [
+ libcore,
+ libshared
+ ],
'dependencies' : libmount,
},
libexec_template + {
@@ -34,6 +42,11 @@ executables += [
'detach-swap.c',
'umount.c',
),
+ 'include_directories' : core_includes,
+ 'link_with' : [
+ libcore,
+ libshared
+ ],
'dependencies' : libmount,
},
]
diff --git a/src/shutdown/process-status.c b/src/shutdown/process-status.c
new file mode 100644
@ -1081,10 +1089,10 @@ index 0000000..2f4333d
+
+int process_status(void);
diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c
index 42111d2..1bbabfb 100644
index b976b7d..d6beb2d 100644
--- a/src/shutdown/shutdown.c
+++ b/src/shutdown/shutdown.c
@@ -40,13 +40,17 @@
@@ -48,13 +48,17 @@
#include "umount.h"
#include "virt.h"
#include "watchdog.h"
@ -1102,23 +1110,7 @@ index 42111d2..1bbabfb 100644
static int parse_argv(int argc, char *argv[]) {
enum {
@@ -57,6 +61,7 @@ static int parse_argv(int argc, char *argv[]) {
ARG_LOG_TIME,
ARG_EXIT_CODE,
ARG_TIMEOUT,
+ ARG_DFX_REBOOT,
};
static const struct option options[] = {
@@ -67,6 +72,7 @@ static int parse_argv(int argc, char *argv[]) {
{ "log-time", optional_argument, NULL, ARG_LOG_TIME },
{ "exit-code", required_argument, NULL, ARG_EXIT_CODE },
{ "timeout", required_argument, NULL, ARG_TIMEOUT },
+ { "dfx-reboot", required_argument, NULL, ARG_DFX_REBOOT },
{}
};
@@ -80,6 +86,13 @@ static int parse_argv(int argc, char *argv[]) {
@@ -82,6 +86,13 @@ static int parse_argv(int argc, char *argv[]) {
while ((c = getopt_long(argc, argv, "-", options, NULL)) >= 0)
switch (c) {
@ -1132,7 +1124,7 @@ index 42111d2..1bbabfb 100644
case ARG_LOG_LEVEL:
r = log_set_max_level_from_string(optarg);
if (r < 0)
@@ -340,6 +353,9 @@ int main(int argc, char *argv[]) {
@@ -341,6 +352,9 @@ int main(int argc, char *argv[]) {
_cleanup_free_ char *cgroup = NULL;
char *arguments[3];
int cmd, r;
@ -1140,9 +1132,9 @@ index 42111d2..1bbabfb 100644
+ pid_t pid;
+ bool fork_failed = false;
/* The log target defaults to console, but the original systemd process will pass its log target in through a
* command line argument, which will override this default. Also, ensure we'll never log to the journal or
@@ -425,8 +441,37 @@ int main(int argc, char *argv[]) {
/* Close random fds we might have get passed, just for paranoia, before we open any new fds, for
* example for logging. After all this tool's purpose is about detaching any pinned resources, and
@@ -432,8 +446,37 @@ int main(int argc, char *argv[]) {
need_dm_detach = !in_container, need_md_detach = !in_container, can_initrd, last_try = false;
can_initrd = !in_container && !in_initrd() && access("/run/initramfs/shutdown", X_OK) == 0;
@ -1181,18 +1173,18 @@ index 42111d2..1bbabfb 100644
(void) watchdog_ping();
diff --git a/src/shutdown/umount.c b/src/shutdown/umount.c
index 61bd9d2..ecba3d4 100644
index 1a9b99d..220ae2e 100644
--- a/src/shutdown/umount.c
+++ b/src/shutdown/umount.c
@@ -48,6 +48,7 @@
#include "sync-util.h"
@@ -28,6 +28,7 @@
#include "signal-util.h"
#include "umount.h"
#include "virt.h"
+#include "manager.h"
static void mount_point_free(MountPoint **head, MountPoint *m) {
assert(head);
@@ -678,6 +679,7 @@ static int umount_with_timeout(MountPoint *m, bool last_try) {
@@ -321,6 +322,7 @@ static int umount_with_timeout(MountPoint *m, bool last_try) {
pfd[0] = safe_close(pfd[0]);
log_info("Unmounting '%s'.", m->path);
@ -1200,7 +1192,7 @@ index 61bd9d2..ecba3d4 100644
/* Start the mount operation here in the child Using MNT_FORCE causes some filesystems
* (e.g. FUSE and NFS and other network filesystems) to abort any pending requests and return
@@ -689,9 +691,12 @@ static int umount_with_timeout(MountPoint *m, bool last_try) {
@@ -332,9 +334,12 @@ static int umount_with_timeout(MountPoint *m, bool last_try) {
(m->umount_lazily ? MNT_DETACH : MNT_FORCE)));
if (r < 0) {
log_full_errno(last_try ? LOG_ERR : LOG_INFO, r, "Failed to unmount %s: %m", m->path);
@ -1214,31 +1206,39 @@ index 61bd9d2..ecba3d4 100644
(void) write(pfd[1], &r, sizeof(r)); /* try to send errno up */
diff --git a/src/test/meson.build b/src/test/meson.build
index be99212..e0a40b8 100644
index a7ca76e..f9e1974 100644
--- a/src/test/meson.build
+++ b/src/test/meson.build
@@ -700,6 +700,21 @@ tests += [
[files('test-sha256.c')],
[files('test-open-file.c')],
+
+ [files('test-process-status.c',
+ '../shutdown/process-status.c'),
+ [libcore,
+ libshared],
+ [],
+ [shutdown_includes,
+ core_includes]],
+
+ [files('test-fuser.c',
+ '../core/fuser.c'),
+ [libcore,
+ libshared],
+ [],
+ core_includes],
@@ -596,4 +596,29 @@ executables += [
libudev_basic,
],
},
+ test_template + {
+ 'sources' : files(
+ 'test-process-status.c',
+ '../shutdown/process-status.c'
+ ),
+ 'link_with' : [
+ libcore,
+ libshared,
+ ],
+ 'include_directories' : [
+ shutdown_includes,
+ core_includes,
+ ]
+ },
+ test_template + {
+ 'sources' : files(
+ 'test-fuser.c',
+ '../core/fuser.c'
+ ),
+ 'link_with' : [
+ libcore,
+ libshared,
+ ],
+ 'include_directories' : core_includes,
+ },
]
############################################################
diff --git a/src/test/test-fuser.c b/src/test/test-fuser.c
new file mode 100644
index 0000000..1527b5b

14
process-util-log-more-information-when-runnin.patch
View File

@ -35,7 +35,7 @@ index b6bf83c..aaf5e87 100644
+ const char *arg_cmdline = "[";
+ _cleanup_free_ char *cmdline = NULL;
+
+ r = get_process_cmdline(pid, SIZE_MAX, 0, &cmdline);
+ r = pid_get_cmdline(pid, SIZE_MAX, 0, &cmdline);
+ if (r < 0) {
+ syslog(LOG_INFO, "Failed to get cmdline of PID %d. Ignoring.", pid);
+ return r;
@ -68,12 +68,12 @@ index 96da0bb..135386c 100644
+++ b/src/basic/process-util.h
@@ -40,6 +40,7 @@ typedef enum ProcessCmdlineFlags {
int get_process_comm(pid_t pid, char **ret);
int get_process_cmdline(pid_t pid, size_t max_columns, ProcessCmdlineFlags flags, char **ret);
int pid_get_comm(pid_t pid, char **ret);
int pidref_get_comm(const PidRef *pid, char **ret);
+int print_process_cmdline_with_arg(pid_t pid, int argc, char *argv[], char *filter[]);
int get_process_exe(pid_t pid, char **ret);
int get_process_uid(pid_t pid, uid_t *ret);
int get_process_gid(pid_t pid, gid_t *ret);
int pid_get_cmdline(pid_t pid, size_t max_columns, ProcessCmdlineFlags flags, char **ret);
int pidref_get_cmdline(const PidRef *pid, size_t max_columns, ProcessCmdlineFlags flags, char **ret);
int pid_get_cmdline_strv(pid_t pid, ProcessCmdlineFlags flags, char ***ret);
diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
index 4e7fd04..6143505 100644
--- a/src/systemctl/systemctl.c
@ -88,7 +88,7 @@ index 4e7fd04..6143505 100644
#include "sd-daemon.h"
@@ -1153,6 +1154,14 @@ static int run(int argc, char *argv[]) {
_cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL;
_cleanup_(umount_and_rmdir_and_freep) char *mounted_dir = NULL;
_cleanup_(umount_and_freep) char *mounted_dir = NULL;
int r;
+ pid_t ppid;
+ char *filter[] = {

4
rules-add-the-rule-that-adds-elevator-kernel-command.patch
View File

@ -11,7 +11,7 @@ Resolves: #1670126
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/rules.d/meson.build b/rules.d/meson.build
index 39e174d..e356183 100644
index 6a78e78..3e5c90b 100644
--- a/rules.d/meson.build
+++ b/rules.d/meson.build
@@ -5,7 +5,8 @@ install_data(
@ -23,7 +23,7 @@ index 39e174d..e356183 100644
+ '60-autosuspend.rules',
'60-block.rules',
'60-cdrom_id.rules',
'60-drm.rules',
'60-dmi-id.rules',
--
2.33.0

10
shutdown-reboot-when-recieve-crash-signal.patch
View File

@ -8,10 +8,10 @@ Subject: [PATCH] shutdown: reboot when recieve crash signal
1 file changed, 33 insertions(+)
diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c
index 1bbabfb..8f68559 100644
index d6beb2d..ed1ce93 100644
--- a/src/shutdown/shutdown.c
+++ b/src/shutdown/shutdown.c
@@ -322,6 +322,26 @@ static void bump_sysctl_printk_log_level(int min_level) {
@@ -321,6 +321,26 @@ static void bump_sysctl_printk_log_level(int min_level) {
log_debug_errno(r, "Failed to bump kernel.printk to %i: %m", min_level + 1);
}
@ -38,7 +38,7 @@ index 1bbabfb..8f68559 100644
static void init_watchdog(void) {
const char *s;
int r;
@@ -356,6 +376,19 @@ int main(int argc, char *argv[]) {
@@ -355,6 +375,19 @@ int main(int argc, char *argv[]) {
usec_t now_time, time_interval;
pid_t pid;
bool fork_failed = false;
@ -56,8 +56,8 @@ index 1bbabfb..8f68559 100644
+ if (r < 0)
+ log_debug_errno(r, "I had trouble setting up the crash handler, ignoring: %m");
/* The log target defaults to console, but the original systemd process will pass its log target in through a
* command line argument, which will override this default. Also, ensure we'll never log to the journal or
/* Close random fds we might have get passed, just for paranoia, before we open any new fds, for
* example for logging. After all this tool's purpose is about detaching any pinned resources, and
--
2.33.0

78
support-disable-cgroup-controllers-we-don-t-want.patch
View File

@ -15,10 +15,10 @@ Subject: [PATCH] support disable cgroup controllers we don't want
8 files changed, 81 insertions(+)
diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
index ac25693..a7c839c 100644
index 3e60488..a555437 100644
--- a/src/basic/cgroup-util.c
+++ b/src/basic/cgroup-util.c
@@ -2052,6 +2052,20 @@ int cg_mask_supported(CGroupMask *ret) {
@@ -2115,6 +2115,20 @@ int cg_mask_supported(CGroupMask *ret) {
return cg_mask_supported_subtree(root, ret);
}
@ -40,10 +40,10 @@ index ac25693..a7c839c 100644
_cleanup_set_free_ Set *controllers = NULL;
_cleanup_fclose_ FILE *f = NULL;
diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h
index 147c956..a539327 100644
index eb7ace5..3eb14b8 100644
--- a/src/basic/cgroup-util.h
+++ b/src/basic/cgroup-util.h
@@ -295,6 +295,7 @@ typedef const char* (*cg_migrate_callback_t)(CGroupMask mask, void *userdata);
@@ -303,6 +303,7 @@ typedef const char* (*cg_migrate_callback_t)(CGroupMask mask, void *userdata);
int cg_mask_supported(CGroupMask *ret);
int cg_mask_supported_subtree(const char *root, CGroupMask *ret);
@ -52,10 +52,10 @@ index 147c956..a539327 100644
int cg_mask_to_string(CGroupMask mask, char **ret);
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index 9987dac..af58b9b 100644
index 775ece5..88c976a 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -3646,6 +3646,7 @@ int manager_setup_cgroup(Manager *m) {
@@ -3922,6 +3922,7 @@ int manager_setup_cgroup(Manager *m) {
if (r < 0)
return log_error_errno(r, "Failed to determine supported bpf-based pseudo-controllers: %m");
m->cgroup_supported |= mask;
@ -64,49 +64,49 @@ index 9987dac..af58b9b 100644
/* 10. Log which controllers are supported */
for (CGroupController c = 0; c < _CGROUP_CONTROLLER_MAX; c++)
diff --git a/src/core/main.c b/src/core/main.c
index 990e4d2..5404e24 100644
index 964adb5..8f01780 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -157,6 +157,7 @@ static nsec_t arg_timer_slack_nsec;
static usec_t arg_default_timer_accuracy_usec;
@@ -143,6 +143,7 @@ static bool arg_no_new_privs;
static nsec_t arg_timer_slack_nsec;
static Set* arg_syscall_archs;
static FILE* arg_serialization;
+static CGroupMask arg_disable_cgroup_controllers;
static int arg_default_cpu_accounting;
static bool arg_default_io_accounting;
static bool arg_default_ip_accounting;
@@ -684,6 +685,7 @@ static int parse_config_file(void) {
{ "Manager", "DefaultLimitNICE", config_parse_rlimit, RLIMIT_NICE, arg_default_rlimit },
{ "Manager", "DefaultLimitRTPRIO", config_parse_rlimit, RLIMIT_RTPRIO, arg_default_rlimit },
{ "Manager", "DefaultLimitRTTIME", config_parse_rlimit, RLIMIT_RTTIME, arg_default_rlimit },
static sd_id128_t arg_machine_id;
static EmergencyAction arg_cad_burst_action;
static CPUSet arg_cpu_affinity;
@@ -675,6 +676,7 @@ static int parse_config_file(void) {
{ "Manager", "DefaultLimitNICE", config_parse_rlimit, RLIMIT_NICE, arg_defaults.rlimit },
{ "Manager", "DefaultLimitRTPRIO", config_parse_rlimit, RLIMIT_RTPRIO, arg_defaults.rlimit },
{ "Manager", "DefaultLimitRTTIME", config_parse_rlimit, RLIMIT_RTTIME, arg_defaults.rlimit },
+ { "Manager", "DisableCGroupControllers", config_parse_cgroup, 0, &arg_disable_cgroup_controllers },
{ "Manager", "DefaultCPUAccounting", config_parse_tristate, 0, &arg_default_cpu_accounting },
{ "Manager", "DefaultIOAccounting", config_parse_bool, 0, &arg_default_io_accounting },
{ "Manager", "DefaultIPAccounting", config_parse_bool, 0, &arg_default_ip_accounting },
@@ -765,6 +767,10 @@ static void set_manager_defaults(Manager *m) {
m->default_start_limit_burst = arg_default_start_limit_burst;
m->default_dfx_reboot = arg_default_dfx_reboot;
{ "Manager", "DefaultCPUAccounting", config_parse_bool, 0, &arg_defaults.cpu_accounting },
{ "Manager", "DefaultIOAccounting", config_parse_bool, 0, &arg_defaults.io_accounting },
{ "Manager", "DefaultIPAccounting", config_parse_bool, 0, &arg_defaults.ip_accounting },
@@ -743,6 +745,10 @@ static void set_manager_defaults(Manager *m) {
assert(m);
+ m->cgroup_disabled = arg_disable_cgroup_controllers;
+ m->cgroup_supported = m->system_cgroup_supported;
+ (void) cg_mask_disable_cgroup(m->cgroup_disabled, &m->cgroup_supported);
+
/* On 4.15+ with unified hierarchy, CPU accounting is essentially free as it doesn't require the CPU
* controller to be enabled, so the default is to enable it unless we got told otherwise. */
if (arg_default_cpu_accounting >= 0)
@@ -2494,6 +2500,7 @@ static void reset_arguments(void) {
/* Propagates the various default unit property settings into the manager object, i.e. properties
* that do not affect the manager itself, but are just what newly allocated units will have set if
* they haven't set anything else. (Also see set_manager_settings() for the settings that affect the
@@ -2518,6 +2524,7 @@ static void reset_arguments(void) {
/* arg_serialization — ignore */
/* arg_runtime_scope — ignore */
+ arg_disable_cgroup_controllers = 0;
arg_default_cpu_accounting = -1;
arg_default_io_accounting = false;
arg_default_ip_accounting = false;
arg_dump_core = true;
arg_crash_chvt = -1;
arg_crash_shell = false;
diff --git a/src/core/manager.h b/src/core/manager.h
index ea95efe..9bf5454 100644
index 0c9a2ea..65cc0c9 100644
--- a/src/core/manager.h
+++ b/src/core/manager.h
@@ -296,6 +296,8 @@ struct Manager {
@@ -354,6 +354,8 @@ struct Manager {
/* Data specific to the cgroup subsystem */
Hashmap *cgroup_unit;
CGroupMask cgroup_supported;
@ -116,19 +116,19 @@ index ea95efe..9bf5454 100644
/* Notifications from cgroups, when the unified hierarchy is used is done via inotify. */
diff --git a/src/core/system.conf.in b/src/core/system.conf.in
index 11936cd..e7aecfd 100644
index f48452d..8ffc48e 100644
--- a/src/core/system.conf.in
+++ b/src/core/system.conf.in
@@ -52,6 +52,7 @@
@@ -54,6 +54,7 @@
#DefaultStartLimitIntervalSec=10s
#DefaultStartLimitBurst=5
#DefaultEnvironment=
+#DisableCGroupControllers=no
#DefaultCPUAccounting=no
#DefaultCPUAccounting=yes
#DefaultIOAccounting=no
#DefaultIPAccounting=no
diff --git a/src/shared/conf-parser.c b/src/shared/conf-parser.c
index 29051ca..2527d31 100644
index 59a529d..8382271 100644
--- a/src/shared/conf-parser.c
+++ b/src/shared/conf-parser.c
@@ -10,6 +10,7 @@
@ -139,7 +139,7 @@ index 29051ca..2527d31 100644
#include "constants.h"
#include "dns-domain.h"
#include "escape.h"
@@ -1557,6 +1558,59 @@ int config_parse_rlimit(
@@ -1634,6 +1635,59 @@ int config_parse_rlimit(
return 0;
}
@ -200,10 +200,10 @@ index 29051ca..2527d31 100644
const char* unit,
const char *filename,
diff --git a/src/shared/conf-parser.h b/src/shared/conf-parser.h
index e1765f5..2d8f21e 100644
index a1768cd..8e7c987 100644
--- a/src/shared/conf-parser.h
+++ b/src/shared/conf-parser.h
@@ -200,6 +200,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_ifnames);
@@ -214,6 +214,7 @@ CONFIG_PARSER_PROTOTYPE(config_parse_ifnames);
CONFIG_PARSER_PROTOTYPE(config_parse_ip_port);
CONFIG_PARSER_PROTOTYPE(config_parse_mtu);
CONFIG_PARSER_PROTOTYPE(config_parse_rlimit);

BIN
systemd-253.tar.gz → systemd-255.tar.gz
View File

Binary file not shown.

71
systemd-core-Add-new-rules-for-lower-priority-events.patch
View File

@ -19,16 +19,17 @@ c) If a lower priority is in pending, and is not dispatched over 50 iteration, i
d) The above rules only works for events with priority equal or higher than 'SD_EVENT_PRIORITY_NORMAL' or evnets with type of SOURCE_DEFER, since SOURCE_DEFER events is used for job running queues.
---
src/core/mount.c | 4 ++
src/libsystemd/libsystemd.sym | 1 +
src/libsystemd/sd-event/event-source.h | 5 ++
src/libsystemd/sd-event/sd-event.c | 81 ++++++++++++++++++++++++++
src/systemd/sd-event.h | 1 +
4 files changed, 91 insertions(+)
5 files changed, 92 insertions(+)
diff --git a/src/core/mount.c b/src/core/mount.c
index f47c511..af0eae6 100644
index ded322d..52bd53e 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -1984,6 +1984,10 @@ static void mount_enumerate(Manager *m) {
@@ -2077,6 +2077,10 @@ static void mount_enumerate(Manager *m) {
goto fail;
}
@ -39,11 +40,23 @@ index f47c511..af0eae6 100644
(void) sd_event_source_set_description(m->mount_event_source, "mount-monitor-dispatch");
}
diff --git a/src/libsystemd/libsystemd.sym b/src/libsystemd/libsystemd.sym
index 4113920..daeb3e8 100644
--- a/src/libsystemd/libsystemd.sym
+++ b/src/libsystemd/libsystemd.sym
@@ -681,6 +681,7 @@ LIBSYSTEMD_243 {
global:
sd_bus_object_vtable_format;
sd_event_source_disable_unref;
+ sd_event_source_set_preempt_dispatch_count;
} LIBSYSTEMD_241;
LIBSYSTEMD_245 {
diff --git a/src/libsystemd/sd-event/event-source.h b/src/libsystemd/sd-event/event-source.h
index 6092652..0b2ab7d 100644
index f4e38d7..279a15d 100644
--- a/src/libsystemd/sd-event/event-source.h
+++ b/src/libsystemd/sd-event/event-source.h
@@ -70,6 +70,11 @@ struct sd_event_source {
@@ -71,6 +71,11 @@ struct sd_event_source {
uint64_t pending_iteration;
uint64_t prepare_iteration;
@ -56,10 +69,10 @@ index 6092652..0b2ab7d 100644
sd_event_handler_t ratelimit_expire_callback;
diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
index d3c2d3a..31d4feb 100644
index 288798a..d53a7a1 100644
--- a/src/libsystemd/sd-event/sd-event.c
+++ b/src/libsystemd/sd-event/sd-event.c
@@ -29,6 +29,11 @@
@@ -39,6 +39,11 @@
#include "strxcpyx.h"
#include "time-util.h"
@ -71,7 +84,7 @@ index d3c2d3a..31d4feb 100644
#define DEFAULT_ACCURACY_USEC (250 * USEC_PER_MSEC)
static bool EVENT_SOURCE_WATCH_PIDFD(sd_event_source *s) {
@@ -154,6 +159,11 @@ struct sd_event {
@@ -169,6 +174,11 @@ struct sd_event {
LIST_HEAD(sd_event_source, sources);
@ -83,7 +96,7 @@ index d3c2d3a..31d4feb 100644
sd_event_source *sigint_event_source, *sigterm_event_source;
usec_t last_run_usec, last_log_usec;
@@ -169,6 +179,39 @@ static sd_event *event_resolve(sd_event *e) {
@@ -186,6 +196,39 @@ static sd_event *event_resolve(sd_event *e) {
return e == SD_EVENT_DEFAULT ? default_event : e;
}
@ -123,7 +136,7 @@ index d3c2d3a..31d4feb 100644
static int pending_prioq_compare(const void *a, const void *b) {
const sd_event_source *x = a, *y = b;
int r;
@@ -186,6 +229,10 @@ static int pending_prioq_compare(const void *a, const void *b) {
@@ -203,6 +246,10 @@ static int pending_prioq_compare(const void *a, const void *b) {
if (r != 0)
return r;
@ -134,7 +147,7 @@ index d3c2d3a..31d4feb 100644
/* Lower priority values first */
r = CMP(x->priority, y->priority);
if (r != 0)
@@ -1031,6 +1078,17 @@ static int source_set_pending(sd_event_source *s, bool b) {
@@ -1132,6 +1179,17 @@ static int source_set_pending(sd_event_source *s, bool b) {
assert(s);
assert(s->type != SOURCE_EXIT);
@ -152,15 +165,15 @@ index d3c2d3a..31d4feb 100644
if (s->pending == b)
return 0;
@@ -1090,6 +1148,7 @@ static sd_event_source *source_new(sd_event *e, bool floating, EventSourceType t
.type = type,
.pending_index = PRIOQ_IDX_NULL,
.prepare_index = PRIOQ_IDX_NULL,
+ .preempt_dispatch_count = DEFAULT_PREEMPT_DISPATCH_COUNT,
};
@@ -1218,6 +1276,7 @@ static sd_event_source *source_new(sd_event *e, bool floating, EventSourceType t
s->type = type;
s->pending_index = PRIOQ_IDX_NULL;
s->prepare_index = PRIOQ_IDX_NULL;
+ s->preempt_dispatch_count = DEFAULT_PREEMPT_DISPATCH_COUNT;
if (!floating)
@@ -2511,6 +2570,7 @@ static int event_source_offline(
sd_event_ref(e);
@@ -2894,6 +2953,7 @@ static int event_source_offline(
s->enabled = enabled;
s->ratelimited = ratelimited;
@ -168,7 +181,7 @@ index d3c2d3a..31d4feb 100644
switch (s->type) {
case SOURCE_IO:
@@ -3605,6 +3665,19 @@ static int process_inotify(sd_event *e) {
@@ -4006,6 +4066,19 @@ static int process_inotify(sd_event *e) {
return done;
}
@ -185,10 +198,10 @@ index d3c2d3a..31d4feb 100644
+ s->pending_count = 0;
+}
+
static int source_dispatch(sd_event_source *s) {
EventSourceType saved_type;
sd_event *saved_event;
@@ -3659,6 +3732,7 @@ static int source_dispatch(sd_event_source *s) {
static int process_memory_pressure(sd_event_source *s, uint32_t revents) {
assert(s);
assert(s->type == SOURCE_MEMORY_PRESSURE);
@@ -4179,6 +4252,7 @@ static int source_dispatch(sd_event_source *s) {
return r;
}
@ -196,7 +209,7 @@ index d3c2d3a..31d4feb 100644
s->dispatching = true;
switch (s->type) {
@@ -4624,6 +4698,13 @@ _public_ int sd_event_source_is_ratelimited(sd_event_source *s) {
@@ -5193,6 +5267,13 @@ _public_ int sd_event_source_is_ratelimited(sd_event_source *s) {
return s->ratelimited;
}
@ -207,21 +220,21 @@ index d3c2d3a..31d4feb 100644
+ return 0;
+}
+
_public_ int sd_event_set_signal_exit(sd_event *e, int b) {
bool change = false;
_public_ int sd_event_source_leave_ratelimit(sd_event_source *s) {
int r;
diff --git a/src/systemd/sd-event.h b/src/systemd/sd-event.h
index cae4c86..6e70a32 100644
index 49d6975..dd2c147 100644
--- a/src/systemd/sd-event.h
+++ b/src/systemd/sd-event.h
@@ -169,6 +169,7 @@ int sd_event_source_set_exit_on_failure(sd_event_source *s, int b);
@@ -172,6 +172,7 @@ int sd_event_source_set_exit_on_failure(sd_event_source *s, int b);
int sd_event_source_set_ratelimit(sd_event_source *s, uint64_t interval_usec, unsigned burst);
int sd_event_source_get_ratelimit(sd_event_source *s, uint64_t *ret_interval_usec, unsigned *ret_burst);
int sd_event_source_is_ratelimited(sd_event_source *s);
+int sd_event_source_set_preempt_dispatch_count(sd_event_source *s, unsigned count);
int sd_event_source_set_ratelimit_expire_callback(sd_event_source *s, sd_event_handler_t callback);
int sd_event_source_leave_ratelimit(sd_event_source *s);
/* Define helpers so that __attribute__((cleanup(sd_event_unrefp))) and similar may be used. */
--
2.33.0

167
systemd.spec
View File

@ -24,8 +24,8 @@
Name: systemd
Url: https://www.freedesktop.org/wiki/Software/systemd
Version: 253
Release: 10
Version: 255
Release: 1
License: MIT and LGPLv2+ and GPLv2+
Summary: System and Service Manager
@ -54,23 +54,6 @@ Source108: sense_data.py
Patch6001: backport-Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch
Patch6002: backport-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
Patch6003: backport-temporarily-disable-test-seccomp.patch
Patch6004: backport-sd-event-always-initialize-sd_event.perturb.patch
Patch6005: backport-sd-event-fix-error-handling.patch
Patch6006: backport-core-refuse-dbus-activation-if-dbus-is-not-running.patch
Patch6007: backport-core-only-refuse-Type-dbus-service-enqueuing-if-dbus.patch
Patch6008: backport-journalctl-verify-that-old-entries-are-not-sealed-wi.patch
Patch6009: backport-units-modprobe-.service-don-t-unescape-instance-name.patch
Patch6010: backport-core-path-do-not-enqueue-new-job-in-.trigger_notify-.patch
Patch6011: backport-socket-fix-use-of-ERRNO_IS_DISCONNECT.patch
Patch6012: backport-sd-bus-fix-use-of-ERRNO_IS_DISCONNECT.patch
Patch6013: backport-resolved-fix-use-of-ERRNO_IS_DISCONNECT.patch
Patch6014: backport-bus-add-some-minimal-bounds-check-on-signatures.patch
Patch6015: backport-udev-builtin-net_id-fix-potential-buffer-overflow.patch
Patch6016: backport-hostname-Make-sure-we-pass-error-to-bus_verify_polki.patch
Patch6017: backport-Limit-rlim_max-in-rlimit_nofile_safe-to-nr_open.patch
Patch6018: backport-udev-raise-RLIMIT_NOFILE-as-high-as-we-can.patch
Patch6019: backport-rules-go-to-the-end-of-rules-indeed-when-dm-is-suspe.patch
Patch6020: backport-CVE-2023-7008.patch
Patch9008: update-rtc-with-system-clock-when-shutdown.patch
Patch9009: udev-add-actions-while-rename-netif-failed.patch
@ -136,6 +119,8 @@ BuildRequires: iptables-devel, docbook-style-xsl, pkgconfig, libxslt, gperf
BuildRequires: gawk, tree, hostname, git, meson >= 0.43, gettext, dbus >= 1.9.18
BuildRequires: python3-devel, python3-lxml, firewalld-filesystem, libseccomp-devel
BuildRequires: python3-jinja2
BuildRequires: libpwquality-devel
BuildRequires: cryptsetup-devel
%ifarch %{valgrind_arches}
%ifnarch loongarch64
@ -307,9 +292,6 @@ Systemd PAM module registers the session with systemd-logind.
%prep
%autosetup -n %{name}-%{version} -p1 -Sgit
%ifnarch sw_64
%patch9029 -R -p1
%endif
%build
@ -317,32 +299,33 @@ CONFIGURE_OPTS=(
-Dsysvinit-path=/etc/rc.d/init.d
-Drc-local=/etc/rc.d/rc.local
-Ddev-kvm-mode=0666
-Dkmod=true
-Dxkbcommon=true
-Dblkid=true
-Dseccomp=true
-Dkmod=enabled
-Dxkbcommon=enabled
-Dblkid=enabled
-Dseccomp=enabled
-Dima=true
-Dselinux=true
-Dapparmor=false
-Dpolkit=true
-Dxz=true
-Dzlib=true
-Dbzip2=true
-Dlz4=true
-Dpam=true
-Dacl=true
-Dselinux=enabled
-Dapparmor=disabled
-Dpolkit=enabled
-Dxz=enabled
-Dzlib=enabled
-Dbzip2=enabled
-Dlz4=enabled
-Dpam=enabled
-Dacl=enabled
-Dsmack=false
-Dgcrypt=true
-Daudit=true
-Delfutils=false
-Dlibcryptsetup=false
-Dqrencode=false
-Dgnutls=true
-Dmicrohttpd=false
-Dlibidn2=true
-Dlibidn=false
-Dlibiptc=false
-Dlibcurl=false
-Dgcrypt=enabled
-Daudit=enabled
-Delfutils=disabled
-Dlibcryptsetup=enabled
-Dlibcryptsetup-plugins=disabled
-Dqrencode=disabled
-Dgnutls=enabled
-Dmicrohttpd=disabled
-Dlibidn2=enabled
-Dlibidn=disabled
-Dlibiptc=disabled
-Dlibcurl=disabled
-Defi=true
-Dtpm=false
-Dhwdb=true
@ -354,38 +337,34 @@ CONFIGURE_OPTS=(
-Dusers-gid=100
-Dnobody-user=nobody
-Dnobody-group=nobody
-Dsplit-usr=false
-Dsplit-bin=true
-Db_lto=true
-Db_ndebug=false
-Dman=true
-Dman=enabled
-Dversion-tag=v%{version}-%{release}
-Ddefault-hierarchy=legacy
-Ddefault-hierarchy=unified
-Ddefault-dnssec=allow-downgrade
# https://bugzilla.redhat.com/show_bug.cgi?id=1867830
-Ddefault-mdns=yes
-Ddefault-llmnr=yes
-Dhtml=false
-Dlibfido2=false
-Dopenssl=false
-Dpwquality=false
-Dtpm2=false
-Dzstd=false
-Dbpf-framework=false
-Drepart=false
-Dhtml=disabled
-Dlibfido2=disabled
-Dopenssl=disabled
-Dtpm2=disabled
-Dzstd=disabled
-Dbpf-framework=disabled
-Drepart=disabled
-Dcompat-mutable-uid-boundaries=false
-Dvalgrind=false
-Dfexecve=false
-Dstandalone-binaries=false
-Dstatic-libsystemd=false
-Dstatic-libudev=false
-Dfirstboot=false
-Dsysext=false
-Dhomed=false
-Dgnu-efi=false
-Dhomed=disabled
-Dquotacheck=false
-Dxdg-autostart=false
-Dimportd=false
-Dimportd=disabled
-Dbacklight=false
-Drfkill=false
-Dpstore=false
@ -397,6 +376,16 @@ CONFIGURE_OPTS=(
-Durlify=false
-Dlink-journalctl-shared=false
-Dlink-boot-shared=false
-Dpwquality=disabled
-Dpasswdqc=disabled
-Dxenctrl=disabled
-Dbootloader=disabled
-Dukify=disabled
-Dsysupdate=disabled
-Dremote=disabled
-Dstoragetm=false
-Dvmspawn=disabled
-Dlink-portabled-shared=false
)
%meson "${CONFIGURE_OPTS[@]}"
@ -838,6 +827,7 @@ fi
/usr/sbin/runlevel
/usr/sbin/poweroff
/usr/sbin/shutdown
/usr/sbin/mount.ddi
%dir /usr/share/systemd
%dir /usr/share/factory
%dir /usr/share/factory/etc
@ -866,6 +856,7 @@ fi
/usr/share/bash-completion/completions/loginctl
/usr/share/bash-completion/completions/timedatectl
/usr/share/bash-completion/completions/busctl
/usr/share/bash-completion/completions/systemd-cryptenroll
/usr/share/zsh/site-functions/_loginctl
/usr/share/zsh/site-functions/_systemd-inhibit
/usr/share/zsh/site-functions/_journalctl
@ -954,6 +945,9 @@ fi
/usr/bin/coredumpctl
/usr/bin/systemd-ac-power
/usr/bin/systemd-creds
/usr/bin/varlinkctl
/usr/bin/systemd-cryptenroll
/usr/bin/systemd-cryptsetup
%dir /usr/lib/environment.d
%dir /usr/lib/binfmt.d
%dir /usr/lib/tmpfiles.d
@ -1001,6 +995,9 @@ fi
%{_systemddir}/systemd
%dir %{_systemddir}/user-preset
%{_systemddir}/systemd-coredump
%{_systemddir}/systemd-cryptsetup
%{_systemddir}/systemd-integritysetup
%{_systemddir}/systemd-veritysetup
%{_systemddir}/systemd-network-generator
%{_systemddir}/systemd-binfmt
%{_systemddir}/user-preset/90-systemd.preset
@ -1098,6 +1095,25 @@ fi
%{_unitdir}/umount.target
%{_unitdir}/initrd-switch-root.service
%{_unitdir}/initrd.target
%dir %{_unitdir}/initrd.target.wants
%{_systemddir}/system-generators/systemd-cryptsetup-generator
%{_systemddir}/system-generators/systemd-integritysetup-generator
%{_systemddir}/system-generators/systemd-veritysetup-generator
%{_unitdir}/cryptsetup-pre.target
%{_unitdir}/cryptsetup.target
%{_unitdir}/initrd-root-device.target.wants/remote-cryptsetup.target
%{_unitdir}/initrd-root-device.target.wants/remote-veritysetup.target
%{_unitdir}/integritysetup-pre.target
%{_unitdir}/integritysetup.target
%{_unitdir}/remote-cryptsetup.target
%{_unitdir}/remote-veritysetup.target
%{_unitdir}/sysinit.target.wants/cryptsetup.target
%{_unitdir}/sysinit.target.wants/integritysetup.target
%{_unitdir}/sysinit.target.wants/veritysetup.target
%{_unitdir}/system-systemd\x2dcryptsetup.slice
%{_unitdir}/system-systemd\x2dveritysetup.slice
%{_unitdir}/veritysetup-pre.target
%{_unitdir}/veritysetup.target
%{_unitdir}/ldconfig.service
%{_unitdir}/initrd-root-device.target
%{_unitdir}/default.target
@ -1193,6 +1209,11 @@ fi
%{_unitdir}/modprobe@.service
%{_unitdir}/factory-reset.target
%{_unitdir}/initrd-usr-fs.target
%{_unitdir}/soft-reboot.target
%{_unitdir}/systemd-soft-reboot.service
%{_systemddir}/systemd-battery-check
%{_unitdir}/systemd-battery-check.service
%{_systemddir}/systemd-executor
%{_systemddir}/system-generators/systemd-fstab-generator
%{_systemddir}/system-generators/systemd-sysv-generator
%{_systemddir}/system-generators/systemd-rc-local-generator
@ -1324,6 +1345,9 @@ fi
%exclude %dir /etc/kernel
%exclude %dir /usr/lib/kernel
%exclude %dir /usr/lib/kernel/install.d
%exclude /usr/bin/bootctl
%exclude /usr/share/zsh/site-functions/_bootctl
%exclude /usr/share/bash-completion/completions/bootctl
%exclude %{_unitdir}/usb-gadget.target
%ghost /var/lib/systemd/random-seed
# exclude redundant compilation for python file
@ -1368,12 +1392,13 @@ fi
%{_unitdir}/systemd-suspend-then-hibernate.service
%{_unitdir}/hybrid-sleep.target
%{_unitdir}/systemd-hwdb-update.service
%{_unitdir}/systemd-hibernate-resume@.service
%{_unitdir}/systemd-udev-settle.service
%{_unitdir}/sleep.target
%{_unitdir}/kmod-static-nodes.service
%{_unitdir}/systemd-udevd-kernel.socket
%{_unitdir}/systemd-udev-trigger.service
%{_unitdir}/systemd-hibernate-resume.service
%{_unitdir}/systemd-tmpfiles-setup-dev-early.service
%{_unitdir}/sysinit.target.wants/systemd-udevd.service
%{_unitdir}/sysinit.target.wants/systemd-modules-load.service
%{_unitdir}/sysinit.target.wants/systemd-tmpfiles-setup-dev.service
@ -1381,9 +1406,11 @@ fi
%{_unitdir}/sysinit.target.wants/systemd-hwdb-update.service
%{_unitdir}/sysinit.target.wants/kmod-static-nodes.service
%{_unitdir}/sysinit.target.wants/systemd-udev-trigger.service
%{_unitdir}/sysinit.target.wants/systemd-tmpfiles-setup-dev-early.service
%{_unitdir}/systemd-udev-trigger.service.d/systemd-udev-trigger-no-reload.conf
%{_unitdir}/sockets.target.wants/systemd-udevd-control.socket
%{_unitdir}/sockets.target.wants/systemd-udevd-kernel.socket
%{_unitdir}/initrd.target.wants/systemd-battery-check.service
%{_systemddir}/system-generators/systemd-hibernate-resume-generator
%{_systemddir}/system-generators/systemd-gpt-auto-generator
%{_systemddir}/network/99-default.link
@ -1397,6 +1424,7 @@ fi
/usr/lib/udev/dmi_memory_id
%endif
/usr/lib/udev/sense_data.py
/usr/lib/udev/iocost
%dir /usr/lib/udev/hwdb.d
%{_udevhwdbdir}/20-bluetooth-vendor-product.hwdb
@ -1428,6 +1456,7 @@ fi
%{_udevhwdbdir}/70-av-production.hwdb
%{_udevhwdbdir}/70-cameras.hwdb
%{_udevhwdbdir}/70-pda.hwdb
%{_udevhwdbdir}/70-sound-card.hwdb
%{_udevhwdbdir}/README
%dir /usr/lib/udev/rules.d
@ -1470,9 +1499,13 @@ fi
%ifnarch sw_64 riscv64 ppc64le
%{_udevrulesdir}/70-memory.rules
%endif
%{_udevrulesdir}/60-dmi-id.rules
%{_udevrulesdir}/60-persistent-storage-mtd.rules
%{_udevrulesdir}/90-iocost.rules
%{_udevrulesdir}/README
/usr/lib/modprobe.d/systemd.conf
/usr/share/factory/etc/vconsole.conf
%ghost %config(noreplace) /etc/vconsole.conf
%dir /etc/udev
%dir /etc/kernel
@ -1480,6 +1513,7 @@ fi
%ghost /etc/udev/hwdb.bin
%dir /etc/udev/rules.d
%config(noreplace) /etc/udev/udev.conf
%config(noreplace) /etc/udev/iocost.conf
%dir /etc/udev/hwdb.d
%files container
@ -1548,6 +1582,8 @@ fi
/usr/share/dbus-1/interfaces/org.freedesktop.network1.Link.xml
/usr/share/dbus-1/interfaces/org.freedesktop.network1.Manager.xml
/usr/share/dbus-1/interfaces/org.freedesktop.network1.Network.xml
/usr/share/dbus-1/interfaces/org.freedesktop.network1.DHCPv4Client.xml
/usr/share/dbus-1/interfaces/org.freedesktop.network1.DHCPv6Client.xml
/usr/share/polkit-1/rules.d/systemd-networkd.rules
/usr/bin/networkctl
%{_systemddir}/systemd-networkd-wait-online
@ -1566,7 +1602,8 @@ fi
%{_systemddir}/network/80-wifi-station.network.example
%{_systemddir}/network/80-6rd-tunnel.network
%{_systemddir}/network/80-container-vb.network
%{_systemddir}/network/80-ethernet.network.example
%{_systemddir}/network/80-auto-link-local.network.example
%{_systemddir}/network/89-ethernet.network.example
/usr/lib/sysusers.d/systemd-network.conf
/usr/lib/tmpfiles.d/systemd-network.conf
@ -1587,8 +1624,12 @@ fi
%files pam
%{_libdir}/security/pam_systemd.so
%{_libdir}/security/pam_systemd_loadkey.so
%changelog
* Mon Jan 22 2024 huyubiao <huyubiao@huawei.com> - 255-1
- update systemd to v255
* Thu Dec 28 2023 wangyuhang <wangyuhang27@huawei.com> - 253-10
- actually check authenticated flag of SOA transaction in resolved

52
udev-add-actions-while-rename-netif-failed.patch
View File

@ -3,36 +3,53 @@ From: systemd team <systemd-maint@redhat.com>
Date: Tue, 7 Mar 2017 08:20:10 +0000
Subject: [PATCH] udev-add-actions-while-rename-netif-failed
---
src/udev/udev-event.c | 47 +++++++++++++++++++++++++++++++++++++------
1 file changed, 41 insertions(+), 6 deletions(-)
src/udev/udev-event.c | 51 +++++++++++++++++++++++++++++++++++++------
1 file changed, 44 insertions(+), 7 deletions(-)
diff --git a/src/udev/udev-event.c b/src/udev/udev-event.c
index ec4ad30..d53a0aa 100644
index ed22c8b..a387517 100644
--- a/src/udev/udev-event.c
+++ b/src/udev/udev-event.c
@@ -908,6 +908,7 @@ static int rename_netif(UdevEvent *event) {
@@ -1,5 +1,6 @@
/* SPDX-License-Identifier: GPL-2.0-or-later */
+#include <net/if.h>
#include "alloc-util.h"
#include "device-internal.h"
#include "device-private.h"
@@ -10,6 +11,7 @@
#include "path-util.h"
#include "string-util.h"
#include "strv.h"
+#include "strxcpyx.h"
#include "udev-event.h"
#include "udev-node.h"
#include "udev-trace.h"
@@ -107,6 +109,7 @@ static int rename_netif(UdevEvent *event) {
const char *s;
sd_device *dev;
int ifindex, r;
+ char name[IFNAMSIZ];
assert(event);
@@ -978,19 +979,53 @@ static int rename_netif(UdevEvent *event) {
@@ -177,21 +180,55 @@ static int rename_netif(UdevEvent *event) {
goto revert;
}
- r = rtnl_set_link_name(&event->rtnl, ifindex, event->name);
- r = rtnl_set_link_name(&event->rtnl, ifindex, event->name, event->altnames);
+ strscpy(name, IFNAMSIZ, event->name);
+
+ r = rtnl_set_link_name(&event->rtnl, ifindex, name);
+ r = rtnl_set_link_name(&event->rtnl, ifindex, name, event->altnames);
if (r < 0) {
if (r == -EBUSY) {
log_device_info(dev, "Network interface '%s' is already up, cannot rename to '%s'.",
log_device_info(event->dev_db_clone,
"Network interface '%s' is already up, cannot rename to '%s'.",
old_sysname, event->name);
r = 0;
- } else
- log_device_error_errno(dev, r, "Failed to rename network interface %i from '%s' to '%s': %m",
- log_device_error_errno(event->dev_db_clone, r,
- "Failed to rename network interface %i from '%s' to '%s': %m",
- ifindex, old_sysname, event->name);
- goto revert;
+ goto revert;
@ -44,7 +61,7 @@ index ec4ad30..d53a0aa 100644
+ }
+
+ snprintf(name, IFNAMSIZ, "rename%d", ifindex);
+ r = rtnl_set_link_name(&event->rtnl, ifindex, name);
+ r = rtnl_set_link_name(&event->rtnl, ifindex, name, event->altnames);
+ if (r < 0) {
+ log_error_errno(r, "error changing net interface name '%s' to '%s': %m", old_sysname, name);
+ goto revert;
@ -57,7 +74,7 @@ index ec4ad30..d53a0aa 100644
+ while (loop--) {
+ const struct timespec duration = { 0, 1000 * 1000 * 1000 / 20 };
+
+ r = rtnl_set_link_name(&event->rtnl, ifindex, event->name);
+ r = rtnl_set_link_name(&event->rtnl, ifindex, event->name, event->altnames);
+ if (r == 0) {
+ log_device_info(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, name, event->name);
+ goto revert;
@ -71,13 +88,14 @@ index ec4ad30..d53a0aa 100644
+ event->name, (90 * 20) - loop);
+ nanosleep(&duration, NULL);
+ }
+
}
- log_device_debug(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, old_sysname, event->name);
+ log_device_info(dev, "Network interface %i is renamed from '%s' to '%s'", ifindex, old_sysname, event->name);
return 1;
revert:
--
--
2.33.0

28
update-rtc-with-system-clock-when-shutdown.patch
View File

@ -4,8 +4,8 @@ Date: Sat, 2 Feb 2019 02:54:52 -0500
Subject: [PATCH] Module: modification summary
---
units/hwclock-save.service.in | 19 +++++++++++++++++++
units/meson.build | 2 ++
2 files changed, 21 insertions(+)
units/meson.build | 4 ++++
2 files changed, 23 insertions(+)
create mode 100644 units/hwclock-save.service.in
diff --git a/units/hwclock-save.service.in b/units/hwclock-save.service.in
@ -34,18 +34,20 @@ index 0000000..db33418
+WantedBy=default.target
+
diff --git a/units/meson.build b/units/meson.build
index aa2ed11..9992389 100644
index e7bfb7f..159d337 100644
--- a/units/meson.build
+++ b/units/meson.build
@@ -220,6 +220,8 @@ in_units = [
'sysinit.target.wants/'],
['systemd-update-done.service', '',
'sysinit.target.wants/'],
+ ['hwclock-save.service', '',
+ 'sysinit.target.wants/'],
['systemd-update-utmp-runlevel.service', 'ENABLE_UTMP HAVE_SYSV_COMPAT',
'multi-user.target.wants/ graphical.target.wants/ rescue.target.wants/'],
['systemd-update-utmp.service', 'ENABLE_UTMP',
@@ -653,6 +653,10 @@ units = [
'file' : 'systemd-update-done.service.in',
'symlinks' : ['sysinit.target.wants/'],
},
+ {
+ 'file' : 'hwclock-save.service.in',
+ 'symlinks' : ['sysinit.target.wants/'],
+ },
{
'file' : 'systemd-update-utmp-runlevel.service.in',
'conditions' : ['ENABLE_UTMP', 'HAVE_SYSV_COMPAT'],
--
2.23.0
2.33.0