packages/systemd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

systemd update to v253

Browse Source
This commit is contained in:
huyubiao 2023-07-19 09:42:04 +08:00
parent 75b64af0ec
commit 5ea7594cde
523 changed files with 79 additions and 44730 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
0029-Add-support-for-the-LoongArch-architecture.patch
View File

@ -1,43 +0,0 @@
diff --git a/src/basic/architecture.c b/src/basic/architecture.c
index 409632c..e86aff3 100644
--- a/src/basic/architecture.c
+++ b/src/basic/architecture.c
@@ -118,6 +118,8 @@ int uname_architecture(void) {
#elif defined(__arc__)
{ "arc", ARCHITECTURE_ARC },
{ "arceb", ARCHITECTURE_ARC_BE },
+#elif defined(__loongarch64)
+ { "loongarch64", ARCHITECTURE_LOONGARCH64 },
#else
#error "Please register your architecture here!"
#endif
@@ -173,6 +175,7 @@ static const char *const architecture_table[_ARCHITECTURE_MAX] = {
[ARCHITECTURE_RISCV64] = "riscv64",
[ARCHITECTURE_ARC] = "arc",
[ARCHITECTURE_ARC_BE] = "arc-be",
+ [ARCHITECTURE_LOONGARCH64] = "loongarch64",
};
DEFINE_STRING_TABLE_LOOKUP(architecture, int);
diff --git a/src/basic/architecture.h b/src/basic/architecture.h
index 9abc183..758bd8c 100644
--- a/src/basic/architecture.h
+++ b/src/basic/architecture.h
@@ -44,6 +44,7 @@ enum {
ARCHITECTURE_RISCV64,
ARCHITECTURE_ARC,
ARCHITECTURE_ARC_BE,
+ ARCHITECTURE_LOONGARCH64,
_ARCHITECTURE_MAX,
_ARCHITECTURE_INVALID = -EINVAL,
};
@@ -229,6 +230,9 @@ int uname_architecture(void);
# define native_architecture() ARCHITECTURE_ARC
# define LIB_ARCH_TUPLE "arc-linux"
# endif
+#elif defined(__loongarch64)
+# define native_architecture() ARCHITECTURE_LOONGARCH64
+# define LIB_ARCH_TUPLE "loongarch64-linux-gnu"
#else
# error "Please register your architecture here!"
#endif

65
0030-Add-LoongArch-dmi-virt-detection-and-testcase.patch
View File

@ -1,65 +0,0 @@
diff --git a/src/basic/virt.c b/src/basic/virt.c
index 7e88f09..de1acf1 100644
--- a/src/basic/virt.c
+++ b/src/basic/virt.c
@@ -140,7 +140,7 @@ static int detect_vm_device_tree(void) {
#endif
}
-#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
+#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__loongarch64)
static int detect_vm_dmi_vendor(void) {
static const char *const dmi_vendors[] = {
"/sys/class/dmi/id/product_name", /* Test this before sys_vendor to detect KVM over QEMU */
@@ -225,10 +225,10 @@ static int detect_vm_smbios(void) {
log_debug("DMI BIOS Extension table does not indicate virtualization.");
return SMBIOS_VM_BIT_UNSET;
}
-#endif /* defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) */
+#endif /* defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__loongarch64) */
static int detect_vm_dmi(void) {
-#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__)
+#if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__loongarch64)
int r;
r = detect_vm_dmi_vendor();
diff --git a/src/test/test-execute.c b/src/test/test-execute.c
index 125e0bb..6e168d3 100644
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@@ -284,6 +284,8 @@ static void test_exec_personality(Manager *m) {
#elif defined(__i386__)
test(m, "exec-personality-x86.service", 0, CLD_EXITED);
+#elif defined(__loongarch64)
+ test(m, "exec-personality-loongarch64.service", 0, CLD_EXITED);
#else
log_notice("Unknown personality, skipping %s", __func__);
#endif
diff --git a/src/udev/meson.build b/src/udev/meson.build
index 4e80f9b..f2eb0b2 100644
--- a/src/udev/meson.build
+++ b/src/udev/meson.build
@@ -129,7 +129,7 @@ udev_id_progs = [['ata_id/ata_id.c'],
'mtd_probe/mtd_probe.h',
'mtd_probe/probe_smartmedia.c']]
-dmi_arches = ['x86', 'x86_64', 'aarch64', 'arm', 'ia64', 'mips']
+dmi_arches = ['x86', 'x86_64', 'aarch64', 'arm', 'ia64', 'loongarch64', 'mips']
if dmi_arches.contains(host_machine.cpu_family())
udev_id_progs += [['dmi_memory_id/dmi_memory_id.c']]
endif
diff --git a/test/test-execute/exec-personality-loongarch64.service b/test/test-execute/exec-personality-loongarch64.service
new file mode 100644
index 0000000..0531ad1
--- /dev/null
+++ b/test/test-execute/exec-personality-loongarch64.service
@@ -0,0 +1,7 @@
+[Unit]
+Description=Test for Personality=loongarch64
+
+[Service]
+ExecStart=/bin/sh -c 'echo $(uname -m); exit $(test $(uname -m) = "loongarch64")'
+Type=oneshot
+Personality=loongarch64

26
Don-t-set-AlternativeNamesPolicy-by-default.patch
View File

@ -1,26 +0,0 @@
From 1e3f74b7ca5ead53c10e5b37cf8660651f32d181 Mon Sep 17 00:00:00 2001
From: xujing <xujing125@huawei.com>
Date: Thu, 11 Aug 2022 19:53:35 +0800
Subject: [PATCH] Don't set AlternativeNamesPolicy by default
When a network adapter is renamed, the altname of the network adapter may be
set based on AlternativeNamesPolicy. As a result, the network adapter name
fails to be restored. For example, after enp4s0 is renamed tmp, udev sets the
altname of tmp to enp4s0. If you want to restore tmp to enp4s0, it will fail.
---
network/99-default.link | 1 -
1 file changed, 1 deletion(-)
diff --git a/network/99-default.link b/network/99-default.link
index 31aee37..db48c4d 100644
--- a/network/99-default.link
+++ b/network/99-default.link
@@ -12,5 +12,4 @@ OriginalName=*
[Link]
NamePolicy=keep kernel database onboard slot path
-AlternativeNamesPolicy=database onboard slot path
MACAddressPolicy=none
--
2.23.0

24
Make-systemd-udevd.service-start-after-systemd-remou.patch
View File

@ -1,24 +0,0 @@
From 4c230d1d73e9f9a6d1fe654599a63881c344a00c Mon Sep 17 00:00:00 2001
From: openEuler Buildteam <buildteam@openeuler.org>
Date: Tue, 29 Jan 2019 22:54:34 -0500
Subject: [PATCH] Make systemd-udevd.service start after systemd-remount-fs.service.
---
units/systemd-udevd.service.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/units/systemd-udevd.service.in b/units/systemd-udevd.service.in
index 9ada3a6a74..17f15bba83 100644
--- a/units/systemd-udevd.service.in
+++ b/units/systemd-udevd.service.in
@@ -11,7 +11,7 @@
Description=Rule-based Manager for Device Events and Files
Documentation=man:systemd-udevd.service(8) man:udev(7)
DefaultDependencies=no
-After=systemd-sysusers.service systemd-hwdb-update.service
+After=systemd-sysusers.service systemd-hwdb-update.service systemd-remount-fs.service
Before=sysinit.target
ConditionPathIsReadWrite=/sys
--
2.23.0

87
Retry-to-handle-the-uevent-when-worker-is-terminated.patch
View File

@ -1,87 +0,0 @@
From a3d2f4261ef9a953904e3e21abafba0dad7daa77 Mon Sep 17 00:00:00 2001
From: gaoyi <gaoyi15@huawei.com>
Date: Mon, 28 Sep 2020 22:36:37 +0800
Subject: [PATCH] Retry to handle the uevent when worker is terminated abnormal
When processing uevent events fails, retry it.
---
src/udev/udevd.c | 35 +++++++++++++++++++++++++++++++++--
1 file changed, 33 insertions(+), 2 deletions(-)
diff --git a/src/udev/udevd.c b/src/udev/udevd.c
index 75e2086..023fe55 100644
--- a/src/udev/udevd.c
+++ b/src/udev/udevd.c
@@ -69,6 +69,7 @@
#include "version.h"
#define WORKER_NUM_MAX 2048U
+#define UEVENT_MAX_RETRY_TIMES 3
#define EVENT_RETRY_INTERVAL_USEC (200 * USEC_PER_MSEC)
#define EVENT_RETRY_TIMEOUT_USEC (3 * USEC_PER_MINUTE)
@@ -123,6 +124,7 @@ typedef struct Event {
Manager *manager;
Worker *worker;
EventState state;
+ int retry;
sd_device *dev;
@@ -166,6 +168,32 @@ typedef enum EventResult {
_EVENT_RESULT_INVALID = -EINVAL,
} EventResult;
+static bool event_retry(Event *event) {
+ if (!event)
+ return false;
+
+ assert(event->manager);
+
+ if (--event->retry < 0) {
+ log_device_error(event->dev, "Retry failed.");
+ return false;
+ }
+
+ log_device_info(event->dev, "Retry %d times.", UEVENT_MAX_RETRY_TIMES - event->retry);
+
+ event->timeout_warning_event = sd_event_source_unref(event->timeout_warning_event);
+ event->timeout_event = sd_event_source_unref(event->timeout_event);
+
+ if (event->worker) {
+ event->worker->event = NULL;
+ event->worker = NULL;
+ }
+
+ event->state = EVENT_QUEUED;
+
+ return true;
+}
+
static Event *event_free(Event *event) {
if (!event)
return NULL;
@@ -1118,6 +1146,7 @@ static int event_queue_insert(Manager *manager, sd_device *dev) {
.seqnum = seqnum,
.action = action,
.state = EVENT_QUEUED,
+ .retry = UEVENT_MAX_RETRY_TIMES,
};
if (LIST_IS_EMPTY(manager->events)) {
@@ -1547,8 +1576,10 @@ static int on_sigchld(sd_event_source *s, const struct signalfd_siginfo *si, voi
device_delete_db(worker->event->dev);
device_tag_index(worker->event->dev, NULL, false);
- /* Forward kernel event to libudev listeners */
- device_broadcast(manager->monitor, worker->event->dev);
+ if (event_retry(worker->event) == false) {
+ /* Forward kernel event to libudev listeners */
+ device_broadcast(manager->monitor, worker->event->dev);
+ }
}
worker_free(worker);
--
2.33.0

43
Revert-core-one-step-back-again-for-nspawn-we-actual.patch
View File

@ -1,43 +0,0 @@
From 9d0046ceca10911361137d6496987cb15ffff132 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Thu, 25 Jun 2015 09:20:59 +0200
Subject: [PATCH] Revert "core: one step back again, for nspawn we
actually can't wait for cgroups running empty since systemd will get exactly
zero notifications about it"
This reverts commit 743970d2ea6d08aa7c7bff8220f6b7702f2b1db7.
https://bugzilla.redhat.com/show_bug.cgi?id=1141137
https://github.com/systemd/systemd/pull/350
Resolves: #1703485
---
src/core/unit.c | 11 +----------
1 file changed, 1 insertion(+), 10 deletions(-)
diff --git a/src/core/unit.c b/src/core/unit.c
index 1cadcd4..10e314f 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -4799,16 +4799,7 @@ int unit_kill_context(
} else if (r > 0) {
- /* FIXME: For now, on the legacy hierarchy, we will not wait for the cgroup members to die if
- * we are running in a container or if this is a delegation unit, simply because cgroup
- * notification is unreliable in these cases. It doesn't work at all in containers, and outside
- * of containers it can be confused easily by left-over directories in the cgroup — which
- * however should not exist in non-delegated units. On the unified hierarchy that's different,
- * there we get proper events. Hence rely on them. */
-
- if (cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER) > 0 ||
- (detect_container() == 0 && !unit_cgroup_delegate(u)))
- wait_for_exit = true;
+ wait_for_exit = true;
if (send_sighup) {
set_free(pid_set);
--
2.19.1

872
Systemd-Add-sw64-architecture.patch
View File

@ -1,872 +0,0 @@
From b9043cf1d074497cf77272dd9bf24c2098e56265 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Tue, 25 Oct 2022 15:26:32 +0800
Subject: [PATCH] Systemd Add sw64 architecture
Signed-off-by: rpm-build <rpm-build>
---
src/basic/architecture.c | 3 +
src/basic/architecture.h | 4 +
src/basic/meson.build | 1 +
src/basic/missing_fcntl.h | 2 +
src/basic/missing_syscall_def.h | 35 ++
src/basic/missing_syscalls.py | 2 +
src/basic/syscalls-sw_64.txt | 600 ++++++++++++++++++++++++++++++++
7 files changed, 647 insertions(+)
create mode 100644 src/basic/syscalls-sw_64.txt
diff --git a/src/basic/architecture.c b/src/basic/architecture.c
index 409632c..8314aa5 100644
--- a/src/basic/architecture.c
+++ b/src/basic/architecture.c
@@ -54,6 +54,8 @@ int uname_architecture(void) {
{ "mips", ARCHITECTURE_MIPS },
#elif defined(__alpha__)
{ "alpha" , ARCHITECTURE_ALPHA },
+#elif defined(__sw_64__)
+ { "sw_64" , ARCHITECTURE_SW_64 },
#elif defined(__arm__) || defined(__aarch64__)
{ "aarch64", ARCHITECTURE_ARM64 },
{ "aarch64_be", ARCHITECTURE_ARM64_BE },
@@ -159,6 +161,7 @@ static const char *const architecture_table[_ARCHITECTURE_MAX] = {
[ARCHITECTURE_MIPS64] = "mips64",
[ARCHITECTURE_MIPS64_LE] = "mips64-le",
[ARCHITECTURE_ALPHA] = "alpha",
+ [ARCHITECTURE_SW_64] = "sw_64",
[ARCHITECTURE_ARM] = "arm",
[ARCHITECTURE_ARM_BE] = "arm-be",
[ARCHITECTURE_ARM64] = "arm64",
diff --git a/src/basic/architecture.h b/src/basic/architecture.h
index 9abc183..3361eaf 100644
--- a/src/basic/architecture.h
+++ b/src/basic/architecture.h
@@ -30,6 +30,7 @@ enum {
ARCHITECTURE_MIPS64,
ARCHITECTURE_MIPS64_LE,
ARCHITECTURE_ALPHA,
+ ARCHITECTURE_SW_64,
ARCHITECTURE_ARM,
ARCHITECTURE_ARM_BE,
ARCHITECTURE_ARM64,
@@ -143,6 +144,9 @@ int uname_architecture(void);
#elif defined(__alpha__)
# define native_architecture() ARCHITECTURE_ALPHA
# define LIB_ARCH_TUPLE "alpha-linux-gnu"
+#elif defined(__sw_64__)
+# define native_architecture() ARCHITECTURE_SW_64
+# define LIB_ARCH_TUPLE "sw_64-linux-gnu"
#elif defined(__aarch64__)
# if __BYTE_ORDER == __BIG_ENDIAN
# define native_architecture() ARCHITECTURE_ARM64_BE
diff --git a/src/basic/meson.build b/src/basic/meson.build
index 452b965..80dab1b 100644
--- a/src/basic/meson.build
+++ b/src/basic/meson.build
@@ -325,6 +325,7 @@ basic_sources += generated_gperf_headers
arch_list = [
'alpha',
+ 'sw_64',
'arc',
'arm',
'arm64',
diff --git a/src/basic/missing_fcntl.h b/src/basic/missing_fcntl.h
index 00937d2..fff662b 100644
--- a/src/basic/missing_fcntl.h
+++ b/src/basic/missing_fcntl.h
@@ -45,6 +45,8 @@
#ifndef __O_TMPFILE
#if defined(__alpha__)
#define __O_TMPFILE 0100000000
+#elif defined(__sw_64__)
+#define __O_TMPFILE 0100000000
#elif defined(__parisc__) || defined(__hppa__)
#define __O_TMPFILE 0400000000
#elif defined(__sparc__) || defined(__sparc64__)
diff --git a/src/basic/missing_syscall_def.h b/src/basic/missing_syscall_def.h
index 29dfd2e..10a585b 100644
--- a/src/basic/missing_syscall_def.h
+++ b/src/basic/missing_syscall_def.h
@@ -9,6 +9,7 @@
* template as the per-syscall blocks below. */
# if defined(__aarch64__)
# elif defined(__alpha__)
+# elif defined(__sw_64__)
# elif defined(__arc__) || defined(__tilegx__)
# elif defined(__arm__)
# elif defined(__i386__)
@@ -44,6 +45,8 @@
# define systemd_NR_bpf 280
# elif defined(__alpha__)
# define systemd_NR_bpf 515
+# elif defined(__sw_64__)
+# define systemd_NR_bpf 170
# elif defined(__arc__) || defined(__tilegx__)
# define systemd_NR_bpf 280
# elif defined(__arm__)
@@ -108,6 +111,8 @@ assert_cc(__NR_bpf == systemd_NR_bpf);
# define systemd_NR_close_range 436
# elif defined(__alpha__)
# define systemd_NR_close_range 546
+# elif defined(__sw_64__)
+# define systemd_NR_close_range 283
# elif defined(__arc__) || defined(__tilegx__)
# define systemd_NR_close_range 436
# elif defined(__arm__)
@@ -172,6 +177,8 @@ assert_cc(__NR_close_range == systemd_NR_close_range);
# define systemd_NR_copy_file_range 285
# elif defined(__alpha__)
# define systemd_NR_copy_file_range 519
+# elif defined(__sw_64__)
+# define systemd_NR_copy_file_range 515
# elif defined(__arc__) || defined(__tilegx__)
# define systemd_NR_copy_file_range 285
# elif defined(__arm__)
@@ -236,6 +243,8 @@ assert_cc(__NR_copy_file_range == systemd_NR_copy_file_range);
# define systemd_NR_epoll_pwait2 441
# elif defined(__alpha__)
# define systemd_NR_epoll_pwait2 551
+# elif defined(__sw_64__)
+# define systemd_NR_epoll_pwait2 551
# elif defined(__arc__) || defined(__tilegx__)
# define systemd_NR_epoll_pwait2 441
# elif defined(__arm__)
@@ -300,6 +309,8 @@ assert_cc(__NR_epoll_pwait2 == systemd_NR_epoll_pwait2);
# define systemd_NR_getrandom 278
# elif defined(__alpha__)
# define systemd_NR_getrandom 511
+# elif defined(__sw_64__)
+# define systemd_NR_getrandom 511
# elif defined(__arc__) || defined(__tilegx__)
# define systemd_NR_getrandom 278
# elif defined(__arm__)
@@ -364,6 +375,8 @@ assert_cc(__NR_getrandom == systemd_NR_getrandom);
# define systemd_NR_memfd_create 279
# elif defined(__alpha__)
# define systemd_NR_memfd_create 512
+# elif defined(__sw_64__)
+# define systemd_NR_memfd_create 512
# elif defined(__arc__) || defined(__tilegx__)
# define systemd_NR_memfd_create 279
# elif defined(__arm__)
@@ -428,6 +441,8 @@ assert_cc(__NR_memfd_create == systemd_NR_memfd_create);
# define systemd_NR_mount_setattr 442
# elif defined(__alpha__)
# define systemd_NR_mount_setattr 552
+# elif defined(__sw_64__)
+# define systemd_NR_mount_setattr 552
# elif defined(__arc__) || defined(__tilegx__)
# define systemd_NR_mount_setattr 442
# elif defined(__arm__)
@@ -492,6 +507,8 @@ assert_cc(__NR_mount_setattr == systemd_NR_mount_setattr);
# define systemd_NR_move_mount 429
# elif defined(__alpha__)
# define systemd_NR_move_mount 539
+# elif defined(__sw_64__)
+# define systemd_NR_move_mount 276
# elif defined(__arc__) || defined(__tilegx__)
# define systemd_NR_move_mount 429
# elif defined(__arm__)
@@ -556,6 +573,8 @@ assert_cc(__NR_move_mount == systemd_NR_move_mount);
# define systemd_NR_name_to_handle_at 264
# elif defined(__alpha__)
# define systemd_NR_name_to_handle_at 497
+# elif defined(__sw_64__)
+# define systemd_NR_name_to_handle_at 497
# elif defined(__arc__) || defined(__tilegx__)
# define systemd_NR_name_to_handle_at 264
# elif defined(__arm__)
@@ -620,6 +639,8 @@ assert_cc(__NR_name_to_handle_at == systemd_NR_name_to_handle_at);
# define systemd_NR_open_tree 428
# elif defined(__alpha__)
# define systemd_NR_open_tree 538
+# elif defined(__sw_64__)
+# define systemd_NR_open_tree 275
# elif defined(__arc__) || defined(__tilegx__)
# define systemd_NR_open_tree 428
# elif defined(__arm__)
@@ -684,6 +705,8 @@ assert_cc(__NR_open_tree == systemd_NR_open_tree);
# define systemd_NR_openat2 437
# elif defined(__alpha__)
# define systemd_NR_openat2 547
+# elif defined(__sw_64__)
+# define systemd_NR_openat2 284
# elif defined(__arc__) || defined(__tilegx__)
# define systemd_NR_openat2 437
# elif defined(__arm__)
@@ -750,6 +773,8 @@ assert_cc(__NR_openat2 == systemd_NR_openat2);
# define systemd_NR_pidfd_open 434
# elif defined(__alpha__)
# define systemd_NR_pidfd_open 544
+# elif defined(__sw_64__)
+# define systemd_NR_pidfd_open 281
# elif defined(__arc__) || defined(__tilegx__)
# define systemd_NR_pidfd_open 434
# elif defined(__arm__)
@@ -814,6 +839,8 @@ assert_cc(__NR_pidfd_open == systemd_NR_pidfd_open);
# define systemd_NR_pidfd_send_signal 424
# elif defined(__alpha__)
# define systemd_NR_pidfd_send_signal 534
+# elif defined(__sw_64__)
+# define systemd_NR_pidfd_send_signal 271
# elif defined(__arc__) || defined(__tilegx__)
# define systemd_NR_pidfd_send_signal 424
# elif defined(__arm__)
@@ -878,6 +905,8 @@ assert_cc(__NR_pidfd_send_signal == systemd_NR_pidfd_send_signal);
# define systemd_NR_pkey_mprotect 288
# elif defined(__alpha__)
# define systemd_NR_pkey_mprotect 524
+# elif defined(__sw_64__)
+# define systemd_NR_pkey_mprotect 288
# elif defined(__arc__) || defined(__tilegx__)
# define systemd_NR_pkey_mprotect 288
# elif defined(__arm__)
@@ -942,6 +971,8 @@ assert_cc(__NR_pkey_mprotect == systemd_NR_pkey_mprotect);
# define systemd_NR_renameat2 276
# elif defined(__alpha__)
# define systemd_NR_renameat2 510
+# elif defined(__sw_64__)
+# define systemd_NR_renameat2 510
# elif defined(__arc__) || defined(__tilegx__)
# define systemd_NR_renameat2 276
# elif defined(__arm__)
@@ -1006,6 +1037,8 @@ assert_cc(__NR_renameat2 == systemd_NR_renameat2);
# define systemd_NR_setns 268
# elif defined(__alpha__)
# define systemd_NR_setns 501
+# elif defined(__sw_64__)
+# define systemd_NR_setns 501
# elif defined(__arc__) || defined(__tilegx__)
# define systemd_NR_setns 268
# elif defined(__arm__)
@@ -1070,6 +1103,8 @@ assert_cc(__NR_setns == systemd_NR_setns);
# define systemd_NR_statx 291
# elif defined(__alpha__)
# define systemd_NR_statx 522
+# elif defined(__sw_64__)
+# define systemd_NR_statx 518
# elif defined(__arc__) || defined(__tilegx__)
# define systemd_NR_statx 291
# elif defined(__arm__)
diff --git a/src/basic/missing_syscalls.py b/src/basic/missing_syscalls.py
index dd45899..cf448cc 100644
--- a/src/basic/missing_syscalls.py
+++ b/src/basic/missing_syscalls.py
@@ -52,6 +52,8 @@ DEF_TEMPLATE_B = '''\
# define systemd_NR_{syscall} {nr_arm64}
# elif defined(__alpha__)
# define systemd_NR_{syscall} {nr_alpha}
+# elif defined(__sw_64__)
+# define systemd_NR_{syscall} {nr_sw_64}
# elif defined(__arc__) || defined(__tilegx__)
# define systemd_NR_{syscall} {nr_arc}
# elif defined(__arm__)
diff --git a/src/basic/syscalls-sw_64.txt b/src/basic/syscalls-sw_64.txt
new file mode 100644
index 0000000..5aef86b
--- /dev/null
+++ b/src/basic/syscalls-sw_64.txt
@@ -0,0 +1,600 @@
+_llseek
+_newselect
+_sysctl 319
+accept 99
+accept4 502
+access 33
+acct 51
+add_key 439
+adjtimex 366
+alarm
+arc_gettls
+arc_settls
+arc_usr_cmpxchg
+arch_prctl
+arm_fadvise64_64
+atomic_barrier
+atomic_cmpxchg_32
+bdflush 300
+bind 104
+bpf 515
+brk 17
+cachectl
+cacheflush
+capget 368
+capset 369
+chdir 12
+chmod 15
+chown 16
+chown32
+chroot 61
+clock_adjtime 499
+clock_adjtime64
+clock_getres 421
+clock_getres_time64
+clock_gettime 420
+clock_gettime64
+clock_nanosleep 422
+clock_nanosleep_time64
+clock_settime 419
+clock_settime64
+clone 312
+clone2
+clone3
+close 6
+close_range 546
+connect 98
+copy_file_range 519
+creat
+create_module 306
+delete_module 308
+dipc 373
+dup 41
+dup2 90
+dup3 487
+epoll_create 407
+epoll_create1 486
+epoll_ctl 408
+epoll_ctl_old
+epoll_pwait 474
+epoll_pwait2 551
+epoll_wait 409
+epoll_wait_old
+eventfd 478
+eventfd2 485
+exec_with_loader 25
+execv
+execve 59
+execveat 513
+exit 1
+exit_group 405
+faccessat 462
+faccessat2 549
+fadvise64 413
+fadvise64_64
+fallocate 480
+fanotify_init 494
+fanotify_mark 495
+fchdir 13
+fchmod 124
+fchmodat 461
+fchown 123
+fchown32
+fchownat 453
+fcntl 92
+fcntl64
+fdatasync 447
+fgetxattr 387
+finit_module 507
+flistxattr 390
+flock 131
+fork 2
+fp_udfiex_crtl
+fremovexattr 393
+fsconfig 541
+fsetxattr 384
+fsmount 542
+fsopen 540
+fspick 543
+fstat 91
+fstat64 427
+fstatat64 455
+fstatfs 329
+fstatfs64 529
+fsync 95
+ftruncate 130
+ftruncate64
+futex 394
+futex_time64
+futex_waitv 559
+futimesat 454
+get_kernel_syms 309
+get_mempolicy 430
+get_robust_list 467
+get_thread_area
+getcpu 473
+getcwd 367
+getdents 305
+getdents64 377
+getdomainname
+getdtablesize 89
+getegid 530
+getegid32
+geteuid 531
+geteuid32
+getgid 47
+getgid32
+getgroups 79
+getgroups32
+gethostname 87
+getitimer 361
+getpagesize 64
+getpeername 141
+getpgid 233
+getpgrp 63
+getpid 20
+getpmsg
+getppid 532
+getpriority 100
+getrandom 511
+getresgid 372
+getresgid32
+getresuid 344
+getresuid32
+getrlimit 144
+getrusage 364
+getsid 234
+getsockname 150
+getsockopt 118
+gettid 378
+gettimeofday 359
+getuid 24
+getuid32
+getunwind
+getxattr 385
+getxgid 47
+getxpid 20
+getxuid 24
+idle
+init_module 307
+inotify_add_watch 445
+inotify_init 444
+inotify_init1 489
+inotify_rm_watch 446
+io_cancel 402
+io_destroy 399
+io_getevents 400
+io_pgetevents 523
+io_pgetevents_time64
+io_setup 398
+io_submit 401
+io_uring_enter 536
+io_uring_register 537
+io_uring_setup 535
+ioctl 54
+ioperm
+iopl
+ioprio_get 443
+ioprio_set 442
+ipc
+kcmp 506
+kern_features
+kexec_file_load
+kexec_load 448
+keyctl 441
+kill 37
+landlock_add_rule 555
+landlock_create_ruleset 554
+landlock_restrict_self 556
+lchown 208
+lchown32
+lgetxattr 386
+link 9
+linkat 458
+listen 106
+listxattr 388
+llistxattr 389
+lookup_dcookie 406
+lremovexattr 392
+lseek 19
+lsetxattr 383
+lstat 68
+lstat64 426
+madvise 75
+mbind 429
+membarrier 517
+memfd_create 512
+memfd_secret
+memory_ordering
+migrate_pages 449
+mincore 375
+mkdir 136
+mkdirat 451
+mknod 14
+mknodat 452
+mlock 314
+mlock2 518
+mlockall 316
+mmap 71
+mmap2
+modify_ldt
+mount 302
+mount_setattr 552
+move_mount 539
+move_pages 472
+mprotect 74
+mq_getsetattr 437
+mq_notify 436
+mq_open 432
+mq_timedreceive 435
+mq_timedreceive_time64
+mq_timedsend 434
+mq_timedsend_time64
+mq_unlink 433
+mremap 341
+msgctl 200
+msgget 201
+msgrcv 202
+msgsnd 203
+msync 217
+multiplexer
+munlock 315
+munlockall 317
+munmap 73
+name_to_handle_at 497
+nanosleep 340
+newfstatat
+nfsservctl 342
+nice
+old_adjtimex 303
+old_getpagesize
+oldfstat
+oldlstat
+oldolduname
+oldstat
+oldumount 321
+olduname
+open 45
+open_by_handle_at 498
+open_tree 538
+openat 450
+openat2 547
+or1k_atomic
+osf_adjtime 140
+osf_afs_syscall 258
+osf_alt_plock 181
+osf_alt_setsid 188
+osf_alt_sigpending 187
+osf_asynch_daemon 163
+osf_audcntl 252
+osf_audgen 253
+osf_chflags 34
+osf_execve 11
+osf_exportfs 169
+osf_fchflags 35
+osf_fdatasync 261
+osf_fpathconf 248
+osf_fstat 226
+osf_fstatfs 161
+osf_fstatfs64 228
+osf_fuser 243
+osf_getaddressconf 214
+osf_getdirentries 159
+osf_getdomainname 165
+osf_getfh 164
+osf_getfsstat 18
+osf_gethostid 142
+osf_getitimer 86
+osf_getlogin 49
+osf_getmnt 184
+osf_getrusage 117
+osf_getsysinfo 256
+osf_gettimeofday 116
+osf_kloadcall 223
+osf_kmodcall 77
+osf_lstat 225
+osf_memcntl 260
+osf_mincore 78
+osf_mount 21
+osf_mremap 65
+osf_msfs_syscall 240
+osf_msleep 215
+osf_mvalid 213
+osf_mwakeup 216
+osf_naccept 30
+osf_nfssvc 158
+osf_ngetpeername 31
+osf_ngetsockname 32
+osf_nrecvfrom 29
+osf_nrecvmsg 27
+osf_nsendmsg 28
+osf_ntp_adjtime 245
+osf_ntp_gettime 246
+osf_old_creat 8
+osf_old_fstat 62
+osf_old_getpgrp 81
+osf_old_killpg 146
+osf_old_lstat 40
+osf_old_open 5
+osf_old_sigaction 46
+osf_old_sigblock 109
+osf_old_sigreturn 139
+osf_old_sigsetmask 110
+osf_old_sigvec 108
+osf_old_stat 38
+osf_old_vadvise 72
+osf_old_vtrace 115
+osf_old_wait 84
+osf_oldquota 149
+osf_pathconf 247
+osf_pid_block 153
+osf_pid_unblock 154
+osf_plock 107
+osf_priocntlset 237
+osf_profil 44
+osf_proplist_syscall 244
+osf_reboot 55
+osf_revoke 56
+osf_sbrk 69
+osf_security 222
+osf_select 93
+osf_set_program_attributes 43
+osf_set_speculative 239
+osf_sethostid 143
+osf_setitimer 83
+osf_setlogin 50
+osf_setsysinfo 257
+osf_settimeofday 122
+osf_shmat 209
+osf_signal 218
+osf_sigprocmask 48
+osf_sigsendset 238
+osf_sigstack 112
+osf_sigwaitprim 157
+osf_sstk 70
+osf_stat 224
+osf_statfs 160
+osf_statfs64 227
+osf_subsys_info 255
+osf_swapctl 259
+osf_swapon 199
+osf_syscall 0
+osf_sysinfo 241
+osf_table 85
+osf_uadmin 242
+osf_usleep_thread 251
+osf_uswitch 250
+osf_utc_adjtime 220
+osf_utc_gettime 219
+osf_utimes 138
+osf_utsname 207
+osf_wait4 7
+osf_waitid 236
+pause
+pciconfig_iobase 376
+pciconfig_read 345
+pciconfig_write 346
+perf_event_open 493
+perfctr
+personality 324
+pidfd_getfd 548
+pidfd_open 544
+pidfd_send_signal 534
+pipe 42
+pipe2 488
+pivot_root 374
+pkey_alloc 525
+pkey_free 526
+pkey_mprotect 524
+poll 94
+ppoll 464
+ppoll_time64
+prctl 348
+pread64 349
+preadv 490
+preadv2 520
+prlimit64 496
+process_madvise 550
+process_mrelease 558
+process_vm_readv 504
+process_vm_writev 505
+pselect6 463
+pselect6_time64
+ptrace 26
+pwrite64 350
+pwritev 491
+pwritev2 521
+query_module 347
+quotactl 148
+quotactl_fd 553
+read 3
+readahead 379
+readdir
+readlink 58
+readlinkat 460
+readv 120
+reboot 311
+recv 102
+recvfrom 125
+recvmmsg 479
+recvmmsg_time64
+recvmsg 113
+remap_file_pages 410
+removexattr 391
+rename 128
+renameat 457
+renameat2 510
+request_key 440
+restart_syscall 412
+riscv_flush_icache
+rmdir 137
+rseq 527
+rt_sigaction 352
+rt_sigpending 354
+rt_sigprocmask 353
+rt_sigqueueinfo 356
+rt_sigreturn 351
+rt_sigsuspend 357
+rt_sigtimedwait 355
+rt_sigtimedwait_time64
+rt_tgsigqueueinfo 492
+rtas
+s390_guarded_storage
+s390_pci_mmio_read
+s390_pci_mmio_write
+s390_runtime_instr
+s390_sthyi
+sched_get_affinity
+sched_get_priority_max 335
+sched_get_priority_min 336
+sched_getaffinity 396
+sched_getattr 509
+sched_getparam 331
+sched_getscheduler 333
+sched_rr_get_interval 337
+sched_rr_get_interval_time64
+sched_set_affinity
+sched_setaffinity 395
+sched_setattr 508
+sched_setparam 330
+sched_setscheduler 332
+sched_yield 334
+seccomp 514
+select 358
+semctl 204
+semget 205
+semop 206
+semtimedop 423
+semtimedop_time64
+send 101
+sendfile 370
+sendfile64
+sendmmsg 503
+sendmsg 114
+sendto 133
+set_mempolicy 431
+set_robust_list 466
+set_thread_area
+set_tid_address 411
+setdomainname 166
+setfsgid 326
+setfsgid32
+setfsuid 325
+setfsuid32
+setgid 132
+setgid32
+setgroups 80
+setgroups32
+sethae 301
+sethostname 88
+setitimer 362
+setns 501
+setpgid 39
+setpgrp 82
+setpriority 96
+setregid 127
+setregid32
+setresgid 371
+setresgid32
+setresuid 343
+setresuid32
+setreuid 126
+setreuid32
+setrlimit 145
+setsid 147
+setsockopt 105
+settimeofday 360
+setuid 23
+setuid32
+setxattr 382
+sgetmask
+shmat 209
+shmctl 210
+shmdt 211
+shmget 212
+shutdown 134
+sigaction 156
+sigaltstack 235
+signal
+signalfd 476
+signalfd4 484
+sigpending 52
+sigprocmask
+sigreturn 103
+sigsuspend 111
+socket 97
+socketcall
+socketpair 135
+splice 468
+spu_create
+spu_run
+ssetmask
+stat 67
+stat64 425
+statfs 328
+statfs64 528
+statx 522
+stime
+subpage_prot
+swapcontext
+swapoff 304
+swapon 322
+switch_endian
+symlink 57
+symlinkat 459
+sync 36
+sync_file_range 469
+sync_file_range2
+syncfs 500
+sys_debug_setcontext
+syscall
+sysfs 254
+sysinfo 318
+syslog 310
+sysmips
+tee 470
+tgkill 424
+time
+timer_create 414
+timer_delete 418
+timer_getoverrun 417
+timer_gettime 416
+timer_gettime64
+timer_settime 415
+timer_settime64
+timerfd 477
+timerfd_create 481
+timerfd_gettime 483
+timerfd_gettime64
+timerfd_settime 482
+timerfd_settime64
+times 323
+tkill 381
+truncate 129
+truncate64
+ugetrlimit
+umask 60
+umount 22
+umount2 22
+uname 339
+unlink 10
+unlinkat 456
+unshare 465
+uselib 313
+userfaultfd 516
+ustat 327
+utime
+utimensat 475
+utimensat_time64
+utimes 363
+utrap_install
+vfork 66
+vhangup 76
+vm86
+vm86old
+vmsplice 471
+wait4 365
+waitid 438
+waitpid
+write 4
+writev 121
--
2.33.0

44
activation-service-must-be-restarted-when-reactivated.patch
View File

@ -1,44 +0,0 @@
From 4acc8a3168e5f11b5308cf8558d68bf2a0503444 Mon Sep 17 00:00:00 2001
From: huangkaibin <huangkaibin@huawei.com>
Date: Mon, 7 Aug 2017 17:06:30 +0800
Subject: [PATCH] systemd: Activation service must be restarted when it is already started and re-actived
by dbus
When dbus-daemon service is killed, every activation service must be restarted
to reestblished dbus connection between dbus-daemon and the service.
Otherwise, there will be problem on the dbus connection. This patch fix this
problem by set JobType to JOB_RESTART when it is re-actived in signal_activation_request function.
---
src/core/dbus.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/core/dbus.c b/src/core/dbus.c
index 29524d4..38940ef 100644
--- a/src/core/dbus.c
+++ b/src/core/dbus.c
@@ -152,6 +152,8 @@ static int signal_activation_request(sd_bus_message *message, void *userdata, sd
const char *name;
Unit *u;
int r;
+ int jobtype;
+ Service *s = NULL;
assert(message);
assert(m);
@@ -177,7 +179,13 @@ static int signal_activation_request(sd_bus_message *message, void *userdata, sd
goto failed;
}
- r = manager_add_job(m, JOB_START, u, JOB_REPLACE, NULL, &error, NULL);
+ jobtype = JOB_START;
+ s = SERVICE(u);
+ if(s && s->state != SERVICE_DEAD) {
+ jobtype = JOB_RESTART;
+ log_unit_info(u, "Service '%s' will be restarted to activate the service. The current service state is %d.", u->id, s->state);
+ }
+ r = manager_add_job(m, jobtype, u, JOB_REPLACE, NULL, &error, NULL);
if (r < 0)
goto failed;
--
1.8.3.1

165
add-loongarch-for-missing_syscall_def.patch
View File

@ -1,165 +0,0 @@
diff --git a/src/basic/missing_syscall_def.h b/src/basic/missing_syscall_def.h
index 29dfd2e..629cad0 100644
--- a/src/basic/missing_syscall_def.h
+++ b/src/basic/missing_syscall_def.h
@@ -28,6 +28,7 @@
# else
# error "Unknown RISC-V ABI"
# endif
+# elif defined(__loongarch__)
# elif defined(__s390__)
# elif defined(__sparc__)
# elif defined(__x86_64__)
@@ -74,6 +75,8 @@
# else
# error "Unknown RISC-V ABI"
# endif
+# elif defined(__loongarch__)
+# define systemd_NR_bpf 280
# elif defined(__s390__)
# define systemd_NR_bpf 351
# elif defined(__sparc__)
@@ -138,6 +141,8 @@ assert_cc(__NR_bpf == systemd_NR_bpf);
# else
# error "Unknown RISC-V ABI"
# endif
+# elif defined(__loongarch__)
+# define systemd_NR_close_range 436
# elif defined(__s390__)
# define systemd_NR_close_range 436
# elif defined(__sparc__)
@@ -202,6 +207,8 @@ assert_cc(__NR_close_range == systemd_NR_close_range);
# else
# error "Unknown RISC-V ABI"
# endif
+# elif defined(__loongarch__)
+# define systemd_NR_copy_file_range 285
# elif defined(__s390__)
# define systemd_NR_copy_file_range 375
# elif defined(__sparc__)
@@ -266,6 +273,8 @@ assert_cc(__NR_copy_file_range == systemd_NR_copy_file_range);
# else
# error "Unknown RISC-V ABI"
# endif
+# elif defined(__loongarch__)
+# define systemd_NR_epoll_pwait2 441
# elif defined(__s390__)
# define systemd_NR_epoll_pwait2 441
# elif defined(__sparc__)
@@ -330,6 +339,8 @@ assert_cc(__NR_epoll_pwait2 == systemd_NR_epoll_pwait2);
# else
# error "Unknown RISC-V ABI"
# endif
+# elif defined(__loongarch__)
+# define systemd_NR_getrandom 278
# elif defined(__s390__)
# define systemd_NR_getrandom 349
# elif defined(__sparc__)
@@ -394,6 +405,8 @@ assert_cc(__NR_getrandom == systemd_NR_getrandom);
# else
# error "Unknown RISC-V ABI"
# endif
+# elif defined(__loongarch__)
+# define systemd_NR_memfd_create 279
# elif defined(__s390__)
# define systemd_NR_memfd_create 350
# elif defined(__sparc__)
@@ -458,6 +471,8 @@ assert_cc(__NR_memfd_create == systemd_NR_memfd_create);
# else
# error "Unknown RISC-V ABI"
# endif
+# elif defined(__loongarch__)
+# define systemd_NR_mount_setattr 442
# elif defined(__s390__)
# define systemd_NR_mount_setattr 442
# elif defined(__sparc__)
@@ -522,6 +537,8 @@ assert_cc(__NR_mount_setattr == systemd_NR_mount_setattr);
# else
# error "Unknown RISC-V ABI"
# endif
+# elif defined(__loongarch__)
+# define systemd_NR_move_mount 429
# elif defined(__s390__)
# define systemd_NR_move_mount 429
# elif defined(__sparc__)
@@ -586,6 +603,8 @@ assert_cc(__NR_move_mount == systemd_NR_move_mount);
# else
# error "Unknown RISC-V ABI"
# endif
+# elif defined(__loongarch__)
+# define systemd_NR_name_to_handle_at 264
# elif defined(__s390__)
# define systemd_NR_name_to_handle_at 335
# elif defined(__sparc__)
@@ -650,6 +669,8 @@ assert_cc(__NR_name_to_handle_at == systemd_NR_name_to_handle_at);
# else
# error "Unknown RISC-V ABI"
# endif
+# elif defined(__loongarch__)
+# define systemd_NR_open_tree 428
# elif defined(__s390__)
# define systemd_NR_open_tree 428
# elif defined(__sparc__)
@@ -692,7 +713,7 @@ assert_cc(__NR_open_tree == systemd_NR_open_tree);
# define systemd_NR_openat2 437
# elif defined(__ia64__)
# define systemd_NR_openat2 1461
-# elif defined(__loongarch64)
+# elif defined(__loongarch__)
# define systemd_NR_openat2 437
# elif defined(__m68k__)
# define systemd_NR_openat2 437
@@ -780,6 +801,8 @@ assert_cc(__NR_openat2 == systemd_NR_openat2);
# else
# error "Unknown RISC-V ABI"
# endif
+# elif defined(__loongarch__)
+# define systemd_NR_pidfd_open 434
# elif defined(__s390__)
# define systemd_NR_pidfd_open 434
# elif defined(__sparc__)
@@ -844,6 +867,8 @@ assert_cc(__NR_pidfd_open == systemd_NR_pidfd_open);
# else
# error "Unknown RISC-V ABI"
# endif
+# elif defined(__loongarch__)
+# define systemd_NR_pidfd_send_signal 424
# elif defined(__s390__)
# define systemd_NR_pidfd_send_signal 424
# elif defined(__sparc__)
@@ -908,6 +933,8 @@ assert_cc(__NR_pidfd_send_signal == systemd_NR_pidfd_send_signal);
# else
# error "Unknown RISC-V ABI"
# endif
+# elif defined(__loongarch__)
+# define systemd_NR_pkey_mprotect 288
# elif defined(__s390__)
# define systemd_NR_pkey_mprotect 384
# elif defined(__sparc__)
@@ -972,6 +999,8 @@ assert_cc(__NR_pkey_mprotect == systemd_NR_pkey_mprotect);
# else
# error "Unknown RISC-V ABI"
# endif
+# elif defined(__loongarch__)
+# define systemd_NR_renameat2 276
# elif defined(__s390__)
# define systemd_NR_renameat2 347
# elif defined(__sparc__)
@@ -1036,6 +1065,8 @@ assert_cc(__NR_renameat2 == systemd_NR_renameat2);
# else
# error "Unknown RISC-V ABI"
# endif
+# elif defined(__loongarch__)
+# define systemd_NR_setns 268
# elif defined(__s390__)
# define systemd_NR_setns 339
# elif defined(__sparc__)
@@ -1100,6 +1131,8 @@ assert_cc(__NR_setns == systemd_NR_setns);
# else
# error "Unknown RISC-V ABI"
# endif
+# elif defined(__loongarch__)
+# define systemd_NR_statx 291
# elif defined(__s390__)
# define systemd_NR_statx 379
# elif defined(__sparc__)

66
backport-Add-meson-option-to-disable-urlify.patch
View File

@ -1,66 +0,0 @@
From e5d86ebed5624ef62342c820a5868b1075deb300 Mon Sep 17 00:00:00 2001
From: James Hilliard <james.hilliard1@gmail.com>
Date: Sun, 11 Jul 2021 04:39:33 -0600
Subject: [PATCH] Add meson option to disable urlify.
Useful for systems that don't use a version of less with hyperlink
support.
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/e5d86ebed5624ef62342c820a5868b1075deb300
---
meson.build | 1 +
meson_options.txt | 2 ++
src/shared/pretty-print.c | 4 ++++
3 files changed, 7 insertions(+)
diff --git a/meson.build b/meson.build
index 5735cfc7ad..a2ee15bf32 100644
--- a/meson.build
+++ b/meson.build
@@ -278,6 +278,7 @@ conf.set_quoted('USER_PRESET_DIR', userpresetdir)
conf.set_quoted('VENDOR_KEYRING_PATH', join_paths(rootlibexecdir, 'import-pubring.gpg'))
conf.set('ANSI_OK_COLOR', 'ANSI_' + get_option('ok-color').underscorify().to_upper())
+conf.set10('ENABLE_URLIFY', get_option('urlify'))
conf.set10('ENABLE_FEXECVE', get_option('fexecve'))
conf.set10('MEMORY_ACCOUNTING_DEFAULT', memory_accounting_default)
conf.set('STATUS_UNIT_FORMAT_DEFAULT', 'STATUS_UNIT_FORMAT_' + status_unit_format_default.to_upper())
diff --git a/meson_options.txt b/meson_options.txt
index 163c8df87d..b60261ac24 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -444,6 +444,8 @@ option('ok-color', type : 'combo',
'highlight-cyan', 'highlight-white'],
value : 'green',
description: 'color of the "OK" status message')
+option('urlify', type : 'boolean', value : 'true',
+ description : 'enable pager Hyperlink ANSI sequence support')
option('fexecve', type : 'boolean', value : 'false',
description : 'use fexecve() to spawn children')
diff --git a/src/shared/pretty-print.c b/src/shared/pretty-print.c
index 137ba77b3a..7983c0a33a 100644
--- a/src/shared/pretty-print.c
+++ b/src/shared/pretty-print.c
@@ -19,6 +19,7 @@
#include "util.h"
bool urlify_enabled(void) {
+#if ENABLE_URLIFY
static int cached_urlify_enabled = -1;
if (cached_urlify_enabled < 0) {
@@ -32,6 +33,9 @@ bool urlify_enabled(void) {
}
return cached_urlify_enabled;
+#else
+ return 0;
+#endif
}
int terminal_urlify(const char *url, const char *text, char **ret) {
--
2.27.0

36
backport-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
View File

@ -1,36 +0,0 @@
From f58c5ced373c2532b5cc44ba2e0c3a28b41472f2 Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Tue, 15 May 2018 09:24:20 +0200
Subject: [PATCH] Avoid /tmp being mounted as tmpfs without the user's
will
Conflict:adapt context; modify unit_add_dependency_by_name para because of
35d8c19ace6; don't modify because we need tmp.mount to be started when
basic.target is started.
Reference:https://git.centos.org/rpms/systemd/blob/4b8c80a811af8258c136f5e7000fc0cd0adf8dc5/f/SOURCES/0004-Avoid-tmp-being-mounted-as-tmpfs-without-the-user-s-.patch
Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather
adds an After relationship.
Resolves: #1578772
---
src/core/unit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/unit.c b/src/core/unit.c
index fd84818..e30c14b 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -1271,7 +1271,7 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) {
* tmp.mount so /tmp being masked is supported. However there's no reason to treat
* /tmp specifically and masking other mount units should be handled more
* gracefully too, see PR#16894. */
- r = unit_add_two_dependencies_by_name(u, UNIT_AFTER, UNIT_WANTS, "tmp.mount", true, UNIT_DEPENDENCY_FILE);
+ r = unit_add_dependency_by_name(u, UNIT_AFTER, "tmp.mount", true, UNIT_DEPENDENCY_FILE);
if (r < 0)
return r;
--
2.23.0

46
backport-Bump-the-max-number-of-inodes-for-dev-to-128k.patch
View File

@ -1,46 +0,0 @@
From b1bb976219e4c63d4b8099a2820fedbedf0aa8a5 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Fri, 3 Dec 2021 11:23:36 +0100
Subject: [PATCH] Bump the max number of inodes for /dev to 128k
Follow-up for 7d85383edbab73274dc81cc888d884bb01070bc2.
Apparently the previous limit set on the max number of inodes for /dev was too
small as a system with 4096 LUNs attached can consume up to 95k inodes for
symlinks:
# /bin/df -i
Filesystem Inodes IUsed IFree IUse% Mounted on
devtmpfs 49274377 95075 49179302 1% /dev
Hence this patch bumps the limit from 64k to 128k although the new limit is
still pretty arbitrary (that said, not sure if it really makes sense to put
such absolute limit number).
(cherry picked from commit 4c733d3046942984c5f73b40c3af39cc218c103f)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/b1bb976219e4c63d4b8099a2820fedbedf0aa8a5
---
src/shared/mount-util.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/shared/mount-util.h b/src/shared/mount-util.h
index 36501c2c4a..c5bd881070 100644
--- a/src/shared/mount-util.h
+++ b/src/shared/mount-util.h
@@ -11,9 +11,9 @@
#include "errno-util.h"
#include "macro.h"
-/* 4MB for contents of regular files, 64k inodes for directories, symbolic links and device specials, using
+/* 4MB for contents of regular files, 128k inodes for directories, symbolic links and device specials, using
* large storage array systems as a baseline */
-#define TMPFS_LIMITS_DEV ",size=4m,nr_inodes=64k"
+#define TMPFS_LIMITS_DEV ",size=4m,nr_inodes=128k"
/* Very little, if any use expected */
#define TMPFS_LIMITS_EMPTY_OR_ALMOST ",size=4m,nr_inodes=1k"
--
2.33.0

30
backport-Bump-the-max-number-of-inodes-for-dev-to-a-million.patch
View File

@ -1,30 +0,0 @@
From e98d0662ffbffe2c60492be6b4f5d579038d3282 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 9 Dec 2021 10:09:17 +0100
Subject: [PATCH 1/2] Bump the max number of inodes for /dev to a million
4c733d3046942984c5f73b40c3af39cc218c103f shows that 95k can be used easily on a large
system. Let's bump it up even more so that we have some "breathing room".
---
src/shared/mount-util.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/shared/mount-util.h b/src/shared/mount-util.h
index 3622170297..ce73aebd4b 100644
--- a/src/shared/mount-util.h
+++ b/src/shared/mount-util.h
@@ -11,9 +11,9 @@
#include "errno-util.h"
#include "macro.h"
-/* 4MB for contents of regular files, 128k inodes for directories, symbolic links and device specials, using
+/* 4MB for contents of regular files, 1m inodes for directories, symbolic links and device nodes, using
* large storage array systems as a baseline */
-#define TMPFS_LIMITS_DEV ",size=4m,nr_inodes=128k"
+#define TMPFS_LIMITS_DEV ",size=4m,nr_inodes=1m"
/* Very little, if any use expected */
#define TMPFS_LIMITS_EMPTY_OR_ALMOST ",size=4m,nr_inodes=1k"
--
2.27.0

25
backport-Bump-the-max-number-of-inodes-for-tmp-to-a-million-t.patch
View File

@ -1,25 +0,0 @@
From cac372a80177fb622806270eb0d810e4c6ad0c84 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 9 Dec 2021 10:20:46 +0100
Subject: [PATCH] Bump the max number of inodes for /tmp to a million too
Fixes #21626. (The bug report talks about /run, but the issue is actually with
/tmp.) People use /tmp for various things that fit in memory, e.g. unpacking
packages, and 400k is not much. Let's raise is a bit.
---
units/tmp.mount | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/units/tmp.mount b/units/tmp.mount
index 516bd1621c..4e1bb8de24 100644
--- a/units/tmp.mount
+++ b/units/tmp.mount
@@ -22,4 +22,4 @@ After=swap.target
What=tmpfs
Where=/tmp
Type=tmpfs
-Options=mode=1777,strictatime,nosuid,nodev,size=50%,nr_inodes=400k
+Options=mode=1777,strictatime,nosuid,nodev,size=50%,nr_inodes=1m
--
2.27.0

43
backport-CVE-2021-3997-rm-rf-optionally-fsync-after-removing-directory-tree.patch
View File

@ -1,43 +0,0 @@
From 2426beacca09d84091759be45b25c88116302184 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 5 Oct 2021 10:32:56 +0200
Subject: [PATCH] rm-rf: optionally fsync() after removing directory tree
(cherry picked from commit bdfe7ada0d4d66e6d6e65f2822acbb1ec230f9c2)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/2426beacca09d84091759be45b25c88116302184
---
src/shared/rm-rf.c | 3 +++
src/shared/rm-rf.h | 1 +
2 files changed, 4 insertions(+)
diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c
index dffb9cf6ee..5ef7c662dd 100644
--- a/src/shared/rm-rf.c
+++ b/src/shared/rm-rf.c
@@ -250,6 +250,9 @@ int rm_rf_children(
ret = r;
}
+ if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(dirfd(d)) < 0 && ret >= 0)
+ ret = -errno;
+
return ret;
}
diff --git a/src/shared/rm-rf.h b/src/shared/rm-rf.h
index 577a2795e0..24fd9a2aa2 100644
--- a/src/shared/rm-rf.h
+++ b/src/shared/rm-rf.h
@@ -14,6 +14,7 @@ typedef enum RemoveFlags {
REMOVE_MISSING_OK = 1 << 4, /* If the top-level directory is missing, ignore the ENOENT for it */
REMOVE_CHMOD = 1 << 5, /* chmod() for write access if we cannot delete or access something */
REMOVE_CHMOD_RESTORE = 1 << 6, /* Restore the old mode before returning */
+ REMOVE_SYNCFS = 1 << 7, /* syncfs() the root of the specified directory after removing everything in it */
} RemoveFlags;
int unlinkat_harder(int dfd, const char *filename, int unlink_flags, RemoveFlags remove_flags);
--
2.33.0

324
backport-CVE-2021-3997-rm-rf-refactor-rm_rf_children-split-out-body-of-dire.patch
View File

@ -1,324 +0,0 @@
From ca4a0e7d41f0b2a1fe2f99dbc3763187c16cf7ab Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 26 Jan 2021 16:30:06 +0100
Subject: [PATCH] rm-rf: refactor rm_rf_children(), split out body of directory
iteration loop
This splits out rm_rf_children_inner() as body of the loop. We can use
that to implement rm_rf_child() for deleting one specific entry in a
directory.
(cherry picked from commit 1f0fb7d544711248cba34615e43c5a76bc902d74)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/ca4a0e7d41f0b2a1fe2f99dbc3763187c16cf7ab
---
src/shared/rm-rf.c | 223 ++++++++++++++++++++++++++-------------------
src/shared/rm-rf.h | 3 +-
2 files changed, 131 insertions(+), 95 deletions(-)
diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c
index 900a7fb5ff..dffb9cf6ee 100644
--- a/src/shared/rm-rf.c
+++ b/src/shared/rm-rf.c
@@ -19,6 +19,9 @@
#include "stat-util.h"
#include "string-util.h"
+/* We treat tmpfs/ramfs + cgroupfs as non-physical file sytems. cgroupfs is similar to tmpfs in a way after
+ * all: we can create arbitrary directory hierarchies in it, and hence can also use rm_rf() on it to remove
+ * those again. */
static bool is_physical_fs(const struct statfs *sfs) {
return !is_temporary_fs(sfs) && !is_cgroup_fs(sfs);
}
@@ -113,133 +116,145 @@ int fstatat_harder(int dfd,
return 0;
}
-int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev) {
- _cleanup_closedir_ DIR *d = NULL;
- struct dirent *de;
- int ret = 0, r;
- struct statfs sfs;
+static int rm_rf_children_inner(
+ int fd,
+ const char *fname,
+ int is_dir,
+ RemoveFlags flags,
+ const struct stat *root_dev) {
- assert(fd >= 0);
+ struct stat st;
+ int r;
- /* This returns the first error we run into, but nevertheless tries to go on. This closes the passed
- * fd, in all cases, including on failure.. */
+ assert(fd >= 0);
+ assert(fname);
- if (!(flags & REMOVE_PHYSICAL)) {
+ if (is_dir < 0 || (is_dir > 0 && (root_dev || (flags & REMOVE_SUBVOLUME)))) {
- r = fstatfs(fd, &sfs);
- if (r < 0) {
- safe_close(fd);
- return -errno;
- }
+ r = fstatat_harder(fd, fname, &st, AT_SYMLINK_NOFOLLOW, flags);
+ if (r < 0)
+ return r;
- if (is_physical_fs(&sfs)) {
- /* We refuse to clean physical file systems with this call,
- * unless explicitly requested. This is extra paranoia just
- * to be sure we never ever remove non-state data. */
- _cleanup_free_ char *path = NULL;
+ is_dir = S_ISDIR(st.st_mode);
+ }
- (void) fd_get_path(fd, &path);
- log_error("Attempted to remove disk file system under \"%s\", and we can't allow that.",
- strna(path));
+ if (is_dir) {
+ _cleanup_close_ int subdir_fd = -1;
+ int q;
- safe_close(fd);
- return -EPERM;
- }
- }
+ /* if root_dev is set, remove subdirectories only if device is same */
+ if (root_dev && st.st_dev != root_dev->st_dev)
+ return 0;
- d = fdopendir(fd);
- if (!d) {
- safe_close(fd);
- return errno == ENOENT ? 0 : -errno;
- }
+ /* Stop at mount points */
+ r = fd_is_mount_point(fd, fname, 0);
+ if (r < 0)
+ return r;
+ if (r > 0)
+ return 0;
- FOREACH_DIRENT_ALL(de, d, return -errno) {
- bool is_dir;
- struct stat st;
+ if ((flags & REMOVE_SUBVOLUME) && btrfs_might_be_subvol(&st)) {
- if (dot_or_dot_dot(de->d_name))
- continue;
+ /* This could be a subvolume, try to remove it */
- if (de->d_type == DT_UNKNOWN ||
- (de->d_type == DT_DIR && (root_dev || (flags & REMOVE_SUBVOLUME)))) {
- r = fstatat_harder(fd, de->d_name, &st, AT_SYMLINK_NOFOLLOW, flags);
+ r = btrfs_subvol_remove_fd(fd, fname, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA);
if (r < 0) {
- if (ret == 0 && r != -ENOENT)
- ret = r;
- continue;
- }
+ if (!IN_SET(r, -ENOTTY, -EINVAL))
+ return r;
- is_dir = S_ISDIR(st.st_mode);
- } else
- is_dir = de->d_type == DT_DIR;
+ /* ENOTTY, then it wasn't a btrfs subvolume, continue below. */
+ } else
+ /* It was a subvolume, done. */
+ return 1;
+ }
- if (is_dir) {
- _cleanup_close_ int subdir_fd = -1;
+ subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
+ if (subdir_fd < 0)
+ return -errno;
- /* if root_dev is set, remove subdirectories only if device is same */
- if (root_dev && st.st_dev != root_dev->st_dev)
- continue;
+ /* We pass REMOVE_PHYSICAL here, to avoid doing the fstatfs() to check the file system type
+ * again for each directory */
+ q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev);
- subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
- if (subdir_fd < 0) {
- if (ret == 0 && errno != ENOENT)
- ret = -errno;
- continue;
- }
+ r = unlinkat_harder(fd, fname, AT_REMOVEDIR, flags);
+ if (r < 0)
+ return r;
+ if (q < 0)
+ return q;
- /* Stop at mount points */
- r = fd_is_mount_point(fd, de->d_name, 0);
- if (r < 0) {
- if (ret == 0 && r != -ENOENT)
- ret = r;
+ return 1;
- continue;
- }
- if (r > 0)
- continue;
+ } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) {
+ r = unlinkat_harder(fd, fname, 0, flags);
+ if (r < 0)
+ return r;
- if ((flags & REMOVE_SUBVOLUME) && btrfs_might_be_subvol(&st)) {
+ return 1;
+ }
- /* This could be a subvolume, try to remove it */
+ return 0;
+}
- r = btrfs_subvol_remove_fd(fd, de->d_name, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA);
- if (r < 0) {
- if (!IN_SET(r, -ENOTTY, -EINVAL)) {
- if (ret == 0)
- ret = r;
+int rm_rf_children(
+ int fd,
+ RemoveFlags flags,
+ const struct stat *root_dev) {
- continue;
- }
+ _cleanup_closedir_ DIR *d = NULL;
+ struct dirent *de;
+ int ret = 0, r;
- /* ENOTTY, then it wasn't a btrfs subvolume, continue below. */
- } else
- /* It was a subvolume, continue. */
- continue;
- }
+ assert(fd >= 0);
+
+ /* This returns the first error we run into, but nevertheless tries to go on. This closes the passed
+ * fd, in all cases, including on failure. */
+
+ d = fdopendir(fd);
+ if (!d) {
+ safe_close(fd);
+ return -errno;
+ }
- /* We pass REMOVE_PHYSICAL here, to avoid doing the fstatfs() to check the file
- * system type again for each directory */
- r = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev);
- if (r < 0 && ret == 0)
- ret = r;
+ if (!(flags & REMOVE_PHYSICAL)) {
+ struct statfs sfs;
- r = unlinkat_harder(fd, de->d_name, AT_REMOVEDIR, flags);
- if (r < 0 && r != -ENOENT && ret == 0)
- ret = r;
+ if (fstatfs(dirfd(d), &sfs) < 0)
+ return -errno;
+
+ if (is_physical_fs(&sfs)) {
+ /* We refuse to clean physical file systems with this call, unless explicitly
+ * requested. This is extra paranoia just to be sure we never ever remove non-state
+ * data. */
- } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) {
+ _cleanup_free_ char *path = NULL;
- r = unlinkat_harder(fd, de->d_name, 0, flags);
- if (r < 0 && r != -ENOENT && ret == 0)
- ret = r;
+ (void) fd_get_path(fd, &path);
+ return log_error_errno(SYNTHETIC_ERRNO(EPERM),
+ "Attempted to remove disk file system under \"%s\", and we can't allow that.",
+ strna(path));
}
}
+
+ FOREACH_DIRENT_ALL(de, d, return -errno) {
+ int is_dir;
+
+ if (dot_or_dot_dot(de->d_name))
+ continue;
+
+ is_dir =
+ de->d_type == DT_UNKNOWN ? -1 :
+ de->d_type == DT_DIR;
+
+ r = rm_rf_children_inner(dirfd(d), de->d_name, is_dir, flags, root_dev);
+ if (r < 0 && r != -ENOENT && ret == 0)
+ ret = r;
+ }
+
return ret;
}
int rm_rf(const char *path, RemoveFlags flags) {
int fd, r;
- struct statfs s;
assert(path);
@@ -284,9 +299,10 @@ int rm_rf(const char *path, RemoveFlags flags) {
if (FLAGS_SET(flags, REMOVE_ROOT)) {
if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) {
+ struct statfs s;
+
if (statfs(path, &s) < 0)
return -errno;
-
if (is_physical_fs(&s))
return log_error_errno(SYNTHETIC_ERRNO(EPERM),
"Attempted to remove files from a disk file system under \"%s\", refusing.",
@@ -314,3 +330,22 @@ int rm_rf(const char *path, RemoveFlags flags) {
return r;
}
+
+int rm_rf_child(int fd, const char *name, RemoveFlags flags) {
+
+ /* Removes one specific child of the specified directory */
+
+ if (fd < 0)
+ return -EBADF;
+
+ if (!filename_is_valid(name))
+ return -EINVAL;
+
+ if ((flags & (REMOVE_ROOT|REMOVE_MISSING_OK)) != 0) /* Doesn't really make sense here, we are not supposed to remove 'fd' anyway */
+ return -EINVAL;
+
+ if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES|REMOVE_SUBVOLUME))
+ return -EINVAL;
+
+ return rm_rf_children_inner(fd, name, -1, flags, NULL);
+}
diff --git a/src/shared/rm-rf.h b/src/shared/rm-rf.h
index 40f0894c96..577a2795e0 100644
--- a/src/shared/rm-rf.h
+++ b/src/shared/rm-rf.h
@@ -23,7 +23,8 @@ int fstatat_harder(int dfd,
int fstatat_flags,
RemoveFlags remove_flags);
-int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev);
+int rm_rf_children(int fd, RemoveFlags flags, const struct stat *root_dev);
+int rm_rf_child(int fd, const char *name, RemoveFlags flags);
int rm_rf(const char *path, RemoveFlags flags);
/* Useful for usage with _cleanup_(), destroys a directory and frees the pointer */
--
2.33.0

276
backport-CVE-2021-3997-shared-rm-rf-loop-over-nested-directories-instead-of.patch
View File

@ -1,276 +0,0 @@
From 6a28f8b55904c818b25e4db2e1511faac79fd471 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 30 Nov 2021 22:29:05 +0100
Subject: [PATCH] shared/rm-rf: loop over nested directories instead of instead
of recursing
To remove directory structures, we need to remove the innermost items first,
and then recursively remove higher-level directories. We would recursively
descend into directories and invoke rm_rf_children and rm_rm_children_inner.
This is problematic when too many directories are nested.
Instead, let's create a "TODO" queue. In the the queue, for each level we
hold the DIR* object we were working on, and the name of the directory. This
allows us to leave a partially-processed directory, and restart the removal
loop one level down. When done with the inner directory, we use the name to
unlinkat() it from the parent, and proceed with the removal of other items.
Because the nesting is increased by one level, it is best to view this patch
with -b/--ignore-space-change.
This fixes CVE-2021-3997, https://bugzilla.redhat.com/show_bug.cgi?id=2024639.
The issue was reported and patches reviewed by Qualys Team.
Mauro Matteo Cascella and Riccardo Schirone from Red Hat handled the disclosure.
(cherry picked from commit 5b1cf7a9be37e20133c0208005274ce4a5b5c6a1)
(cherry picked from commit 911516e1614e435755814ada5fc6064fa107a105)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/6a28f8b55904c818b25e4db2e1511faac79fd471
---
src/shared/rm-rf.c | 161 +++++++++++++++++++++++++++++++--------------
1 file changed, 113 insertions(+), 48 deletions(-)
diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c
index 1bd2431d8a..954686ffc9 100644
--- a/src/shared/rm-rf.c
+++ b/src/shared/rm-rf.c
@@ -52,7 +52,6 @@ static int patch_dirfd_mode(
}
int unlinkat_harder(int dfd, const char *filename, int unlink_flags, RemoveFlags remove_flags) {
-
mode_t old_mode;
int r;
@@ -116,12 +115,13 @@ int fstatat_harder(int dfd,
return 0;
}
-static int rm_rf_children_inner(
+static int rm_rf_inner_child(
int fd,
const char *fname,
int is_dir,
RemoveFlags flags,
- const struct stat *root_dev) {
+ const struct stat *root_dev,
+ bool allow_recursion) {
struct stat st;
int r, q = 0;
@@ -141,9 +141,7 @@ static int rm_rf_children_inner(
}
if (is_dir) {
- _cleanup_close_ int subdir_fd = -1;
-
- /* if root_dev is set, remove subdirectories only if device is same */
+ /* If root_dev is set, remove subdirectories only if device is same */
if (root_dev && st.st_dev != root_dev->st_dev)
return 0;
@@ -155,7 +153,6 @@ static int rm_rf_children_inner(
return 0;
if ((flags & REMOVE_SUBVOLUME) && btrfs_might_be_subvol(&st)) {
-
/* This could be a subvolume, try to remove it */
r = btrfs_subvol_remove_fd(fd, fname, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA);
@@ -169,13 +166,16 @@ static int rm_rf_children_inner(
return 1;
}
- subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
+ if (!allow_recursion)
+ return -EISDIR;
+
+ int subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
if (subdir_fd < 0)
return -errno;
/* We pass REMOVE_PHYSICAL here, to avoid doing the fstatfs() to check the file system type
* again for each directory */
- q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev);
+ q = rm_rf_children(subdir_fd, flags | REMOVE_PHYSICAL, root_dev);
} else if (flags & REMOVE_ONLY_DIRECTORIES)
return 0;
@@ -188,63 +188,128 @@ static int rm_rf_children_inner(
return 1;
}
+typedef struct TodoEntry {
+ DIR *dir; /* A directory that we were operating on. */
+ char *dirname; /* The filename of that directory itself. */
+} TodoEntry;
+
+static void free_todo_entries(TodoEntry **todos) {
+ for (TodoEntry *x = *todos; x && x->dir; x++) {
+ closedir(x->dir);
+ free(x->dirname);
+ }
+
+ freep(todos);
+}
+
int rm_rf_children(
int fd,
RemoveFlags flags,
const struct stat *root_dev) {
- _cleanup_closedir_ DIR *d = NULL;
- struct dirent *de;
+ _cleanup_(free_todo_entries) TodoEntry *todos = NULL;
+ size_t n_todo = 0;
+ _cleanup_free_ char *dirname = NULL; /* Set when we are recursing and want to delete ourselves */
int ret = 0, r;
- assert(fd >= 0);
+ /* Return the first error we run into, but nevertheless try to go on.
+ * The passed fd is closed in all cases, including on failure. */
+
+ for (;;) { /* This loop corresponds to the directory nesting level. */
+ _cleanup_closedir_ DIR *d = NULL;
+
+ if (n_todo > 0) {
+ /* We know that we are in recursion here, because n_todo is set.
+ * We need to remove the inner directory we were operating on. */
+ assert(dirname);
+ r = unlinkat_harder(dirfd(todos[n_todo-1].dir), dirname, AT_REMOVEDIR, flags);
+ if (r < 0 && r != -ENOENT && ret == 0)
+ ret = r;
+ dirname = mfree(dirname);
+
+ /* And now let's back out one level up */
+ n_todo --;
+ d = TAKE_PTR(todos[n_todo].dir);
+ dirname = TAKE_PTR(todos[n_todo].dirname);
+
+ assert(d);
+ fd = dirfd(d); /* Retrieve the file descriptor from the DIR object */
+ assert(fd >= 0);
+ } else {
+ next_fd:
+ assert(fd >= 0);
+ d = fdopendir(fd);
+ if (!d) {
+ safe_close(fd);
+ return -errno;
+ }
+ fd = dirfd(d); /* We donated the fd to fdopendir(). Let's make sure we sure we have
+ * the right descriptor even if it were to internally invalidate the
+ * one we passed. */
+
+ if (!(flags & REMOVE_PHYSICAL)) {
+ struct statfs sfs;
+
+ if (fstatfs(fd, &sfs) < 0)
+ return -errno;
+
+ if (is_physical_fs(&sfs)) {
+ /* We refuse to clean physical file systems with this call, unless
+ * explicitly requested. This is extra paranoia just to be sure we
+ * never ever remove non-state data. */
+
+ _cleanup_free_ char *path = NULL;
+
+ (void) fd_get_path(fd, &path);
+ return log_error_errno(SYNTHETIC_ERRNO(EPERM),
+ "Attempted to remove disk file system under \"%s\", and we can't allow that.",
+ strna(path));
+ }
+ }
+ }
- /* This returns the first error we run into, but nevertheless tries to go on. This closes the passed
- * fd, in all cases, including on failure. */
+ struct dirent *de;
+ FOREACH_DIRENT_ALL(de, d, return -errno) {
+ int is_dir;
- d = fdopendir(fd);
- if (!d) {
- safe_close(fd);
- return -errno;
- }
+ if (dot_or_dot_dot(de->d_name))
+ continue;
- if (!(flags & REMOVE_PHYSICAL)) {
- struct statfs sfs;
+ is_dir = de->d_type == DT_UNKNOWN ? -1 : de->d_type == DT_DIR;
- if (fstatfs(dirfd(d), &sfs) < 0)
- return -errno;
+ r = rm_rf_inner_child(fd, de->d_name, is_dir, flags, root_dev, false);
+ if (r == -EISDIR) {
+ /* Push the current working state onto the todo list */
- if (is_physical_fs(&sfs)) {
- /* We refuse to clean physical file systems with this call, unless explicitly
- * requested. This is extra paranoia just to be sure we never ever remove non-state
- * data. */
+ if (!GREEDY_REALLOC0(todos, n_todo + 2))
+ return log_oom();
- _cleanup_free_ char *path = NULL;
+ _cleanup_free_ char *newdirname = strdup(de->d_name);
+ if (!newdirname)
+ return log_oom();
- (void) fd_get_path(fd, &path);
- return log_error_errno(SYNTHETIC_ERRNO(EPERM),
- "Attempted to remove disk file system under \"%s\", and we can't allow that.",
- strna(path));
- }
- }
+ int newfd = openat(fd, de->d_name,
+ O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
+ if (newfd >= 0) {
+ todos[n_todo++] = (TodoEntry) { TAKE_PTR(d), TAKE_PTR(dirname) };
+ fd = newfd;
+ dirname = TAKE_PTR(newdirname);
- FOREACH_DIRENT_ALL(de, d, return -errno) {
- int is_dir;
+ goto next_fd;
- if (dot_or_dot_dot(de->d_name))
- continue;
+ } else if (errno != -ENOENT && ret == 0)
+ ret = -errno;
- is_dir =
- de->d_type == DT_UNKNOWN ? -1 :
- de->d_type == DT_DIR;
+ } else if (r < 0 && r != -ENOENT && ret == 0)
+ ret = r;
+ }
- r = rm_rf_children_inner(dirfd(d), de->d_name, is_dir, flags, root_dev);
- if (r < 0 && r != -ENOENT && ret == 0)
- ret = r;
- }
+ if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(fd) < 0 && ret >= 0)
+ ret = -errno;
- if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(dirfd(d)) < 0 && ret >= 0)
- ret = -errno;
+ if (n_todo == 0)
+ break;
+ }
return ret;
}
@@ -337,5 +402,5 @@ int rm_rf_child(int fd, const char *name, RemoveFlags flags) {
if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES|REMOVE_SUBVOLUME))
return -EINVAL;
- return rm_rf_children_inner(fd, name, -1, flags, NULL);
+ return rm_rf_inner_child(fd, name, -1, flags, NULL, true);
}
--
2.33.0

103
backport-CVE-2021-3997-shared-rm_rf-refactor-rm_rf-to-shorten-code-a-bit.patch
View File

@ -1,103 +0,0 @@
From 811b137d6137cc3e8932599e6ef9254ba43ff5eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 23 Nov 2021 16:56:42 +0100
Subject: [PATCH] shared/rm_rf: refactor rm_rf() to shorten code a bit
(cherry picked from commit 84ced330020c0bae57bd4628f1f44eec91304e69)
(cherry picked from commit 664529efa9431edc043126013ea54e6c399ae2d3)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/811b137d6137cc3e8932599e6ef9254ba43ff5eb
---
src/shared/rm-rf.c | 54 +++++++++++++++++++++-------------------------
1 file changed, 24 insertions(+), 30 deletions(-)
diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c
index 7362954116..1bd2431d8a 100644
--- a/src/shared/rm-rf.c
+++ b/src/shared/rm-rf.c
@@ -250,7 +250,7 @@ int rm_rf_children(
}
int rm_rf(const char *path, RemoveFlags flags) {
- int fd, r;
+ int fd, r, q = 0;
assert(path);
@@ -282,49 +282,43 @@ int rm_rf(const char *path, RemoveFlags flags) {
}
fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
- if (fd < 0) {
+ if (fd >= 0) {
+ /* We have a dir */
+ r = rm_rf_children(fd, flags, NULL);
+
+ if (FLAGS_SET(flags, REMOVE_ROOT) && rmdir(path) < 0)
+ q = -errno;
+ } else {
if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT)
return 0;
if (!IN_SET(errno, ENOTDIR, ELOOP))
return -errno;
- if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES))
+ if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES) || !FLAGS_SET(flags, REMOVE_ROOT))
return 0;
- if (FLAGS_SET(flags, REMOVE_ROOT)) {
-
- if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) {
- struct statfs s;
-
- if (statfs(path, &s) < 0)
- return -errno;
- if (is_physical_fs(&s))
- return log_error_errno(SYNTHETIC_ERRNO(EPERM),
- "Attempted to remove files from a disk file system under \"%s\", refusing.",
- path);
- }
-
- if (unlink(path) < 0) {
- if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT)
- return 0;
+ if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) {
+ struct statfs s;
+ if (statfs(path, &s) < 0)
return -errno;
- }
+ if (is_physical_fs(&s))
+ return log_error_errno(SYNTHETIC_ERRNO(EPERM),
+ "Attempted to remove files from a disk file system under \"%s\", refusing.",
+ path);
}
- return 0;
+ r = 0;
+ if (unlink(path) < 0)
+ q = -errno;
}
- r = rm_rf_children(fd, flags, NULL);
-
- if (FLAGS_SET(flags, REMOVE_ROOT) &&
- rmdir(path) < 0 &&
- r >= 0 &&
- (!FLAGS_SET(flags, REMOVE_MISSING_OK) || errno != ENOENT))
- r = -errno;
-
- return r;
+ if (r < 0)
+ return r;
+ if (q < 0 && (q != -ENOENT || !FLAGS_SET(flags, REMOVE_MISSING_OK)))
+ return q;
+ return 0;
}
int rm_rf_child(int fd, const char *name, RemoveFlags flags) {
--
2.33.0

71
backport-CVE-2021-3997-shared-rm_rf-refactor-rm_rf_children_inner-to-shorte.patch
View File

@ -1,71 +0,0 @@
From 89395b63f04f1acc0db533c32637ea20379f97c0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 23 Nov 2021 15:55:45 +0100
Subject: [PATCH] shared/rm_rf: refactor rm_rf_children_inner() to shorten code
a bit
(cherry picked from commit 3bac86abfa1b1720180840ffb9d06b3d54841c11)
(cherry picked from commit 47741ff9eae6311a03e4d3d837128191826a4a3a)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/89395b63f04f1acc0db533c32637ea20379f97c0
---
src/shared/rm-rf.c | 27 +++++++++------------------
1 file changed, 9 insertions(+), 18 deletions(-)
diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c
index 19f37e0f19..7362954116 100644
--- a/src/shared/rm-rf.c
+++ b/src/shared/rm-rf.c
@@ -124,7 +124,7 @@ static int rm_rf_children_inner(
const struct stat *root_dev) {
struct stat st;
- int r;
+ int r, q = 0;
assert(fd >= 0);
assert(fname);
@@ -142,7 +142,6 @@ static int rm_rf_children_inner(
if (is_dir) {
_cleanup_close_ int subdir_fd = -1;
- int q;
/* if root_dev is set, remove subdirectories only if device is same */
if (root_dev && st.st_dev != root_dev->st_dev)
@@ -178,23 +177,15 @@ static int rm_rf_children_inner(
* again for each directory */
q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev);
- r = unlinkat_harder(fd, fname, AT_REMOVEDIR, flags);
- if (r < 0)
- return r;
- if (q < 0)
- return q;
-
- return 1;
-
- } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) {
- r = unlinkat_harder(fd, fname, 0, flags);
- if (r < 0)
- return r;
-
- return 1;
- }
+ } else if (flags & REMOVE_ONLY_DIRECTORIES)
+ return 0;
- return 0;
+ r = unlinkat_harder(fd, fname, is_dir ? AT_REMOVEDIR : 0, flags);
+ if (r < 0)
+ return r;
+ if (q < 0)
+ return q;
+ return 1;
}
int rm_rf_children(
--
2.33.0

31
backport-CVE-2021-3997-tmpfiles-st-may-have-been-used-uninitialized.patch
View File

@ -1,31 +0,0 @@
From 7563de501246dccf5a9ea229933481aa1e7bd5c9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 23 Nov 2021 15:05:58 +0100
Subject: [PATCH] tmpfiles: 'st' may have been used uninitialized
(cherry picked from commit 160dadc0350c77d612aa9d5569f57d9bc84c3dca)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/7563de501246dccf5a9ea229933481aa1e7bd5c9
---
src/shared/rm-rf.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/shared/rm-rf.c b/src/shared/rm-rf.c
index 5ef7c662dd..19f37e0f19 100644
--- a/src/shared/rm-rf.c
+++ b/src/shared/rm-rf.c
@@ -129,7 +129,9 @@ static int rm_rf_children_inner(
assert(fd >= 0);
assert(fname);
- if (is_dir < 0 || (is_dir > 0 && (root_dev || (flags & REMOVE_SUBVOLUME)))) {
+ if (is_dir < 0 ||
+ root_dev ||
+ (is_dir > 0 && (root_dev || (flags & REMOVE_SUBVOLUME)))) {
r = fstatat_harder(fd, fname, &st, AT_SYMLINK_NOFOLLOW, flags);
if (r < 0)
--
2.33.0

102
backport-CVE-2022-4415-basic-add-STRERROR-wrapper-for-strerror_r.patch
View File

@ -1,102 +0,0 @@
From 2c5d05b3cd986568105d67891e4010b868dea24f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 7 Oct 2022 12:28:31 +0200
Subject: [PATCH] basic: add STRERROR() wrapper for strerror_r()
Conflict:Modify the content in meson.build.
Reference:https://github.com/systemd/systemd/commit/2c5d05b3cd986568105d67891e4010b868dea24f
---
src/basic/errno-util.h | 10 +++++++++
src/test/meson.build | 2 ++
src/test/test-errno-util.c | 44 ++++++++++++++++++++++++++++++++++++++
3 files changed, 56 insertions(+)
create mode 100644 src/test/test-errno-util.c
diff --git a/src/basic/errno-util.h b/src/basic/errno-util.h
index a71864ca60..f0d24d95cb 100644
--- a/src/basic/errno-util.h
+++ b/src/basic/errno-util.h
@@ -6,6 +6,16 @@
#include "macro.h"
+/* strerror(3) says that glibc uses a maximum length of 1024 bytes. */
+#define ERRNO_BUF_LEN 1024
+
+/* Note: the lifetime of the compound literal is the immediately surrounding block,
+ * see C11 §6.5.2.5, and
+ * https://stackoverflow.com/questions/34880638/compound-literal-lifetime-and-if-blocks
+ *
+ * Note that we use the GNU variant of strerror_r() here. */
+#define STRERROR(errnum) strerror_r(abs(errnum), (char[ERRNO_BUF_LEN]){}, ERRNO_BUF_LEN)
+
static inline void _reset_errno_(int *saved_errno) {
if (*saved_errno < 0) /* Invalidated by UNPROTECT_ERRNO? */
return;
diff --git a/src/test/meson.build b/src/test/meson.build
index 31ac149b96..86fc1d4fc0 100644
--- a/src/test/meson.build
+++ b/src/test/meson.build
@@ -615,6 +615,8 @@ tests += [
[['src/test/test-arphrd-list.c',
generated_gperf_headers]],
+ [['src/test/test-errno-util.c']],
+
[['src/test/test-ip-protocol-list.c',
shared_generated_gperf_headers]],
diff --git a/src/test/test-errno-util.c b/src/test/test-errno-util.c
new file mode 100644
index 0000000000..284f451002
--- /dev/null
+++ b/src/test/test-errno-util.c
@@ -0,0 +1,44 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include "errno-util.h"
+#include "stdio-util.h"
+#include "string-util.h"
+#include "tests.h"
+
+TEST(strerror_not_threadsafe) {
+ /* Just check that strerror really is not thread-safe. */
+ log_info("strerror(%d) → %s", 200, strerror(200));
+ log_info("strerror(%d) → %s", 201, strerror(201));
+ log_info("strerror(%d) → %s", INT_MAX, strerror(INT_MAX));
+
+ log_info("strerror(%d), strerror(%d) → %p, %p", 200, 201, strerror(200), strerror(201));
+
+ /* This call is not allowed, because the first returned string becomes invalid when
+ * we call strerror the second time:
+ *
+ * log_info("strerror(%d), strerror(%d) → %s, %s", 200, 201, strerror(200), strerror(201));
+ */
+}
+
+TEST(STRERROR) {
+ /* Just check that STRERROR really is thread-safe. */
+ log_info("STRERROR(%d) → %s", 200, STRERROR(200));
+ log_info("STRERROR(%d) → %s", 201, STRERROR(201));
+ log_info("STRERROR(%d), STRERROR(%d) → %s, %s", 200, 201, STRERROR(200), STRERROR(201));
+
+ const char *a = STRERROR(200), *b = STRERROR(201);
+ assert_se(strstr(a, "200"));
+ assert_se(strstr(b, "201"));
+
+ /* Check with negative values */
+ assert_se(streq(a, STRERROR(-200)));
+ assert_se(streq(b, STRERROR(-201)));
+
+ const char *c = STRERROR(INT_MAX);
+ char buf[DECIMAL_STR_MAX(int)];
+ xsprintf(buf, "%d", INT_MAX); /* INT_MAX is hexadecimal, use printf to convert to decimal */
+ log_info("STRERROR(%d) → %s", INT_MAX, c);
+ assert_se(strstr(c, buf));
+}
+
+DEFINE_TEST_MAIN(LOG_INFO);
--
2.33.0

83
backport-CVE-2022-4415-coredump-adjust-whitespace.patch
View File

@ -1,83 +0,0 @@
From 510a146634f3e095b34e2a26023b1b1f99dcb8c0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 29 Nov 2022 09:00:16 +0100
Subject: [PATCH] coredump: adjust whitespace
Conflict:Delete the modification of parse_config.
Reference:https://github.com/systemd/systemd/commit/510a146634f3e095b34e2a26023b1b1f99dcb8c0
---
src/coredump/coredump.c | 56 ++++++++++++++++++++---------------------
1 file changed, 28 insertions(+), 28 deletions(-)
diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
index 50220c5ec7..9ce2b92ded 100644
--- a/src/coredump/coredump.c
+++ b/src/coredump/coredump.c
@@ -111,16 +111,16 @@ enum {
};
static const char * const meta_field_names[_META_MAX] = {
- [META_ARGV_PID] = "COREDUMP_PID=",
- [META_ARGV_UID] = "COREDUMP_UID=",
- [META_ARGV_GID] = "COREDUMP_GID=",
- [META_ARGV_SIGNAL] = "COREDUMP_SIGNAL=",
- [META_ARGV_TIMESTAMP] = "COREDUMP_TIMESTAMP=",
- [META_ARGV_RLIMIT] = "COREDUMP_RLIMIT=",
- [META_ARGV_HOSTNAME] = "COREDUMP_HOSTNAME=",
- [META_COMM] = "COREDUMP_COMM=",
- [META_EXE] = "COREDUMP_EXE=",
- [META_UNIT] = "COREDUMP_UNIT=",
+ [META_ARGV_PID] = "COREDUMP_PID=",
+ [META_ARGV_UID] = "COREDUMP_UID=",
+ [META_ARGV_GID] = "COREDUMP_GID=",
+ [META_ARGV_SIGNAL] = "COREDUMP_SIGNAL=",
+ [META_ARGV_TIMESTAMP] = "COREDUMP_TIMESTAMP=",
+ [META_ARGV_RLIMIT] = "COREDUMP_RLIMIT=",
+ [META_ARGV_HOSTNAME] = "COREDUMP_HOSTNAME=",
+ [META_COMM] = "COREDUMP_COMM=",
+ [META_EXE] = "COREDUMP_EXE=",
+ [META_UNIT] = "COREDUMP_UNIT=",
};
typedef struct Context {
@@ -139,9 +139,9 @@ typedef enum CoredumpStorage {
} CoredumpStorage;
static const char* const coredump_storage_table[_COREDUMP_STORAGE_MAX] = {
- [COREDUMP_STORAGE_NONE] = "none",
+ [COREDUMP_STORAGE_NONE] = "none",
[COREDUMP_STORAGE_EXTERNAL] = "external",
- [COREDUMP_STORAGE_JOURNAL] = "journal",
+ [COREDUMP_STORAGE_JOURNAL] = "journal",
};
DEFINE_PRIVATE_STRING_TABLE_LOOKUP(coredump_storage, CoredumpStorage);
@@ -209,15 +209,15 @@ static int fix_acl(int fd, uid_t uid) {
static int fix_xattr(int fd, const Context *context) {
static const char * const xattrs[_META_MAX] = {
- [META_ARGV_PID] = "user.coredump.pid",
- [META_ARGV_UID] = "user.coredump.uid",
- [META_ARGV_GID] = "user.coredump.gid",
- [META_ARGV_SIGNAL] = "user.coredump.signal",
- [META_ARGV_TIMESTAMP] = "user.coredump.timestamp",
- [META_ARGV_RLIMIT] = "user.coredump.rlimit",
- [META_ARGV_HOSTNAME] = "user.coredump.hostname",
- [META_COMM] = "user.coredump.comm",
- [META_EXE] = "user.coredump.exe",
+ [META_ARGV_PID] = "user.coredump.pid",
+ [META_ARGV_UID] = "user.coredump.uid",
+ [META_ARGV_GID] = "user.coredump.gid",
+ [META_ARGV_SIGNAL] = "user.coredump.signal",
+ [META_ARGV_TIMESTAMP] = "user.coredump.timestamp",
+ [META_ARGV_RLIMIT] = "user.coredump.rlimit",
+ [META_ARGV_HOSTNAME] = "user.coredump.hostname",
+ [META_COMM] = "user.coredump.comm",
+ [META_EXE] = "user.coredump.exe",
};
int r = 0;
--
2.33.0

386
backport-CVE-2022-4415-dont-allow-user-access-coredumps-with-changed-uid.patch
View File

@ -1,386 +0,0 @@
From 3e4d0f6cf99f8677edd6a237382a65bfe758de03 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 28 Nov 2022 12:12:55 +0100
Subject: [PATCH] coredump: do not allow user to access coredumps with changed
uid/gid/capabilities
When the user starts a program which elevates its permissions via setuid,
setgid, or capabilities set on the file, it may access additional information
which would then be visible in the coredump. We shouldn't make the the coredump
visible to the user in such cases.
Reported-by: Matthias Gerstner <mgerstner@suse.de>
This reads the /proc/<pid>/auxv file and attaches it to the process metadata as
PROC_AUXV. Before the coredump is submitted, it is parsed and if either
at_secure was set (which the kernel will do for processes that are setuid,
setgid, or setcap), or if the effective uid/gid don't match uid/gid, the file
is not made accessible to the user. If we can't access this data, we assume the
file should not be made accessible either. In principle we could also access
the auxv data from a note in the core file, but that is much more complex and
it seems better to use the stand-alone file that is provided by the kernel.
Attaching auxv is both convient for this patch (because this way it's passed
between the stages along with other fields), but I think it makes sense to save
it in general.
We use the information early in the core file to figure out if the program was
32-bit or 64-bit and its endianness. This way we don't need heuristics to guess
whether the format of the auxv structure. This test might reject some cases on
fringe architecutes. But the impact would be limited: we just won't grant the
user permissions to view the coredump file. If people report that we're missing
some cases, we can always enhance this to support more architectures.
I tested auxv parsing on amd64, 32-bit program on amd64, arm64, arm32, and
ppc64el, but not the whole coredump handling.
Conflict:Change 'r = fsync_full(fd);' to 'if (fsync(fd) < 0)'.
Reference:https://github.com/systemd/systemd/commit/3e4d0f6cf99f8677edd6a237382a65bfe758de03
---
src/basic/io-util.h | 9 ++
src/coredump/coredump.c | 196 +++++++++++++++++++++++++++++++++++++---
2 files changed, 192 insertions(+), 13 deletions(-)
diff --git a/src/basic/io-util.h b/src/basic/io-util.h
index 39728e06bc..3afb134266 100644
--- a/src/basic/io-util.h
+++ b/src/basic/io-util.h
@@ -91,7 +91,16 @@ struct iovec_wrapper *iovw_new(void);
struct iovec_wrapper *iovw_free(struct iovec_wrapper *iovw);
struct iovec_wrapper *iovw_free_free(struct iovec_wrapper *iovw);
void iovw_free_contents(struct iovec_wrapper *iovw, bool free_vectors);
+
int iovw_put(struct iovec_wrapper *iovw, void *data, size_t len);
+static inline int iovw_consume(struct iovec_wrapper *iovw, void *data, size_t len) {
+ /* Move data into iovw or free on error */
+ int r = iovw_put(iovw, data, len);
+ if (r < 0)
+ free(data);
+ return r;
+}
+
int iovw_put_string_field(struct iovec_wrapper *iovw, const char *field, const char *value);
int iovw_put_string_field_free(struct iovec_wrapper *iovw, const char *field, char *value);
void iovw_rebase(struct iovec_wrapper *iovw, char *old, char *new);
diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
index 9ce2b92ded..b6f3a2f256 100644
--- a/src/coredump/coredump.c
+++ b/src/coredump/coredump.c
@@ -4,6 +4,7 @@
#include <stdio.h>
#include <sys/prctl.h>
#include <sys/statvfs.h>
+#include <sys/auxv.h>
#include <sys/xattr.h>
#include <unistd.h>
@@ -107,6 +108,7 @@ enum {
META_EXE = _META_MANDATORY_MAX,
META_UNIT,
+ META_PROC_AUXV,
_META_MAX
};
@@ -121,10 +123,12 @@ static const char * const meta_field_names[_META_MAX] = {
[META_COMM] = "COREDUMP_COMM=",
[META_EXE] = "COREDUMP_EXE=",
[META_UNIT] = "COREDUMP_UNIT=",
+ [META_PROC_AUXV] = "COREDUMP_PROC_AUXV=",
};
typedef struct Context {
const char *meta[_META_MAX];
+ size_t meta_size[_META_MAX];
pid_t pid;
bool is_pid1;
bool is_journald;
@@ -186,13 +190,16 @@ static uint64_t storage_size_max(void) {
return 0;
}
-static int fix_acl(int fd, uid_t uid) {
+static int fix_acl(int fd, uid_t uid, bool allow_user) {
+ assert(fd >= 0);
+ assert(uid_is_valid(uid));
#if HAVE_ACL
int r;
- assert(fd >= 0);
- assert(uid_is_valid(uid));
+ /* We don't allow users to read coredumps if the uid or capabilities were changed. */
+ if (!allow_user)
+ return 0;
if (uid_is_system(uid) || uid_is_dynamic(uid) || uid == UID_NOBODY)
return 0;
@@ -252,7 +259,8 @@ static int fix_permissions(
const char *filename,
const char *target,
const Context *context,
- uid_t uid) {
+ uid_t uid,
+ bool allow_user) {
int r;
@@ -262,7 +270,7 @@ static int fix_permissions(
/* Ignore errors on these */
(void) fchmod(fd, 0640);
- (void) fix_acl(fd, uid);
+ (void) fix_acl(fd, uid, allow_user);
(void) fix_xattr(fd, context);
if (fsync(fd) < 0)
@@ -332,6 +340,153 @@ static int make_filename(const Context *context, char **ret) {
return 0;
}
+static int parse_auxv64(
+ const uint64_t *auxv,
+ size_t size_bytes,
+ int *at_secure,
+ uid_t *uid,
+ uid_t *euid,
+ gid_t *gid,
+ gid_t *egid) {
+
+ assert(auxv || size_bytes == 0);
+
+ if (size_bytes % (2 * sizeof(uint64_t)) != 0)
+ return log_warning_errno(SYNTHETIC_ERRNO(EIO), "Incomplete auxv structure (%zu bytes).", size_bytes);
+
+ size_t words = size_bytes / sizeof(uint64_t);
+
+ /* Note that we set output variables even on error. */
+
+ for (size_t i = 0; i + 1 < words; i += 2)
+ switch (auxv[i]) {
+ case AT_SECURE:
+ *at_secure = auxv[i + 1] != 0;
+ break;
+ case AT_UID:
+ *uid = auxv[i + 1];
+ break;
+ case AT_EUID:
+ *euid = auxv[i + 1];
+ break;
+ case AT_GID:
+ *gid = auxv[i + 1];
+ break;
+ case AT_EGID:
+ *egid = auxv[i + 1];
+ break;
+ case AT_NULL:
+ if (auxv[i + 1] != 0)
+ goto error;
+ return 0;
+ }
+ error:
+ return log_warning_errno(SYNTHETIC_ERRNO(ENODATA),
+ "AT_NULL terminator not found, cannot parse auxv structure.");
+}
+
+static int parse_auxv32(
+ const uint32_t *auxv,
+ size_t size_bytes,
+ int *at_secure,
+ uid_t *uid,
+ uid_t *euid,
+ gid_t *gid,
+ gid_t *egid) {
+
+ assert(auxv || size_bytes == 0);
+
+ size_t words = size_bytes / sizeof(uint32_t);
+
+ if (size_bytes % (2 * sizeof(uint32_t)) != 0)
+ return log_warning_errno(SYNTHETIC_ERRNO(EIO), "Incomplete auxv structure (%zu bytes).", size_bytes);
+
+ /* Note that we set output variables even on error. */
+
+ for (size_t i = 0; i + 1 < words; i += 2)
+ switch (auxv[i]) {
+ case AT_SECURE:
+ *at_secure = auxv[i + 1] != 0;
+ break;
+ case AT_UID:
+ *uid = auxv[i + 1];
+ break;
+ case AT_EUID:
+ *euid = auxv[i + 1];
+ break;
+ case AT_GID:
+ *gid = auxv[i + 1];
+ break;
+ case AT_EGID:
+ *egid = auxv[i + 1];
+ break;
+ case AT_NULL:
+ if (auxv[i + 1] != 0)
+ goto error;
+ return 0;
+ }
+ error:
+ return log_warning_errno(SYNTHETIC_ERRNO(ENODATA),
+ "AT_NULL terminator not found, cannot parse auxv structure.");
+}
+
+static int grant_user_access(int core_fd, const Context *context) {
+ int at_secure = -1;
+ uid_t uid = UID_INVALID, euid = UID_INVALID;
+ uid_t gid = GID_INVALID, egid = GID_INVALID;
+ int r;
+
+ assert(core_fd >= 0);
+ assert(context);
+
+ if (!context->meta[META_PROC_AUXV])
+ return log_warning_errno(SYNTHETIC_ERRNO(ENODATA), "No auxv data, not adjusting permissions.");
+
+ uint8_t elf[EI_NIDENT];
+ errno = 0;
+ if (pread(core_fd, &elf, sizeof(elf), 0) != sizeof(elf))
+ return log_warning_errno(errno_or_else(EIO),
+ "Failed to pread from coredump fd: %s", STRERROR_OR_EOF(errno));
+
+ if (elf[EI_MAG0] != ELFMAG0 ||
+ elf[EI_MAG1] != ELFMAG1 ||
+ elf[EI_MAG2] != ELFMAG2 ||
+ elf[EI_MAG3] != ELFMAG3 ||
+ elf[EI_VERSION] != EV_CURRENT)
+ return log_info_errno(SYNTHETIC_ERRNO(EUCLEAN),
+ "Core file does not have ELF header, not adjusting permissions.");
+ if (!IN_SET(elf[EI_CLASS], ELFCLASS32, ELFCLASS64) ||
+ !IN_SET(elf[EI_DATA], ELFDATA2LSB, ELFDATA2MSB))
+ return log_info_errno(SYNTHETIC_ERRNO(EUCLEAN),
+ "Core file has strange ELF class, not adjusting permissions.");
+
+ if ((elf[EI_DATA] == ELFDATA2LSB) != (__BYTE_ORDER == __LITTLE_ENDIAN))
+ return log_info_errno(SYNTHETIC_ERRNO(EUCLEAN),
+ "Core file has non-native endianness, not adjusting permissions.");
+
+ if (elf[EI_CLASS] == ELFCLASS64)
+ r = parse_auxv64((const uint64_t*) context->meta[META_PROC_AUXV],
+ context->meta_size[META_PROC_AUXV],
+ &at_secure, &uid, &euid, &gid, &egid);
+ else
+ r = parse_auxv32((const uint32_t*) context->meta[META_PROC_AUXV],
+ context->meta_size[META_PROC_AUXV],
+ &at_secure, &uid, &euid, &gid, &egid);
+ if (r < 0)
+ return r;
+
+ /* We allow access if we got all the data and at_secure is not set and
+ * the uid/gid matches euid/egid. */
+ bool ret =
+ at_secure == 0 &&
+ uid != UID_INVALID && euid != UID_INVALID && uid == euid &&
+ gid != GID_INVALID && egid != GID_INVALID && gid == egid;
+ log_debug("Will %s access (uid="UID_FMT " euid="UID_FMT " gid="GID_FMT " egid="GID_FMT " at_secure=%s)",
+ ret ? "permit" : "restrict",
+ uid, euid, gid, egid, yes_no(at_secure));
+ return ret;
+}
+
static int save_external_coredump(
const Context *context,
int input_fd,
@@ -454,6 +609,8 @@ static int save_external_coredump(
context->meta[META_ARGV_PID], context->meta[META_COMM]);
truncated = r == 1;
+ bool allow_user = grant_user_access(fd, context) > 0;
+
#if HAVE_COMPRESSION
if (arg_compress) {
_cleanup_(unlink_and_freep) char *tmp_compressed = NULL;
@@ -491,7 +648,7 @@ static int save_external_coredump(
uncompressed_size += partial_uncompressed_size;
}
- r = fix_permissions(fd_compressed, tmp_compressed, fn_compressed, context, uid);
+ r = fix_permissions(fd_compressed, tmp_compressed, fn_compressed, context, uid, allow_user);
if (r < 0)
return r;
@@ -518,7 +675,7 @@ static int save_external_coredump(
"SIZE_LIMIT=%"PRIu64, max_size,
"MESSAGE_ID=" SD_MESSAGE_TRUNCATED_CORE_STR);
- r = fix_permissions(fd, tmp, fn, context, uid);
+ r = fix_permissions(fd, tmp, fn, context, uid, allow_user);
if (r < 0)
return log_error_errno(r, "Failed to fix permissions and finalize coredump %s into %s: %m", coredump_tmpfile_name(tmp), fn);
@@ -766,7 +923,7 @@ static int change_uid_gid(const Context *context) {
}
static int submit_coredump(
- Context *context,
+ const Context *context,
struct iovec_wrapper *iovw,
int input_fd) {
@@ -945,16 +1102,15 @@ static int save_context(Context *context, const struct iovec_wrapper *iovw) {
struct iovec *iovec = iovw->iovec + n;
for (size_t i = 0; i < ELEMENTSOF(meta_field_names); i++) {
- char *p;
-
/* Note that these strings are NUL terminated, because we made sure that a
* trailing NUL byte is in the buffer, though not included in the iov_len
* count (see process_socket() and gather_pid_metadata_*()) */
assert(((char*) iovec->iov_base)[iovec->iov_len] == 0);
- p = startswith(iovec->iov_base, meta_field_names[i]);
+ const char *p = startswith(iovec->iov_base, meta_field_names[i]);
if (p) {
context->meta[i] = p;
+ context->meta_size[i] = iovec->iov_len - strlen(meta_field_names[i]);
break;
}
}
@@ -1191,6 +1347,7 @@ static int gather_pid_metadata(struct iovec_wrapper *iovw, Context *context) {
uid_t owner_uid;
pid_t pid;
char *t;
+ size_t size;
const char *p;
int r;
@@ -1255,13 +1412,26 @@ static int gather_pid_metadata(struct iovec_wrapper *iovw, Context *context) {
(void) iovw_put_string_field_free(iovw, "COREDUMP_PROC_LIMITS=", t);
p = procfs_file_alloca(pid, "cgroup");
- if (read_full_virtual_file(p, &t, NULL) >=0)
+ if (read_full_virtual_file(p, &t, NULL) >= 0)
(void) iovw_put_string_field_free(iovw, "COREDUMP_PROC_CGROUP=", t);
p = procfs_file_alloca(pid, "mountinfo");
- if (read_full_virtual_file(p, &t, NULL) >=0)
+ if (read_full_virtual_file(p, &t, NULL) >= 0)
(void) iovw_put_string_field_free(iovw, "COREDUMP_PROC_MOUNTINFO=", t);
+ /* We attach /proc/auxv here. ELF coredumps also contain a note for this (NT_AUXV), see elf(5). */
+ p = procfs_file_alloca(pid, "auxv");
+ if (read_full_virtual_file(p, &t, &size) >= 0) {
+ char *buf = malloc(strlen("COREDUMP_PROC_AUXV=") + size + 1);
+ if (buf) {
+ /* Add a dummy terminator to make save_context() happy. */
+ *((uint8_t*) mempcpy(stpcpy(buf, "COREDUMP_PROC_AUXV="), t, size)) = '\0';
+ (void) iovw_consume(iovw, buf, size + strlen("COREDUMP_PROC_AUXV="));
+ }
+
+ free(t);
+ }
+
if (get_process_cwd(pid, &t) >= 0)
(void) iovw_put_string_field_free(iovw, "COREDUMP_CWD=", t);
--
2.33.0

107
backport-CVE-2022-4415-test-Add-TEST_RET-macro.patch
View File

@ -1,107 +0,0 @@
From 4c0acc0761aae0370e20e118b9db3b704e9045cd Mon Sep 17 00:00:00 2001
From: Jan Janssen <medhefgo@web.de>
Date: Thu, 25 Nov 2021 10:27:51 +0100
Subject: [PATCH] test: Add TEST_RET macro
This declares a test function whose return code will be passed from
main(). The first test that does not return EXIT_SUCCESS wins.
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/4c0acc0761aae0370e20e118b9db3b704e9045cd
---
src/shared/tests.h | 54 ++++++++++++++++++++++++++++++++--------------
1 file changed, 38 insertions(+), 16 deletions(-)
diff --git a/src/shared/tests.h b/src/shared/tests.h
index 872b9b2d6c..d1c96ef35b 100644
--- a/src/shared/tests.h
+++ b/src/shared/tests.h
@@ -46,46 +46,68 @@ bool can_memlock(void);
const char *ci_environment(void);
typedef struct TestFunc {
- void (*f)(void);
- const char * const n;
+ union f {
+ void (*void_func)(void);
+ int (*int_func)(void);
+ } f;
+ const char * const name;
+ bool has_ret;
} TestFunc;
/* See static-destruct.h for an explanation of how this works. */
-#define REGISTER_TEST(func) \
- static void func(void); \
- _section_("SYSTEMD_TEST_TABLE") _alignptr_ _used_ _variable_no_sanitize_address_ \
- static const TestFunc UNIQ_T(static_test_table_entry, UNIQ) = { \
- .f = &(func), \
- .n = STRINGIFY(func), \
+#define REGISTER_TEST(func) \
+ _section_("SYSTEMD_TEST_TABLE") _alignptr_ _used_ _variable_no_sanitize_address_ \
+ static const TestFunc UNIQ_T(static_test_table_entry, UNIQ) = { \
+ .f = (union f) &(func), \
+ .name = STRINGIFY(func), \
+ .has_ret = __builtin_types_compatible_p(typeof((union f){}.int_func), typeof(&(func))), \
}
extern const TestFunc _weak_ __start_SYSTEMD_TEST_TABLE[];
extern const TestFunc _weak_ __stop_SYSTEMD_TEST_TABLE[];
-#define TEST(name) \
- REGISTER_TEST(test_##name); \
+#define TEST(name) \
+ static void test_##name(void); \
+ REGISTER_TEST(test_##name); \
static void test_##name(void)
-static inline void run_test_table(void) {
+#define TEST_RET(name) \
+ static int test_##name(void); \
+ REGISTER_TEST(test_##name); \
+ static int test_##name(void)
+
+static inline int run_test_table(void) {
+ int r = EXIT_SUCCESS;
+
if (!__start_SYSTEMD_TEST_TABLE)
- return;
+ return r;
const TestFunc *t = ALIGN_TO_PTR(__start_SYSTEMD_TEST_TABLE, sizeof(TestFunc*));
while (t < __stop_SYSTEMD_TEST_TABLE) {
- log_info("/* %s */", t->n);
- t->f();
+ log_info("/* %s */", t->name);
+
+ if (t->has_ret) {
+ int r2 = t->f.int_func();
+ if (r == EXIT_SUCCESS)
+ r = r2;
+ } else
+ t->f.void_func();
+
t = ALIGN_TO_PTR(t + 1, sizeof(TestFunc*));
}
+
+ return r;
}
#define DEFINE_CUSTOM_TEST_MAIN(log_level, intro, outro) \
int main(int argc, char *argv[]) { \
+ int _r = EXIT_SUCCESS; \
test_setup_logging(log_level); \
save_argc_argv(argc, argv); \
intro; \
- run_test_table(); \
+ _r = run_test_table(); \
outro; \
- return EXIT_SUCCESS; \
+ return _r; \
}
#define DEFINE_TEST_MAIN(log_level) DEFINE_CUSTOM_TEST_MAIN(log_level, , )
--
2.33.0

102
backport-CVE-2022-4415-test-Add-sd_booted-condition-test-to-TEST-macro.patch
View File

@ -1,102 +0,0 @@
From 0578dfe3eb2ceb8571b62a904dec0ddf410f6352 Mon Sep 17 00:00:00 2001
From: Jan Janssen <medhefgo@web.de>
Date: Thu, 25 Nov 2021 10:45:15 +0100
Subject: [PATCH] test: Add sd_booted condition test to TEST macro
Note that this will only report test skips if they use TEST_RET macro.
Regular TEST macros can still be skipped, but this will not be reported
back to main();
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/0578dfe3eb2ceb8571b62a904dec0ddf410f6352
---
src/shared/tests.h | 43 ++++++++++++++++++++++++++-----------------
1 file changed, 26 insertions(+), 17 deletions(-)
diff --git a/src/shared/tests.h b/src/shared/tests.h
index d1c96ef35b..95283e2829 100644
--- a/src/shared/tests.h
+++ b/src/shared/tests.h
@@ -39,7 +39,7 @@ bool can_memlock(void);
if (sd_booted() > 0) { \
x; \
} else { \
- printf("systemd not booted skipping '%s'\n", #x); \
+ printf("systemd not booted, skipping '%s'\n", #x); \
}
/* Provide a convenient way to check if we're running in CI. */
@@ -51,29 +51,31 @@ typedef struct TestFunc {
int (*int_func)(void);
} f;
const char * const name;
- bool has_ret;
+ bool has_ret:1;
+ bool sd_booted:1;
} TestFunc;
/* See static-destruct.h for an explanation of how this works. */
-#define REGISTER_TEST(func) \
+#define REGISTER_TEST(func, ...) \
_section_("SYSTEMD_TEST_TABLE") _alignptr_ _used_ _variable_no_sanitize_address_ \
static const TestFunc UNIQ_T(static_test_table_entry, UNIQ) = { \
.f = (union f) &(func), \
.name = STRINGIFY(func), \
.has_ret = __builtin_types_compatible_p(typeof((union f){}.int_func), typeof(&(func))), \
+ ##__VA_ARGS__ \
}
extern const TestFunc _weak_ __start_SYSTEMD_TEST_TABLE[];
extern const TestFunc _weak_ __stop_SYSTEMD_TEST_TABLE[];
-#define TEST(name) \
- static void test_##name(void); \
- REGISTER_TEST(test_##name); \
+#define TEST(name, ...) \
+ static void test_##name(void); \
+ REGISTER_TEST(test_##name, ##__VA_ARGS__); \
static void test_##name(void)
-#define TEST_RET(name) \
- static int test_##name(void); \
- REGISTER_TEST(test_##name); \
+#define TEST_RET(name, ...) \
+ static int test_##name(void); \
+ REGISTER_TEST(test_##name, ##__VA_ARGS__); \
static int test_##name(void)
static inline int run_test_table(void) {
@@ -84,14 +86,21 @@ static inline int run_test_table(void) {
const TestFunc *t = ALIGN_TO_PTR(__start_SYSTEMD_TEST_TABLE, sizeof(TestFunc*));
while (t < __stop_SYSTEMD_TEST_TABLE) {
- log_info("/* %s */", t->name);
-
- if (t->has_ret) {
- int r2 = t->f.int_func();
- if (r == EXIT_SUCCESS)
- r = r2;
- } else
- t->f.void_func();
+
+ if (t->sd_booted && sd_booted() <= 0) {
+ log_info("/* systemd not booted, skipping %s */", t->name);
+ if (t->has_ret && r == EXIT_SUCCESS)
+ r = EXIT_TEST_SKIP;
+ } else {
+ log_info("/* %s */", t->name);
+
+ if (t->has_ret) {
+ int r2 = t->f.int_func();
+ if (r == EXIT_SUCCESS)
+ r = r2;
+ } else
+ t->f.void_func();
+ }
t = ALIGN_TO_PTR(t + 1, sizeof(TestFunc*));
}
--
2.33.0

70
backport-CVE-2022-4415-test-Create-convenience-macros-to-declare-tests.patch
View File

@ -1,70 +0,0 @@
From 9cc615460830afdb51ad23e594906bbe60a3b25a Mon Sep 17 00:00:00 2001
From: Jan Janssen <medhefgo@web.de>
Date: Fri, 12 Nov 2021 10:54:44 +0100
Subject: [PATCH] test: Create convenience macros to declare tests
Conflict:Delete all contents in test-macro.c.
Reference:https://github.com/systemd/systemd/commit/9cc615460830afdb51ad23e594906bbe60a3b25a
---
src/shared/tests.h | 47 ++++++++++++++++++++++++++++++++++++++
1 file changed, 47 insertions(+)
diff --git a/src/shared/tests.h b/src/shared/tests.h
index c1350763ad..f333ebd842 100644
--- a/src/shared/tests.h
+++ b/src/shared/tests.h
@@ -43,3 +43,50 @@ bool can_memlock(void);
/* Provide a convenient way to check if we're running in CI. */
const char *ci_environment(void);
+
+typedef struct TestFunc {
+ void (*f)(void);
+ const char * const n;
+} TestFunc;
+
+/* See static-destruct.h for an explanation of how this works. */
+#define REGISTER_TEST(func) \
+ static void func(void); \
+ _section_("SYSTEMD_TEST_TABLE") _alignptr_ _used_ _variable_no_sanitize_address_ \
+ static const TestFunc UNIQ_T(static_test_table_entry, UNIQ) = { \
+ .f = &(func), \
+ .n = STRINGIFY(func), \
+ }
+
+extern const TestFunc _weak_ __start_SYSTEMD_TEST_TABLE[];
+extern const TestFunc _weak_ __stop_SYSTEMD_TEST_TABLE[];
+
+#define TEST(name) \
+ REGISTER_TEST(test_##name); \
+ static void test_##name(void)
+
+static inline void run_test_table(void) {
+ if (!__start_SYSTEMD_TEST_TABLE)
+ return;
+
+ const TestFunc *t = ALIGN_TO_PTR(__start_SYSTEMD_TEST_TABLE, sizeof(TestFunc*));
+ while (t < __stop_SYSTEMD_TEST_TABLE) {
+ log_info("/* %s */", t->n);
+ t->f();
+ t = ALIGN_TO_PTR(t + 1, sizeof(TestFunc*));
+ }
+}
+
+#define DEFINE_TEST_MAIN \
+ int main(int argc, char *argv[]) { \
+ test_setup_logging(LOG_INFO); \
+ run_test_table(); \
+ return EXIT_SUCCESS; \
+ }
+
+#define DEFINE_CUSTOM_TEST_MAIN(impl) \
+ int main(int argc, char *argv[]) { \
+ test_setup_logging(LOG_INFO); \
+ run_test_table(); \
+ return impl(); \
+ }
--
2.33.0

57
backport-CVE-2022-4415-test-Slightly-rework-DEFINE_TEST_MAIN-macros.patch
View File

@ -1,57 +0,0 @@
From a40b728e1172cc07a09e12dd56089ab37c8c5924 Mon Sep 17 00:00:00 2001
From: Jan Janssen <medhefgo@web.de>
Date: Tue, 23 Nov 2021 13:40:27 +0100
Subject: [PATCH] test: Slightly rework DEFINE_TEST_MAIN macros
- A lot of tests want a different log level
- Provides saved_argc/saved_argv to tests
- Separate intro/outro is more flexible
Conflict:Delete content in test-macro.c.
Reference:https://github.com/systemd/systemd/commit/a40b728e1172cc07a09e12dd56089ab37c8c5924
---
src/shared/tests.h | 21 ++++++++++-----------
1 file changed, 10 insertions(+), 11 deletions(-)
diff --git a/src/shared/tests.h b/src/shared/tests.h
index f333ebd842..872b9b2d6c 100644
--- a/src/shared/tests.h
+++ b/src/shared/tests.h
@@ -6,6 +6,7 @@
#include "sd-daemon.h"
#include "macro.h"
+#include "util.h"
static inline bool manager_errno_skip_test(int r) {
return IN_SET(abs(r),
@@ -77,16 +78,14 @@ static inline void run_test_table(void) {
}
}
-#define DEFINE_TEST_MAIN \
- int main(int argc, char *argv[]) { \
- test_setup_logging(LOG_INFO); \
- run_test_table(); \
- return EXIT_SUCCESS; \
+#define DEFINE_CUSTOM_TEST_MAIN(log_level, intro, outro) \
+ int main(int argc, char *argv[]) { \
+ test_setup_logging(log_level); \
+ save_argc_argv(argc, argv); \
+ intro; \
+ run_test_table(); \
+ outro; \
+ return EXIT_SUCCESS; \
}
-#define DEFINE_CUSTOM_TEST_MAIN(impl) \
- int main(int argc, char *argv[]) { \
- test_setup_logging(LOG_INFO); \
- run_test_table(); \
- return impl(); \
- }
+#define DEFINE_TEST_MAIN(log_level) DEFINE_CUSTOM_TEST_MAIN(log_level, , )
--
2.33.0

105
backport-CVE-2022-4415-tree-wide-define-and-use-STRERROR_OR_EOF.patch
View File

@ -1,105 +0,0 @@
From f69ae8585f5ce6cd8d1e6f3ccd6c9c2cf153e846 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 10 Oct 2022 21:19:43 +0200
Subject: [PATCH] tree-wide: define and use STRERROR_OR_EOF()
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/f69ae8585f5ce6cd8d1e6f3ccd6c9c2cf153e846
---
src/basic/errno-util.h | 5 +++++
src/journal-remote/journal-gatewayd.c | 4 ++--
src/libsystemd/sd-bus/test-bus-chat.c | 2 +-
src/login/logind-seat.c | 8 ++++----
src/test/test-errno-util.c | 6 ++++++
5 files changed, 18 insertions(+), 7 deletions(-)
diff --git a/src/basic/errno-util.h b/src/basic/errno-util.h
index f0d24d95cb..1e2e5b9f15 100644
--- a/src/basic/errno-util.h
+++ b/src/basic/errno-util.h
@@ -16,6 +16,11 @@
* Note that we use the GNU variant of strerror_r() here. */
#define STRERROR(errnum) strerror_r(abs(errnum), (char[ERRNO_BUF_LEN]){}, ERRNO_BUF_LEN)
+/* A helper to print an error message or message for functions that return 0 on EOF.
+ * Note that we can't use ({ … }) to define a temporary variable, so errnum is
+ * evaluated twice. */
+#define STRERROR_OR_EOF(errnum) ((errnum) != 0 ? STRERROR(errnum) : "Unexpected EOF")
+
static inline void _reset_errno_(int *saved_errno) {
if (*saved_errno < 0) /* Invalidated by UNPROTECT_ERRNO? */
return;
diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c
index 3e2a85ce29..34def4670e 100644
--- a/src/journal-remote/journal-gatewayd.c
+++ b/src/journal-remote/journal-gatewayd.c
@@ -256,7 +256,7 @@ static ssize_t request_reader_entries(
errno = 0;
k = fread(buf, 1, n, m->tmp);
if (k != n) {
- log_error("Failed to read from file: %s", errno != 0 ? strerror_safe(errno) : "Premature EOF");
+ log_error("Failed to read from file: %s", STRERROR_OR_EOF(errno));
return MHD_CONTENT_READER_END_WITH_ERROR;
}
@@ -600,7 +600,7 @@ static ssize_t request_reader_fields(
errno = 0;
k = fread(buf, 1, n, m->tmp);
if (k != n) {
- log_error("Failed to read from file: %s", errno != 0 ? strerror_safe(errno) : "Premature EOF");
+ log_error("Failed to read from file: %s", STRERROR_OR_EOF(errno));
return MHD_CONTENT_READER_END_WITH_ERROR;
}
diff --git a/src/libsystemd/sd-bus/test-bus-chat.c b/src/libsystemd/sd-bus/test-bus-chat.c
index df6dd62151..93e8ebfb1b 100644
--- a/src/libsystemd/sd-bus/test-bus-chat.c
+++ b/src/libsystemd/sd-bus/test-bus-chat.c
@@ -308,7 +308,7 @@ static void* client1(void *p) {
errno = 0;
if (read(pp[0], &x, 1) <= 0) {
- log_error("Failed to read from pipe: %s", errno != 0 ? strerror_safe(errno) : "early read");
+ log_error("Failed to read from pipe: %s", STRERROR_OR_EOF(errno));
goto finish;
}
diff --git a/src/login/logind-seat.c b/src/login/logind-seat.c
index 43c72da11f..d8ad424bfe 100644
--- a/src/login/logind-seat.c
+++ b/src/login/logind-seat.c
@@ -389,11 +389,11 @@ int seat_read_active_vt(Seat *s) {
if (lseek(s->manager->console_active_fd, SEEK_SET, 0) < 0)
return log_error_errno(errno, "lseek on console_active_fd failed: %m");
+ errno = 0;
k = read(s->manager->console_active_fd, t, sizeof(t)-1);
- if (k <= 0) {
- log_error("Failed to read current console: %s", k < 0 ? strerror_safe(errno) : "EOF");
- return k < 0 ? -errno : -EIO;
- }
+ if (k <= 0)
+ return log_error_errno(errno ?: EIO,
+ "Failed to read current console: %s", STRERROR_OR_EOF(errno));
t[k] = 0;
truncate_nl(t);
diff --git a/src/test/test-errno-util.c b/src/test/test-errno-util.c
index 284f451002..f858927c92 100644
--- a/src/test/test-errno-util.c
+++ b/src/test/test-errno-util.c
@@ -41,4 +41,10 @@ TEST(STRERROR) {
assert_se(strstr(c, buf));
}
+TEST(STRERROR_OR_ELSE) {
+ log_info("STRERROR_OR_ELSE(0, \"EOF\") → %s", STRERROR_OR_EOF(0));
+ log_info("STRERROR_OR_ELSE(EPERM, \"EOF\") → %s", STRERROR_OR_EOF(EPERM));
+ log_info("STRERROR_OR_ELSE(-EPERM, \"EOF\") → %s", STRERROR_OR_EOF(-EPERM));
+}
+
DEFINE_TEST_MAIN(LOG_INFO);
--
2.33.0

131
backport-Change-gendered-terms-to-be-gender-neutral-21325.patch
View File

@ -1,131 +0,0 @@
From 3ba07929636e1a55c71767e40e23bf639b7a8db5 Mon Sep 17 00:00:00 2001
From: Emily Gonyer <emilyyrose@gmail.com>
Date: Fri, 12 Nov 2021 10:09:56 -0500
Subject: [PATCH] Change gendered terms to be gender-neutral (#21325)
Some typos are also fixed.
(cherry picked from commit be7148ebed5d73c4a76bc6089ebe2e82d8fa33e0)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/3ba07929636e1a55c71767e40e23bf639b7a8db5
---
docs/CODING_STYLE.md | 2 +-
docs/PREDICTABLE_INTERFACE_NAMES.md | 2 +-
man/sd_bus_add_object.xml | 2 +-
src/core/manager.h | 2 +-
src/hostname/hostnamectl.c | 2 +-
src/libsystemd/sd-bus/bus-socket.c | 4 ++--
src/libsystemd/sd-bus/sd-bus.c | 2 +-
src/udev/dmi_memory_id/dmi_memory_id.c | 2 +-
8 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/docs/CODING_STYLE.md b/docs/CODING_STYLE.md
index 54150e1ee7..05fbb2ac9e 100644
--- a/docs/CODING_STYLE.md
+++ b/docs/CODING_STYLE.md
@@ -287,7 +287,7 @@ layout: default
with a more brutal `assert()`. We are more forgiving to public users than for
ourselves! Note that `assert()` and `assert_return()` really only should be
used for detecting programming errors, not for runtime errors. `assert()` and
- `assert_return()` by usage of `_likely_()` inform the compiler that he should
+ `assert_return()` by usage of `_likely_()` inform the compiler that it should
not expect these checks to fail, and they inform fellow programmers about the
expected validity and range of parameters.
diff --git a/docs/PREDICTABLE_INTERFACE_NAMES.md b/docs/PREDICTABLE_INTERFACE_NAMES.md
index 07529e7a70..890bd3935c 100644
--- a/docs/PREDICTABLE_INTERFACE_NAMES.md
+++ b/docs/PREDICTABLE_INTERFACE_NAMES.md
@@ -53,7 +53,7 @@ With this new scheme you now get:
* The same on all distributions that adopted systemd/udev
* It's easy to opt out of the scheme (see below)
-Does this have any drawbacks? Yes, it does. Previously it was practically guaranteed that hosts equipped with a single ethernet card only had a single `eth0` interface. With this new scheme in place, an administrator now has to check first what the local interface name is before he can invoke commands on it where previously he had a good chance that `eth0` was the right name.
+Does this have any drawbacks? Yes, it does. Previously it was practically guaranteed that hosts equipped with a single ethernet card only had a single `eth0` interface. With this new scheme in place, an administrator now has to check first what the local interface name is before they can invoke commands on it, where previously they had a good chance that `eth0` was the right name.
## I don't like this, how do I disable this?
diff --git a/man/sd_bus_add_object.xml b/man/sd_bus_add_object.xml
index 31a3344bbd..54683e4f11 100644
--- a/man/sd_bus_add_object.xml
+++ b/man/sd_bus_add_object.xml
@@ -508,7 +508,7 @@
<varlistentry>
<term><constant>SD_BUS_VTABLE_METHOD_NO_REPLY</constant></term>
- <listitem><para>Mark his vtable entry as a method that will not return a reply using the
+ <listitem><para>Mark this vtable entry as a method that will not return a reply using the
<constant>org.freedesktop.DBus.Method.NoReply</constant> annotation in introspection data.
</para></listitem>
</varlistentry>
diff --git a/src/core/manager.h b/src/core/manager.h
index b3e7c68e6d..14a80b396e 100644
--- a/src/core/manager.h
+++ b/src/core/manager.h
@@ -195,7 +195,7 @@ struct Manager {
sd_event *event;
- /* This maps PIDs we care about to units that are interested in. We allow multiple units to he interested in
+ /* This maps PIDs we care about to units that are interested in. We allow multiple units to be interested in
* the same PID and multiple PIDs to be relevant to the same unit. Since in most cases only a single unit will
* be interested in the same PID we use a somewhat special encoding here: the first unit interested in a PID is
* stored directly in the hashmap, keyed by the PID unmodified. If there are other units interested too they'll
diff --git a/src/hostname/hostnamectl.c b/src/hostname/hostnamectl.c
index 283038c7cb..2eca5feaca 100644
--- a/src/hostname/hostnamectl.c
+++ b/src/hostname/hostnamectl.c
@@ -442,7 +442,7 @@ static int set_hostname(int argc, char **argv, void *userdata) {
* dot if there is one. If it was not valid, then it will be made fully valid by truncating, dropping
* multiple dots, and dropping weird chars. Note that we clean the name up only if we also are
* supposed to set the pretty name. If the pretty name is not being set we assume the user knows what
- * he does and pass the name as-is. */
+ * they are doing and pass the name as-is. */
h = strdup(hostname);
if (!h)
return log_oom();
diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
index 378774fe8b..09eb49c37f 100644
--- a/src/libsystemd/sd-bus/bus-socket.c
+++ b/src/libsystemd/sd-bus/bus-socket.c
@@ -300,8 +300,8 @@ static int verify_external_token(sd_bus *b, const char *p, size_t l) {
uid_t u;
int r;
- /* We don't do any real authentication here. Instead, we if
- * the owner of this bus wanted authentication he should have
+ /* We don't do any real authentication here. Instead, if
+ * the owner of this bus wanted authentication they should have
* checked SO_PEERCRED before even creating the bus object. */
if (!b->anonymous_auth && !b->ucred_valid)
diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c
index 79c24fe703..ab8d4e4a60 100644
--- a/src/libsystemd/sd-bus/sd-bus.c
+++ b/src/libsystemd/sd-bus/sd-bus.c
@@ -3274,7 +3274,7 @@ static int bus_poll(sd_bus *bus, bool need_more, uint64_t timeout_usec) {
return e;
if (need_more)
- /* The caller really needs some more data, he doesn't
+ /* The caller really needs some more data, they don't
* care about what's already read, or any timeouts
* except its own. */
e |= POLLIN;
diff --git a/src/udev/dmi_memory_id/dmi_memory_id.c b/src/udev/dmi_memory_id/dmi_memory_id.c
index 64eba0d314..00e46f8b9e 100644
--- a/src/udev/dmi_memory_id/dmi_memory_id.c
+++ b/src/udev/dmi_memory_id/dmi_memory_id.c
@@ -539,7 +539,7 @@ static void dmi_table_decode(const uint8_t *buf, size_t len, uint16_t num) {
/* If a short entry is found (less than 4 bytes), not only it
* is invalid, but we cannot reliably locate the next entry.
- * Better stop at this point, and let the user know his/her
+ * Better stop at this point, and let the user know their
* table is broken. */
if (h.length < 4)
break;
--
2.33.0

35
backport-Don-t-open-var-journals-in-volatile-mode-when-runtim.patch
View File

@ -1,35 +0,0 @@
From 00e7f0994a39852ab1adabfb7e19ff2634e916a0 Mon Sep 17 00:00:00 2001
From: Milo Turner <mturner@starry.com>
Date: Fri, 13 Aug 2021 10:28:58 -0400
Subject: [PATCH] Don't open /var journals in volatile mode when
runtime_journal==NULL
(cherry picked from commit d64441b669932ab97fbbfc71cb143045f690039e)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/00e7f0994a39852ab1adabfb7e19ff2634e916a0
---
src/journal/journald-server.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
index 30f04f5383..a0695ec519 100644
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@@ -415,6 +415,13 @@ static JournalFile* find_journal(Server *s, uid_t uid) {
if (s->runtime_journal)
return s->runtime_journal;
+ /* If we are not in persistent mode, then we need return NULL immediately rather than opening a
+ * persistent journal of any sort.
+ *
+ * Fixes https://github.com/systemd/systemd/issues/20390 */
+ if (!IN_SET(s->storage, STORAGE_AUTO, STORAGE_PERSISTENT))
+ return NULL;
+
if (uid_for_system_journal(uid))
return s->system_journal;
--
2.33.0

227
backport-Drop-bundled-copy-of-linux-if_arp.h.patch
View File

@ -1,227 +0,0 @@
From f27585b58a308454bf3409a77c8b1dd12fc64816 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 15 Sep 2021 16:33:05 +0200
Subject: [PATCH] Drop bundled copy of linux/if_arp.h
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
As far as I can see, we use this to get a list of ARPHRD_* defines (used in
particular for Type= in .link files). If we drop our copy, and build against
old kernel headers, the user will have a shorter list of types available. This
seems OK, and I don't think it's worth carrying our own version of this file
just to have newest possible entries.
7c5b9952c4f6e2b72f90edbe439982528b7cf223 recently updated this file, but we'd
have to update it every time the kernel adds new entries. But if we look at
the failure carefully:
src/basic/arphrd-from-name.gperf:65:16: error: ARPHRD_MCTP undeclared (first use in this function); did you mean ARPHRD_FCPP?
65 | MCTP, ARPHRD_MCTP
| ^~
| ARPHRD_FCPP
we see that the list we were generating was from the system headers, so it was
only as good as the system headers anyway, without the newer entries in our
bundled copy, if there were any. So let's make things simpler by always using
system headers.
And if somebody wants to fix things so that we always have the newest list,
then we should just generate and store the converted list, not the full header.
(cherry picked from commit e7f46ee3ae1cc66a94b293957721d68dc09d7449)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/f27585b58a308454bf3409a77c8b1dd12fc64816
---
src/basic/linux/if_arp.h | 165 ---------------------------------------
src/basic/meson.build | 1 -
2 files changed, 166 deletions(-)
delete mode 100644 src/basic/linux/if_arp.h
diff --git a/src/basic/linux/if_arp.h b/src/basic/linux/if_arp.h
deleted file mode 100644
index 4783af9fe5..0000000000
--- a/src/basic/linux/if_arp.h
+++ /dev/null
@@ -1,165 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
-/*
- * INET An implementation of the TCP/IP protocol suite for the LINUX
- * operating system. INET is implemented using the BSD Socket
- * interface as the means of communication with the user level.
- *
- * Global definitions for the ARP (RFC 826) protocol.
- *
- * Version: @(#)if_arp.h 1.0.1 04/16/93
- *
- * Authors: Original taken from Berkeley UNIX 4.3, (c) UCB 1986-1988
- * Portions taken from the KA9Q/NOS (v2.00m PA0GRI) source.
- * Ross Biro
- * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
- * Florian La Roche,
- * Jonathan Layes <layes@loran.com>
- * Arnaldo Carvalho de Melo <acme@conectiva.com.br> ARPHRD_HWX25
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version
- * 2 of the License, or (at your option) any later version.
- */
-#ifndef _UAPI_LINUX_IF_ARP_H
-#define _UAPI_LINUX_IF_ARP_H
-
-#include <linux/netdevice.h>
-
-/* ARP protocol HARDWARE identifiers. */
-#define ARPHRD_NETROM 0 /* from KA9Q: NET/ROM pseudo */
-#define ARPHRD_ETHER 1 /* Ethernet 10Mbps */
-#define ARPHRD_EETHER 2 /* Experimental Ethernet */
-#define ARPHRD_AX25 3 /* AX.25 Level 2 */
-#define ARPHRD_PRONET 4 /* PROnet token ring */
-#define ARPHRD_CHAOS 5 /* Chaosnet */
-#define ARPHRD_IEEE802 6 /* IEEE 802.2 Ethernet/TR/TB */
-#define ARPHRD_ARCNET 7 /* ARCnet */
-#define ARPHRD_APPLETLK 8 /* APPLEtalk */
-#define ARPHRD_DLCI 15 /* Frame Relay DLCI */
-#define ARPHRD_ATM 19 /* ATM */
-#define ARPHRD_METRICOM 23 /* Metricom STRIP (new IANA id) */
-#define ARPHRD_IEEE1394 24 /* IEEE 1394 IPv4 - RFC 2734 */
-#define ARPHRD_EUI64 27 /* EUI-64 */
-#define ARPHRD_INFINIBAND 32 /* InfiniBand */
-
-/* Dummy types for non ARP hardware */
-#define ARPHRD_SLIP 256
-#define ARPHRD_CSLIP 257
-#define ARPHRD_SLIP6 258
-#define ARPHRD_CSLIP6 259
-#define ARPHRD_RSRVD 260 /* Notional KISS type */
-#define ARPHRD_ADAPT 264
-#define ARPHRD_ROSE 270
-#define ARPHRD_X25 271 /* CCITT X.25 */
-#define ARPHRD_HWX25 272 /* Boards with X.25 in firmware */
-#define ARPHRD_CAN 280 /* Controller Area Network */
-#define ARPHRD_MCTP 290
-#define ARPHRD_PPP 512
-#define ARPHRD_CISCO 513 /* Cisco HDLC */
-#define ARPHRD_HDLC ARPHRD_CISCO
-#define ARPHRD_LAPB 516 /* LAPB */
-#define ARPHRD_DDCMP 517 /* Digital's DDCMP protocol */
-#define ARPHRD_RAWHDLC 518 /* Raw HDLC */
-#define ARPHRD_RAWIP 519 /* Raw IP */
-
-#define ARPHRD_TUNNEL 768 /* IPIP tunnel */
-#define ARPHRD_TUNNEL6 769 /* IP6IP6 tunnel */
-#define ARPHRD_FRAD 770 /* Frame Relay Access Device */
-#define ARPHRD_SKIP 771 /* SKIP vif */
-#define ARPHRD_LOOPBACK 772 /* Loopback device */
-#define ARPHRD_LOCALTLK 773 /* Localtalk device */
-#define ARPHRD_FDDI 774 /* Fiber Distributed Data Interface */
-#define ARPHRD_BIF 775 /* AP1000 BIF */
-#define ARPHRD_SIT 776 /* sit0 device - IPv6-in-IPv4 */
-#define ARPHRD_IPDDP 777 /* IP over DDP tunneller */
-#define ARPHRD_IPGRE 778 /* GRE over IP */
-#define ARPHRD_PIMREG 779 /* PIMSM register interface */
-#define ARPHRD_HIPPI 780 /* High Performance Parallel Interface */
-#define ARPHRD_ASH 781 /* Nexus 64Mbps Ash */
-#define ARPHRD_ECONET 782 /* Acorn Econet */
-#define ARPHRD_IRDA 783 /* Linux-IrDA */
-/* ARP works differently on different FC media .. so */
-#define ARPHRD_FCPP 784 /* Point to point fibrechannel */
-#define ARPHRD_FCAL 785 /* Fibrechannel arbitrated loop */
-#define ARPHRD_FCPL 786 /* Fibrechannel public loop */
-#define ARPHRD_FCFABRIC 787 /* Fibrechannel fabric */
- /* 787->799 reserved for fibrechannel media types */
-#define ARPHRD_IEEE802_TR 800 /* Magic type ident for TR */
-#define ARPHRD_IEEE80211 801 /* IEEE 802.11 */
-#define ARPHRD_IEEE80211_PRISM 802 /* IEEE 802.11 + Prism2 header */
-#define ARPHRD_IEEE80211_RADIOTAP 803 /* IEEE 802.11 + radiotap header */
-#define ARPHRD_IEEE802154 804
-#define ARPHRD_IEEE802154_MONITOR 805 /* IEEE 802.15.4 network monitor */
-
-#define ARPHRD_PHONET 820 /* PhoNet media type */
-#define ARPHRD_PHONET_PIPE 821 /* PhoNet pipe header */
-#define ARPHRD_CAIF 822 /* CAIF media type */
-#define ARPHRD_IP6GRE 823 /* GRE over IPv6 */
-#define ARPHRD_NETLINK 824 /* Netlink header */
-#define ARPHRD_6LOWPAN 825 /* IPv6 over LoWPAN */
-#define ARPHRD_VSOCKMON 826 /* Vsock monitor header */
-
-#define ARPHRD_VOID 0xFFFF /* Void type, nothing is known */
-#define ARPHRD_NONE 0xFFFE /* zero header length */
-
-/* ARP protocol opcodes. */
-#define ARPOP_REQUEST 1 /* ARP request */
-#define ARPOP_REPLY 2 /* ARP reply */
-#define ARPOP_RREQUEST 3 /* RARP request */
-#define ARPOP_RREPLY 4 /* RARP reply */
-#define ARPOP_InREQUEST 8 /* InARP request */
-#define ARPOP_InREPLY 9 /* InARP reply */
-#define ARPOP_NAK 10 /* (ATM)ARP NAK */
-
-
-/* ARP ioctl request. */
-struct arpreq {
- struct sockaddr arp_pa; /* protocol address */
- struct sockaddr arp_ha; /* hardware address */
- int arp_flags; /* flags */
- struct sockaddr arp_netmask; /* netmask (only for proxy arps) */
- char arp_dev[IFNAMSIZ];
-};
-
-struct arpreq_old {
- struct sockaddr arp_pa; /* protocol address */
- struct sockaddr arp_ha; /* hardware address */
- int arp_flags; /* flags */
- struct sockaddr arp_netmask; /* netmask (only for proxy arps) */
-};
-
-/* ARP Flag values. */
-#define ATF_COM 0x02 /* completed entry (ha valid) */
-#define ATF_PERM 0x04 /* permanent entry */
-#define ATF_PUBL 0x08 /* publish entry */
-#define ATF_USETRAILERS 0x10 /* has requested trailers */
-#define ATF_NETMASK 0x20 /* want to use a netmask (only
- for proxy entries) */
-#define ATF_DONTPUB 0x40 /* don't answer this addresses */
-
-/*
- * This structure defines an ethernet arp header.
- */
-
-struct arphdr {
- __be16 ar_hrd; /* format of hardware address */
- __be16 ar_pro; /* format of protocol address */
- unsigned char ar_hln; /* length of hardware address */
- unsigned char ar_pln; /* length of protocol address */
- __be16 ar_op; /* ARP opcode (command) */
-
-#if 0
- /*
- * Ethernet looks like this : This bit is variable sized however...
- */
- unsigned char ar_sha[ETH_ALEN]; /* sender hardware address */
- unsigned char ar_sip[4]; /* sender IP address */
- unsigned char ar_tha[ETH_ALEN]; /* target hardware address */
- unsigned char ar_tip[4]; /* target IP address */
-#endif
-
-};
-
-
-#endif /* _UAPI_LINUX_IF_ARP_H */
diff --git a/src/basic/meson.build b/src/basic/meson.build
index 9b016ce5e8..452b965db3 100644
--- a/src/basic/meson.build
+++ b/src/basic/meson.build
@@ -88,7 +88,6 @@ basic_sources = files('''
linux/hdlc/ioctl.h
linux/if.h
linux/if_addr.h
- linux/if_arp.h
linux/if_bonding.h
linux/if_bridge.h
linux/if_ether.h
--
2.33.0

29
backport-Fix-another-crash-due-to-missing-NHDR.patch
View File

@ -1,29 +0,0 @@
From 60630b5e812ce103e9625bcc87778165374a455e Mon Sep 17 00:00:00 2001
From: Kevin Orr <kevinorr54@gmail.com>
Date: Thu, 26 Aug 2021 17:04:53 -0400
Subject: [PATCH] Fix another crash due to missing NHDR
(cherry picked from commit a3a5446b7675696f43c2d8a2a0b898d72228a53d)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/60630b5e812ce103e9625bcc87778165374a455e
---
src/coredump/stacktrace.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/coredump/stacktrace.c b/src/coredump/stacktrace.c
index e46b324cdf..f855a370ff 100644
--- a/src/coredump/stacktrace.c
+++ b/src/coredump/stacktrace.c
@@ -299,6 +299,8 @@ static int module_callback(Dwfl_Module *mod, void **userdata, const char *name,
program_header->p_offset,
program_header->p_filesz,
ELF_T_NHDR);
+ if (!data)
+ continue;
Elf *memelf = elf_memory(data->d_buf, data->d_size);
if (!memelf)
--
2.33.0

33
backport-Fix-error-building-repart-with-no-libcryptsetup-2073.patch
View File

@ -1,33 +0,0 @@
From d3dfc9afa2297e2e15019adf974da8fb0ab7270c Mon Sep 17 00:00:00 2001
From: Marcus Harrison <marcus@harrisonland.co.uk>
Date: Wed, 15 Sep 2021 03:55:07 +0200
Subject: [PATCH] Fix error building repart with no libcryptsetup (#20739)
(cherry picked from commit 2709d02906dd3ab5ecc2b3e19e2846b1714a7e5a)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/d3dfc9afa2297e2e15019adf974da8fb0ab7270c
---
src/partition/repart.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/partition/repart.c b/src/partition/repart.c
index 589acaa49d..851c68cc4b 100644
--- a/src/partition/repart.c
+++ b/src/partition/repart.c
@@ -206,7 +206,12 @@ static const char *encrypt_mode_table[_ENCRYPT_MODE_MAX] = {
[ENCRYPT_KEY_FILE_TPM2] = "key-file+tpm2",
};
+#if HAVE_LIBCRYPTSETUP
DEFINE_PRIVATE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(encrypt_mode, EncryptMode, ENCRYPT_KEY_FILE);
+#else
+DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING_WITH_BOOLEAN(encrypt_mode, EncryptMode, ENCRYPT_KEY_FILE);
+#endif
+
static uint64_t round_down_size(uint64_t v, uint64_t p) {
return (v / p) * p;
--
2.33.0

33
backport-Fix-the-Failed-to-open-random-seed-.-message.patch
View File

@ -1,33 +0,0 @@
From c1b4ee2e0fd28a0c802a3694107613e1689d1c96 Mon Sep 17 00:00:00 2001
From: longpanda <59477474+ventoy@users.noreply.github.com>
Date: Thu, 5 Aug 2021 09:31:44 +0800
Subject: [PATCH] Fix the "Failed to open random seed ..." message.
When boot ArchLinux from Ventoy, it always print `Failed to open random seed file: write protected.`
As Ventoy emulate the ISO file as a read-only CDROM, I didn't test with a real physical CDROM drive, but maybe it also has such problem.
As we use `EFI_FILE_MODE_WRITE` to open the `loader\random-seed` file, so I think it's better to check the result with both `EFI_WRITE_PROTECTED` and `EFI_NOT_FOUND`.
(cherry picked from commit 2846007ecfb1fc84005b942167d394294c707d7b)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/c1b4ee2e0fd28a0c802a3694107613e1689d1c96
---
src/boot/efi/random-seed.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/boot/efi/random-seed.c b/src/boot/efi/random-seed.c
index ff364695f3..3e179851b0 100644
--- a/src/boot/efi/random-seed.c
+++ b/src/boot/efi/random-seed.c
@@ -245,7 +245,7 @@ EFI_STATUS process_random_seed(EFI_FILE *root_dir, RandomSeedMode mode) {
err = uefi_call_wrapper(root_dir->Open, 5, root_dir, &handle, (CHAR16*) L"\\loader\\random-seed", EFI_FILE_MODE_READ|EFI_FILE_MODE_WRITE, 0ULL);
if (EFI_ERROR(err)) {
- if (err != EFI_NOT_FOUND)
+ if (err != EFI_NOT_FOUND && err != EFI_WRITE_PROTECTED)
Print(L"Failed to open random seed file: %r\n", err);
return err;
}
--
2.33.0

55
backport-Get-rid-of-dangling-setutxent.patch
View File

@ -1,55 +0,0 @@
From 540389a690b1d6cb00620d8ad6f54077a90e15f8 Mon Sep 17 00:00:00 2001
From: MertsA <mertsa@fb.com>
Date: Tue, 10 Aug 2021 20:54:50 -0700
Subject: [PATCH] Get rid of dangling setutxent()
utmp_wall() and utmp_put_dead_process() called setutxent() directly instead of the stub in utmp-wtmp.h and never called endutxent(). This would leave /run/utmp left open by PID 1 or journald. This can be reproduced by e.g. lsof /run/utmp and systemd-cat -p 0 echo test. For utmp_put_dead_process() it would only leave it open if it returned early before calling write_utmp_wtmp()
(cherry picked from commit bbd239f67a683fe63ee3698896fa503ff25031ed)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/540389a690b1d6cb00620d8ad6f54077a90e15f8
---
src/shared/utmp-wtmp.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/shared/utmp-wtmp.c b/src/shared/utmp-wtmp.c
index 3eeee24693..784aad2943 100644
--- a/src/shared/utmp-wtmp.c
+++ b/src/shared/utmp-wtmp.c
@@ -215,13 +215,14 @@ int utmp_put_init_process(const char *id, pid_t pid, pid_t sid, const char *line
}
int utmp_put_dead_process(const char *id, pid_t pid, int code, int status) {
+ _cleanup_(utxent_cleanup) bool utmpx = false;
struct utmpx lookup = {
.ut_type = INIT_PROCESS /* looks for DEAD_PROCESS, LOGIN_PROCESS, USER_PROCESS, too */
}, store, store_wtmp, *found;
assert(id);
- setutxent();
+ utmpx = utxent_start();
/* Copy the whole string if it fits, or just the suffix without the terminating NUL. */
copy_suffix(store.ut_id, sizeof(store.ut_id), id);
@@ -339,6 +340,7 @@ int utmp_wall(
bool (*match_tty)(const char *tty, void *userdata),
void *userdata) {
+ _cleanup_(utxent_cleanup) bool utmpx = false;
_cleanup_free_ char *text = NULL, *hn = NULL, *un = NULL, *stdin_tty = NULL;
char date[FORMAT_TIMESTAMP_MAX];
struct utmpx *u;
@@ -368,7 +370,7 @@ int utmp_wall(
message) < 0)
return -ENOMEM;
- setutxent();
+ utmpx = utxent_start();
r = 0;
--
2.33.0

61
backport-Respect-install_sysconfdir.patch
View File

@ -1,61 +0,0 @@
From 0062322638aa36df8190326a6afd38780fb7a271 Mon Sep 17 00:00:00 2001
From: Kai Wohlfahrt <kai.wohlfahrt@gmail.com>
Date: Tue, 14 Sep 2021 00:32:52 +0100
Subject: [PATCH] Respect install_sysconfdir
This was lost e11a25cadbe and c900d89faa0 while adding jinja2
templating. Breaks builds on NixOS.
(cherry picked from commit 679de141122ca30388bba6d132f8c0dddcdddd15)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/0062322638aa36df8190326a6afd38780fb7a271
---
src/core/meson.build | 2 +-
src/login/meson.build | 8 +++++---
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/core/meson.build b/src/core/meson.build
index c66538eab1..367c085027 100644
--- a/src/core/meson.build
+++ b/src/core/meson.build
@@ -193,7 +193,7 @@ foreach item : in_files
output: file,
command : [meson_render_jinja2, config_h, '@INPUT@'],
capture : true,
- install : (dir == pkgsysconfdir and install_sysconfdir_samples) or (dir != pkgsysconfdir and dir != 'no'),
+ install : (dir == pkgsysconfdir) ? install_sysconfdir_samples : (dir != 'no'),
install_dir : dir)
endforeach
diff --git a/src/login/meson.build b/src/login/meson.build
index b637adc9a2..da704d238f 100644
--- a/src/login/meson.build
+++ b/src/login/meson.build
@@ -71,18 +71,20 @@ in_files = [
['70-uaccess.rules', udevrulesdir, enable_logind and conf.get('HAVE_ACL') == 1],
['71-seat.rules', udevrulesdir, enable_logind],
['73-seat-late.rules', udevrulesdir, enable_logind],
- ['systemd-user', pamconfdir, enable_logind and pamconfdir != 'no']]
+ ['systemd-user', pamconfdir, enable_logind]]
foreach tuple : in_files
file = tuple[0]
+ dir = tuple[1]
+ install = (dir == pkgsysconfdir) ? install_sysconfdir_samples : (dir != 'no')
custom_target(
file,
input : file + '.in',
output: file,
command : [meson_render_jinja2, config_h, '@INPUT@'],
capture : true,
- install : tuple[2],
- install_dir : tuple[1])
+ install : tuple[2] and install,
+ install_dir : dir)
endforeach
if enable_logind
--
2.33.0

35
backport-Revert-sysctl.d-switch-net.ipv4.conf.all.rp_filter-f.patch
View File

@ -1,35 +0,0 @@
From 47b256d63ac092137fe44e27560a14ee4aa5b7c8 Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Fri, 8 Feb 2019 10:54:34 +0100
Subject: Revert "sysctl.d: switch net.ipv4.conf.all.rp_filter
from 1 to 2"
Conflict:according def94437934 and 5d4fc0e665a, modify default.rp_filter
and *.rp_filter
Reference:https://github.com/systemd/systemd/commit/230450d4e4f1f5fc9fa4295ed9185eea5b6ea16e
This reverts commit 75c9af80cf3529c76988451e63f98010c86f48f1.
Resolves: #1653824
---
sysctl.d/50-default.conf | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sysctl.d/50-default.conf b/sysctl.d/50-default.conf
index 1b76b9d..2717a4d 100644
--- a/sysctl.d/50-default.conf
+++ b/sysctl.d/50-default.conf
@@ -26,8 +26,8 @@ kernel.core_uses_pid = 1
kernel.core_uses_pid = 1
# Source route verification
-net.ipv4.conf.default.rp_filter = 2
-net.ipv4.conf.*.rp_filter = 2
+net.ipv4.conf.default.rp_filter = 1
+net.ipv4.conf.*.rp_filter = 1
-net.ipv4.conf.all.rp_filter
# Do not accept source routing
--
2.23.0

66
backport-TEST-15-add-one-more-test-for-drop-in-precedence.patch
View File

@ -1,66 +0,0 @@
From c3fa408dcc03bb6dbd11f180540fb9e684893c39 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sun, 16 Oct 2022 21:52:43 +0200
Subject: [PATCH] TEST-15: add one more test for drop-in precedence
---
test/units/testsuite-15.sh | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/test/units/testsuite-15.sh b/test/units/testsuite-15.sh
index ed6d5f838d..079c8b290e 100755
--- a/test/units/testsuite-15.sh
+++ b/test/units/testsuite-15.sh
@@ -282,6 +282,41 @@ MemoryMax=1000000001
clear_services a-b-c.slice
}
+test_transient_service_dropins () {
+ echo "Testing dropins for a transient service..."
+ echo "*** test transient service drop-ins"
+
+ mkdir -p /etc/systemd/system/service.d
+ mkdir -p /etc/systemd/system/a-.service.d
+ mkdir -p /etc/systemd/system/a-b-.service.d
+ mkdir -p /etc/systemd/system/a-b-c.service.d
+
+ echo -e '[Service]\nStandardInputText=aaa' >/etc/systemd/system/service.d/drop1.conf
+ echo -e '[Service]\nStandardInputText=bbb' >/etc/systemd/system/a-.service.d/drop2.conf
+ echo -e '[Service]\nStandardInputText=ccc' >/etc/systemd/system/a-b-.service.d/drop3.conf
+ echo -e '[Service]\nStandardInputText=ddd' >/etc/systemd/system/a-b-c.service.d/drop4.conf
+
+ # There's no fragment yet, so this fails
+ systemctl cat a-b-c.service && exit 1
+
+ # xxx → eHh4Cg==
+ systemd-run -u a-b-c.service -p StandardInputData=eHh4Cg== sleep infinity
+
+ data=$(systemctl show -P StandardInputData a-b-c.service)
+ # xxx\naaa\n\bbb\nccc\nddd\n → eHh4…
+ test "$data" = "eHh4CmFhYQpiYmIKY2NjCmRkZAo="
+
+ # Do a reload and check again
+ systemctl daemon-reload
+ data=$(systemctl show -P StandardInputData a-b-c.service)
+ test "$data" = "eHh4CmFhYQpiYmIKY2NjCmRkZAo="
+
+ clear_services a-b-c.service
+ rm /etc/systemd/system/service.d/drop1.conf \
+ /etc/systemd/system/a-.service.d/drop2.conf \
+ /etc/systemd/system/a-b-.service.d/drop3.conf
+}
+
test_template_dropins () {
echo "Testing template dropins..."
@@ -621,6 +656,7 @@ test_linked_units
test_template_alias
test_hierarchical_service_dropins
test_hierarchical_slice_dropins
+test_transient_service_dropins
test_template_dropins
test_alias_dropins
test_masked_dropins
--
2.33.0

108
backport-TEST-15-add-test-for-transient-units-with-drop-ins.patch
View File

@ -1,108 +0,0 @@
From 6854434cfb5dda10c07d95835c38b75e5e71c2b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sun, 16 Oct 2022 14:02:45 +0200
Subject: [PATCH] TEST-15: add test for transient units with drop-ins
We want to test four things:
- that the transient units are successfully started when drop-ins exist
- that the transient setings override the defaults
- the drop-ins override the transient settings (the same as for a normal unit)
- that things are the same before and after a reload
To make things more fun, we start and stop units in two different ways: via
systemctl and via a direct busctl invocation. This gives us a bit more coverage
of different code paths.
---
test/units/testsuite-15.sh | 62 ++++++++++++++++++++++++++++++++++----
1 file changed, 56 insertions(+), 6 deletions(-)
diff --git a/test/units/testsuite-15.sh b/test/units/testsuite-15.sh
index 8b44d76982..ed6d5f838d 100755
--- a/test/units/testsuite-15.sh
+++ b/test/units/testsuite-15.sh
@@ -181,19 +181,40 @@ test_hierarchical_service_dropins () {
echo "Testing hierarchical service dropins..."
echo "*** test service.d/ top level drop-in"
create_services a-b-c
- check_ko a-b-c ExecCondition "/bin/echo service.d"
- check_ko a-b-c ExecCondition "/bin/echo a-.service.d"
- check_ko a-b-c ExecCondition "/bin/echo a-b-.service.d"
- check_ko a-b-c ExecCondition "/bin/echo a-b-c.service.d"
+ check_ko a-b-c ExecCondition "echo service.d"
+ check_ko a-b-c ExecCondition "echo a-.service.d"
+ check_ko a-b-c ExecCondition "echo a-b-.service.d"
+ check_ko a-b-c ExecCondition "echo a-b-c.service.d"
for dropin in service.d a-.service.d a-b-.service.d a-b-c.service.d; do
mkdir -p /usr/lib/systemd/system/$dropin
echo "
[Service]
-ExecCondition=/bin/echo $dropin
+ExecCondition=echo $dropin
" >/usr/lib/systemd/system/$dropin/override.conf
systemctl daemon-reload
- check_ok a-b-c ExecCondition "/bin/echo $dropin"
+ check_ok a-b-c ExecCondition "echo $dropin"
+
+ # Check that we can start a transient service in presence of the drop-ins
+ systemd-run -u a-b-c2.service -p Description='sleepy' sleep infinity
+
+ # The transient setting replaces the default
+ check_ok a-b-c2.service Description "sleepy"
+
+ # The override takes precedence for ExecCondition
+ # (except the last iteration when it only applies to the other service)
+ if [ "$dropin" != "a-b-c.service.d" ]; then
+ check_ok a-b-c2.service ExecCondition "echo $dropin"
+ fi
+
+ # Check that things are the same after a reload
+ systemctl daemon-reload
+ check_ok a-b-c2.service Description "sleepy"
+ if [ "$dropin" != "a-b-c.service.d" ]; then
+ check_ok a-b-c2.service ExecCondition "echo $dropin"
+ fi
+
+ systemctl stop a-b-c2.service
done
for dropin in service.d a-.service.d a-b-.service.d a-b-c.service.d; do
rm -rf /usr/lib/systemd/system/$dropin
@@ -218,6 +239,35 @@ MemoryMax=1000000000
" >/usr/lib/systemd/system/$dropin/override.conf
systemctl daemon-reload
check_ok a-b-c.slice MemoryMax "1000000000"
+
+ busctl call \
+ org.freedesktop.systemd1 \
+ /org/freedesktop/systemd1 \
+ org.freedesktop.systemd1.Manager \
+ StartTransientUnit 'ssa(sv)a(sa(sv))' \
+ 'a-b-c.slice' 'replace' \
+ 2 \
+ 'Description' s 'slice too' \
+ 'MemoryMax' t 1000000002 \
+ 0
+
+ # The override takes precedence for MemoryMax
+ check_ok a-b-c.slice MemoryMax "1000000000"
+ # The transient setting replaces the default
+ check_ok a-b-c.slice Description "slice too"
+
+ # Check that things are the same after a reload
+ systemctl daemon-reload
+ check_ok a-b-c.slice MemoryMax "1000000000"
+ check_ok a-b-c.slice Description "slice too"
+
+ busctl call \
+ org.freedesktop.systemd1 \
+ /org/freedesktop/systemd1 \
+ org.freedesktop.systemd1.Manager \
+ StopUnit 'ss' \
+ 'a-b-c.slice' 'replace'
+
rm /usr/lib/systemd/system/$dropin/override.conf
done
--
2.33.0

78
backport-TEST-15-also-test-hierarchical-drop-ins-for-slices.patch
View File

@ -1,78 +0,0 @@
From f80c874af376052b6b81f47cbbc43d7fecd98cd6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sun, 16 Oct 2022 12:54:34 +0200
Subject: [PATCH] TEST-15: also test hierarchical drop-ins for slices
Slices are worth testing too, because they don't need a fragment path so they
behave slightly differently than service units. I'm making this a separate
patch from the actual tests that I wanted to add later because it's complex
enough on its own.
---
test/units/testsuite-15.sh | 37 ++++++++++++++++++++++++++++++++++---
1 file changed, 34 insertions(+), 3 deletions(-)
diff --git a/test/units/testsuite-15.sh b/test/units/testsuite-15.sh
index c3784e2..8bae64d 100755
--- a/test/units/testsuite-15.sh
+++ b/test/units/testsuite-15.sh
@@ -174,8 +174,8 @@ test_template_alias() {
clear_services test15-a@ test15-b@
}
-test_hierarchical_dropins () {
- echo "Testing hierarchical dropins..."
+test_hierarchical_service_dropins () {
+ echo "Testing hierarchical service dropins..."
echo "*** test service.d/ top level drop-in"
create_services a-b-c
check_ko a-b-c ExecCondition "/bin/echo service.d"
@@ -199,6 +199,36 @@ ExecCondition=/bin/echo $dropin
clear_services a-b-c
}
+test_hierarchical_slice_dropins () {
+ echo "Testing hierarchical slice dropins..."
+ echo "*** test slice.d/ top level drop-in"
+ # Slice units don't even need a fragment, so we test the defaults here
+ check_ok a-b-c.slice Description "Slice /a/b/c"
+ check_ok a-b-c.slice MemoryMax "infinity"
+
+ # Test drop-ins
+ for dropin in slice.d a-.slice.d a-b-.slice.d a-b-c.slice.d; do
+ mkdir -p /usr/lib/systemd/system/$dropin
+ echo "
+[Slice]
+MemoryMax=1000000000
+ " >/usr/lib/systemd/system/$dropin/override.conf
+ systemctl daemon-reload
+ check_ok a-b-c.slice MemoryMax "1000000000"
+ rm /usr/lib/systemd/system/$dropin/override.conf
+ done
+
+ # Test unit with a fragment
+ echo "
+[Slice]
+MemoryMax=1000000001
+ " >/usr/lib/systemd/system/a-b-c.slice
+ systemctl daemon-reload
+ check_ok a-b-c.slice MemoryMax "1000000001"
+
+ clear_services a-b-c.slice
+}
+
test_template_dropins () {
echo "Testing template dropins..."
@@ -517,7 +547,8 @@ test_invalid_dropins () {
test_basic_dropins
test_linked_units
test_template_alias
-test_hierarchical_dropins
+test_hierarchical_service_dropins
+test_hierarchical_slice_dropins
test_template_dropins
test_alias_dropins
test_masked_dropins
--
2.33.0

35
backport-Use-correct-fcntl.h-include.patch
View File

@ -1,35 +0,0 @@
From 3450d8dc8ddb582816c6c481b6a9b7378706ab3b Mon Sep 17 00:00:00 2001
From: David Seifert <soap@gentoo.org>
Date: Mon, 2 Aug 2021 12:41:38 +0200
Subject: [PATCH] Use correct `<fcntl.h>` include
* `<sys/fcntl.h>` is not specified in POSIX
(cherry picked from commit f8d54f7810aeea5ff27a5db03e1aab7ea54c8268)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/3450d8dc8ddb582816c6c481b6a9b7378706ab3b
---
src/basic/fileio.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/basic/fileio.h b/src/basic/fileio.h
index c28b17fef5..9bd2037f5b 100644
--- a/src/basic/fileio.h
+++ b/src/basic/fileio.h
@@ -2,11 +2,11 @@
#pragma once
#include <dirent.h>
+#include <fcntl.h>
#include <stdbool.h>
#include <stddef.h>
#include <stdio.h>
#include <sys/stat.h>
-#include <sys/fcntl.h>
#include <sys/types.h>
#include "macro.h"
--
2.33.0

43
backport-Use-correct-poll.h-include.patch
View File

@ -1,43 +0,0 @@
From fba9fd963bb3b5fafdb123788b3fabe6ed0830c9 Mon Sep 17 00:00:00 2001
From: David Seifert <soap@gentoo.org>
Date: Mon, 2 Aug 2021 16:09:10 +0200
Subject: [PATCH] Use correct `<poll.h>` include
* `<sys/poll.h>` is not specified in POSIX
(cherry picked from commit 2b6c0bb2a341c95223ce672249e43c743b03d78c)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/fba9fd963bb3b5fafdb123788b3fabe6ed0830c9
---
src/shared/nscd-flush.c | 2 +-
src/shared/varlink.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/shared/nscd-flush.c b/src/shared/nscd-flush.c
index dfc47c4234..19e16d9345 100644
--- a/src/shared/nscd-flush.c
+++ b/src/shared/nscd-flush.c
@@ -1,5 +1,5 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
-#include <sys/poll.h>
+#include <poll.h>
#include "fd-util.h"
#include "io-util.h"
diff --git a/src/shared/varlink.c b/src/shared/varlink.c
index 6b0b343ae9..8da568e208 100644
--- a/src/shared/varlink.c
+++ b/src/shared/varlink.c
@@ -1,7 +1,7 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include <malloc.h>
-#include <sys/poll.h>
+#include <poll.h>
#include "alloc-util.h"
#include "errno-util.h"
--
2.33.0

33
backport-analyze-add-forgotten-return-statement.patch
View File

@ -1,33 +0,0 @@
From 53fd101c2144cb104d34aea8e68c7c24443107bd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Fri, 7 Oct 2022 15:52:33 +0200
Subject: [PATCH] analyze: add forgotten return statement
We would fail with an assert in sd_bus_message_enter_container() afterwards.
(cherry picked from commit 5475e963c5e6ade35404384ba03caf79cb1bc2e5)
(cherry picked from commit e0ba044985ac33d5eb2fb0d09fc2ff1b2f9b73dc)
(cherry picked from commit 1316666e98accf6b8ab8cb0fb5ef73d275049a34)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/53fd101c2144cb104d34aea8e68c7c24443107bd
---
src/analyze/analyze.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c
index 62c0ccbdfe..6452d23331 100644
--- a/src/analyze/analyze.c
+++ b/src/analyze/analyze.c
@@ -1274,7 +1274,7 @@ static int dot(int argc, char *argv[], void *userdata) {
r = bus_call_method(bus, bus_systemd_mgr, "ListUnits", &error, &reply, NULL);
if (r < 0)
- log_error_errno(r, "Failed to list units: %s", bus_error_message(&error, r));
+ return log_error_errno(r, "Failed to list units: %s", bus_error_message(&error, r));
r = sd_bus_message_enter_container(reply, SD_BUS_TYPE_ARRAY, "(ssssssouso)");
if (r < 0)
--
2.27.0

91
backport-analyze-fix-printing-config-when-there-is-no-main-co.patch
View File

@ -1,91 +0,0 @@
From 8621f957b6e3a7eed1c5965d332ad1c4c594f26e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sat, 20 Nov 2021 11:42:31 +0100
Subject: [PATCH] analyze: fix printing config when there is no main config
file
Since 8b8024f1c231c166f5c450905c8fd91d11704ae7 and the follow-up commits, the
main config file may be located in /usr or in other paths. But the code in
analyze.c was still assuming that it must be in /etc. Things mostly worked for
our own config files because we usually install a comments-only file in /etc,
but was not correct in the general case.
This fixes in particular 'systemd-analyze cat-config systemd/zram-generator.conf'.
In Fedora we distribute a config file in zram-generator-defaults.rpm that is in
/usr/lib, and 'cat-config' would refuse to show it because
/etc/systemd/zram-generator.conf does not exist.
The main config file is optional, but let's print an informative message
because this is a slightly unusual case.
The file paths that we printed were missing the root prefix.
(cherry picked from commit 0895e87348e5fc02f50498cad5922eb3eb172323)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/8621f957b6e3a7eed1c5965d332ad1c4c594f26e
---
src/shared/pretty-print.c | 43 ++++++++++++++++++++++++++-------------
1 file changed, 29 insertions(+), 14 deletions(-)
diff --git a/src/shared/pretty-print.c b/src/shared/pretty-print.c
index 137ba77b3a..97baeda401 100644
--- a/src/shared/pretty-print.c
+++ b/src/shared/pretty-print.c
@@ -300,24 +300,39 @@ int conf_files_cat(const char *root, const char *name) {
return log_error_errno(r, "Failed to build directory list: %m");
}
- r = conf_files_list_strv(&files, extension, root, 0, (const char* const*) dirs);
- if (r < 0)
- return log_error_errno(r, "Failed to query file list: %m");
+ if (DEBUG_LOGGING) {
+ log_debug("Looking for configuration in:");
+ if (!is_collection)
+ STRV_FOREACH(prefix, prefixes)
+ log_debug(" %s%s%s", strempty(root), *prefix, name);
+ STRV_FOREACH(t, dirs)
+ log_debug(" %s%s/*%s", strempty(root), *t, extension);
+ }
+
+ /* First locate the main config file, if any */
if (!is_collection) {
- path = path_join(root, "/etc", name);
+ STRV_FOREACH(prefix, prefixes) {
+ path = path_join(root, *prefix, name);
+ if (!path)
+ return log_oom();
+ if (access(path, F_OK) == 0)
+ break;
+ path = mfree(path);
+ }
+
if (!path)
- return log_oom();
+ printf("%s# Main configuration file %s not found%s\n",
+ ansi_highlight_magenta(),
+ name,
+ ansi_normal());
}
- if (DEBUG_LOGGING) {
- log_debug("Looking for configuration in:");
- if (path)
- log_debug(" %s", path);
- STRV_FOREACH(t, dirs)
- log_debug(" %s/*%s", *t, extension);
- }
+ /* Then locate the drop-ins, if any */
+ r = conf_files_list_strv(&files, extension, root, 0, (const char* const*) dirs);
+ if (r < 0)
+ return log_error_errno(r, "Failed to query file list: %m");
- /* show */
- return cat_files(path, files, CAT_FLAGS_MAIN_FILE_OPTIONAL);
+ /* Show */
+ return cat_files(path, files, 0);
}
--
2.33.0

35
backport-argv-util-also-update-program_invocation_short_name.patch
View File

@ -1,35 +0,0 @@
From 73be22c6f245ad86ef33d95bd4ab0a8e9fd121be Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 3 Feb 2023 18:29:36 +0900
Subject: [PATCH] argv-util: also update program_invocation_short_name
Our logging uses program_invocation_short_name. Without this patch,
logs from forked client may become broken; spuriously truncated or
the short invocation name is not completely shown in the log.
(cherry picked from commit dd15e4cb57129b915e01495e113696bfe0b70214)
(cherry picked from commit ce4726468dc02bd7383cd7d90c8769576c6973e3)
(cherry picked from commit 7a862d9d1a7196a5576720959849f45fc68b041c)
(cherry picked from commit 9fbbd7bf28e5362b786e152a9ce4e8bd40621759)
---
src/basic/process-util.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/basic/process-util.c b/src/basic/process-util.c
index b76ca6f7c5..10651a4564 100644
--- a/src/basic/process-util.c
+++ b/src/basic/process-util.c
@@ -371,6 +371,10 @@ int rename_process(const char name[]) {
strncpy(program_invocation_name, name, k);
if (l > k)
truncated = true;
+
+ /* Also update the short name. */
+ char *p = strrchr(program_invocation_name, '/');
+ program_invocation_short_name = p ? p + 1 : program_invocation_name;
}
/* Third step, completely replace the argv[] array the kernel maintains for us. This requires privileges, but
--
2.27.0

43
backport-backlight-ignore-error-if-the-backlight-device-is-al.patch
View File

@ -1,43 +0,0 @@
From a69c240157e2ca066130c12bb061e0065f2c2425 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 5 Jan 2022 18:26:46 +0900
Subject: [PATCH] backlight: ignore error if the backlight device is already
removed
Fixes #21997.
(cherry picked from commit f0f65087834198d4dabf8b389ddc34223400aab7)
(cherry picked from commit b4c57e1b1c249f28f13a86637d8854c920bcf26d)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/a69c240157e2ca066130c12bb061e0065f2c2425
---
src/backlight/backlight.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/backlight/backlight.c b/src/backlight/backlight.c
index 7c0970a60c..5aeee0de47 100644
--- a/src/backlight/backlight.c
+++ b/src/backlight/backlight.c
@@ -395,8 +395,16 @@ static int run(int argc, char *argv[]) {
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Not a backlight or LED device: '%s:%s'", ss, sysname);
r = sd_device_new_from_subsystem_sysname(&device, ss, sysname);
- if (r < 0)
- return log_error_errno(r, "Failed to get backlight or LED device '%s:%s': %m", ss, sysname);
+ if (r < 0) {
+ bool ignore = r == -ENODEV;
+
+ /* Some drivers, e.g. for AMD GPU, removes acpi backlight device soon after it is added.
+ * See issue #21997. */
+ log_full_errno(ignore ? LOG_DEBUG : LOG_ERR, r,
+ "Failed to get backlight or LED device '%s:%s'%s: %m",
+ ss, sysname, ignore ? ", ignoring" : "");
+ return ignore ? 0 : r;
+ }
/* If max_brightness is 0, then there is no actual backlight device. This happens on desktops
* with Asus mainboards that load the eeepc-wmi module. */
--
2.33.0

53
backport-basic-env-util-correctly-parse-extended-vars-after-n.patch
View File

@ -1,53 +0,0 @@
From 74583cad5a3bf4051b879b8b1ac53934027ef485 Mon Sep 17 00:00:00 2001
From: Andrew Soutar <andrew@andrewsoutar.com>
Date: Tue, 5 Oct 2021 22:55:27 -0400
Subject: [PATCH] basic/env-util: correctly parse extended vars after
non-extended vars (#20941)
(cherry picked from commit 5ef97a712236f0ddddec52665c0aea7d4e6d3c13)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/74583cad5a3bf4051b879b8b1ac53934027ef485
---
src/basic/env-util.c | 1 +
src/test/test-env-util.c | 5 ++++-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/basic/env-util.c b/src/basic/env-util.c
index 81b1e3f10e..1ca445dab4 100644
--- a/src/basic/env-util.c
+++ b/src/basic/env-util.c
@@ -577,6 +577,7 @@ char *replace_env_n(const char *format, size_t n, char **env, unsigned flags) {
word = e+1;
state = WORD;
+ nest--;
} else if (*e == ':') {
if (flags & REPLACE_ENV_ALLOW_EXTENDED) {
len = e - word - 2;
diff --git a/src/test/test-env-util.c b/src/test/test-env-util.c
index ed4580e4af..3d5951c46e 100644
--- a/src/test/test-env-util.c
+++ b/src/test/test-env-util.c
@@ -198,7 +198,7 @@ static void test_replace_env2(bool extended) {
"BAR=bar",
NULL
};
- _cleanup_free_ char *t = NULL, *s = NULL, *q = NULL, *r = NULL, *p = NULL, *x = NULL;
+ _cleanup_free_ char *t = NULL, *s = NULL, *q = NULL, *r = NULL, *p = NULL, *x = NULL, *y = NULL;
unsigned flags = REPLACE_ENV_ALLOW_EXTENDED*extended;
t = replace_env("FOO=${FOO:-${BAR}}", (char**) env, flags);
@@ -218,6 +218,9 @@ static void test_replace_env2(bool extended) {
x = replace_env("XXX=${XXX:+${BAR}post}", (char**) env, flags);
assert_se(streq(x, extended ? "XXX=" : "XXX=${XXX:+barpost}"));
+
+ y = replace_env("FOO=${FOO}between${BAR:-baz}", (char**) env, flags);
+ assert_se(streq(y, extended ? "FOO=foobetweenbar" : "FOO=foobetween${BAR:-baz}"));
}
static void test_replace_env_argv(void) {
--
2.33.0

105
backport-basic-escape-add-helper-for-quoting-command-lines.patch
View File

@ -1,105 +0,0 @@
From 17d1b0d2dd109c5e413d8ef1eb5835344f9314b9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 7 Jul 2021 16:27:51 +0200
Subject: [PATCH] basic/escape: add helper for quoting command lines
(cherry picked from commit eeb91d29b0279d6bf8a3f1c4da54c9e9c0881a19)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/17d1b0d2dd109c5e413d8ef1eb5835344f9314b9
---
src/basic/escape.c | 21 +++++++++++++++++++++
src/basic/escape.h | 1 +
src/test/test-escape.c | 24 ++++++++++++++++++++++++
3 files changed, 46 insertions(+)
diff --git a/src/basic/escape.c b/src/basic/escape.c
index 2a3a0e31a1..fcade5a1b4 100644
--- a/src/basic/escape.c
+++ b/src/basic/escape.c
@@ -8,6 +8,7 @@
#include "escape.h"
#include "hexdecoct.h"
#include "macro.h"
+#include "strv.h"
#include "utf8.h"
int cescape_char(char c, char *buf) {
@@ -542,3 +543,23 @@ char* shell_maybe_quote(const char *s, ShellEscapeFlags flags) {
return str_realloc(buf);
}
+
+char* quote_command_line(char **argv) {
+ _cleanup_free_ char *result = NULL;
+
+ assert(argv);
+
+ char **a;
+ STRV_FOREACH(a, argv) {
+ _cleanup_free_ char *t = NULL;
+
+ t = shell_maybe_quote(*a, SHELL_ESCAPE_EMPTY);
+ if (!t)
+ return NULL;
+
+ if (!strextend_with_separator(&result, " ", t))
+ return NULL;
+ }
+
+ return TAKE_PTR(result);
+}
diff --git a/src/basic/escape.h b/src/basic/escape.h
index 907b572bd4..e9d48d227a 100644
--- a/src/basic/escape.h
+++ b/src/basic/escape.h
@@ -68,3 +68,4 @@ char* escape_non_printable_full(const char *str, size_t console_width, XEscapeFl
char* shell_escape(const char *s, const char *bad);
char* shell_maybe_quote(const char *s, ShellEscapeFlags flags);
+char* quote_command_line(char **argv);
diff --git a/src/test/test-escape.c b/src/test/test-escape.c
index 991b135a33..8bda9cdc8d 100644
--- a/src/test/test-escape.c
+++ b/src/test/test-escape.c
@@ -192,6 +192,29 @@ static void test_shell_maybe_quote(void) {
test_shell_maybe_quote_one("głąb\002\003rząd", SHELL_ESCAPE_POSIX, "$'głąb\\002\\003rząd'");
}
+static void test_quote_command_line_one(char **argv, const char *expected) {
+ _cleanup_free_ char *s;
+
+ assert_se(s = quote_command_line(argv));
+ log_info("%s", s);
+ assert_se(streq(s, expected));
+}
+
+static void test_quote_command_line(void) {
+ log_info("/* %s */", __func__);
+
+ test_quote_command_line_one(STRV_MAKE("true", "true"),
+ "true true");
+ test_quote_command_line_one(STRV_MAKE("true", "with a space"),
+ "true \"with a space\"");
+ test_quote_command_line_one(STRV_MAKE("true", "with a 'quote'"),
+ "true \"with a 'quote'\"");
+ test_quote_command_line_one(STRV_MAKE("true", "with a \"quote\""),
+ "true \"with a \\\"quote\\\"\"");
+ test_quote_command_line_one(STRV_MAKE("true", "$dollar"),
+ "true \"\\$dollar\"");
+}
+
int main(int argc, char *argv[]) {
test_setup_logging(LOG_DEBUG);
@@ -202,6 +225,7 @@ int main(int argc, char *argv[]) {
test_cunescape();
test_shell_escape();
test_shell_maybe_quote();
+ test_quote_command_line();
return 0;
}
--
2.33.0

32
backport-basic-linux-Sync-if_arp.h-with-Linux-5.14.patch
View File

@ -1,32 +0,0 @@
From 6674c65c74dcf52b6887e76642683b593d86cb69 Mon Sep 17 00:00:00 2001
From: Chris Packham <chris.packham@alliedtelesis.co.nz>
Date: Fri, 10 Sep 2021 09:51:36 +1200
Subject: [PATCH] basic/linux: Sync if_arp.h with Linux 5.14
ARPHRD_MCTP was added in 5.14. Sync if_arp.h to pick up the definition
Fixes #20694
(cherry picked from commit 7c5b9952c4f6e2b72f90edbe439982528b7cf223)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/6674c65c74dcf52b6887e76642683b593d86cb69
---
src/basic/linux/if_arp.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/basic/linux/if_arp.h b/src/basic/linux/if_arp.h
index c3cc5a9e5e..4783af9fe5 100644
--- a/src/basic/linux/if_arp.h
+++ b/src/basic/linux/if_arp.h
@@ -54,6 +54,7 @@
#define ARPHRD_X25 271 /* CCITT X.25 */
#define ARPHRD_HWX25 272 /* Boards with X.25 in firmware */
#define ARPHRD_CAN 280 /* Controller Area Network */
+#define ARPHRD_MCTP 290
#define ARPHRD_PPP 512
#define ARPHRD_CISCO 513 /* Cisco HDLC */
#define ARPHRD_HDLC ARPHRD_CISCO
--
2.33.0

48
backport-basic-log-allow-errno-values-higher-than-255.patch
View File

@ -1,48 +0,0 @@
From fb824c90e5a83218e4252a2c21c7f365d0167458 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Mon, 3 Jan 2022 17:53:29 +0100
Subject: [PATCH] basic/log: allow errno values higher than 255
When the support for "synthetic errno" was added, we started truncating
the errno value to just the least significant byte. This is generally OK,
because errno values are defined up to ~130.
The docs don't really say what the maximum value is. But at least in principle
higher values could be added in the future. So let's stop truncating
the values needlessly.
The kernel (or libbpf?) have an error where they return 524 as an errno
value (https://bugzilla.redhat.com/show_bug.cgi?id=2036145). We would
confusingly truncate this to 12 (ENOMEM). It seems much nicer to let
strerror() give us "Unknown error 524" rather than to print the bogus
message about ENOMEM.
(cherry picked from commit 5f74fcd41cb1a1b26c23e0f2ab405ae9cf6bcc93)
(cherry picked from commit cd686fe4c719bfb894bd24d673c51f19cea64643)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/fb824c90e5a83218e4252a2c21c7f365d0167458
---
src/basic/log.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/basic/log.h b/src/basic/log.h
index 738c181070..8bfae8e0e5 100644
--- a/src/basic/log.h
+++ b/src/basic/log.h
@@ -27,10 +27,10 @@ typedef enum LogTarget{
_LOG_TARGET_INVALID = -EINVAL,
} LogTarget;
-/* Note to readers: << and >> have lower precedence than & and | */
+/* Note to readers: << and >> have lower precedence (are evaluated earlier) than & and | */
#define SYNTHETIC_ERRNO(num) (1 << 30 | (num))
#define IS_SYNTHETIC_ERRNO(val) ((val) >> 30 & 1)
-#define ERRNO_VALUE(val) (abs(val) & 255)
+#define ERRNO_VALUE(val) (abs(val) & ~(1 << 30))
const char *log_target_to_string(LogTarget target) _const_;
LogTarget log_target_from_string(const char *s) _pure_;
--
2.33.0

76
backport-basic-mac_-selinux-smack-_apply_fd-does-not-work-whe.patch
View File

@ -1,76 +0,0 @@
From fdb86800e854d5079c13d3a4597f73617db991f6 Mon Sep 17 00:00:00 2001
From: Donald Chan <hoiho@amazon.com>
Date: Fri, 28 Jan 2022 22:53:46 +0000
Subject: [PATCH] basic: mac_[selinux,smack]_apply_fd does not work when
applying labels
Commit a7fdc6c introduced a regression where file descriptors are opened
using O_PATH option. mac_smack_apply_fd() calls fsetxattr() and would fail
with a -EBADF (Bad file descriptor) error.
Use FORMAT_PROC_FD_PATH(fd) to convert the fd back into a full path and
call setxattr() or setfilecon() instead.
Signed-off-by: Donald Chan <hoiho@amazon.com>
(cherry picked from commit a718364e9d9242cc2111c9860f2ab5bb9bb26db9)
(cherry picked from commit 9f596964f6e403b089450dc083724b48fb4b4bb1)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/fdb86800e854d5079c13d3a4597f73617db991f6
---
src/shared/selinux-util.c | 6 +++++-
src/shared/smack-util.c | 7 +++++--
2 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/src/shared/selinux-util.c b/src/shared/selinux-util.c
index 03cee76f64..832c29435d 100644
--- a/src/shared/selinux-util.c
+++ b/src/shared/selinux-util.c
@@ -344,12 +344,16 @@ int mac_selinux_apply_fd(int fd, const char *path, const char *label) {
assert(fd >= 0);
#if HAVE_SELINUX
+ char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int) + 1];
+
if (!mac_selinux_use())
return 0;
assert(label);
- if (fsetfilecon(fd, label) < 0)
+ xsprintf(procfs_path, "/proc/self/fd/%i", fd);
+
+ if (setfilecon(procfs_path, label) < 0)
return log_enforcing_errno(errno, "Failed to set SELinux security context %s on path %s: %m", label, strna(path));
#endif
return 0;
diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c
index 3362ee3924..8d88a7b49a 100644
--- a/src/shared/smack-util.c
+++ b/src/shared/smack-util.c
@@ -86,6 +86,7 @@ int mac_smack_apply(const char *path, SmackAttr attr, const char *label) {
}
int mac_smack_apply_fd(int fd, SmackAttr attr, const char *label) {
+ char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int) + 1];
int r;
assert(fd >= 0);
@@ -94,10 +95,12 @@ int mac_smack_apply_fd(int fd, SmackAttr attr, const char *label) {
if (!mac_smack_use())
return 0;
+ xsprintf(procfs_path, "/proc/self/fd/%i", fd);
+
if (label)
- r = fsetxattr(fd, smack_attr_to_string(attr), label, strlen(label), 0);
+ r = setxattr(procfs_path, smack_attr_to_string(attr), label, strlen(label), 0);
else
- r = fremovexattr(fd, smack_attr_to_string(attr));
+ r = removexattr(procfs_path, smack_attr_to_string(attr));
if (r < 0)
return -errno;
--
2.33.0

28
backport-basic-mountpoint-util-detect-erofs-as-a-read-only-FS.patch
View File

@ -1,28 +0,0 @@
From 74af5a3696cd3747fa814a21eb1b3d7cae3dea56 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@microsoft.com>
Date: Thu, 4 Nov 2021 20:29:43 +0000
Subject: [PATCH] basic/mountpoint-util: detect erofs as a read-only FS
(cherry picked from commit fac2c3e97d80fb356eb50abb429bdb5ed36afcf1)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/74af5a3696cd3747fa814a21eb1b3d7cae3dea56
---
src/basic/mountpoint-util.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/basic/mountpoint-util.c b/src/basic/mountpoint-util.c
index e7a5a99551..7e57d9a226 100644
--- a/src/basic/mountpoint-util.c
+++ b/src/basic/mountpoint-util.c
@@ -424,6 +424,7 @@ bool fstype_is_ro(const char *fstype) {
return STR_IN_SET(fstype,
"DM_verity_hash",
"iso9660",
+ "erofs",
"squashfs");
}
--
2.33.0

32
backport-basic-unit-file-don-t-filter-out-names-starting-with.patch
View File

@ -1,32 +0,0 @@
From d21bfe5c06688a5b6aa0a0b4eae0b05bc45475fb Mon Sep 17 00:00:00 2001
From: Anita Zhang <the.anitazha@gmail.com>
Date: Tue, 28 Sep 2021 23:52:39 -0700
Subject: [PATCH] basic/unit-file: don't filter out names starting with dot
Fixes #20859
Reverts 3796bdc55d6ba499d1049f749072218879e619a7
(cherry picked from commit 14bb72953458caace048b55ead7ea06a592b864f)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/d21bfe5c06688a5b6aa0a0b4eae0b05bc45475fb
---
src/basic/unit-file.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/basic/unit-file.c b/src/basic/unit-file.c
index 884a0674a9..0d58b1c4fe 100644
--- a/src/basic/unit-file.c
+++ b/src/basic/unit-file.c
@@ -284,7 +284,7 @@ int unit_file_build_name_map(
continue;
}
- FOREACH_DIRENT(de, d, log_warning_errno(errno, "Failed to read \"%s\", ignoring: %m", *dir)) {
+ FOREACH_DIRENT_ALL(de, d, log_warning_errno(errno, "Failed to read \"%s\", ignoring: %m", *dir)) {
char *filename;
_cleanup_free_ char *_filename_free = NULL, *simplified = NULL;
const char *suffix, *dst = NULL;
--
2.33.0

32
backport-binfmt-fix-exit-value.patch
View File

@ -1,32 +0,0 @@
From d4406e94a32d423d8a73deb7757fb09890afe2c4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 10 Nov 2021 13:58:32 +0100
Subject: [PATCH] binfmt: fix exit value
Positive values are mapped to 0 by DEFINE_MAIN_FUNCTION(), so e.g.
systemd-binfmt --foobar would "succeed".
(cherry picked from commit 52707598d5c0dbbc8a967e4874b0b08ee2486772)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/d4406e94a32d423d8a73deb7757fb09890afe2c4
---
src/binfmt/binfmt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/binfmt/binfmt.c b/src/binfmt/binfmt.c
index 29530bb691..981218f52f 100644
--- a/src/binfmt/binfmt.c
+++ b/src/binfmt/binfmt.c
@@ -189,7 +189,7 @@ static int run(int argc, char *argv[]) {
r = parse_argv(argc, argv);
if (r <= 0)
- return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+ return r;
log_setup();
--
2.33.0

68
backport-boot-timestamps-Discard-firmware-init-time-when-runn.patch
View File

@ -1,68 +0,0 @@
From 9ee300a0b6429b7af73f40edfb2330cbbd7828f3 Mon Sep 17 00:00:00 2001
From: Jan Janssen <medhefgo@web.de>
Date: Sun, 9 Jan 2022 14:22:15 +0100
Subject: [PATCH] boot-timestamps: Discard firmware init time when running in a
VM
Fixes: #22060
(cherry picked from commit f699bd81e8e18da2d2fc11e7fb7dce95f8bb3f9e)
(cherry picked from commit 3c5c13f82c760c7067bb189484e1f672ff6713f6)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/9ee300a0b6429b7af73f40edfb2330cbbd7828f3
---
src/shared/boot-timestamps.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/src/shared/boot-timestamps.c b/src/shared/boot-timestamps.c
index 8786e89c0e..e00b37aa32 100644
--- a/src/shared/boot-timestamps.c
+++ b/src/shared/boot-timestamps.c
@@ -5,11 +5,13 @@
#include "efi-loader.h"
#include "macro.h"
#include "time-util.h"
+#include "virt.h"
int boot_timestamps(const dual_timestamp *n, dual_timestamp *firmware, dual_timestamp *loader) {
usec_t x = 0, y = 0, a;
int r;
dual_timestamp _n;
+ bool use_firmware = true;
assert(firmware);
assert(loader);
@@ -24,6 +26,10 @@ int boot_timestamps(const dual_timestamp *n, dual_timestamp *firmware, dual_time
r = efi_loader_get_boot_usec(&x, &y);
if (r < 0)
return r;
+
+ /* If we are running in a VM, the init timestamp would
+ * be equivalent to the host uptime. */
+ use_firmware = detect_vm() <= 0;
}
/* Let's convert this to timestamps where the firmware
@@ -33,12 +39,14 @@ int boot_timestamps(const dual_timestamp *n, dual_timestamp *firmware, dual_time
* the monotonic timestamps here as negative of the actual
* value. */
- firmware->monotonic = y;
- loader->monotonic = y - x;
-
- a = n->monotonic + firmware->monotonic;
- firmware->realtime = n->realtime > a ? n->realtime - a : 0;
+ if (use_firmware) {
+ firmware->monotonic = y;
+ a = n->monotonic + firmware->monotonic;
+ firmware->realtime = n->realtime > a ? n->realtime - a : 0;
+ } else
+ firmware->monotonic = firmware->realtime = 0;
+ loader->monotonic = y - x;
a = n->monotonic + loader->monotonic;
loader->realtime = n->realtime > a ? n->realtime - a : 0;
--
2.33.0

45
backport-bootctl-Fix-update-not-adding-EFI-entry-if-Boot-IDs-.patch
View File

@ -1,45 +0,0 @@
From 0028a3eb976dfa7209433dfa3a24b785f05fd352 Mon Sep 17 00:00:00 2001
From: Anssi Hannula <anssi.hannula@bitwise.fi>
Date: Thu, 23 Sep 2021 12:08:05 +0300
Subject: [PATCH] bootctl: Fix update not adding EFI entry if Boot IDs are
non-consecutive
"bootctl update" tries to add sd-boot to the EFI boot loader list if it
is not already there. To do so, it uses find_slot() which finds the
proper BootXXXX slot ID to use and also returns 1 if an existing sd-boot
entry was found at this ID or 0 if it is a new unused ID. In "update"
case install_variables() only writes the entry in case 0 (no existing
entry).
However, find_slot() erroneously returns 1 if it finds a gap in the Boot
IDs (i.e. when not resorting to max(ids) + 1). This causes
"bootctl update" to not add a missing systemd-boot boot entry if the
existing BootXXXX entry IDs are not consecutive.
Fix that by returning 0 in find_slot() when an empty gap ID is selected
to make it match the behavior when selecting an empty non-gap ID.
(cherry picked from commit 26d54e1263dcb58daa6578595cc6ab1037315593)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/0028a3eb976dfa7209433dfa3a24b785f05fd352
---
src/boot/bootctl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c
index fa8c600321..bd96812246 100644
--- a/src/boot/bootctl.c
+++ b/src/boot/bootctl.c
@@ -711,7 +711,7 @@ static int find_slot(sd_id128_t uuid, const char *path, uint16_t *id) {
for (i = 0; i < n; i++)
if (i != options[i]) {
*id = i;
- return 1;
+ return 0;
}
/* use the next one */
--
2.33.0

57
backport-bus-util-retrieve-bus-error-from-message.patch
View File

@ -1,57 +0,0 @@
From 443f25f3cd34ce504a4850373babcde5d572335f Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 30 Jan 2022 05:36:56 +0900
Subject: [PATCH] bus-util: retrieve bus error from message
The error in argument is not input, but used for output.
(cherry picked from commit 853b94863cf26d084454edd63ce987cc7ab0505a)
(cherry picked from commit b9e144629bdb7c3d4535fb0a0ad8639140a25034)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/443f25f3cd34ce504a4850373babcde5d572335f
---
src/shared/bus-wait-for-units.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/shared/bus-wait-for-units.c b/src/shared/bus-wait-for-units.c
index 29620e0d1b..c867f1cbfd 100644
--- a/src/shared/bus-wait-for-units.c
+++ b/src/shared/bus-wait-for-units.c
@@ -1,5 +1,6 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
+#include "bus-error.h"
#include "bus-map-properties.h"
#include "bus-wait-for-units.h"
#include "hashmap.h"
@@ -288,19 +289,22 @@ static int on_properties_changed(sd_bus_message *m, void *userdata, sd_bus_error
return 0;
}
-static int on_get_all_properties(sd_bus_message *m, void *userdata, sd_bus_error *error) {
+static int on_get_all_properties(sd_bus_message *m, void *userdata, sd_bus_error *ret_error) {
WaitForItem *item = userdata;
+ const sd_bus_error *e;
int r;
assert(item);
- if (sd_bus_error_is_set(error)) {
+ e = sd_bus_message_get_error(m);
+ if (e) {
BusWaitForUnits *d = item->parent;
d->has_failed = true;
- log_debug_errno(sd_bus_error_get_errno(error), "GetAll() failed for %s: %s",
- item->bus_path, error->message);
+ r = sd_bus_error_get_errno(e);
+ log_debug_errno(r, "GetAll() failed for %s: %s",
+ item->bus_path, bus_error_message(e, r));
call_unit_callback_and_wait(d, item, false);
bus_wait_for_units_check_ready(d);
--
2.33.0

82
backport-calendarspec-fix-possibly-skips-next-elapse.patch
View File

@ -1,82 +0,0 @@
From bce3b46aaf8c7ad7ff7eeaafbf4b321ffdad9c07 Mon Sep 17 00:00:00 2001
From: Gibeom Gwon <gb.gwon@stackframe.dev>
Date: Sun, 6 Mar 2022 09:45:38 +0900
Subject: [PATCH] calendarspec: fix possibly skips next elapse
If the time unit changes after adding the repetition value, the
timer may skip the next elapse. This patch reset sub time units
to minimum value when upper unit is changed.
Fixes #22665.
(cherry picked from commit 1e582ede3b04d12aae11fc5378a446a392054f1c)
(cherry picked from commit 8d4c0d2383e72f30753bf33f206387bc03879ff8)
Conflict:NA
Reference:https://github.com/systemd/systemd-stable/commit/bce3b46aaf8c7ad7ff7eeaafbf4b321ffdad9c07
---
src/shared/calendarspec.c | 27 ++++++++++++++++++++-------
src/test/test-calendarspec.c | 2 ++
2 files changed, 22 insertions(+), 7 deletions(-)
diff --git a/src/shared/calendarspec.c b/src/shared/calendarspec.c
index bf24d8d5bb..238766c96a 100644
--- a/src/shared/calendarspec.c
+++ b/src/shared/calendarspec.c
@@ -1180,6 +1180,7 @@ static int find_matching_component(
static int tm_within_bounds(struct tm *tm, bool utc) {
struct tm t;
+ int cmp;
assert(tm);
/*
@@ -1194,13 +1195,25 @@ static int tm_within_bounds(struct tm *tm, bool utc) {
if (mktime_or_timegm(&t, utc) < 0)
return negative_errno();
- /* Did any normalization take place? If so, it was out of bounds before */
- int cmp = CMP(t.tm_year, tm->tm_year) ?:
- CMP(t.tm_mon, tm->tm_mon) ?:
- CMP(t.tm_mday, tm->tm_mday) ?:
- CMP(t.tm_hour, tm->tm_hour) ?:
- CMP(t.tm_min, tm->tm_min) ?:
- CMP(t.tm_sec, tm->tm_sec);
+ /*
+ * Did any normalization take place? If so, it was out of bounds before.
+ * Normalization could skip next elapse, e.g. result of normalizing 3-33
+ * is 4-2. This skips 4-1. So reset the sub time unit if upper unit was
+ * out of bounds. Normalization has occurred implies find_matching_component() > 0,
+ * other sub time units are already reset in find_next().
+ */
+ if ((cmp = CMP(t.tm_year, tm->tm_year)) != 0)
+ t.tm_mon = 0;
+ else if ((cmp = CMP(t.tm_mon, tm->tm_mon)) != 0)
+ t.tm_mday = 1;
+ else if ((cmp = CMP(t.tm_mday, tm->tm_mday)) != 0)
+ t.tm_hour = 0;
+ else if ((cmp = CMP(t.tm_hour, tm->tm_hour)) != 0)
+ t.tm_min = 0;
+ else if ((cmp = CMP(t.tm_min, tm->tm_min)) != 0)
+ t.tm_sec = 0;
+ else
+ cmp = CMP(t.tm_sec, tm->tm_sec);
if (cmp < 0)
return -EDEADLK; /* Refuse to go backward */
diff --git a/src/test/test-calendarspec.c b/src/test/test-calendarspec.c
index 4f1d0f64d5..bc5e56a238 100644
--- a/src/test/test-calendarspec.c
+++ b/src/test/test-calendarspec.c
@@ -201,6 +201,8 @@ int main(int argc, char* argv[]) {
test_next("2016-02~01 UTC", "", 12345, 1456704000000000);
test_next("Mon 2017-05~01..07 UTC", "", 12345, 1496016000000000);
test_next("Mon 2017-05~07/1 UTC", "", 12345, 1496016000000000);
+ test_next("*-*-01/5 04:00:00 UTC", "", 1646010000000000, 1646107200000000);
+ test_next("*-01/7-01 04:00:00 UTC", "", 1664607600000000, 1672545600000000);
test_next("2017-08-06 9,11,13,15,17:00 UTC", "", 1502029800000000, 1502031600000000);
test_next("2017-08-06 9..17/2:00 UTC", "", 1502029800000000, 1502031600000000);
test_next("2016-12-* 3..21/6:00 UTC", "", 1482613200000001, 1482634800000000);
--
2.33.0

84
backport-cgroup-do-catchup-for-unit-cgroup-inotify-watch-file.patch
View File

@ -1,84 +0,0 @@
From 52ab3b8f534eafeed86908ad38f4cd0f169e23ff Mon Sep 17 00:00:00 2001
From: Dan Streetman <ddstreet@canonical.com>
Date: Sun, 11 Jul 2021 16:59:27 -0400
Subject: [PATCH] cgroup: do 'catchup' for unit cgroup inotify watch files
While reexec/reload, we drop the inotify watch on cgroup file(s), so
we need to re-check them in case they changed and we missed the event.
Fixes: #20198
(cherry picked from commit 869f52f21831b611160c4937bef822ca94c802ba)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/52ab3b8f534eafeed86908ad38f4cd0f169e23ff
---
src/core/cgroup.c | 18 ++++++++++++++++++
src/core/cgroup.h | 2 ++
src/core/unit.c | 2 ++
3 files changed, 22 insertions(+)
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index 3a6f768c60..5c07aa71d1 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -3039,6 +3039,9 @@ static int unit_check_cgroup_events(Unit *u) {
assert(u);
+ if (!u->cgroup_path)
+ return 0;
+
r = cg_get_keyed_attribute_graceful(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, "cgroup.events",
STRV_MAKE("populated", "frozen"), values);
if (r < 0)
@@ -3871,6 +3874,21 @@ void unit_invalidate_cgroup_bpf(Unit *u) {
}
}
+void unit_cgroup_catchup(Unit *u) {
+ assert(u);
+
+ if (!UNIT_HAS_CGROUP_CONTEXT(u))
+ return;
+
+ /* We dropped the inotify watch during reexec/reload, so we need to
+ * check these as they may have changed.
+ * Note that (currently) the kernel doesn't actually update cgroup
+ * file modification times, so we can't just serialize and then check
+ * the mtime for file(s) we are interested in. */
+ (void) unit_check_cgroup_events(u);
+ unit_add_to_cgroup_oom_queue(u);
+}
+
bool unit_cgroup_delegate(Unit *u) {
CGroupContext *c;
diff --git a/src/core/cgroup.h b/src/core/cgroup.h
index ea929368cb..3f8cad899d 100644
--- a/src/core/cgroup.h
+++ b/src/core/cgroup.h
@@ -313,6 +313,8 @@ void manager_invalidate_startup_units(Manager *m);
const char* cgroup_device_policy_to_string(CGroupDevicePolicy i) _const_;
CGroupDevicePolicy cgroup_device_policy_from_string(const char *s) _pure_;
+void unit_cgroup_catchup(Unit *u);
+
bool unit_cgroup_delegate(Unit *u);
int compare_job_priority(const void *a, const void *b);
diff --git a/src/core/unit.c b/src/core/unit.c
index 47966bcf0d..7e3bd7505e 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -3616,6 +3616,8 @@ void unit_catchup(Unit *u) {
if (UNIT_VTABLE(u)->catchup)
UNIT_VTABLE(u)->catchup(u);
+
+ unit_cgroup_catchup(u);
}
static bool fragment_mtime_newer(const char *path, usec_t mtime, bool path_masked) {
--
2.33.0

45
backport-cgroup-don-t-emit-BPF-firewall-warning-when-manager-.patch
View File

@ -1,45 +0,0 @@
From f4472e406eaa1087534066d09a4b7f2fd1de2a06 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@microsoft.com>
Date: Tue, 30 Nov 2021 23:49:33 +0000
Subject: [PATCH] cgroup: don't emit BPF firewall warning when manager is in
test mode
Support for BPF might not have been checked, since it's not necessary
in test mode (eg: running offline analysis of units). This causes an
assert:
Assertion '(_error) != 0' failed at src/core/bpf-firewall.c:914, function emit_bpf_firewall_warning(). Aborting.
Export SYSTEMD_LOG_LEVEl=debug in TEST-65-ANALYZE is enough to trigger
this assert while doing an offline analysis of a unit that has some
firewall/network restrictions set.
Skip the warning if the manager is in test mode.
(cherry picked from commit a42232a18c5716f69efc67c779dd2ef6c4b9d6c2)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/f4472e406eaa1087534066d09a4b7f2fd1de2a06
---
src/core/bpf-firewall.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/core/bpf-firewall.c b/src/core/bpf-firewall.c
index 4a92052925..c4989a3ea6 100644
--- a/src/core/bpf-firewall.c
+++ b/src/core/bpf-firewall.c
@@ -911,7 +911,10 @@ int bpf_firewall_supported(void) {
void emit_bpf_firewall_warning(Unit *u) {
static bool warned = false;
- if (!warned) {
+ assert(u);
+ assert(u->manager);
+
+ if (!warned && !MANAGER_IS_TEST_RUN(u->manager)) {
bool quiet = bpf_firewall_unsupported_reason == -EPERM && detect_container() > 0;
log_unit_full_errno(u, quiet ? LOG_DEBUG : LOG_WARNING, bpf_firewall_unsupported_reason,
--
2.33.0

41
backport-cgroups-agent-connect-stdin-stdout-stderr-to-dev-nul.patch
View File

@ -1,41 +0,0 @@
From a59a7227a29a73e8e1b0d80153f258e20354c0d7 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 15 Jul 2022 11:02:40 +0200
Subject: [PATCH] cgroups-agent: connect stdin/stdout/stderr to /dev/null
Inspired by https://github.com/systemd/systemd/pull/24024 this is
another user mode helper, where this might be an issue. hence let's
rather be safe than sorry, and also connect stdin/stdout/stderr
explicitly with /dev/null.
(cherry picked from commit 50492ce81589773df2d82b4fc8047778e86c6edf)
(cherry picked from commit 689487785f776815e71642f89685ff01f0bc4fde)
(cherry picked from commit d8464304f03e6644bfc6ed42e13fb3a460b9ff60)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/a59a7227a29a73e8e1b0d80153f258e20354c0d7
---
src/cgroups-agent/cgroups-agent.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/cgroups-agent/cgroups-agent.c b/src/cgroups-agent/cgroups-agent.c
index 071cba3099..9126736235 100644
--- a/src/cgroups-agent/cgroups-agent.c
+++ b/src/cgroups-agent/cgroups-agent.c
@@ -16,6 +16,13 @@ int main(int argc, char *argv[]) {
_cleanup_close_ int fd = -1;
ssize_t n;
size_t l;
+ int r;
+
+ r = rearrange_stdio(-1, -1, -1);
+ if (r < 0) {
+ log_error_errno(r, "Failed to connect stdin/stdout/stderr with /dev/null: %m");
+ return EXIT_FAILURE;
+ }
if (argc != 2) {
log_error("Incorrect number of arguments.");
--
2.27.0

54
backport-change-indicator-used-for-later-versions-of-VirtualB.patch
View File

@ -1,54 +0,0 @@
From 7459b7f4a63de87a6e76e9187893c65291b7931f Mon Sep 17 00:00:00 2001
From: Greg Zuro <gregzuro@users.noreply.github.com>
Date: Tue, 26 Oct 2021 21:02:37 -0700
Subject: [PATCH] change indicator used for later versions of VirtualBox
(#21127)
Detection of VirtualBox is accomplished in the existing code by *either* `innotek GmbH`
or `Oracle Corporation` existing in any of:
- /sys/class/dmi/id/product_name
- /sys/class/dmi/id/sys_vendor
- /sys/class/dmi/id/board_vendor
- /sys/class/dmi/id/bios_vendor
With Oracle's physical servers, both `/sys/class/dmi/id/sys_vendor` and
`/sys/class/dmi/id/board_vendor` contain `Oracle Corporation`, so those
servers are detected as `oracle` (VirtualBox).
VirtualBox has the following values in the latest versions:
- /sys/class/dmi/id/product_name: `VirtualBox`
- /sys/class/dmi/id/sys_vendor: `innotek GmbH`
- /sys/class/dmi/id/board_vendor: `Oracle Corporation`
- /sys/class/dmi/id/bios_vendor: `innotek GmbH`
Presumably the existing check for `innotek GmbH` is meant to detect
older versions of VirtualBox, while changing the second checked value
from `Oracle Corporation` to `VirtualBox` will reliably detect later and future
versions.
(cherry picked from commit cfee6b955154c30be31ffcf0e3b7b89374a52fff)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/7459b7f4a63de87a6e76e9187893c65291b7931f
---
src/basic/virt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/basic/virt.c b/src/basic/virt.c
index 0243b2d2a8..cc123a286f 100644
--- a/src/basic/virt.c
+++ b/src/basic/virt.c
@@ -159,7 +159,7 @@ static int detect_vm_dmi_vendor(void) {
{ "VMware", VIRTUALIZATION_VMWARE }, /* https://kb.vmware.com/s/article/1009458 */
{ "VMW", VIRTUALIZATION_VMWARE },
{ "innotek GmbH", VIRTUALIZATION_ORACLE },
- { "Oracle Corporation", VIRTUALIZATION_ORACLE },
+ { "VirtualBox", VIRTUALIZATION_ORACLE },
{ "Xen", VIRTUALIZATION_XEN },
{ "Bochs", VIRTUALIZATION_BOCHS },
{ "Parallels", VIRTUALIZATION_PARALLELS },
--
2.33.0

79
backport-ci-cancel-previous-jobs-on-ref-update.patch
View File

@ -1,79 +0,0 @@
From 47b12629b47d9dfc857874a1b680f60ffc0af0bd Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Wed, 10 Nov 2021 16:45:12 +0100
Subject: [PATCH] ci: cancel previous jobs on ref update
Let's save the environment (and reduce the number of jobs in GH Actions
queues) by cancelling old jobs on a ref update (force push).
See: https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#concurrency
(cherry picked from commit 3884837610168e6fb69fc2d5709f6c017a30beb9)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/47b12629b47d9dfc857874a1b680f60ffc0af0bd
---
.github/workflows/build_test.yml | 3 +++
.github/workflows/cifuzz.yml | 3 +++
.github/workflows/mkosi.yml | 3 +++
.github/workflows/unit_tests.yml | 3 +++
4 files changed, 12 insertions(+)
diff --git a/.github/workflows/build_test.yml b/.github/workflows/build_test.yml
index 486016abc1..fa86236c2a 100644
--- a/.github/workflows/build_test.yml
+++ b/.github/workflows/build_test.yml
@@ -14,6 +14,9 @@ on:
jobs:
build:
runs-on: ubuntu-20.04
+ concurrency:
+ group: ${{ github.workflow }}-${{ matrix.env.COMPILER }}-${{ matrix.env.COMPILER_VERSION }}-${{ github.ref }}
+ cancel-in-progress: true
strategy:
fail-fast: false
matrix:
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
index 5296dc7069..df1fb15ace 100644
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@@ -19,6 +19,9 @@ jobs:
Fuzzing:
runs-on: ubuntu-latest
if: github.repository == 'systemd/systemd'
+ concurrency:
+ group: ${{ github.workflow }}-${{ github.ref }}
+ cancel-in-progress: true
strategy:
fail-fast: false
matrix:
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index babdf7ae6e..f67fd23b1c 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -13,6 +13,9 @@ on:
jobs:
ci:
runs-on: ubuntu-20.04
+ concurrency:
+ group: ${{ github.workflow }}-${{ matrix.distro }}-${{ github.ref }}
+ cancel-in-progress: true
strategy:
fail-fast: false
matrix:
diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
index ca1e6e0c30..aaf8fcad3d 100644
--- a/.github/workflows/unit_tests.yml
+++ b/.github/workflows/unit_tests.yml
@@ -10,6 +10,9 @@ on:
jobs:
build:
runs-on: ubuntu-20.04
+ concurrency:
+ group: ${{ github.workflow }}-${{ matrix.run_phase }}-${{ github.ref }}
+ cancel-in-progress: true
strategy:
fail-fast: false
matrix:
--
2.33.0

59
backport-ci-fix-clang-13-installation.patch
View File

@ -1,59 +0,0 @@
From eaa74c30212d62f546692731ec3cef498f3edb08 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Tue, 22 Feb 2022 14:43:40 +0100
Subject: [PATCH] ci: fix clang-13 installation
For some reason Ubuntu Focal repositories now have `llvm-13` virtual
package which can't be installed, but successfully fools our check,
resulting in no clang/llvm being installed...
```
$ apt show llvm-13
Package: llvm-13
State: not a real package (virtual)
N: Can't select candidate version from package llvm-13 as it has no candidate
N: Can't select versions from package 'llvm-13' as it is purely virtual
N: No packages found
$ apt install --dry-run llvm-13
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package llvm-13 is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package 'llvm-13' has no installation candidate
```
(cherry picked from commit b491d74064f9d5e17a71b38b014434237169a077)
(cherry picked from commit fa6e263273905cfc9e4528e8175ace3d19d881e3)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/eaa74c30212d62f546692731ec3cef498f3edb08
---
.github/workflows/build_test.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh
index db38554d97..1200fa23f3 100755
--- a/.github/workflows/build_test.sh
+++ b/.github/workflows/build_test.sh
@@ -75,12 +75,12 @@ if [[ "$COMPILER" == clang ]]; then
# ATTOW llvm-11 got into focal-updates, which conflicts with llvm-11
# provided by the apt.llvm.org repositories. Let's use the system
# llvm package if available in such cases to avoid that.
- if ! apt show --quiet "llvm-$COMPILER_VERSION" &>/dev/null; then
+ if ! apt install --dry-run "llvm-$COMPILER_VERSION" >/dev/null; then
# Latest LLVM stack deb packages provided by https://apt.llvm.org/
# Following snippet was partly borrowed from https://apt.llvm.org/llvm.sh
wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --yes --dearmor --output /usr/share/keyrings/apt-llvm-org.gpg
printf "deb [signed-by=/usr/share/keyrings/apt-llvm-org.gpg] http://apt.llvm.org/%s/ llvm-toolchain-%s-%s main\n" \
- "$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list
+ "$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list
PACKAGES+=("clang-$COMPILER_VERSION" "lldb-$COMPILER_VERSION" "lld-$COMPILER_VERSION" "clangd-$COMPILER_VERSION")
fi
elif [[ "$COMPILER" == gcc ]]; then
--
2.33.0

82
backport-ci-fix-indentation.patch
View File

@ -1,82 +0,0 @@
From 6db77b2c9f31c8246ec920a189fe44873111566f Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Wed, 10 Nov 2021 16:42:07 +0100
Subject: [PATCH] ci: fix indentation
(cherry picked from commit 46573ee1319ee8ae5b292a0a737740eca1a68184)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/6db77b2c9f31c8246ec920a189fe44873111566f
---
.github/workflows/cifuzz.yml | 58 ++++++++++++++++++------------------
1 file changed, 29 insertions(+), 29 deletions(-)
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
index 14d81a67ff..5296dc7069 100644
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@@ -16,32 +16,32 @@ on:
branches:
- main
jobs:
- Fuzzing:
- runs-on: ubuntu-latest
- if: github.repository == 'systemd/systemd'
- strategy:
- fail-fast: false
- matrix:
- sanitizer: [address, undefined, memory]
- steps:
- - name: Build Fuzzers (${{ matrix.sanitizer }})
- id: build
- uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
- with:
- oss-fuzz-project-name: 'systemd'
- dry-run: false
- allowed-broken-targets-percentage: 0
- sanitizer: ${{ matrix.sanitizer }}
- - name: Run Fuzzers (${{ matrix.sanitizer }})
- uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
- with:
- oss-fuzz-project-name: 'systemd'
- fuzz-seconds: 600
- dry-run: false
- sanitizer: ${{ matrix.sanitizer }}
- - name: Upload Crash
- uses: actions/upload-artifact@v1
- if: failure() && steps.build.outcome == 'success'
- with:
- name: ${{ matrix.sanitizer }}-artifacts
- path: ./out/artifacts
+ Fuzzing:
+ runs-on: ubuntu-latest
+ if: github.repository == 'systemd/systemd'
+ strategy:
+ fail-fast: false
+ matrix:
+ sanitizer: [address, undefined, memory]
+ steps:
+ - name: Build Fuzzers (${{ matrix.sanitizer }})
+ id: build
+ uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+ with:
+ oss-fuzz-project-name: 'systemd'
+ dry-run: false
+ allowed-broken-targets-percentage: 0
+ sanitizer: ${{ matrix.sanitizer }}
+ - name: Run Fuzzers (${{ matrix.sanitizer }})
+ uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+ with:
+ oss-fuzz-project-name: 'systemd'
+ fuzz-seconds: 600
+ dry-run: false
+ sanitizer: ${{ matrix.sanitizer }}
+ - name: Upload Crash
+ uses: actions/upload-artifact@v1
+ if: failure() && steps.build.outcome == 'success'
+ with:
+ name: ${{ matrix.sanitizer }}-artifacts
+ path: ./out/artifacts
--
2.33.0

32
backport-ci-pin-the-debian-systemd-repo-to-a-specific-revisio.patch
View File

@ -1,32 +0,0 @@
From cdc1cd4eb3f86f3100d6d04b1b5d12a2d87b8704 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Sun, 14 Nov 2021 12:28:21 +0100
Subject: [PATCH] ci: pin the debian systemd repo to a specific revision
to work around missing systemd/systemd#20056 in pre-v250 stable
branches.
v249-stable-only
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/cdc1cd4eb3f86f3100d6d04b1b5d12a2d87b8704
---
.semaphore/semaphore.yml | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml
index 06f162007e..7fc38a553d 100644
--- a/.semaphore/semaphore.yml
+++ b/.semaphore/semaphore.yml
@@ -25,3 +25,8 @@ blocks:
- checkout --use-cache
- .semaphore/semaphore-runner.sh SETUP
- .semaphore/semaphore-runner.sh RUN
+ env_vars:
+ # Pin the debian systemd repo to a specific revision, to work around
+ # missing systemd/systemd#20056 in pre-v250 stable branches
+ - name: BRANCH
+ value: e138f8573a14f8f094bd6c9582bc26ed62c1347f
--
2.33.0

39
backport-ci-replace-apt-key-with-signed-by.patch
View File

@ -1,39 +0,0 @@
From 84230ae4e3a10fccfb4750b832d2c70fe56df128 Mon Sep 17 00:00:00 2001
From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Sun, 26 Dec 2021 01:11:00 +0000
Subject: [PATCH] ci: replace apt-key with signed-by
to limit the scope of the key to apt.llvm.org only.
This is mostly inspired by https://blog.cloudflare.com/dont-use-apt-key/
(cherry picked from commit bfa6bd1be098adc4710e1819b9cd34d65b3855da)
(cherry picked from commit c92297a20c13b7e15b0026b1f36ebe99d86cfce8)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/84230ae4e3a10fccfb4750b832d2c70fe56df128
---
.github/workflows/build_test.sh | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh
index 10fa1ea9b0..db38554d97 100755
--- a/.github/workflows/build_test.sh
+++ b/.github/workflows/build_test.sh
@@ -77,9 +77,10 @@ if [[ "$COMPILER" == clang ]]; then
# llvm package if available in such cases to avoid that.
if ! apt show --quiet "llvm-$COMPILER_VERSION" &>/dev/null; then
# Latest LLVM stack deb packages provided by https://apt.llvm.org/
- # Following snippet was borrowed from https://apt.llvm.org/llvm.sh
- wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add -
- add-apt-repository -y "deb http://apt.llvm.org/$RELEASE/ llvm-toolchain-$RELEASE-$COMPILER_VERSION main"
+ # Following snippet was partly borrowed from https://apt.llvm.org/llvm.sh
+ wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --yes --dearmor --output /usr/share/keyrings/apt-llvm-org.gpg
+ printf "deb [signed-by=/usr/share/keyrings/apt-llvm-org.gpg] http://apt.llvm.org/%s/ llvm-toolchain-%s-%s main\n" \
+ "$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list
PACKAGES+=("clang-$COMPILER_VERSION" "lldb-$COMPILER_VERSION" "lld-$COMPILER_VERSION" "clangd-$COMPILER_VERSION")
fi
elif [[ "$COMPILER" == gcc ]]; then
--
2.33.0

49
backport-ci-run-the-unit_tests-and-mkosi-jobs-on-stable-branc.patch
View File

@ -1,49 +0,0 @@
From 9d08ba9b3fa7542037e0522c10d63517366afda6 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Fri, 12 Nov 2021 17:37:15 +0100
Subject: [PATCH] ci: run the unit_tests and mkosi jobs on stable branches as
well
To provide more coverage for the systemd-stable repo.
See: https://github.com/systemd/systemd-stable/issues/24
(cherry picked from commit c76a83858996148fea36d1018b4707ce5334363b)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/9d08ba9b3fa7542037e0522c10d63517366afda6
---
.github/workflows/mkosi.yml | 2 ++
.github/workflows/unit_tests.yml | 1 +
2 files changed, 3 insertions(+)
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index f67fd23b1c..489eb01880 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -6,9 +6,11 @@ on:
push:
branches:
- main
+ - v[0-9]+-stable
pull_request:
branches:
- main
+ - v[0-9]+-stable
jobs:
ci:
diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
index aaf8fcad3d..4a19a6a1c8 100644
--- a/.github/workflows/unit_tests.yml
+++ b/.github/workflows/unit_tests.yml
@@ -6,6 +6,7 @@ on:
pull_request:
branches:
- main
+ - v[0-9]+-stable
jobs:
build:
--
2.33.0

33
backport-ci-take-CIFuzz-s-matrix-into-consideration.patch
View File

@ -1,33 +0,0 @@
From 428d4988d2bc68e189481f7b46ffd1f84090aadd Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Wed, 10 Nov 2021 20:15:41 +0100
Subject: [PATCH] ci: take CIFuzz's matrix into consideration
Otherwise the jobs will try to cancel each other out.
Follow-up to 3884837610168e6fb69fc2d5709f6c017a30beb9.
(cherry picked from commit 8b212f3596d03f8e1025cd151d17f9a82433844a)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/428d4988d2bc68e189481f7b46ffd1f84090aadd
---
.github/workflows/cifuzz.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
index df1fb15ace..8ab2a4cf55 100644
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@@ -20,7 +20,7 @@ jobs:
runs-on: ubuntu-latest
if: github.repository == 'systemd/systemd'
concurrency:
- group: ${{ github.workflow }}-${{ github.ref }}
+ group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }}
cancel-in-progress: true
strategy:
fail-fast: false
--
2.33.0

47
backport-ci-use-the-system-llvm-11-package-on-Focal.patch
View File

@ -1,47 +0,0 @@
From 441c959460217ba81591ada9185bed2665cdc994 Mon Sep 17 00:00:00 2001
From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Mon, 11 Oct 2021 21:12:42 +0200
Subject: [PATCH] ci: use the system llvm-11 package on Focal
ATTOW llvm-11 got into focal-updates, which conflicts with llvm-11
provided by the apt.llvm.org repositories. Let's use the system
llvm package if available in such cases to avoid that.
(cherry picked from commit 1c71302f70c7d0712d49b5214f5f29b4d6a2c73e)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/441c959460217ba81591ada9185bed2665cdc994
---
.github/workflows/build_test.sh | 16 +++++++++++-----
1 file changed, 11 insertions(+), 5 deletions(-)
diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh
index bdcb71ba9c..10fa1ea9b0 100755
--- a/.github/workflows/build_test.sh
+++ b/.github/workflows/build_test.sh
@@ -71,11 +71,17 @@ if [[ "$COMPILER" == clang ]]; then
CC="clang-$COMPILER_VERSION"
CXX="clang++-$COMPILER_VERSION"
AR="llvm-ar-$COMPILER_VERSION"
- # Latest LLVM stack deb packages provided by https://apt.llvm.org/
- # Following snippet was borrowed from https://apt.llvm.org/llvm.sh
- wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add -
- add-apt-repository -y "deb http://apt.llvm.org/$RELEASE/ llvm-toolchain-$RELEASE-$COMPILER_VERSION main"
- PACKAGES+=(clang-$COMPILER_VERSION lldb-$COMPILER_VERSION lld-$COMPILER_VERSION clangd-$COMPILER_VERSION)
+
+ # ATTOW llvm-11 got into focal-updates, which conflicts with llvm-11
+ # provided by the apt.llvm.org repositories. Let's use the system
+ # llvm package if available in such cases to avoid that.
+ if ! apt show --quiet "llvm-$COMPILER_VERSION" &>/dev/null; then
+ # Latest LLVM stack deb packages provided by https://apt.llvm.org/
+ # Following snippet was borrowed from https://apt.llvm.org/llvm.sh
+ wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add -
+ add-apt-repository -y "deb http://apt.llvm.org/$RELEASE/ llvm-toolchain-$RELEASE-$COMPILER_VERSION main"
+ PACKAGES+=("clang-$COMPILER_VERSION" "lldb-$COMPILER_VERSION" "lld-$COMPILER_VERSION" "clangd-$COMPILER_VERSION")
+ fi
elif [[ "$COMPILER" == gcc ]]; then
CC="gcc-$COMPILER_VERSION"
CXX="g++-$COMPILER_VERSION"
--
2.33.0

34
backport-clang-format-we-actually-typically-use-16ch-continua.patch
View File

@ -1,34 +0,0 @@
From 8282cc686bedb0cf3702ea4ac2856b39ae351ef3 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 22 Feb 2022 16:51:58 +0100
Subject: [PATCH] clang-format: we actually typically use 16ch continuation
indentation
We use 8 for blocks, and 16 for continuation in most cases afaics, hence
say so in .clang-format too
(cherry picked from commit 92148fb77766767fdb6ad6e52747317dae2aae85)
(cherry picked from commit 4a90c12f4f09f23e071e649422754f04eda6d273)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/8282cc686bedb0cf3702ea4ac2856b39ae351ef3
---
.clang-format | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.clang-format b/.clang-format
index 651249c701..c94866fcd5 100644
--- a/.clang-format
+++ b/.clang-format
@@ -46,7 +46,7 @@ ColumnLimit: 109
CompactNamespaces: true
ConstructorInitializerAllOnOneLineOrOnePerLine: true
ConstructorInitializerIndentWidth: 8
-ContinuationIndentWidth: 8
+ContinuationIndentWidth: 16
Cpp11BracedListStyle: false
ForEachMacros:
- BITMAP_FOREACH
--
2.33.0

41
backport-condition-fix-device-tree-firmware-path.patch
View File

@ -1,41 +0,0 @@
From 2065d03c1592ff0e9027e1c06b40f55fb3e1d1ae Mon Sep 17 00:00:00 2001
From: Daniel Braunwarth <daniel@braunwarth.dev>
Date: Sun, 28 Aug 2022 20:02:50 +0200
Subject: [PATCH] condition: fix device-tree firmware path
The path /sys/firmware/device-tree doesn't exist. This should be either
/proc/device-tree or /sys/firmware/devicetree.
The first path is only a link. So lets use the second path.
See https://github.com/torvalds/linux/blob/v4.14/drivers/of/base.c#L218.
(cherry picked from commit 1037178acfd093fb10d8f5e74f3072f78afdf7e8)
(cherry picked from commit 254b77e73cb81265146de653563a7fe3f9936b56)
(cherry picked from commit ba29bb342deb4eeb55debfa7abb4ba97d50df076)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/2065d03c1592ff0e9027e1c06b40f55fb3e1d1ae
---
src/shared/condition.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/shared/condition.c b/src/shared/condition.c
index 6645f771dd..b0520566ed 100644
--- a/src/shared/condition.c
+++ b/src/shared/condition.c
@@ -555,9 +555,9 @@ static int condition_test_firmware(Condition *c, char **env) {
assert(c->type == CONDITION_FIRMWARE);
if (streq(c->parameter, "device-tree")) {
- if (access("/sys/firmware/device-tree/", F_OK) < 0) {
+ if (access("/sys/firmware/devicetree/", F_OK) < 0) {
if (errno != ENOENT)
- log_debug_errno(errno, "Unexpected error when checking for /sys/firmware/device-tree/: %m");
+ log_debug_errno(errno, "Unexpected error when checking for /sys/firmware/devicetree/: %m");
return false;
} else
return true;
--
2.27.0

66
backport-core-Make-sure-cgroup_oom_queue-is-flushed-on-manage.patch
View File

@ -1,66 +0,0 @@
From 59894983693d36c6017ad995864b5541d7132563 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20Koutn=C3=BD?= <mkoutny@suse.com>
Date: Wed, 4 Aug 2021 18:59:35 +0200
Subject: [PATCH] core: Make sure cgroup_oom_queue is flushed on manager exit
The unit queues are not serialized/deserialized (they are recreated
after reexec/reload instead). The destroyed units are not removed from
the cgroup_oom_queue. That means the queue may contain possibly invalid
pointers to released units.
Fix this by removing the units from cgroup_oom_queue as we do for
others. When at it, sync assert checks with currently existing queues
and put them in order in the manager cleanup code.
(cherry picked from commit 13e721036bf4ba15eb255d8f0a14800f969ac0d7)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/59894983693d36c6017ad995864b5541d7132563
---
src/core/manager.c | 4 ++++
src/core/unit.c | 7 +++++--
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/core/manager.c b/src/core/manager.c
index 8884437347..34891a8754 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -1410,6 +1410,10 @@ static void manager_clear_jobs_and_units(Manager *m) {
assert(!m->cleanup_queue);
assert(!m->gc_unit_queue);
assert(!m->gc_job_queue);
+ assert(!m->cgroup_realize_queue);
+ assert(!m->cgroup_empty_queue);
+ assert(!m->cgroup_oom_queue);
+ assert(!m->target_deps_queue);
assert(!m->stop_when_unneeded_queue);
assert(!m->start_when_upheld_queue);
assert(!m->stop_when_bound_queue);
diff --git a/src/core/unit.c b/src/core/unit.c
index 7e3bd7505e..e469beb534 100644
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -733,6 +733,9 @@ Unit* unit_free(Unit *u) {
if (u->in_dbus_queue)
LIST_REMOVE(dbus_queue, u->manager->dbus_unit_queue, u);
+ if (u->in_cleanup_queue)
+ LIST_REMOVE(cleanup_queue, u->manager->cleanup_queue, u);
+
if (u->in_gc_queue)
LIST_REMOVE(gc_queue, u->manager->gc_unit_queue, u);
@@ -742,8 +745,8 @@ Unit* unit_free(Unit *u) {
if (u->in_cgroup_empty_queue)
LIST_REMOVE(cgroup_empty_queue, u->manager->cgroup_empty_queue, u);
- if (u->in_cleanup_queue)
- LIST_REMOVE(cleanup_queue, u->manager->cleanup_queue, u);
+ if (u->in_cgroup_oom_queue)
+ LIST_REMOVE(cgroup_oom_queue, u->manager->cgroup_oom_queue, u);
if (u->in_target_deps_queue)
LIST_REMOVE(target_deps_queue, u->manager->target_deps_queue, u);
--
2.33.0

36
backport-core-Parse-log-environment-settings-again-after-appl.patch
View File

@ -1,36 +0,0 @@
From b246b5370e95756e9597d8ec967ae030b442e73f Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 7 Sep 2021 16:13:56 +0100
Subject: [PATCH] core: Parse log environment settings again after applying
manager environment
Currently, SYSTEMD_LOG_LEVEL set in the ManagerEnvironment property in system.conf
or user.conf doesn't affect the manager's logging level. Parsing the logging environment
variables again after pushing the manager environment into the process environment
block makes sure any new environment changes also get taken into account for logging.
(cherry picked from commit a4303b4096d9a75acd09c5b897ed3d20c9bca6de)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/b246b5370e95756e9597d8ec967ae030b442e73f
---
src/core/main.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/core/main.c b/src/core/main.c
index b32a19a1d8..c64c73883e 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -2454,6 +2454,9 @@ static int parse_configuration(const struct rlimit *saved_rlimit_nofile,
/* Push variables into the manager environment block */
setenv_manager_environment();
+ /* Parse log environment variables again to take into account any new environment variables. */
+ log_parse_environment();
+
return 0;
}
--
2.33.0

45
backport-core-Remove-circular-include.patch
View File

@ -1,45 +0,0 @@
From a203879ae5914fa1a676dbd480a7ad41ca0d8e40 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 24 Aug 2021 16:19:03 +0100
Subject: [PATCH] core: Remove circular include
service.h includes socket.h and socket.h includes service.h. Move
service.h include from socket.h to socket.c to remove the circular
dependency.
(cherry picked from commit a243128d1fcfc378df9fce1b4997148a17ef23a5)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/a203879ae5914fa1a676dbd480a7ad41ca0d8e40
---
src/core/socket.c | 1 +
src/core/socket.h | 1 -
2 files changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/socket.c b/src/core/socket.c
index 8144780bf8..f362a5baa8 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -34,6 +34,7 @@
#include "process-util.h"
#include "selinux-util.h"
#include "serialize.h"
+#include "service.h"
#include "signal-util.h"
#include "smack-util.h"
#include "socket.h"
diff --git a/src/core/socket.h b/src/core/socket.h
index a65195f2aa..6813bdcf8c 100644
--- a/src/core/socket.h
+++ b/src/core/socket.h
@@ -5,7 +5,6 @@ typedef struct Socket Socket;
typedef struct SocketPeer SocketPeer;
#include "mount.h"
-#include "service.h"
#include "socket-util.h"
#include "unit.h"
--
2.33.0

48
backport-core-bpf-firewall-make-bpf_firewall_supported-always.patch
View File

@ -1,48 +0,0 @@
From 27028ef0f0bc128d14f41e233ad256687fd7e379 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 1 Dec 2021 21:07:22 +0900
Subject: [PATCH] core/bpf-firewall: make bpf_firewall_supported() always set
unsupported reason when BPF_FIREWALL_UNSUPPORTED is returned
Otherwise, log_unit_full_errno() in emit_bpf_firewall_warning() will
trigger an assertion.
(cherry picked from commit 8751bb6f5e89562d438566c374b9c3a1059c9211)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/27028ef0f0bc128d14f41e233ad256687fd7e379
---
src/core/bpf-firewall.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/core/bpf-firewall.c b/src/core/bpf-firewall.c
index 9317edeb4c..4a92052925 100644
--- a/src/core/bpf-firewall.c
+++ b/src/core/bpf-firewall.c
@@ -869,7 +869,10 @@ int bpf_firewall_supported(void) {
/* YAY! */
} else {
- log_debug("Wut? Kernel accepted our invalid BPF_PROG_DETACH call? Something is weird, assuming BPF firewalling is broken and hence not supported.");
+ bpf_firewall_unsupported_reason =
+ log_debug_errno(SYNTHETIC_ERRNO(EBADE),
+ "Wut? Kernel accepted our invalid BPF_PROG_DETACH call? "
+ "Something is weird, assuming BPF firewalling is broken and hence not supported.");
return supported = BPF_FIREWALL_UNSUPPORTED;
}
@@ -897,7 +900,10 @@ int bpf_firewall_supported(void) {
return supported = BPF_FIREWALL_SUPPORTED;
} else {
- log_debug("Wut? Kernel accepted our invalid BPF_PROG_ATTACH+BPF_F_ALLOW_MULTI call? Something is weird, assuming BPF firewalling is broken and hence not supported.");
+ bpf_firewall_unsupported_reason =
+ log_debug_errno(SYNTHETIC_ERRNO(EBADE),
+ "Wut? Kernel accepted our invalid BPF_PROG_ATTACH+BPF_F_ALLOW_MULTI call? "
+ "Something is weird, assuming BPF firewalling is broken and hence not supported.");
return supported = BPF_FIREWALL_UNSUPPORTED;
}
}
--
2.33.0

45
backport-core-cgroup-fix-error-handling-of-cg_remove_xattr.patch
View File

@ -1,45 +0,0 @@
From 7e79bfce0674c58068d2a125ed666986544e790f Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 5 Aug 2021 03:13:48 +0900
Subject: [PATCH] core/cgroup: fix error handling of cg_remove_xattr()
(cherry picked from commit 0cddb53c85588fbfb8043f622895c7bd15819198)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/7e79bfce0674c58068d2a125ed666986544e790f
---
src/core/cgroup.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index 2cbb789978..eab0929dc5 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -724,13 +724,13 @@ void cgroup_oomd_xattr_apply(Unit *u, const char *cgroup_path) {
if (c->moom_preference != MANAGED_OOM_PREFERENCE_AVOID) {
r = cg_remove_xattr(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, "user.oomd_avoid");
- if (r != -ENODATA)
+ if (r < 0 && r != -ENODATA)
log_unit_debug_errno(u, r, "Failed to remove oomd_avoid flag on control group %s, ignoring: %m", cgroup_path);
}
if (c->moom_preference != MANAGED_OOM_PREFERENCE_OMIT) {
r = cg_remove_xattr(SYSTEMD_CGROUP_CONTROLLER, cgroup_path, "user.oomd_omit");
- if (r != -ENODATA)
+ if (r < 0 && r != -ENODATA)
log_unit_debug_errno(u, r, "Failed to remove oomd_omit flag on control group %s, ignoring: %m", cgroup_path);
}
}
@@ -762,7 +762,7 @@ static void cgroup_xattr_apply(Unit *u) {
log_unit_debug_errno(u, r, "Failed to set delegate flag on control group %s, ignoring: %m", u->cgroup_path);
} else {
r = cg_remove_xattr(SYSTEMD_CGROUP_CONTROLLER, u->cgroup_path, "trusted.delegate");
- if (r != -ENODATA)
+ if (r < 0 && r != -ENODATA)
log_unit_debug_errno(u, r, "Failed to remove delegate flag on control group %s, ignoring: %m", u->cgroup_path);
}
--
2.33.0

119
backport-core-cgroup-set-bfq.weight-first-and-fixes-blkio.wei.patch
View File

@ -1,119 +0,0 @@
From 55af1d4ce32a32ebd3106cbdf1ef8b6cda55175f Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 25 Aug 2021 01:28:47 +0900
Subject: [PATCH] core/cgroup: set bfq.weight first, and fixes blkio.weight
value
Fixes issues introduced by 29eb0eefd14afc9a2424781a28b376db47c3c570.
This also fixes the value sets to blkio.weight, that is, "default" is dropped.
Moreover, This also changes the logic for mapping weight -> bfq.weight,
to always matches the min, max, and default values.
Fixes #20519 and #21187.
(cherry picked from commit 17283ce7b6035775f125585d1b228226942daf4b)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/55af1d4ce32a32ebd3106cbdf1ef8b6cda55175f
---
src/core/cgroup.c | 55 +++++++++++++++++++++++++++++++++++++----------
1 file changed, 44 insertions(+), 11 deletions(-)
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index 79e10ca3c0..8b5b403ae8 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -37,6 +37,12 @@
#define CGROUP_CPU_QUOTA_DEFAULT_PERIOD_USEC ((usec_t) 100 * USEC_PER_MSEC)
+/* Special values for the bfq.weight attribute */
+#define CGROUP_BFQ_WEIGHT_INVALID UINT64_MAX
+#define CGROUP_BFQ_WEIGHT_MIN UINT64_C(1)
+#define CGROUP_BFQ_WEIGHT_MAX UINT64_C(1000)
+#define CGROUP_BFQ_WEIGHT_DEFAULT UINT64_C(100)
+
/* Returns the log level to use when cgroup attribute writes fail. When an attribute is missing or we have access
* problems we downgrade to LOG_DEBUG. This is supposed to be nice to container managers and kernels which want to mask
* out specific attributes from us. */
@@ -1194,21 +1200,48 @@ static int cgroup_apply_devices(Unit *u) {
return r;
}
-static void set_io_weight(Unit *u, const char *controller, uint64_t weight) {
- char buf[8+DECIMAL_STR_MAX(uint64_t)+1];
- const char *p;
+static void set_io_weight(Unit *u, uint64_t weight) {
+ char buf[STRLEN("default \n")+DECIMAL_STR_MAX(uint64_t)];
+ uint64_t bfq_weight;
+
+ assert(u);
+
+ /* FIXME: drop this when distro kernels properly support BFQ through "io.weight"
+ * See also: https://github.com/systemd/systemd/pull/13335 and
+ * https://github.com/torvalds/linux/commit/65752aef0a407e1ef17ec78a7fc31ba4e0b360f9.
+ * The range is 1..1000 apparently, and the default is 100. */
+ if (weight <= CGROUP_WEIGHT_DEFAULT)
+ bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT - (CGROUP_WEIGHT_DEFAULT - weight) * (CGROUP_BFQ_WEIGHT_DEFAULT - CGROUP_BFQ_WEIGHT_MIN) / (CGROUP_WEIGHT_DEFAULT - CGROUP_WEIGHT_MIN);
+ else
+ bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT + (weight - CGROUP_WEIGHT_DEFAULT) * (CGROUP_BFQ_WEIGHT_MAX - CGROUP_BFQ_WEIGHT_DEFAULT) / (CGROUP_WEIGHT_MAX - CGROUP_WEIGHT_DEFAULT);
+
+ xsprintf(buf, "%" PRIu64 "\n", bfq_weight);
+ (void) set_attribute_and_warn(u, "io", "io.bfq.weight", buf);
- p = strjoina(controller, ".weight");
xsprintf(buf, "default %" PRIu64 "\n", weight);
- (void) set_attribute_and_warn(u, controller, p, buf);
+ (void) set_attribute_and_warn(u, "io", "io.weight", buf);
+}
+
+static void set_blkio_weight(Unit *u, uint64_t weight) {
+ char buf[STRLEN("\n")+DECIMAL_STR_MAX(uint64_t)];
+ uint64_t bfq_weight;
+
+ assert(u);
/* FIXME: drop this when distro kernels properly support BFQ through "io.weight"
* See also: https://github.com/systemd/systemd/pull/13335 and
* https://github.com/torvalds/linux/commit/65752aef0a407e1ef17ec78a7fc31ba4e0b360f9.
- * The range is 1..1000 apparently. */
- p = strjoina(controller, ".bfq.weight");
- xsprintf(buf, "%" PRIu64 "\n", (weight + 9) / 10);
- (void) set_attribute_and_warn(u, controller, p, buf);
+ * The range is 1..1000 apparently, and the default is 100. */
+ if (weight <= CGROUP_BLKIO_WEIGHT_DEFAULT)
+ bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT - (CGROUP_BLKIO_WEIGHT_DEFAULT - weight) * (CGROUP_BFQ_WEIGHT_DEFAULT - CGROUP_BFQ_WEIGHT_MIN) / (CGROUP_BLKIO_WEIGHT_DEFAULT - CGROUP_BLKIO_WEIGHT_MIN);
+ else
+ bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT + (weight - CGROUP_BLKIO_WEIGHT_DEFAULT) * (CGROUP_BFQ_WEIGHT_MAX - CGROUP_BFQ_WEIGHT_DEFAULT) / (CGROUP_BLKIO_WEIGHT_MAX - CGROUP_BLKIO_WEIGHT_DEFAULT);
+
+ xsprintf(buf, "%" PRIu64 "\n", bfq_weight);
+ (void) set_attribute_and_warn(u, "blkio", "blkio.bfq.weight", buf);
+
+ xsprintf(buf, "%" PRIu64 "\n", weight);
+ (void) set_attribute_and_warn(u, "blkio", "blkio.weight", buf);
}
static void cgroup_apply_bpf_foreign_program(Unit *u) {
@@ -1322,7 +1355,7 @@ static void cgroup_context_apply(
} else
weight = CGROUP_WEIGHT_DEFAULT;
- set_io_weight(u, "io", weight);
+ set_io_weight(u, weight);
if (has_io) {
CGroupIODeviceLatency *latency;
@@ -1392,7 +1425,7 @@ static void cgroup_context_apply(
else
weight = CGROUP_BLKIO_WEIGHT_DEFAULT;
- set_io_weight(u, "blkio", weight);
+ set_blkio_weight(u, weight);
if (has_io) {
CGroupIODeviceWeight *w;
--
2.33.0

82
backport-core-cgroup-use-helper-macro-for-bfq-conversion.patch
View File

@ -1,82 +0,0 @@
From d98169555c07668d999ac8ad62718da0ae9eec0f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Wed, 10 Nov 2021 11:37:15 +0100
Subject: [PATCH] core/cgroup: use helper macro for bfq conversion
As suggested in https://github.com/systemd/systemd/pull/20522#discussion_r696699984.
(cherry picked from commit 311822ac28c99e2fb0e25286bdb72c9188314a66)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/d98169555c07668d999ac8ad62718da0ae9eec0f
---
src/core/cgroup.c | 34 ++++++++++++++++------------------
1 file changed, 16 insertions(+), 18 deletions(-)
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index 8b5b403ae8..6e4780f2f6 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -1200,9 +1200,21 @@ static int cgroup_apply_devices(Unit *u) {
return r;
}
+/* Convert the normal io.weight value to io.bfq.weight */
+#define BFQ_WEIGHT(weight) \
+ (weight <= CGROUP_WEIGHT_DEFAULT ? \
+ CGROUP_BFQ_WEIGHT_DEFAULT - (CGROUP_WEIGHT_DEFAULT - weight) * (CGROUP_BFQ_WEIGHT_DEFAULT - CGROUP_BFQ_WEIGHT_MIN) / (CGROUP_WEIGHT_DEFAULT - CGROUP_WEIGHT_MIN) : \
+ CGROUP_BFQ_WEIGHT_DEFAULT + (weight - CGROUP_WEIGHT_DEFAULT) * (CGROUP_BFQ_WEIGHT_MAX - CGROUP_BFQ_WEIGHT_DEFAULT) / (CGROUP_WEIGHT_MAX - CGROUP_WEIGHT_DEFAULT))
+
+assert_cc(BFQ_WEIGHT(1) == 1);
+assert_cc(BFQ_WEIGHT(50) == 50);
+assert_cc(BFQ_WEIGHT(100) == 100);
+assert_cc(BFQ_WEIGHT(500) == 136);
+assert_cc(BFQ_WEIGHT(5000) == 545);
+assert_cc(BFQ_WEIGHT(10000) == 1000);
+
static void set_io_weight(Unit *u, uint64_t weight) {
char buf[STRLEN("default \n")+DECIMAL_STR_MAX(uint64_t)];
- uint64_t bfq_weight;
assert(u);
@@ -1210,12 +1222,7 @@ static void set_io_weight(Unit *u, uint64_t weight) {
* See also: https://github.com/systemd/systemd/pull/13335 and
* https://github.com/torvalds/linux/commit/65752aef0a407e1ef17ec78a7fc31ba4e0b360f9.
* The range is 1..1000 apparently, and the default is 100. */
- if (weight <= CGROUP_WEIGHT_DEFAULT)
- bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT - (CGROUP_WEIGHT_DEFAULT - weight) * (CGROUP_BFQ_WEIGHT_DEFAULT - CGROUP_BFQ_WEIGHT_MIN) / (CGROUP_WEIGHT_DEFAULT - CGROUP_WEIGHT_MIN);
- else
- bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT + (weight - CGROUP_WEIGHT_DEFAULT) * (CGROUP_BFQ_WEIGHT_MAX - CGROUP_BFQ_WEIGHT_DEFAULT) / (CGROUP_WEIGHT_MAX - CGROUP_WEIGHT_DEFAULT);
-
- xsprintf(buf, "%" PRIu64 "\n", bfq_weight);
+ xsprintf(buf, "%" PRIu64 "\n", BFQ_WEIGHT(weight));
(void) set_attribute_and_warn(u, "io", "io.bfq.weight", buf);
xsprintf(buf, "default %" PRIu64 "\n", weight);
@@ -1224,20 +1231,11 @@ static void set_io_weight(Unit *u, uint64_t weight) {
static void set_blkio_weight(Unit *u, uint64_t weight) {
char buf[STRLEN("\n")+DECIMAL_STR_MAX(uint64_t)];
- uint64_t bfq_weight;
assert(u);
- /* FIXME: drop this when distro kernels properly support BFQ through "io.weight"
- * See also: https://github.com/systemd/systemd/pull/13335 and
- * https://github.com/torvalds/linux/commit/65752aef0a407e1ef17ec78a7fc31ba4e0b360f9.
- * The range is 1..1000 apparently, and the default is 100. */
- if (weight <= CGROUP_BLKIO_WEIGHT_DEFAULT)
- bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT - (CGROUP_BLKIO_WEIGHT_DEFAULT - weight) * (CGROUP_BFQ_WEIGHT_DEFAULT - CGROUP_BFQ_WEIGHT_MIN) / (CGROUP_BLKIO_WEIGHT_DEFAULT - CGROUP_BLKIO_WEIGHT_MIN);
- else
- bfq_weight = CGROUP_BFQ_WEIGHT_DEFAULT + (weight - CGROUP_BLKIO_WEIGHT_DEFAULT) * (CGROUP_BFQ_WEIGHT_MAX - CGROUP_BFQ_WEIGHT_DEFAULT) / (CGROUP_BLKIO_WEIGHT_MAX - CGROUP_BLKIO_WEIGHT_DEFAULT);
-
- xsprintf(buf, "%" PRIu64 "\n", bfq_weight);
+ /* FIXME: see comment in set_io_weight(). */
+ xsprintf(buf, "%" PRIu64 "\n", BFQ_WEIGHT(weight));
(void) set_attribute_and_warn(u, "blkio", "blkio.bfq.weight", buf);
xsprintf(buf, "%" PRIu64 "\n", weight);
--
2.33.0

148
backport-core-check-size-before-mmap.patch
View File

@ -1,148 +0,0 @@
From d7ff7e3b6e2bd9eee809880d3632b293097e22e7 Mon Sep 17 00:00:00 2001
From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Wed, 2 Mar 2022 22:03:26 +0100
Subject: [PATCH] core: check size before mmap
The data type off_t can be 64 on 32 bit systems if they have large
file support. Since mmap expects a size_t with 32 bits as second
argument truncation could occur. At worst these huge files could
lead to mmaps smaller than the previous check for small files.
This in turn shouldn't have a lot of impact because mmap allocates
at page size boundaries. This also made the PAGE_ALIGN call in
open_mmap unneeded. In fact it was neither in sync with other mmap
calls nor with its own munmap counterpart in error path.
If such large files are encountered, which is very unlikely in these
code paths, treat them with the same error as if they are too small.
(cherry picked from commit 1a823cdeb9faea3849843e0b3dae0fbdd607e8b7)
(cherry picked from commit 6b37adf4a16c8f7e917dfd9f19dab259cda878b2)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/d7ff7e3b6e2bd9eee809880d3632b293097e22e7
---
src/basic/fileio.h | 6 ++++++
src/basic/locale-util.c | 4 ++++
src/boot/bootctl.c | 2 +-
src/libsystemd/sd-hwdb/sd-hwdb.c | 4 ++++
src/libsystemd/sd-journal/catalog.c | 4 ++--
src/libsystemd/sd-journal/compress.c | 4 ++++
6 files changed, 21 insertions(+), 3 deletions(-)
diff --git a/src/basic/fileio.h b/src/basic/fileio.h
index 9bd2037f5b..ee356ddb02 100644
--- a/src/basic/fileio.h
+++ b/src/basic/fileio.h
@@ -112,6 +112,12 @@ typedef enum ReadLineFlags {
int read_line_full(FILE *f, size_t limit, ReadLineFlags flags, char **ret);
+static inline bool file_offset_beyond_memory_size(off_t x) {
+ if (x < 0) /* off_t is signed, filter that out */
+ return false;
+ return (uint64_t) x > (uint64_t) SIZE_MAX;
+}
+
static inline int read_line(FILE *f, size_t limit, char **ret) {
return read_line_full(f, limit, 0, ret);
}
diff --git a/src/basic/locale-util.c b/src/basic/locale-util.c
index fd6b01cfaa..b181646abe 100644
--- a/src/basic/locale-util.c
+++ b/src/basic/locale-util.c
@@ -15,6 +15,7 @@
#include "dirent-util.h"
#include "env-util.h"
#include "fd-util.h"
+#include "fileio.h"
#include "hashmap.h"
#include "locale-util.h"
#include "path-util.h"
@@ -113,6 +114,9 @@ static int add_locales_from_archive(Set *locales) {
if (st.st_size < (off_t) sizeof(struct locarhead))
return -EBADMSG;
+ if (file_offset_beyond_memory_size(st.st_size))
+ return -EFBIG;
+
p = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0);
if (p == MAP_FAILED)
return -errno;
diff --git a/src/boot/bootctl.c b/src/boot/bootctl.c
index bd96812246..d6eb6d00a5 100644
--- a/src/boot/bootctl.c
+++ b/src/boot/bootctl.c
@@ -145,7 +145,7 @@ static int get_file_version(int fd, char **v) {
if (r < 0)
return log_error_errno(r, "EFI binary is not a regular file: %m");
- if (st.st_size < 27) {
+ if (st.st_size < 27 || file_offset_beyond_memory_size(st.st_size)) {
*v = NULL;
return 0;
}
diff --git a/src/libsystemd/sd-hwdb/sd-hwdb.c b/src/libsystemd/sd-hwdb/sd-hwdb.c
index 53601765fe..748cf26934 100644
--- a/src/libsystemd/sd-hwdb/sd-hwdb.c
+++ b/src/libsystemd/sd-hwdb/sd-hwdb.c
@@ -15,6 +15,7 @@
#include "alloc-util.h"
#include "fd-util.h"
+#include "fileio.h"
#include "hashmap.h"
#include "hwdb-internal.h"
#include "nulstr-util.h"
@@ -312,6 +313,9 @@ _public_ int sd_hwdb_new(sd_hwdb **ret) {
if (hwdb->st.st_size < (off_t) offsetof(struct trie_header_f, strings_len) + 8)
return log_debug_errno(SYNTHETIC_ERRNO(EIO),
"File %s is too short: %m", hwdb_bin_path);
+ if (file_offset_beyond_memory_size(hwdb->st.st_size))
+ return log_debug_errno(SYNTHETIC_ERRNO(EFBIG),
+ "File %s is too long: %m", hwdb_bin_path);
hwdb->map = mmap(0, hwdb->st.st_size, PROT_READ, MAP_SHARED, fileno(hwdb->f), 0);
if (hwdb->map == MAP_FAILED)
diff --git a/src/libsystemd/sd-journal/catalog.c b/src/libsystemd/sd-journal/catalog.c
index ce8d47ccc3..f2ad1a2039 100644
--- a/src/libsystemd/sd-journal/catalog.c
+++ b/src/libsystemd/sd-journal/catalog.c
@@ -524,10 +524,10 @@ static int open_mmap(const char *database, int *_fd, struct stat *_st, void **_p
if (fstat(fd, &st) < 0)
return -errno;
- if (st.st_size < (off_t) sizeof(CatalogHeader))
+ if (st.st_size < (off_t) sizeof(CatalogHeader) || file_offset_beyond_memory_size(st.st_size))
return -EINVAL;
- p = mmap(NULL, PAGE_ALIGN(st.st_size), PROT_READ, MAP_SHARED, fd, 0);
+ p = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, fd, 0);
if (p == MAP_FAILED)
return -errno;
diff --git a/src/libsystemd/sd-journal/compress.c b/src/libsystemd/sd-journal/compress.c
index 837abab76c..cb2e82667f 100644
--- a/src/libsystemd/sd-journal/compress.c
+++ b/src/libsystemd/sd-journal/compress.c
@@ -25,6 +25,7 @@
#include "alloc-util.h"
#include "compress.h"
#include "fd-util.h"
+#include "fileio.h"
#include "io-util.h"
#include "journal-def.h"
#include "macro.h"
@@ -807,6 +808,9 @@ int decompress_stream_lz4(int in, int out, uint64_t max_bytes) {
if (fstat(in, &st) < 0)
return log_debug_errno(errno, "fstat() failed: %m");
+ if (file_offset_beyond_memory_size(st.st_size))
+ return -EFBIG;
+
buf = malloc(LZ4_BUFSIZE);
if (!buf)
return -ENOMEM;
--
2.33.0

69
backport-core-command-argument-can-be-longer-than-PATH_MAX.patch
View File

@ -1,69 +0,0 @@
From a8a4d9a65902b8bfb15395479451070e9644560a Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 5 Apr 2022 21:47:46 +0900
Subject: [PATCH] core: command argument can be longer than PATH_MAX
Fixes a bug introduced by 065364920281e1cf59cab989e17aff21790505c4.
Fixes #22957.
(cherry picked from commit 58dd4999dcc81a0ed92fbd78bce3592c3e3afe9e)
(cherry picked from commit 9727b9ee7b90afb8fa0e6328dcb6c34b1522d4fd)
Conflict:NA
Reference:https://github.com/systemd/systemd-stable/commit/a8a4d9a65902b8bfb15395479451070e9644560a
---
src/core/load-fragment.c | 2 +-
src/test/test-load-fragment.c | 16 ++++++++++++++++
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 399a759ad0..cd07f3e60d 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -849,7 +849,7 @@ int config_parse_exec(
if (r < 0)
return ignore ? 0 : -ENOEXEC;
- r = unit_path_printf(u, word, &resolved);
+ r = unit_full_printf(u, word, &resolved);
if (r < 0) {
log_syntax(unit, ignore ? LOG_WARNING : LOG_ERR, filename, line, r,
"Failed to resolve unit specifiers in %s%s: %m",
diff --git a/src/test/test-load-fragment.c b/src/test/test-load-fragment.c
index b41a8abf7b..1a0a0579b2 100644
--- a/src/test/test-load-fragment.c
+++ b/src/test/test-load-fragment.c
@@ -10,6 +10,7 @@
#include "capability-util.h"
#include "conf-parser.h"
#include "fd-util.h"
+#include "fileio.h"
#include "format-util.h"
#include "fs-util.h"
#include "hashmap.h"
@@ -412,6 +413,21 @@ static void test_config_parse_exec(void) {
assert_se(r == 0);
assert_se(c1->command_next == NULL);
+ log_info("/* long arg */"); /* See issue #22957. */
+
+ char x[LONG_LINE_MAX-100], *y;
+ y = mempcpy(x, "/bin/echo ", STRLEN("/bin/echo "));
+ memset(y, 'x', sizeof(x) - STRLEN("/bin/echo ") - 1);
+ x[sizeof(x) - 1] = '\0';
+
+ r = config_parse_exec(NULL, "fake", 5, "section", 1,
+ "LValue", 0, x,
+ &c, u);
+ assert_se(r >= 0);
+ c1 = c1->command_next;
+ check_execcommand(c1,
+ "/bin/echo", NULL, y, NULL, false);
+
log_info("/* empty argument, reset */");
r = config_parse_exec(NULL, "fake", 4, "section", 1,
"LValue", 0, "",
--
2.33.0

65
backport-core-device-also-serialize-deserialize-device-syspat.patch
View File

@ -1,65 +0,0 @@
From 1ea74fca3a3c737f3901bc10d879b7830b3528bf Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 25 Oct 2022 21:41:17 +0900
Subject: [PATCH] core/device: also serialize/deserialize device syspath
The field will be used in later commits.
---
src/core/device.c | 13 ++++++++++++-
src/core/device.h | 2 +-
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/src/core/device.c b/src/core/device.c
index 9d694aa..26a6d1f 100644
--- a/src/core/device.c
+++ b/src/core/device.c
@@ -114,6 +114,7 @@ static void device_done(Unit *u) {
assert(d);
device_unset_sysfs(d);
+ d->deserialized_sysfs = mfree(d->deserialized_sysfs);
d->wants_property = strv_free(d->wants_property);
}
@@ -295,6 +296,9 @@ static int device_serialize(Unit *u, FILE *f, FDSet *fds) {
assert(f);
assert(fds);
+ if (d->sysfs)
+ (void) serialize_item(f, "sysfs", d->sysfs);
+
(void) serialize_item(f, "state", device_state_to_string(d->state));
if (device_found_to_string_many(d->found, &s) >= 0)
@@ -312,7 +316,14 @@ static int device_deserialize_item(Unit *u, const char *key, const char *value,
assert(value);
assert(fds);
- if (streq(key, "state")) {
+ if (streq(key, "sysfs")) {
+ if (!d->deserialized_sysfs) {
+ d->deserialized_sysfs = strdup(value);
+ if (!d->deserialized_sysfs)
+ log_oom_debug();
+ }
+
+ } else if (streq(key, "state")) {
DeviceState state;
state = device_state_from_string(value);
diff --git a/src/core/device.h b/src/core/device.h
index dfe8a13..99bf134 100644
--- a/src/core/device.h
+++ b/src/core/device.h
@@ -20,7 +20,7 @@ typedef enum DeviceFound {
struct Device {
Unit meta;
- char *sysfs;
+ char *sysfs, *deserialized_sysfs;
/* In order to be able to distinguish dependencies on different device nodes we might end up creating multiple
* devices for the same sysfs path. We chain them up here. */
--
2.33.0

43
backport-core-device-device_coldplug-don-t-set-DEVICE_DEAD.patch
View File

@ -1,43 +0,0 @@
From cf1ac0cfe44997747b0f857a1d0b67cea1298272 Mon Sep 17 00:00:00 2001
From: Martin Wilck <mwilck@suse.com>
Date: Wed, 25 May 2022 12:01:00 +0200
Subject: [PATCH] core/device: device_coldplug(): don't set DEVICE_DEAD
dm-crypt device units generated by systemd-cryptsetup-generator
habe BindsTo= dependencies on their backend devices. The dm-crypt
devices have the db_persist flag set, and thus survive the udev db
cleanup while switching root. But backend devices usually don't survive.
These devices are neither mounted nor used for swap, thus they will
seen as DEVICE_NOT_FOUND after switching root.
The BindsTo dependency will cause systemd to schedule a stop
job for the dm-crypt device, breaking boot:
[ 68.929457] krypton systemd[1]: systemd-cryptsetup@cr_root.service: Unit is stopped because bound to inactive unit dev-disk-by\x2duuid-3bf91f73\x2d1ee8\x2d4cfc\x2d9048\x2d93ba349b786d.device.
[ 68.945660] krypton systemd[1]: systemd-cryptsetup@cr_root.service: Trying to enqueue job systemd-cryptsetup@cr_root.service/stop/replace
[ 69.473459] krypton systemd[1]: systemd-cryptsetup@cr_root.service: Installed new job systemd-cryptsetup@cr_root.service/stop as 343
Avoid this by not setting the state of the backend devices to
DEVICE_DEAD.
Fixes the LUKS setup issue reported in #23429.
---
src/core/device.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/src/core/device.c b/src/core/device.c
index 4c261ec554..8728630523 100644
--- a/src/core/device.c
+++ b/src/core/device.c
@@ -205,8 +205,6 @@ static int device_coldplug(Unit *u) {
found &= ~DEVICE_FOUND_UDEV; /* ignore DEVICE_FOUND_UDEV bit */
if (state == DEVICE_PLUGGED)
state = DEVICE_TENTATIVE; /* downgrade state */
- if (found == DEVICE_NOT_FOUND)
- state = DEVICE_DEAD; /* If nobody sees the device, downgrade more */
}
if (d->found == found && d->state == state)
--
2.33.0

36
backport-core-device-do-not-downgrade-device-state-if-it-is-a.patch
View File

@ -1,36 +0,0 @@
From 4fc69e8a0949c2537019466f839d9b7aee5628c9 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 20 May 2022 10:25:12 +0200
Subject: [PATCH] core/device: do not downgrade device state if it is already
enumerated
On switching root, a device may have a persistent databse. In that case,
Device.enumerated_found may have DEVICE_FOUND_UDEV flag, and it is not
necessary to downgrade the Device.deserialized_found and
Device.deserialized_state. Otherwise, the state of the device unit may
be changed plugged -> dead -> plugged, if the device has not been mounted.
Fixes #23429.
[mwilck: cherry-picked from #23437]
---
src/core/device.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/core/device.c b/src/core/device.c
index 8728630523..fcde8a420e 100644
--- a/src/core/device.c
+++ b/src/core/device.c
@@ -201,7 +201,8 @@ static int device_coldplug(Unit *u) {
* Of course, deserialized parameters may be outdated, but the unit state can be adjusted later by
* device_catchup() or uevents. */
- if (!m->honor_device_enumeration && !MANAGER_IS_USER(m)) {
+ if (!m->honor_device_enumeration && !MANAGER_IS_USER(m) &&
+ !FLAGS_SET(d->enumerated_found, DEVICE_FOUND_UDEV)) {
found &= ~DEVICE_FOUND_UDEV; /* ignore DEVICE_FOUND_UDEV bit */
if (state == DEVICE_PLUGGED)
state = DEVICE_TENTATIVE; /* downgrade state */
--
2.33.0

28
backport-core-device-drop-unnecessary-condition.patch
View File

@ -1,28 +0,0 @@
From f33bc87989a87475ed41bc9cd715c4cbb18ee389 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 1 May 2022 21:42:43 +0900
Subject: [PATCH] core/device: drop unnecessary condition
---
src/core/device.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/src/core/device.c b/src/core/device.c
index 44425cda3c..934676287e 100644
--- a/src/core/device.c
+++ b/src/core/device.c
@@ -179,10 +179,7 @@ static void device_catchup(Unit *u) {
assert(d);
- /* Second, let's update the state with the enumerated state if it's different */
- if (d->enumerated_found == d->found)
- return;
-
+ /* Second, let's update the state with the enumerated state */
device_update_found_one(d, d->enumerated_found, DEVICE_FOUND_MASK);
}
--
2.33.0

117
backport-core-device-ignore-DEVICE_FOUND_UDEV-bit-on-switchin.patch
View File

@ -1,117 +0,0 @@
From 75d7b5989f99125e52d5c0e5656fa1cd0fae2405 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 29 Apr 2022 20:29:11 +0900
Subject: [PATCH] core/device: ignore DEVICE_FOUND_UDEV bit on switching root
The issue #12953 is caused by the following:
On switching root,
- deserialized_found == DEVICE_FOUND_UDEV | DEVICE_FOUND_MOUNT,
- deserialized_state == DEVICE_PLUGGED,
- enumerated_found == DEVICE_FOUND_MOUNT,
On switching root, most devices are not found by the enumeration process.
Hence, the device state is set to plugged by device_coldplug(), and then
changed to the dead state in device_catchup(). So the corresponding
mount point is unmounted. Later when the device is processed by udevd, it
will be changed to plugged state again.
The issue #23208 is caused by the fact that generated udev database in
initramfs and the main system are often different.
So, the two issues have the same root; we should not honor
DEVICE_FOUND_UDEV bit in the deserialized_found on switching root.
This partially reverts c6e892bc0eebe1d42c282bd2d8bae149fbeba85f.
Fixes #12953 and #23208.
Replaces #23215.
Co-authored-by: Martin Wilck <mwilck@suse.com>
---
src/core/device.c | 59 +++++++++++++++++++++++++++++++++++++++--------
1 file changed, 49 insertions(+), 10 deletions(-)
diff --git a/src/core/device.c b/src/core/device.c
index 934676287e..1a4563a3d9 100644
--- a/src/core/device.c
+++ b/src/core/device.c
@@ -163,14 +163,57 @@ static int device_coldplug(Unit *u) {
assert(d->state == DEVICE_DEAD);
/* First, let's put the deserialized state and found mask into effect, if we have it. */
+ if (d->deserialized_state < 0)
+ return 0;
+
+ Manager *m = u->manager;
+ DeviceFound found = d->deserialized_found;
+ DeviceState state = d->deserialized_state;
+
+ /* On initial boot, switch-root, reload, reexecute, the following happen:
+ * 1. MANAGER_IS_RUNNING() == false
+ * 2. enumerate devices: manager_enumerate() -> device_enumerate()
+ * Device.enumerated_found is set.
+ * 3. deserialize devices: manager_deserialize() -> device_deserialize()
+ * Device.deserialize_state and Device.deserialized_found are set.
+ * 4. coldplug devices: manager_coldplug() -> device_coldplug()
+ * deserialized properties are copied to the main properties.
+ * 5. MANAGER_IS_RUNNING() == true: manager_ready()
+ * 6. catchup devices: manager_catchup() -> device_catchup()
+ * Device.enumerated_found is applied to Device.found, and state is updated based on that.
+ *
+ * Notes:
+ * - On initial boot, no udev database exists. Hence, no devices are enumerated in the step 2.
+ * Also, there is no deserialized device. Device units are (a) generated based on dependencies of
+ * other units, or (b) generated when uevents are received.
+ *
+ * - On switch-root, the udev databse may be cleared, except for devices with sticky bit, i.e.
+ * OPTIONS="db_persist". Hence, almost no devices are enumerated in the step 2. However, in general,
+ * we have several serialized devices. So, DEVICE_FOUND_UDEV bit in the deserialized_found must be
+ * ignored, as udev rules in initramfs and the main system are often different. If the deserialized
+ * state is DEVICE_PLUGGED, we need to downgrade it to DEVICE_TENTATIVE (or DEVICE_DEAD if nobody
+ * sees the device). Unlike the other starting mode, Manager.honor_device_enumeration == false
+ * (maybe, it is better to rename the flag) when device_coldplug() and device_catchup() are called.
+ * Hence, let's conditionalize the operations by using the flag. After switch-root, systemd-udevd
+ * will (re-)process all devices, and the Device.found and Device.state will be adjusted.
+ *
+ * - On reload or reexecute, we can trust enumerated_found, deserialized_found, and deserialized_state.
+ * Of course, deserialized parameters may be outdated, but the unit state can be adjusted later by
+ * device_catchup() or uevents. */
+
+ if (!m->honor_device_enumeration && !MANAGER_IS_USER(m)) {
+ found &= ~DEVICE_FOUND_UDEV; /* ignore DEVICE_FOUND_UDEV bit */
+ if (state == DEVICE_PLUGGED)
+ state = DEVICE_TENTATIVE; /* downgrade state */
+ if (found == DEVICE_NOT_FOUND)
+ state = DEVICE_DEAD; /* If nobody sees the device, downgrade more */
+ }
- if (d->deserialized_state < 0 ||
- (d->deserialized_state == d->state &&
- d->deserialized_found == d->found))
+ if (d->found == found && d->state == state)
return 0;
- d->found = d->deserialized_found;
- device_set_state(d, d->deserialized_state);
+ d->found = found;
+ device_set_state(d, state);
return 0;
}
@@ -644,13 +687,9 @@ static void device_found_changed(Device *d, DeviceFound previous, DeviceFound no
}
static void device_update_found_one(Device *d, DeviceFound found, DeviceFound mask) {
- Manager *m;
-
assert(d);
- m = UNIT(d)->manager;
-
- if (MANAGER_IS_RUNNING(m) && (m->honor_device_enumeration || MANAGER_IS_USER(m))) {
+ if (MANAGER_IS_RUNNING(UNIT(d)->manager)) {
DeviceFound n, previous;
/* When we are already running, then apply the new mask right-away, and trigger state changes
--
2.33.0

64
backport-core-device-update-comment.patch
View File

@ -1,64 +0,0 @@
From 54a4d71509c0f3401aa576346754a0781795214a Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 25 Oct 2022 21:40:21 +0900
Subject: [PATCH] core/device: update comment
---
src/core/device.c | 29 +++++++++++++++++------------
1 file changed, 17 insertions(+), 12 deletions(-)
diff --git a/src/core/device.c b/src/core/device.c
index 0bca0ff..9d694aa 100644
--- a/src/core/device.c
+++ b/src/core/device.c
@@ -172,7 +172,7 @@ static int device_coldplug(Unit *u) {
* 1. MANAGER_IS_RUNNING() == false
* 2. enumerate devices: manager_enumerate() -> device_enumerate()
* Device.enumerated_found is set.
- * 3. deserialize devices: manager_deserialize() -> device_deserialize()
+ * 3. deserialize devices: manager_deserialize() -> device_deserialize_item()
* Device.deserialize_state and Device.deserialized_found are set.
* 4. coldplug devices: manager_coldplug() -> device_coldplug()
* deserialized properties are copied to the main properties.
@@ -187,22 +187,27 @@ static int device_coldplug(Unit *u) {
*
* - On switch-root, the udev databse may be cleared, except for devices with sticky bit, i.e.
* OPTIONS="db_persist". Hence, almost no devices are enumerated in the step 2. However, in general,
- * we have several serialized devices. So, DEVICE_FOUND_UDEV bit in the deserialized_found must be
- * ignored, as udev rules in initramfs and the main system are often different. If the deserialized
- * state is DEVICE_PLUGGED, we need to downgrade it to DEVICE_TENTATIVE. Unlike the other starting
- * mode, MANAGER_IS_SWITCHING_ROOT() is true when device_coldplug() and device_catchup() are called.
- * Hence, let's conditionalize the operations by using the flag. After switch-root, systemd-udevd
- * will (re-)process all devices, and the Device.found and Device.state will be adjusted.
+ * we have several serialized devices. So, DEVICE_FOUND_UDEV bit in the
+ * Device.deserialized_found must be ignored, as udev rules in initrd and the main system are often
+ * different. If the deserialized state is DEVICE_PLUGGED, we need to downgrade it to
+ * DEVICE_TENTATIVE. Unlike the other starting mode, MANAGER_IS_SWITCHING_ROOT() is true when
+ * device_coldplug() and device_catchup() are called. Hence, let's conditionalize the operations by
+ * using the flag. After switch-root, systemd-udevd will (re-)process all devices, and the
+ * Device.found and Device.state will be adjusted.
*
- * - On reload or reexecute, we can trust enumerated_found, deserialized_found, and deserialized_state.
- * Of course, deserialized parameters may be outdated, but the unit state can be adjusted later by
- * device_catchup() or uevents. */
+ * - On reload or reexecute, we can trust Device.enumerated_found, Device.deserialized_found, and
+ * Device.deserialized_state. Of course, deserialized parameters may be outdated, but the unit
+ * state can be adjusted later by device_catchup() or uevents. */
if (MANAGER_IS_SWITCHING_ROOT(m) &&
!FLAGS_SET(d->enumerated_found, DEVICE_FOUND_UDEV)) {
- found &= ~DEVICE_FOUND_UDEV; /* ignore DEVICE_FOUND_UDEV bit */
+ /* The device has not been enumerated. On switching-root, such situation is natural. See the
+ * above comment. To prevent problematic state transition active → dead → active, let's
+ * drop the DEVICE_FOUND_UDEV flag and downgrade state to DEVICE_TENTATIVE(activating). See
+ * issue #12953 and #23208. */
+ found &= ~DEVICE_FOUND_UDEV;
if (state == DEVICE_PLUGGED)
- state = DEVICE_TENTATIVE; /* downgrade state */
+ state = DEVICE_TENTATIVE;
}
if (d->found == found && d->state == state)
--
2.33.0

42
backport-core-device-verify-device-syspath-on-switching-root.patch
View File

@ -1,42 +0,0 @@
From b6c86ae28149c4abb2f0bd6acab13153382da9e7 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 26 Oct 2022 01:18:05 +0900
Subject: [PATCH] core/device: verify device syspath on switching root
Otherwise, if a device is removed while switching root, then the
corresponding .device unit will never go to inactive state.
This replaces the code dropped by cf1ac0cfe44997747b0f857a1d0b67cea1298272.
Fixes #25106.
---
src/core/device.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/src/core/device.c b/src/core/device.c
index 7e354b2b4a..6e07f2745b 100644
--- a/src/core/device.c
+++ b/src/core/device.c
@@ -305,6 +305,19 @@ static int device_coldplug(Unit *u) {
found &= ~DEVICE_FOUND_UDEV;
if (state == DEVICE_PLUGGED)
state = DEVICE_TENTATIVE;
+
+ /* Also check the validity of the device syspath. Without this check, if the device was
+ * removed while switching root, it would never go to inactive state, as both Device.found
+ * and Device.enumerated_found do not have the DEVICE_FOUND_UDEV flag, so device_catchup() in
+ * device_update_found_one() does nothing in most cases. See issue #25106. Note that the
+ * syspath field is only serialized when systemd is sufficiently new and the device has been
+ * already processed by udevd. */
+ if (d->deserialized_sysfs) {
+ _cleanup_(sd_device_unrefp) sd_device *dev = NULL;
+
+ if (sd_device_new_from_syspath(&dev, d->deserialized_sysfs) < 0)
+ state = DEVICE_DEAD;
+ }
}
if (d->found == found && d->state == state)
--
2.33.0

33
backport-core-don-t-fail-on-EEXIST-when-creating-mount-point.patch
View File

@ -1,33 +0,0 @@
From 37e8b3a312e64886c6fb1401c741dee7c8c102f4 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <luca.boccassi@microsoft.com>
Date: Fri, 28 Jan 2022 22:56:10 +0000
Subject: [PATCH] core: don't fail on EEXIST when creating mount point
systemd[1016]: Failed to mount /tmp/app1 (type n/a) on /run/systemd/unit-extensions/1 (MS_BIND ): No such file or directory
systemd[1016]: Failed to create destination mount point node '/run/systemd/unit-extensions/1': File exists
(cherry picked from commit 9d6d4c305ab8d65aab7f546450d7331f760b7259)
(cherry picked from commit ae8bc570a81e1286eb5b59a77ef179a500b95f9d)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/37e8b3a312e64886c6fb1401c741dee7c8c102f4
---
src/core/namespace.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/namespace.c b/src/core/namespace.c
index a6c6963bb7..19942d912f 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -1380,7 +1380,7 @@ static int apply_one_mount(
(void) mkdir_parents(mount_entry_path(m), 0755);
q = make_mount_point_inode_from_path(what, mount_entry_path(m), 0755);
- if (q < 0)
+ if (q < 0 && q != -EEXIST)
log_error_errno(q, "Failed to create destination mount point node '%s': %m",
mount_entry_path(m));
else
--
2.33.0

105
backport-core-fix-SIGABRT-on-empty-exec-command-argv.patch
View File

@ -1,105 +0,0 @@
From 7a58bf7aac8b2c812ee0531b0cc426e0067edd35 Mon Sep 17 00:00:00 2001
From: Henri Chain <henri.chain@enioka.com>
Date: Tue, 5 Oct 2021 13:10:31 +0200
Subject: [PATCH] core: fix SIGABRT on empty exec command argv
This verifies that the argv part of any exec_command parameters that
are sent through dbus is not empty at deserialization time.
There is an additional check in service.c service_verify() that again
checks if all exec_commands are correctly populated, after the service
has been loaded, whether through dbus or otherwise.
Fixes #20933.
(cherry picked from commit 29500cf8c47e6eb0518d171d62aa8213020c9152)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/7a58bf7aac8b2c812ee0531b0cc426e0067edd35
---
src/core/dbus-execute.c | 4 ++++
src/core/service.c | 10 ++++++++++
test/units/testsuite-23.sh | 31 +++++++++++++++++++++++++++++++
3 files changed, 45 insertions(+)
diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index 50daef6702..902e074bd2 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -1421,6 +1421,10 @@ int bus_set_transient_exec_command(
if (r < 0)
return r;
+ if (strv_isempty(argv))
+ return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS,
+ "\"%s\" argv cannot be empty", name);
+
r = is_ex_prop ? sd_bus_message_read_strv(message, &ex_opts) : sd_bus_message_read(message, "b", &b);
if (r < 0)
return r;
diff --git a/src/core/service.c b/src/core/service.c
index b7cfc04c84..e061d488c7 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -548,6 +548,16 @@ static int service_verify(Service *s) {
assert(s);
assert(UNIT(s)->load_state == UNIT_LOADED);
+ for (ServiceExecCommand c = 0; c < _SERVICE_EXEC_COMMAND_MAX; c++) {
+ ExecCommand *command;
+
+ LIST_FOREACH(command, command, s->exec_command[c])
+ if (strv_isempty(command->argv))
+ return log_unit_error_errno(UNIT(s), SYNTHETIC_ERRNO(ENOEXEC),
+ "Service has an empty argv in %s=. Refusing.",
+ service_exec_command_to_string(c));
+ }
+
if (!s->exec_command[SERVICE_EXEC_START] && !s->exec_command[SERVICE_EXEC_STOP] &&
UNIT(s)->success_action == EMERGENCY_ACTION_NONE)
/* FailureAction= only makes sense if one of the start or stop commands is specified.
diff --git a/test/units/testsuite-23.sh b/test/units/testsuite-23.sh
index 4ef7c878a8..5488447a87 100755
--- a/test/units/testsuite-23.sh
+++ b/test/units/testsuite-23.sh
@@ -27,6 +27,37 @@ test "$(systemctl show --value -p RestartKillSignal seven.service)" -eq 2
systemctl restart seven.service
systemctl stop seven.service
+# For issue #20933
+
+# Should work normally
+busctl call \
+ org.freedesktop.systemd1 /org/freedesktop/systemd1 \
+ org.freedesktop.systemd1.Manager StartTransientUnit \
+ "ssa(sv)a(sa(sv))" test-20933-ok.service replace 1 \
+ ExecStart "a(sasb)" 1 \
+ /usr/bin/sleep 2 /usr/bin/sleep 1 true \
+ 0
+
+# DBus call should fail but not crash systemd
+busctl call \
+ org.freedesktop.systemd1 /org/freedesktop/systemd1 \
+ org.freedesktop.systemd1.Manager StartTransientUnit \
+ "ssa(sv)a(sa(sv))" test-20933-bad.service replace 1 \
+ ExecStart "a(sasb)" 1 \
+ /usr/bin/sleep 0 true \
+ 0 && { echo 'unexpected success'; exit 1; }
+
+# Same but with the empty argv in the middle
+busctl call \
+ org.freedesktop.systemd1 /org/freedesktop/systemd1 \
+ org.freedesktop.systemd1.Manager StartTransientUnit \
+ "ssa(sv)a(sa(sv))" test-20933-bad-middle.service replace 1 \
+ ExecStart "a(sasb)" 3 \
+ /usr/bin/sleep 2 /usr/bin/sleep 1 true \
+ /usr/bin/sleep 0 true \
+ /usr/bin/sleep 2 /usr/bin/sleep 1 true \
+ 0 && { echo 'unexpected success'; exit 1; }
+
systemd-analyze log-level info
echo OK >/testok
--
2.33.0

39
backport-core-fix-free-undefined-pointer-when-strdup-failed-i.patch
View File

@ -1,39 +0,0 @@
From b5162039b2309b78a9c1feb6cc1355988e02b6c3 Mon Sep 17 00:00:00 2001
From: xujing <17826839720@163.com>
Date: Wed, 8 Sep 2021 14:26:20 +0800
Subject: [PATCH] core: fix free undefined pointer when strdup failed in the
first loop
(cherry picked from commit 1509274359979079e3e61899ce12fc8b0f0958d9)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/b5162039b2309b78a9c1feb6cc1355988e02b6c3
---
src/core/load-fragment.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 8fb3c378ee..399a759ad0 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -800,7 +800,7 @@ int config_parse_exec(
if (!separate_argv0) {
char *w = NULL;
- if (!GREEDY_REALLOC(n, nlen + 2))
+ if (!GREEDY_REALLOC0(n, nlen + 2))
return log_oom();
w = strdup(path);
@@ -832,7 +832,7 @@ int config_parse_exec(
p += 2;
p += strspn(p, WHITESPACE);
- if (!GREEDY_REALLOC(n, nlen + 2))
+ if (!GREEDY_REALLOC0(n, nlen + 2))
return log_oom();
w = strdup(";");
--
2.33.0

30
backport-core-ignore-failure-on-setting-smack-process-label-w.patch
View File

@ -1,30 +0,0 @@
From 4e057fc39be6ce27afcf0371ebcb7e224a7eeb2d Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Mon, 1 Nov 2021 13:48:32 +0900
Subject: [PATCH] core: ignore failure on setting smack process label when
allowed
(cherry picked from commit 29ff62473b119c0e1d3467148eddcdccc2c9b732)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/4e057fc39be6ce27afcf0371ebcb7e224a7eeb2d
---
src/core/execute.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/execute.c b/src/core/execute.c
index e324db87cc..2f2de4d9cf 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -4408,7 +4408,7 @@ static int exec_child(
* process. This is the latest place before dropping capabilities. Other MAC context are set later. */
if (use_smack) {
r = setup_smack(context, executable_fd);
- if (r < 0) {
+ if (r < 0 && !context->smack_process_label_ignore) {
*exit_status = EXIT_SMACK_PROCESS_LABEL;
return log_unit_error_errno(unit, r, "Failed to set SMACK process label: %m");
}
--
2.33.0

91
backport-core-introduce-MANAGER_IS_SWITCHING_ROOT-helper-func.patch
View File

@ -1,91 +0,0 @@
From d35fe8c0afaa55441608cb7bbfa4af908e1ea8e3 Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Thu, 5 May 2022 08:49:56 +0200
Subject: [PATCH] core: introduce MANAGER_IS_SWITCHING_ROOT() helper function
Will be used by the following commit.
---
src/core/main.c | 3 +++
src/core/manager.c | 6 ++++++
src/core/manager.h | 6 ++++++
3 files changed, 15 insertions(+)
diff --git a/src/core/main.c b/src/core/main.c
index 1213ad6..df4fb9d 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1981,6 +1981,8 @@ static int invoke_main_loop(
return 0;
case MANAGER_SWITCH_ROOT:
+ manager_set_switching_root(m, true);
+
if (!m->switch_root_init) {
r = prepare_reexecute(m, &arg_serialization, ret_fds, true);
if (r < 0) {
@@ -2899,6 +2901,7 @@ int main(int argc, char *argv[]) {
set_manager_defaults(m);
set_manager_settings(m);
manager_set_first_boot(m, first_boot);
+ manager_set_switching_root(m, arg_switched_root);
/* Remember whether we should queue the default job */
queue_default_job = !arg_serialization || arg_switched_root;
diff --git a/src/core/manager.c b/src/core/manager.c
index abc63a7..d3b7fc5 100644
--- a/src/core/manager.c
+++ b/src/core/manager.c
@@ -756,6 +756,10 @@ static int manager_setup_sigchld_event_source(Manager *m) {
return 0;
}
+void manager_set_switching_root(Manager *m, bool switching_root) {
+ m->switching_root = MANAGER_IS_SYSTEM(m) && switching_root;
+}
+
int manager_new(UnitFileScope scope, ManagerTestRunFlags test_run_flags, Manager **_m) {
_cleanup_(manager_freep) Manager *m = NULL;
const char *e;
@@ -1799,6 +1803,8 @@ int manager_startup(Manager *m, FILE *serialization, FDSet *fds) {
manager_ready(m);
+ manager_set_switching_root(m, false);
+
return 0;
}
diff --git a/src/core/manager.h b/src/core/manager.h
index 14a80b3..453706c 100644
--- a/src/core/manager.h
+++ b/src/core/manager.h
@@ -400,6 +400,9 @@ struct Manager {
char *switch_root;
char *switch_root_init;
+ /* This is true before and after switching root. */
+ bool switching_root;
+
/* This maps all possible path prefixes to the units needing
* them. It's a hashmap with a path string as key and a Set as
* value where Unit objects are contained. */
@@ -461,6 +464,8 @@ static inline usec_t manager_default_timeout_abort_usec(Manager *m) {
/* The objective is set to OK as soon as we enter the main loop, and set otherwise as soon as we are done with it */
#define MANAGER_IS_RUNNING(m) ((m)->objective == MANAGER_OK)
+#define MANAGER_IS_SWITCHING_ROOT(m) ((m)->switching_root)
+
#define MANAGER_IS_TEST_RUN(m) ((m)->test_run_flags != 0)
int manager_new(UnitFileScope scope, ManagerTestRunFlags test_run_flags, Manager **m);
@@ -525,6 +530,7 @@ void manager_set_show_status(Manager *m, ShowStatus mode, const char *reason);
void manager_override_show_status(Manager *m, ShowStatus mode, const char *reason);
void manager_set_first_boot(Manager *m, bool b);
+void manager_set_switching_root(Manager *m, bool switching_root);
void manager_status_printf(Manager *m, StatusType type, const char *status, const char *format, ...) _printf_(4,5);
--
2.33.0

34
backport-core-mount-add-implicit-unit-dependencies-even-if-wh.patch
View File

@ -1,34 +0,0 @@
From 1bb8af46d1181a407cbc858025b85392f3af7812 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 29 Aug 2021 21:20:43 +0900
Subject: [PATCH] core/mount: add implicit unit dependencies even if when mount
unit is generated from /proc/self/mountinfo
Hopefully fixes #20566.
(cherry picked from commit aebff2e7ce209fc2d75b894a3ae8b80f6f36ec11)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/1bb8af46d1181a407cbc858025b85392f3af7812
---
src/core/mount.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/core/mount.c b/src/core/mount.c
index cde4b52731..9bec190cb6 100644
--- a/src/core/mount.c
+++ b/src/core/mount.c
@@ -1576,6 +1576,10 @@ static int mount_setup_new_unit(
if (r < 0)
return r;
+ r = mount_add_non_exec_dependencies(MOUNT(u));
+ if (r < 0)
+ return r;
+
/* This unit was generated because /proc/self/mountinfo reported it. Remember this, so that by the time we load
* the unit file for it (and thus add in extra deps right after) we know what source to attributes the deps
* to. */
--
2.33.0

53
backport-core-namespace-allow-using-ProtectSubset-pid-and-Pro.patch
View File

@ -1,53 +0,0 @@
From eeb50421761e3ac562e96c47fb5f0f6ed622cfe1 Mon Sep 17 00:00:00 2001
From: Christian Brauner <brauner@kernel.org>
Date: Fri, 21 Jan 2022 13:08:19 +0100
Subject: [PATCH] core/namespace: allow using ProtectSubset=pid and
ProtectHostname=true together
If a service requests both ProtectSubset=pid and ProtectHostname=true
then it will currently fail to start. The ProcSubset=pid option
instructs systemd to mount procfs for the service with subset=pid which
hides all entries other than /proc/<pid>. Consequently trying to
interact with the two files /proc/sys/kernel/{hostname,domainname}
covered by ProtectHostname=true will fail.
Fix this by only performing this check when ProtectSubset=pid is not
requested. Essentially ProtectSubset=pid implies/provides
ProtectHostname=true.
(cherry picked from commit 1361f015773e3b4d74e382edf1565f3315a3396b)
(cherry picked from commit a727941affa7821592d503c8a5033c92d615f64c)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/eeb50421761e3ac562e96c47fb5f0f6ed622cfe1
---
src/core/namespace.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/core/namespace.c b/src/core/namespace.c
index e3aebe8b5e..5961b14f98 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -2115,14 +2115,19 @@ int setup_namespace(
goto finish;
}
+ /* Note, if proc is mounted with subset=pid then neither of the
+ * two paths will exist, i.e. they are implicitly protected by
+ * the mount option. */
if (ns_info->protect_hostname) {
*(m++) = (MountEntry) {
.path_const = "/proc/sys/kernel/hostname",
.mode = READONLY,
+ .ignore = ignore_protect_proc,
};
*(m++) = (MountEntry) {
.path_const = "/proc/sys/kernel/domainname",
.mode = READONLY,
+ .ignore = ignore_protect_proc,
};
}
--
2.33.0

65
backport-core-namespace-s-normalize_mounts-drop_unused_mounts.patch
View File

@ -1,65 +0,0 @@
From 2540b0e3e0aa3e9bc4eef39723aa869f235923dd Mon Sep 17 00:00:00 2001
From: Christian Brauner <brauner@kernel.org>
Date: Mon, 24 Jan 2022 10:12:57 +0100
Subject: [PATCH] core/namespace: s/normalize_mounts()/drop_unused_mounts()
Rename the normalize_mounts() helper to drop_unused_mounts. All the
helpers called in there get rid of mounts that are unused for a variety
of reasons. And whereas the helpers are aptly prefixed with "drop" the
overall helper isn't and instead uses "normalize".
Make it more obvious what the helper actually does by renaming it from
normalize_mounts() to drop_unused_mounts(). Readers of code calling this
helper will immediately see that it will get rid of unused mounts.
Link: https://github.com/systemd/systemd/issues/22206
(cherry picked from commit fbf90c0d5cadc5d1e95485f770f45a7d4cd39daa)
(cherry picked from commit 09936a7ec92c859b3c4c9520ecd49c2909a8b35c)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/2540b0e3e0aa3e9bc4eef39723aa869f235923dd
---
src/core/namespace.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/src/core/namespace.c b/src/core/namespace.c
index 5961b14f98..a6c6963bb7 100644
--- a/src/core/namespace.c
+++ b/src/core/namespace.c
@@ -1578,7 +1578,14 @@ static size_t namespace_calculate_mounts(
ns_info->private_ipc; /* /dev/mqueue */
}
-static void normalize_mounts(const char *root_directory, MountEntry *mounts, size_t *n_mounts) {
+/* Walk all mount entries and dropping any unused mounts. This affects all
+ * mounts:
+ * - that are implicitly protected by a path that has been rendered inaccessible
+ * - whose immediate parent requests the same protection mode as the mount itself
+ * - that are outside of the relevant root directory
+ * - which are duplicates
+ */
+static void drop_unused_mounts(const char *root_directory, MountEntry *mounts, size_t *n_mounts) {
assert(root_directory);
assert(n_mounts);
assert(mounts || *n_mounts == 0);
@@ -1659,7 +1666,7 @@ static int apply_mounts(
if (!again)
break;
- normalize_mounts(root, mounts, n_mounts);
+ drop_unused_mounts(root, mounts, n_mounts);
}
/* Create a deny list we can pass to bind_mount_recursive() */
@@ -2208,7 +2215,7 @@ int setup_namespace(
if (r < 0)
goto finish;
- normalize_mounts(root, mounts, &n_mounts);
+ drop_unused_mounts(root, mounts, &n_mounts);
}
/* All above is just preparation, figuring out what to do. Let's now actually start doing something. */
--
2.33.0

125
backport-core-normalize-r-variable-handling-in-unit_attach_pi.patch
View File

@ -1,125 +0,0 @@
From 84ec6a0043f7a447157753fb12e991ebce6e14b7 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 27 Oct 2021 23:08:58 +0200
Subject: [PATCH] core: normalize 'r' variable handling in
unit_attach_pids_to_cgroup() a bit
The 'r' variable is our "go-to" variable for error return codes, all
across our codebase. In unit_attach_pids_to_cgroup() it was so far used
in a strange way for most of the function: instead of directly storing
the error codes of functions we call we'd store it in a local variable
'q' instead, and propagate it to 'r' only in some cases finally we'd
return the ultimate result of 'r'.
Let's normalize this a bit: let's always store error return values in
'r', and then use 'ret' as the variable to sometimes propagate errors
to, and then return that.
This also allows us to get rid of one local variable.
No actual codeflow changes, just some renaming of variables that allows
us to remove one.
(cherry picked from commit db4229d12f48663400802171b336c7cadbbe04ef)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/84ec6a0043f7a447157753fb12e991ebce6e14b7
---
src/core/cgroup.c | 38 +++++++++++++++++++-------------------
1 file changed, 19 insertions(+), 19 deletions(-)
diff --git a/src/core/cgroup.c b/src/core/cgroup.c
index 5c07aa71d1..1551d57e90 100644
--- a/src/core/cgroup.c
+++ b/src/core/cgroup.c
@@ -2137,7 +2137,7 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) {
CGroupMask delegated_mask;
const char *p;
void *pidp;
- int r, q;
+ int ret, r;
assert(u);
@@ -2164,16 +2164,16 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) {
delegated_mask = unit_get_delegate_mask(u);
- r = 0;
+ ret = 0;
SET_FOREACH(pidp, pids) {
pid_t pid = PTR_TO_PID(pidp);
/* First, attach the PID to the main cgroup hierarchy */
- q = cg_attach(SYSTEMD_CGROUP_CONTROLLER, p, pid);
- if (q < 0) {
- bool again = MANAGER_IS_USER(u->manager) && ERRNO_IS_PRIVILEGE(q);
+ r = cg_attach(SYSTEMD_CGROUP_CONTROLLER, p, pid);
+ if (r < 0) {
+ bool again = MANAGER_IS_USER(u->manager) && ERRNO_IS_PRIVILEGE(r);
- log_unit_full_errno(u, again ? LOG_DEBUG : LOG_INFO, q,
+ log_unit_full_errno(u, again ? LOG_DEBUG : LOG_INFO, r,
"Couldn't move process "PID_FMT" to%s requested cgroup '%s': %m",
pid, again ? " directly" : "", empty_to_root(p));
@@ -2192,16 +2192,16 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) {
continue; /* When the bus thing worked via the bus we are fully done for this PID. */
}
- if (r >= 0)
- r = q; /* Remember first error */
+ if (ret >= 0)
+ ret = r; /* Remember first error */
continue;
}
- q = cg_all_unified();
- if (q < 0)
- return q;
- if (q > 0)
+ r = cg_all_unified();
+ if (r < 0)
+ return r;
+ if (r > 0)
continue;
/* In the legacy hierarchy, attach the process to the request cgroup if possible, and if not to the
@@ -2216,11 +2216,11 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) {
/* If this controller is delegated and realized, honour the caller's request for the cgroup suffix. */
if (delegated_mask & u->cgroup_realized_mask & bit) {
- q = cg_attach(cgroup_controller_to_string(c), p, pid);
- if (q >= 0)
+ r = cg_attach(cgroup_controller_to_string(c), p, pid);
+ if (r >= 0)
continue; /* Success! */
- log_unit_debug_errno(u, q, "Failed to attach PID " PID_FMT " to requested cgroup %s in controller %s, falling back to unit's cgroup: %m",
+ log_unit_debug_errno(u, r, "Failed to attach PID " PID_FMT " to requested cgroup %s in controller %s, falling back to unit's cgroup: %m",
pid, empty_to_root(p), cgroup_controller_to_string(c));
}
@@ -2231,14 +2231,14 @@ int unit_attach_pids_to_cgroup(Unit *u, Set *pids, const char *suffix_path) {
if (!realized)
continue; /* Not even realized in the root slice? Then let's not bother */
- q = cg_attach(cgroup_controller_to_string(c), realized, pid);
- if (q < 0)
- log_unit_debug_errno(u, q, "Failed to attach PID " PID_FMT " to realized cgroup %s in controller %s, ignoring: %m",
+ r = cg_attach(cgroup_controller_to_string(c), realized, pid);
+ if (r < 0)
+ log_unit_debug_errno(u, r, "Failed to attach PID " PID_FMT " to realized cgroup %s in controller %s, ignoring: %m",
pid, realized, cgroup_controller_to_string(c));
}
}
- return r;
+ return ret;
}
static bool unit_has_mask_realized(
--
2.33.0

91
backport-core-only-refuse-Type-dbus-service-enqueuing-if-dbus.patch
View File

@ -1,91 +0,0 @@
From fe432460c2ecbd3dd7f0fa16278b9d4ca57a0de3 Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Wed, 10 May 2023 13:54:15 +0800
Subject: [PATCH] core: only refuse Type=dbus service enqueuing if dbus has
stop job
Follow-up for #27579
In #27579 we refused all StartUnit requests for Type=dbus units
if dbus is not running, which means if dbus is manually stopped,
user can't use systemctl to start Type=dbus units again, which
is incorrect.
The only culprit that leads to the cancellation of the whole
transaction mentioned in #26799 is job type conflict on dbus.
So let's relax the restriction and only refuse job enqueuing
if dbus has a stop job.
To summarize, the case we want to avoid is:
1. dbus has a stop job installed
2. StartUnit/ActivationRequest is received
3. Type=dbus service gets started, which has Requires=dbus.socket
4. dbus is pulled in again, resulting in job type conflict
What we can support is:
1. dbus is already stopped
2. StartUnit is received (possibly through systemctl, i.e. on private bus)
3. Type=dbus service gets started, which will wait for dbus to start
4. dbus is started again, thus the job for Type=dbus service
Replaces #27590
Fixes #27588
---
src/core/dbus-unit.c | 32 +++++++++++++++++++++++++-------
1 file changed, 25 insertions(+), 7 deletions(-)
diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
index 295e271..24e4d25 100644
--- a/src/core/dbus-unit.c
+++ b/src/core/dbus-unit.c
@@ -1849,6 +1849,7 @@ int bus_unit_queue_job(
sd_bus_error *error) {
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
+ const char *dbus_unit;
int r;
assert(message);
@@ -1879,13 +1880,30 @@ int bus_unit_queue_job(
(type == JOB_STOP && u->refuse_manual_stop) ||
(IN_SET(type, JOB_RESTART, JOB_TRY_RESTART) && (u->refuse_manual_start || u->refuse_manual_stop)) ||
(type == JOB_RELOAD_OR_START && job_type_collapse(type, u) == JOB_START && u->refuse_manual_start))
- return sd_bus_error_setf(error, BUS_ERROR_ONLY_BY_DEPENDENCY, "Operation refused, unit %s may be requested by dependency only (it is configured to refuse manual start/stop).", u->id);
-
- /* dbus-broker issues StartUnit for activation requests, so let's apply the same check
- * used in signal_activation_request(). */
- if (type == JOB_START && u->type == UNIT_SERVICE &&
- SERVICE(u)->type == SERVICE_DBUS && !manager_dbus_is_running(u->manager))
- return sd_bus_error_set(error, BUS_ERROR_SHUTTING_DOWN, "Refusing activation, D-Bus is not running.");
+ return sd_bus_error_setf(error,
+ BUS_ERROR_ONLY_BY_DEPENDENCY,
+ "Operation refused, unit %s may be requested by dependency only (it is configured to refuse manual start/stop).",
+ u->id);
+
+ /* dbus-broker issues StartUnit for activation requests, and Type=dbus services automatically
+ * gain dependency on dbus.socket. Therefore, if dbus has a pending stop job, the new start
+ * job that pulls in dbus again would cause job type conflict. Let's avoid that by rejecting
+ * job enqueuing early.
+ *
+ * Note that unlike signal_activation_request(), we can't use unit_inactive_or_pending()
+ * here. StartUnit is a more generic interface, and thus users are allowed to use e.g. systemctl
+ * to start Type=dbus services even when dbus is inactive. */
+ if (type == JOB_START && u->type == UNIT_SERVICE && SERVICE(u)->type == SERVICE_DBUS)
+ FOREACH_STRING(dbus_unit, SPECIAL_DBUS_SOCKET, SPECIAL_DBUS_SERVICE) {
+ Unit *dbus;
+
+ dbus = manager_get_unit(u->manager, dbus_unit);
+ if (dbus && unit_stop_pending(dbus))
+ return sd_bus_error_setf(error,
+ BUS_ERROR_SHUTTING_DOWN,
+ "Operation for unit %s refused, D-Bus is shutting down.",
+ u->id);
+ }
r = sd_bus_message_new_method_return(message, &reply);
if (r < 0)
--
2.33.0

54
backport-core-really-skip-automatic-restart-when-a-JOB_STOP-j.patch
View File

@ -1,54 +0,0 @@
From b17f9c7c8db6959227cebf1b30ed1698d024382e Mon Sep 17 00:00:00 2001
From: Franck Bui <fbui@suse.com>
Date: Fri, 18 Feb 2022 10:06:24 +0100
Subject: [PATCH] core: really skip automatic restart when a JOB_STOP job is
pending
It's not clear why we rescheduled a service auto restart while a stop job for
the unit was pending. The comment claims that the unit shouldn't be restarted
but the code did reschedule an auto restart meanwhile.
In practice that was rarely an issue because the service waited for the next
auto restart to be rescheduled, letting the queued stop job to be proceed and
service_stop() to be called preventing the next restart to complete.
However when RestartSec=0, the timer expired right away making PID1 to
reschedule the unit again, making the timer expired right away... and so
on. This busy loop prevented PID1 to handle any queued jobs (and hence giving
no chance to the start rate limiting to trigger), which made the busy loop last
forever.
This patch breaks this loop by skipping the reschedule of the unit auto restart
and hence not depending on the value of u->restart_usec anymore.
Fixes: #13667
(cherry picked from commit c972880640ee19e89ce9265d8eae1b3aae190332)
(cherry picked from commit 2198c08d0786c5cec1b39283831969b2cc1adf40)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/b17f9c7c8db6959227cebf1b30ed1698d024382e
---
src/core/service.c | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)
diff --git a/src/core/service.c b/src/core/service.c
index a480edc439..21bf3dc28c 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -2267,12 +2267,7 @@ static void service_enter_restart(Service *s) {
if (unit_has_job_type(UNIT(s), JOB_STOP)) {
/* Don't restart things if we are going down anyway */
- log_unit_info(UNIT(s), "Stop job pending for unit, delaying automatic restart.");
-
- r = service_arm_timer(s, usec_add(now(CLOCK_MONOTONIC), s->restart_usec));
- if (r < 0)
- goto fail;
-
+ log_unit_info(UNIT(s), "Stop job pending for unit, skipping automatic restart.");
return;
}
--
2.33.0

43
backport-core-refuse-dbus-activation-if-dbus-is-not-running.patch
View File

@ -1,43 +0,0 @@
From 53964fd26b4a01191609ffc064aa8ccccd28e377 Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Tue, 9 May 2023 00:07:45 +0800
Subject: [PATCH] core: refuse dbus activation if dbus is not running
dbus-broker issues StartUnit directly for activation requests,
so let's add a check on bus state in bus_unit_queue_job to refuse
that if dbus is not running.
Replaces #27570
Closes #26799
---
src/core/dbus-unit.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/core/dbus-unit.c b/src/core/dbus-unit.c
index c42ae5e..295e271 100644
--- a/src/core/dbus-unit.c
+++ b/src/core/dbus-unit.c
@@ -21,6 +21,7 @@
#include "path-util.h"
#include "process-util.h"
#include "selinux-access.h"
+#include "service.h"
#include "signal-util.h"
#include "special.h"
#include "string-table.h"
@@ -1880,6 +1881,12 @@ int bus_unit_queue_job(
(type == JOB_RELOAD_OR_START && job_type_collapse(type, u) == JOB_START && u->refuse_manual_start))
return sd_bus_error_setf(error, BUS_ERROR_ONLY_BY_DEPENDENCY, "Operation refused, unit %s may be requested by dependency only (it is configured to refuse manual start/stop).", u->id);
+ /* dbus-broker issues StartUnit for activation requests, so let's apply the same check
+ * used in signal_activation_request(). */
+ if (type == JOB_START && u->type == UNIT_SERVICE &&
+ SERVICE(u)->type == SERVICE_DBUS && !manager_dbus_is_running(u->manager))
+ return sd_bus_error_set(error, BUS_ERROR_SHUTTING_DOWN, "Refusing activation, D-Bus is not running.");
+
r = sd_bus_message_new_method_return(message, &reply);
if (r < 0)
return r;
--
2.33.0

Some files were not shown because too many files have changed in this diff Show More