packages/systemd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync patches from systemd community

Browse Source
This commit is contained in:
w30023233 2024-12-24 16:16:41 +08:00
parent faae7c1142
commit 9aab60fdba
17 changed files with 944 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
backport-basic-log-do-not-treat-all-negative-errnos-as-synthe.patch Normal file
View File

@ -0,0 +1,77 @@
From 1fc7e3473c2fec27bdc0b19753e4ea84cd39644f Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Wed, 24 Jul 2024 16:28:48 +0200
Subject: [PATCH] basic/log: do not treat all negative errnos as synthetic
Currently, IS_SYNTHETIC_ERRNO() evaluates to true for all negative errnos,
because of the two's-complement negative value representation.
Subsequently, ERRNO= is not logged for most of our own code.
Let's fix this, by formatting all synthetic errnos as positive.
Then, treat all negative values as non-synthetic.
While at it, mark the evaluation order explicitly, and remove
unneeded comment.
Fixes #33800
(cherry picked from commit 268f58076f7e0258dce75f521d08199092279853)
(cherry picked from commit 4ad6b2631d73a574859a62d33715a7bdef810bcf)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/1fc7e3473c2fec27bdc0b19753e4ea84cd39644f
---
src/basic/log.h | 5 ++---
src/test/test-log.c | 14 +++++++++-----
2 files changed, 11 insertions(+), 8 deletions(-)
diff --git a/src/basic/log.h b/src/basic/log.h
index 9008d47390..12b310575e 100644
--- a/src/basic/log.h
+++ b/src/basic/log.h
@@ -34,9 +34,8 @@ typedef enum LogTarget{
* used a regular log level. */
#define LOG_NULL (LOG_EMERG - 1)
-/* Note to readers: << and >> have lower precedence (are evaluated earlier) than & and | */
-#define SYNTHETIC_ERRNO(num) (1 << 30 | (num))
-#define IS_SYNTHETIC_ERRNO(val) ((val) >> 30 & 1)
+#define SYNTHETIC_ERRNO(num) (abs(num) | (1 << 30))
+#define IS_SYNTHETIC_ERRNO(val) (((val) >> 30) == 1)
#define ERRNO_VALUE(val) (abs(val) & ~(1 << 30))
/* The callback function to be invoked when syntax warnings are seen
diff --git a/src/test/test-log.c b/src/test/test-log.c
index b5ba67b74b..cc8c400cc1 100644
--- a/src/test/test-log.c
+++ b/src/test/test-log.c
@@ -13,11 +13,6 @@
#include "strv.h"
#include "tests.h"
-assert_cc(IS_SYNTHETIC_ERRNO(SYNTHETIC_ERRNO(EINVAL)));
-assert_cc(!IS_SYNTHETIC_ERRNO(EINVAL));
-assert_cc(IS_SYNTHETIC_ERRNO(SYNTHETIC_ERRNO(0)));
-assert_cc(!IS_SYNTHETIC_ERRNO(0));
-
#define X10(x) x x x x x x x x x x
#define X100(x) X10(X10(x))
#define X1000(x) X100(X10(x))
@@ -207,6 +202,15 @@ static void test_log_prefix(void) {
int main(int argc, char* argv[]) {
test_setup_logging(LOG_DEBUG);
+ assert_se(IS_SYNTHETIC_ERRNO(SYNTHETIC_ERRNO(EINVAL)));
+ assert_se(IS_SYNTHETIC_ERRNO(SYNTHETIC_ERRNO(-EINVAL)));
+ assert_cc(!IS_SYNTHETIC_ERRNO(EINVAL));
+ assert_cc(!IS_SYNTHETIC_ERRNO(-EINVAL));
+ assert_se(IS_SYNTHETIC_ERRNO(SYNTHETIC_ERRNO(0)));
+ assert_cc(!IS_SYNTHETIC_ERRNO(0));
+ assert_se(ERRNO_VALUE(EINVAL) == EINVAL);
+ assert_se(ERRNO_VALUE(SYNTHETIC_ERRNO(-EINVAL)) == EINVAL);
+
test_file();
assert_se(log_info_errno(SYNTHETIC_ERRNO(EUCLEAN), "foo") == -EUCLEAN);
--
2.33.0

40
backport-core-Bump-log-level-of-reexecute-request-to-notice.patch Normal file
View File

@ -0,0 +1,40 @@
From 50e3bc139fc750c7b15bda55807fcb9209787319 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 8 Oct 2024 16:25:52 +0200
Subject: [PATCH] core: Bump log level of reexecute request to notice
A daemon-reload is important enough to deserve logging at notice
level.
(cherry picked from commit 4ee41be82507348fbbc9d3ab28aae6330eb51663)
(cherry picked from commit 31e38b55b2e4bb1aa42fe106ea14df8e82758303)
(cherry picked from commit 79dc77a7ffed671a16c44369df2552cf733dbbef)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/50e3bc139fc750c7b15bda55807fcb9209787319
---
src/core/dbus-manager.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
index 33984f6f0e..90c1daf995 100644
--- a/src/core/dbus-manager.c
+++ b/src/core/dbus-manager.c
@@ -1614,10 +1614,10 @@ static void log_caller(sd_bus_message *message, Manager *manager, const char *me
(void) sd_bus_creds_get_comm(creds, &comm);
caller = manager_get_unit_by_pid(manager, pid);
- log_info("%s requested from client PID " PID_FMT "%s%s%s%s%s%s...",
- method, pid,
- comm ? " ('" : "", strempty(comm), comm ? "')" : "",
- caller ? " (unit " : "", caller ? caller->id : "", caller ? ")" : "");
+ log_notice("%s requested from client PID " PID_FMT "%s%s%s%s%s%s...",
+ method, pid,
+ comm ? " ('" : "", strempty(comm), comm ? "')" : "",
+ caller ? " (unit " : "", caller ? caller->id : "", caller ? ")" : "");
}
static int method_reload(sd_bus_message *message, void *userdata, sd_bus_error *error) {
--
2.33.0

30
backport-core-Fix-file-descriptor-leak.patch Normal file
View File

@ -0,0 +1,30 @@
From 400f0785e92866e5d8fd31ade6ae07a605d0df25 Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 1 May 2024 03:14:45 +0200
Subject: [PATCH] core: Fix file descriptor leak
(cherry picked from commit 5bcf0881a322a72c38d518be3e3ae8bff95de5f6)
(cherry picked from commit 844bb02e48be98f4ae594e043c965588be3b138c)
Conflict:NA
Reference:https://github.com/systemd/systemd-stable/commit/400f0785e92866e5d8fd31ade6ae07a605d0df25
---
src/core/service.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/core/service.c b/src/core/service.c
index f0763a59eb..e9466ed928 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -414,7 +414,7 @@ static void service_release_fd_store(Service *s) {
static void service_release_stdio_fd(Service *s) {
assert(s);
- if (s->stdin_fd < 0 && s->stdout_fd < 0 && s->stdout_fd < 0)
+ if (s->stdin_fd < 0 && s->stdout_fd < 0 && s->stderr_fd < 0)
return;
log_unit_debug(UNIT(s), "Releasing stdin/stdout/stderr file descriptors.");
--
2.33.0

71
backport-core-Log-in-more-scenarios-about-which-process-initi.patch Normal file
View File

@ -0,0 +1,71 @@
From 4389fea50bbb0810ed9193522c487257ca0b5d2d Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 8 Oct 2024 16:28:25 +0200
Subject: [PATCH] core: Log in more scenarios about which process initiated an
operation
Exit/Reboot/Poweroff and similar operations are invasive enough that
logging about who initiated them is very useful to debug issues.
(cherry picked from commit acb0f501f4291efce82bcf89d4ad92b6a895f4fa)
(cherry picked from commit 814be7116dda14074749253d94b83387ceff0ff1)
(cherry picked from commit 4ce745446386bae450114c6fc2278577a7cf46f4)
Conflict:the current code does not have the method_soft_reboot function, so the related code is not combined
Reference:https://github.com/systemd/systemd/commit/acb0f501f4291efce82bcf89d4ad92b6a895f4fa
---
src/core/dbus-manager.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
index 90c1daf995..856dd3b5dc 100644
--- a/src/core/dbus-manager.c
+++ b/src/core/dbus-manager.c
@@ -1706,6 +1706,8 @@ static int method_exit(sd_bus_message *message, void *userdata, sd_bus_error *er
if (r < 0)
return r;
+ log_caller(message, m, "Exit");
+
/* Exit() (in contrast to SetExitCode()) is actually allowed even if
* we are running on the host. It will fall back on reboot() in
* systemd-shutdown if it cannot do the exit() because it isn't a
@@ -1730,6 +1732,8 @@ static int method_reboot(sd_bus_message *message, void *userdata, sd_bus_error *
return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED,
"Reboot is only supported for system managers.");
+ log_caller(message, m, "Reboot");
+
m->objective = MANAGER_REBOOT;
return sd_bus_reply_method_return(message, NULL);
@@ -1792,6 +1798,8 @@ static int method_poweroff(sd_bus_message *message, void *userdata, sd_bus_error
return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED,
"Powering off is only supported for system managers.");
+ log_caller(message, m, "Poweroff");
+
m->objective = MANAGER_POWEROFF;
return sd_bus_reply_method_return(message, NULL);
@@ -1811,6 +1819,8 @@ static int method_halt(sd_bus_message *message, void *userdata, sd_bus_error *er
return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED,
"Halt is only supported for system managers.");
+ log_caller(message, m, "Halt");
+
m->objective = MANAGER_HALT;
return sd_bus_reply_method_return(message, NULL);
@@ -1830,6 +1840,8 @@ static int method_kexec(sd_bus_message *message, void *userdata, sd_bus_error *e
return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED,
"KExec is only supported for system managers.");
+ log_caller(message, m, "Kexec");
+
m->objective = MANAGER_KEXEC;
return sd_bus_reply_method_return(message, NULL);
--
2.33.0

52
backport-core-service-fix-accept-socket-deserialization.patch Normal file
View File

@ -0,0 +1,52 @@
From 8f280216e052c9b9937ba77fad6659fb727535d9 Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Mon, 17 Jun 2024 07:47:20 +0200
Subject: [PATCH] core/service: fix accept-socket deserialization
Follow-up for 45b1017488cef2a5bacdf82028ce900a311c9a1c
(cherry picked from commit 9f5d8c3da4f505346bd1edfae907a2abcdbdc578)
(cherry picked from commit f7d55cc801611781fbff2817f2fd4a16ec96ca85)
(cherry picked from commit 8ead2545bf86bd0fe00b344506e071390ffaa99f)
Conflict:there is no macro definition ASSERT_PTR, so we use the assert function instead
Reference:https://github.com/systemd/systemd-stable/commit/8f280216e052c9b9937ba77fad6659fb727535d9
---
src/core/service.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/core/service.c b/src/core/service.c
index de07cde..64bfe17 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -1237,7 +1237,7 @@ static int service_coldplug(Unit *u) {
service_start_watchdog(s);
if (UNIT_ISSET(s->accept_socket)) {
- Socket* socket = SOCKET(UNIT_DEREF(s->accept_socket));
+ Socket *socket = SOCKET(UNIT_DEREF(s->accept_socket));
if (socket->max_connections_per_source > 0) {
SocketPeer *peer;
@@ -2948,8 +2948,8 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
} else if (streq(key, "accept-socket")) {
Unit *socket;
- if (u->type != UNIT_SOCKET) {
- log_unit_debug(u, "Failed to deserialize accept-socket: unit is not a socket");
+ if (unit_name_to_type(value) != UNIT_SOCKET) {
+ log_unit_debug(u, "Deserialized accept-socket is not a socket unit, ignoring: %s", value);
return 0;
}
@@ -2958,6 +2958,7 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
log_unit_debug_errno(u, r, "Failed to load accept-socket unit '%s': %m", value);
else {
unit_ref_set(&s->accept_socket, u, socket);
+ assert(SOCKET(socket));
SOCKET(socket)->n_connections++;
}
--
2.33.0

48
backport-core-service-use-log_unit_-where-appropriate.patch Normal file
View File

@ -0,0 +1,48 @@
From e575661da99de81bf0f07d7efdcf8b4c5d9b779e Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Sat, 26 Oct 2024 17:38:06 +0200
Subject: [PATCH] core/service: use log_unit_* where appropriate
(cherry picked from commit 1e8f0beee4272ddc8b25dfa9af8e54bafc4c061a)
(cherry picked from commit b9ff85ece7a6bd9eca158aa0a8af46055ffb6142)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/e575661da99de81bf0f07d7efdcf8b4c5d9b779e
---
src/core/service.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/core/service.c b/src/core/service.c
index 5f4859e0d3..2894451d7f 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -4642,7 +4642,7 @@ static int bus_name_pid_lookup_callback(sd_bus_message *reply, void *userdata, s
e = sd_bus_message_get_error(reply);
if (e) {
r = sd_bus_error_get_errno(e);
- log_warning_errno(r, "GetConnectionUnixProcessID() failed: %s", bus_error_message(e, r));
+ log_unit_warning_errno(UNIT(s), r, "GetConnectionUnixProcessID() failed: %s", bus_error_message(e, r));
return 1;
}
@@ -4654,7 +4654,7 @@ static int bus_name_pid_lookup_callback(sd_bus_message *reply, void *userdata, s
r = pidref_set_pid(&pidref, pid);
if (r < 0) {
- log_debug_errno(r, "GetConnectionUnixProcessID() returned invalid PID: %m");
+ log_unit_debug_errno(UNIT(s), r, "GetConnectionUnixProcessID() returned invalid PID: %m");
return 1;
}
@@ -4713,7 +4713,7 @@ static void service_bus_name_owner_change(Unit *u, const char *new_owner) {
"s",
s->bus_name);
if (r < 0)
- log_debug_errno(r, "Failed to request owner PID of service name, ignoring: %m");
+ log_unit_debug_errno(u, r, "Failed to request owner PID of service name, ignoring: %m");
}
}
--
2.33.0

63
backport-coredump-correctly-take-tmpfs-size-into-account-for-.patch Normal file
View File

@ -0,0 +1,63 @@
From 3dacca114bde3a216605ab51d2f5203c4a6b9707 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Tue, 2 Jul 2024 15:28:47 +0100
Subject: [PATCH] coredump: correctly take tmpfs size into account for
compression
We calculate the amount of uncompressed data we can write by taking the limits
into account and halving it to ensure there's room for switching to compression
on the fly when storing cores on a tmpfs (eg: due read-only rootfs).
But the logic is flawed, as taking into account the size of the tmpfs storage
was applied after the halving, so in practice when an uncompressed core file
was larger than the tmpfs, we fill it and then fail.
Rearrange the logic so that the halving is done after taking into account
the tmpfs size.
(cherry picked from commit e6b2508275aac2951aedfc842735d8ebc29850bb)
(cherry picked from commit a946258e9df627c675d13b2041ae186babf269dc)
Conflict:NA
Reference:https://github.com/systemd/systemd-stable/commit/3dacca114bde3a216605ab51d2f5203c4a6b9707
---
src/coredump/coredump.c | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c
index 32c17664fd..f4adb32588 100644
--- a/src/coredump/coredump.c
+++ b/src/coredump/coredump.c
@@ -503,17 +503,21 @@ static int save_external_coredump(
bus_error_message(&error, r));
}
+ /* First, ensure we are not going to go over the cgroup limit */
max_size = MIN(cgroup_limit, max_size);
- max_size = LESS_BY(max_size, 1024U) / 2; /* Account for 1KB metadata overhead for compressing */
- max_size = MAX(PROCESS_SIZE_MIN, max_size); /* Impose a lower minimum */
-
- /* tmpfs might get full quickly, so check the available space too.
- * But don't worry about errors here, failing to access the storage
- * location will be better logged when writing to it. */
+ /* tmpfs might get full quickly, so check the available space too. But don't worry about
+ * errors here, failing to access the storage location will be better logged when writing to
+ * it. */
if (fstatvfs(fd, &sv) >= 0)
max_size = MIN((uint64_t)sv.f_frsize * (uint64_t)sv.f_bfree, max_size);
-
- log_debug("Limiting core file size to %" PRIu64 " bytes due to cgroup memory limits.", max_size);
+ /* Impose a lower minimum, otherwise we will miss the basic headers. */
+ max_size = MAX(PROCESS_SIZE_MIN, max_size);
+ /* Ensure we can always switch to compressing on the fly in case we are running out of space
+ * by keeping half of the space/memory available, plus 1KB metadata overhead from the
+ * compression algorithm. */
+ max_size = LESS_BY(max_size, 1024U) / 2;
+
+ log_debug("Limiting core file size to %" PRIu64 " bytes due to cgroup and/or filesystem limits.", max_size);
}
r = copy_bytes(input_fd, fd, max_size, 0);
--
2.33.0

44
backport-exec-invoke-correct-dont_close-size.patch Normal file
View File

@ -0,0 +1,44 @@
From 8f4dab049074d31c31af2bb9eb76f9f4f08e3711 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 23 Apr 2024 21:49:12 +0200
Subject: [PATCH] exec-invoke: correct dont_close[] size
THis needs 15 entries as far as I can count, not just 14.
Follow-up for: 5686391b006ee82d8a4559067ad9818e3e631247
Sniff.
(cherry picked from commit 07296542d636dcac43f6c9ee45a638fca8c5f3dd)
Conflict:NA
Reference:https://github.com/systemd/systemd-stable/commit/8f4dab049074d31c31af2bb9eb76f9f4f08e3711
---
src/core/exec-invoke.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c
index 28d6142318..8e6de15c71 100644
--- a/src/core/exec-invoke.c
+++ b/src/core/exec-invoke.c
@@ -3459,7 +3459,7 @@ static int close_remaining_fds(
const int *fds, size_t n_fds) {
size_t n_dont_close = 0;
- int dont_close[n_fds + 14];
+ int dont_close[n_fds + 15];
assert(params);
@@ -3495,6 +3495,8 @@ static int close_remaining_fds(
if (params->user_lookup_fd >= 0)
dont_close[n_dont_close++] = params->user_lookup_fd;
+ assert(n_dont_close <= ELEMENTSOF(dont_close));
+
return close_all_fds(dont_close, n_dont_close);
}
--
2.33.0

93
backport-fs-util-readlinkat-supports-an-empty-string.patch Normal file
View File

@ -0,0 +1,93 @@
From 7a2349072e165c27ed0655934b05530c19d23779 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Thu, 15 Feb 2024 07:01:17 +0900
Subject: [PATCH] fs-util: readlinkat() supports an empty string
From readlinkat(2):
Since Linux 2.6.39, pathname can be an empty string, in which case the
call operates on the symbolic link referred to by dirfd (which should
have been obtained using open(2) with the O_PATH and O_NOFOLLOW flags).
(cherry picked from commit e4c094c05543410ba05a16f757d1e11652f4f6bd)
(cherry picked from commit 30142e781d7afcfa93185d2543f59e9cf90dc882)
Conflict:NA
Reference:https://github.com/systemd/systemd-stable/commit/7a2349072e165c27ed0655934b05530c19d23779
---
src/basic/fs-util.c | 8 ++++++--
src/test/test-fs-util.c | 35 +++++++++++++++++++++++++++++++++++
2 files changed, 41 insertions(+), 2 deletions(-)
diff --git a/src/basic/fs-util.c b/src/basic/fs-util.c
index ee38e0266a..9ba9268d77 100644
--- a/src/basic/fs-util.c
+++ b/src/basic/fs-util.c
@@ -116,7 +116,11 @@ int rename_noreplace(int olddirfd, const char *oldpath, int newdirfd, const char
int readlinkat_malloc(int fd, const char *p, char **ret) {
size_t l = PATH_MAX;
- assert(p);
+ assert(fd >= 0 || fd == AT_FDCWD);
+
+ if (fd < 0 && isempty(p))
+ return -EISDIR; /* In this case, the fd points to the current working directory, and is
+ * definitely not a symlink. Let's return earlier. */
for (;;) {
_cleanup_free_ char *c = NULL;
@@ -126,7 +130,7 @@ int readlinkat_malloc(int fd, const char *p, char **ret) {
if (!c)
return -ENOMEM;
- n = readlinkat(fd, p, c, l);
+ n = readlinkat(fd, strempty(p), c, l);
if (n < 0)
return -errno;
diff --git a/src/test/test-fs-util.c b/src/test/test-fs-util.c
index 5de1eea0d4..ef335b43ae 100644
--- a/src/test/test-fs-util.c
+++ b/src/test/test-fs-util.c
@@ -758,4 +758,39 @@ static int intro(void) {
return EXIT_SUCCESS;
}
+TEST(readlinkat_malloc) {
+ _cleanup_(rm_rf_physical_and_freep) char *t = NULL;
+ _cleanup_close_ int tfd = -EBADF, fd = -EBADF;
+ _cleanup_free_ char *p = NULL, *q = NULL;
+ const char *expect = "hgoehogefoobar";
+
+ tfd = mkdtemp_open(NULL, O_PATH, &t);
+ assert_se(tfd >= 0);
+
+ assert_se(symlinkat(expect, tfd, "linkname") >= 0);
+
+ assert_se(readlinkat_malloc(tfd, "linkname", &p) >= 0);
+ assert_se(streq(p, expect));
+ p = mfree(p);
+
+ fd = openat(tfd, "linkname", O_PATH | O_NOFOLLOW | O_CLOEXEC);
+ assert_se(fd >= 0);
+ assert_se(readlinkat_malloc(fd, NULL, &p) >= 0);
+ assert_se(streq(p, expect));
+ p = mfree(p);
+ assert_se(readlinkat_malloc(fd, "", &p) >= 0);
+ assert_se(streq(p, expect));
+ p = mfree(p);
+ fd = safe_close(fd);
+
+ assert_se(q = path_join(t, "linkname"));
+ assert_se(readlinkat_malloc(AT_FDCWD, q, &p) >= 0);
+ assert_se(streq(p, expect));
+ p = mfree(p);
+ assert_se(readlinkat_malloc(INT_MAX, q, &p) >= 0);
+ assert_se(streq(p, expect));
+ p = mfree(p);
+ q = mfree(q);
+}
+
DEFINE_TEST_MAIN_WITH_INTRO(LOG_INFO, intro);
--
2.33.0

40
backport-journalctl-erase-verify-key-before-free.patch Normal file
View File

@ -0,0 +1,40 @@
From b115781317b6a8c649ae2b92c7839ce8872fdffb Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Wed, 16 Oct 2024 19:27:36 +0900
Subject: [PATCH] journalctl: erase verify key before free
Even optarg is erased, copied string was not erased.
Let's erase the copied key for safety.
(cherry picked from commit d0ad4e88d4e6b5e312c359a6505125f7e088f3e3)
(cherry picked from commit 28f7c958fb799887cb67528a85ca59f0ccd9261e)
(cherry picked from commit 6b13398c220a01e2eff5bb25da7d457f445c82e9)
Conflict:the current code does not use STATIC_DESTRUCTOR_REGISTER instead of free, so the related code is not combined
Reference:https://github.com/systemd/systemd/commit/d0ad4e88d4e6b5e312c359a6505125f7e088f3e3
---
src/journal/journalctl.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index decdf14..327e035 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -791,9 +791,11 @@ static int parse_argv(int argc, char *argv[]) {
break;
case ARG_VERIFY_KEY:
- r = free_and_strdup(&arg_verify_key, optarg);
- if (r < 0)
- return r;
+ erase_and_free(arg_verify_key);
+ arg_verify_key = strdup(optarg);
+ if (!arg_verify_key)
+ return log_oom();
+
/* Use memset not explicit_bzero() or similar so this doesn't look confusing
* in ps or htop output. */
memset(optarg, 'x', strlen(optarg));
--
2.33.0

74
backport-resolved-log-error-messages-for-openssl-gnutls-conte.patch Normal file
View File

@ -0,0 +1,74 @@
From 17a3a8e91be80c93347458a1a6508bc19646607d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Sun, 3 Nov 2024 12:58:12 +0100
Subject: [PATCH] resolved: log error messages for openssl/gnutls context
creation
In https://bugzilla.redhat.com/show_bug.cgi?id=2322937 we're getting
an error message:
Okt 29 22:21:03 fedora systemd-resolved[29311]: Could not create manager: Cannot allocate memory
I expect that this actually comes from dnstls_manager_init(), the
openssl version. But without real logs it's hard to know for sure.
Use EIO instead of ENOMEM, because the problem is unlikely to be actually
related to memory.
(cherry picked from commit ee95e86ae163e436384f1b782a77a7e18deba890)
(cherry picked from commit abd1e408203d5d445b05f4dc0ac07e35114532d1)
(cherry picked from commit 67954b455473b29f8a41be14f5b778044b7cfafa)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/ee95e86ae163e436384f1b782a77a7e18deba890
---
src/resolve/resolved-dnstls-gnutls.c | 4 +++-
src/resolve/resolved-dnstls-openssl.c | 9 ++++++---
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/src/resolve/resolved-dnstls-gnutls.c b/src/resolve/resolved-dnstls-gnutls.c
index acdad6fa91..c086e2c198 100644
--- a/src/resolve/resolved-dnstls-gnutls.c
+++ b/src/resolve/resolved-dnstls-gnutls.c
@@ -236,7 +236,9 @@ int dnstls_manager_init(Manager *manager) {
r = gnutls_certificate_allocate_credentials(&manager->dnstls_data.cert_cred);
if (r < 0)
- return -ENOMEM;
+ return log_warning_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
+ "Failed to allocate SSL credentials: %s",
+ gnutls_strerror(r));
r = gnutls_certificate_set_x509_system_trust(manager->dnstls_data.cert_cred);
if (r < 0)
diff --git a/src/resolve/resolved-dnstls-openssl.c b/src/resolve/resolved-dnstls-openssl.c
index 4a0132ad3d..74fb79e58d 100644
--- a/src/resolve/resolved-dnstls-openssl.c
+++ b/src/resolve/resolved-dnstls-openssl.c
@@ -397,11 +397,15 @@ int dnstls_manager_init(Manager *manager) {
manager->dnstls_data.ctx = SSL_CTX_new(TLS_client_method());
if (!manager->dnstls_data.ctx)
- return -ENOMEM;
+ return log_warning_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
+ "Failed to create SSL context: %s",
+ ERR_error_string(ERR_get_error(), NULL));
r = SSL_CTX_set_min_proto_version(manager->dnstls_data.ctx, TLS1_2_VERSION);
if (r == 0)
- return -EIO;
+ return log_warning_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
+ "Failed to set protocol version on SSL context: %s",
+ ERR_error_string(ERR_get_error(), NULL));
(void) SSL_CTX_set_options(manager->dnstls_data.ctx, SSL_OP_NO_COMPRESSION);
@@ -410,7 +414,6 @@ int dnstls_manager_init(Manager *manager) {
return log_warning_errno(SYNTHETIC_ERRNO(EIO),
"Failed to load system trust store: %s",
ERR_error_string(ERR_get_error(), NULL));
-
return 0;
}
--
2.33.0

36
backport-sd-event-change-error-code-EINVAL-EIO.patch Normal file
View File

@ -0,0 +1,36 @@
From 42885ab01726b5937390704f1d6ec33f0321fd53 Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Sun, 4 Aug 2024 11:29:03 +0900
Subject: [PATCH] sd-event: change error code -EINVAL -> -EIO
EINVAL should be used when a function is called with an invalid
argument. Here, the signal is not a function argument.
Follow-up for 7a64c5f23efbb51fe4f1229c1a8aed6dd858a0a9.
(cherry picked from commit ab9af70edb23f2a66e93e2e16f87cd98873885b7)
(cherry picked from commit 84f0eda3781f49ff7f3035861b02fe247b89d65e)
(cherry picked from commit da81ee2f78526f78b3c57661a59de681d208e35e)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/ab9af70edb23f2a66e93e2e16f87cd98873885b7
---
src/libsystemd/sd-event/sd-event.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
index 97678a4b5e..cd78d39eb4 100644
--- a/src/libsystemd/sd-event/sd-event.c
+++ b/src/libsystemd/sd-event/sd-event.c
@@ -3831,7 +3831,7 @@ static int process_signal(sd_event *e, struct signal_data *d, uint32_t events, i
return -EIO;
if (_unlikely_(!SIGNAL_VALID(si.ssi_signo)))
- return -EINVAL;
+ return -EIO;
if (e->signal_sources)
s = e->signal_sources[si.ssi_signo];
--
2.33.0

36
backport-sd-event-do-not-assert-on-invalid-signal.patch Normal file
View File

@ -0,0 +1,36 @@
From 74fa56ebc3d323bd6cd2315eb8b1057f0ea359a8 Mon Sep 17 00:00:00 2001
From: David Tardon <dtardon@redhat.com>
Date: Thu, 25 Jul 2024 10:06:34 +0200
Subject: [PATCH] sd-event: do not assert on invalid signal
The signalfd_siginfo struct is received from outside via a FD, hence
assert() is not appropriate way to check it. Just do a normal runtime
check.
(cherry picked from commit 7a64c5f23efbb51fe4f1229c1a8aed6dd858a0a9)
(cherry picked from commit 7a48ea958bf146a45cb4a3b7ff7aeb5885469196)
(cherry picked from commit 5fa8b5d74aa81e884613ba68c6f765834e6dd02c)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/7a64c5f23efbb51fe4f1229c1a8aed6dd858a0a9
---
src/libsystemd/sd-event/sd-event.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c
index 3cc37371b6..97678a4b5e 100644
--- a/src/libsystemd/sd-event/sd-event.c
+++ b/src/libsystemd/sd-event/sd-event.c
@@ -3830,7 +3830,8 @@ static int process_signal(sd_event *e, struct signal_data *d, uint32_t events, i
if (_unlikely_(n != sizeof(si)))
return -EIO;
- assert(SIGNAL_VALID(si.ssi_signo));
+ if (_unlikely_(!SIGNAL_VALID(si.ssi_signo)))
+ return -EINVAL;
if (e->signal_sources)
s = e->signal_sources[si.ssi_signo];
--
2.33.0

36
backport-sd-ipv4acd-fix-assertion-triggered-when-an-ARP-recei.patch Normal file
View File

@ -0,0 +1,36 @@
From 8ed0c0bc4899f73934f3fc1c55c5cbb58b789a4d Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Fri, 20 Sep 2024 09:58:12 +0900
Subject: [PATCH] sd-ipv4acd: fix assertion triggered when an ARP received in
STARTED state
When a network is busy, an ARP may be received before the timer event
source triggered first time.
Fixes #34489.
(cherry picked from commit 146b44d0a0001712ced2f22ca76d242eedac26ad)
(cherry picked from commit 06eb9b14829f3a5819f6daefb09fdb855cd868f4)
(cherry picked from commit b054898f12f1987d5c6fae91e664cd7f57f7fdaa)
Conflict:NA
Reference:https://github.com/systemd/systemd/commit/146b44d0a0001712ced2f22ca76d242eedac26ad
---
src/libsystemd-network/sd-ipv4acd.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/libsystemd-network/sd-ipv4acd.c b/src/libsystemd-network/sd-ipv4acd.c
index d34c63e854..c7102cc4f6 100644
--- a/src/libsystemd-network/sd-ipv4acd.c
+++ b/src/libsystemd-network/sd-ipv4acd.c
@@ -396,6 +396,7 @@ static int ipv4acd_on_packet(
}
break;
+ case IPV4ACD_STATE_STARTED:
case IPV4ACD_STATE_WAITING_PROBE:
case IPV4ACD_STATE_PROBING:
case IPV4ACD_STATE_WAITING_ANNOUNCE:
--
2.33.0

66
backport-shared-log-error-when-execve-fail.patch Normal file
View File

@ -0,0 +1,66 @@
From 76fe6ebee84c22c96f1c9a96707c7e72706989fd Mon Sep 17 00:00:00 2001
From: Mauri de Souza Meneguzzo <mauri870@gmail.com>
Date: Mon, 24 Jun 2024 23:47:15 -0300
Subject: [PATCH] shared: log error when execve fail
If there is an error with the execv call in fork_agent the
program exits without any meaningful log message. Log the
command and errno so the user gets more information about
the failure.
Fixes: #33418
Signed-off-by: Mauri de Souza Meneguzzo <mauri870@gmail.com>
(cherry picked from commit a408d4453145621902b9a3ef78a552f83b09bd8d)
(cherry picked from commit 7fcfb73d71ed1d4230f58de1a94790e0c28719ea)
Conflict:NA
Reference:https://github.com/systemd/systemd-stable/commit/76fe6ebee84c22c96f1c9a96707c7e72706989fd
---
src/shared/exec-util.c | 1 +
src/shared/spawn-polkit-agent.c | 11 ++++++++---
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c
index c27f3a54c1..b402877d4d 100644
--- a/src/shared/exec-util.c
+++ b/src/shared/exec-util.c
@@ -601,5 +601,6 @@ int fork_agent(const char *name, const int except[], size_t n_except, pid_t *ret
va_end(ap);
execv(path, l);
+ log_error_errno(errno, "Failed to execute %s: %m", path);
_exit(EXIT_FAILURE);
}
diff --git a/src/shared/spawn-polkit-agent.c b/src/shared/spawn-polkit-agent.c
index ce3c5fb948..fd91bd636f 100644
--- a/src/shared/spawn-polkit-agent.c
+++ b/src/shared/spawn-polkit-agent.c
@@ -43,16 +43,21 @@ int polkit_agent_open(void) {
xsprintf(notify_fd, "%i", pipe_fd[1]);
r = fork_agent("(polkit-agent)",
- &pipe_fd[1], 1,
+ &pipe_fd[1],
+ 1,
&agent_pid,
POLKIT_AGENT_BINARY_PATH,
- POLKIT_AGENT_BINARY_PATH, "--notify-fd", notify_fd, "--fallback", NULL);
+ POLKIT_AGENT_BINARY_PATH,
+ "--notify-fd",
+ notify_fd,
+ "--fallback",
+ NULL);
/* Close the writing side, because that's the one for the agent */
safe_close(pipe_fd[1]);
if (r < 0)
- log_error_errno(r, "Failed to fork TTY ask password agent: %m");
+ log_error_errno(r, "Failed to fork polkit agent: %m");
else
/* Wait until the agent closes the fd */
(void) fd_wait_for_event(pipe_fd[0], POLLHUP, USEC_INFINITY);
--
2.33.0

118
backport-sysusers-handle-NSS-errors-gracefully.patch Normal file
View File

@ -0,0 +1,118 @@
From 0f518750a44dc4b2987ecc0cea4b3d848ac46ee9 Mon Sep 17 00:00:00 2001
From: Luca Boccassi <bluca@debian.org>
Date: Thu, 4 Jul 2024 10:23:04 +0100
Subject: [PATCH] sysusers: handle NSS errors gracefully
If the io.systemd.DynamicUser or io.systemd.Machine files exist,
but nothing is listening on them, the nss-systemd module returns
ECONNREFUSED and systemd-sysusers fails to creat the user/group.
This is problematic when ran by packaging scripts, as the package
assumes that after this has run, the user/group exist and can
be used. adduser does not fail in the same situation.
Change sysusers to print a loud warning but otherwise continue
when NSS returns an error.
(cherry picked from commit fc9938d6f8e7081df5420bf88bf98f683b1391c0)
(cherry picked from commit abba1e6bc29b7e07354ca23906c6f485ba245a1a)
Conflict:NA
Reference:https://github.com/systemd/systemd-stable/commit/0f518750a44dc4b2987ecc0cea4b3d848ac46ee9
---
src/sysusers/sysusers.c | 12 ++++++------
test/units/TEST-74-AUX-UTILS.sysusers.sh | 24 ++++++++++++++++++++++++
2 files changed, 30 insertions(+), 6 deletions(-)
create mode 100755 test/units/TEST-74-AUX-UTILS.sysusers.sh
diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c
index 514f3c7935..794e09ce53 100644
--- a/src/sysusers/sysusers.c
+++ b/src/sysusers/sysusers.c
@@ -1064,7 +1064,7 @@ static int uid_is_ok(
if (p)
return 0;
if (!IN_SET(errno, 0, ENOENT))
- return -errno;
+ log_warning_errno(errno, "Unexpected failure while looking up UID '" UID_FMT "' via NSS, assuming it doesn't exist: %m", uid);
if (check_with_gid) {
errno = 0;
@@ -1073,7 +1073,7 @@ static int uid_is_ok(
if (!streq(g->gr_name, name))
return 0;
} else if (!IN_SET(errno, 0, ENOENT))
- return -errno;
+ log_warning_errno(errno, "Unexpected failure while looking up GID '" GID_FMT "' via NSS, assuming it doesn't exist: %m", uid);
}
}
@@ -1179,7 +1179,7 @@ static int add_user(Context *c, Item *i) {
return 0;
}
if (!errno_is_not_exists(errno))
- return log_error_errno(errno, "Failed to check if user %s already exists: %m", i->name);
+ log_warning_errno(errno, "Unexpected failure while looking up user '%s' via NSS, assuming it doesn't exist: %m", i->name);
}
/* Try to use the suggested numeric UID */
@@ -1301,7 +1301,7 @@ static int gid_is_ok(
if (g)
return 0;
if (!IN_SET(errno, 0, ENOENT))
- return -errno;
+ log_warning_errno(errno, "Unexpected failure while looking up GID '" GID_FMT "' via NSS, assuming it doesn't exist: %m", gid);
if (check_with_uid) {
errno = 0;
@@ -1309,7 +1309,7 @@ static int gid_is_ok(
if (p)
return 0;
if (!IN_SET(errno, 0, ENOENT))
- return -errno;
+ log_warning_errno(errno, "Unexpected failure while looking up GID '" GID_FMT "' via NSS, assuming it doesn't exist: %m", gid);
}
}
@@ -1344,7 +1344,7 @@ static int get_gid_by_name(
return 0;
}
if (!errno_is_not_exists(errno))
- return log_error_errno(errno, "Failed to check if group %s already exists: %m", name);
+ log_warning_errno(errno, "Unexpected failure while looking up group '%s' via NSS, assuming it doesn't exist: %m", name);
}
return -ENOENT;
diff --git a/test/units/TEST-74-AUX-UTILS.sysusers.sh b/test/units/TEST-74-AUX-UTILS.sysusers.sh
new file mode 100755
index 0000000000..dcd29938b5
--- /dev/null
+++ b/test/units/TEST-74-AUX-UTILS.sysusers.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -eux
+set -o pipefail
+
+# shellcheck source=test/units/util.sh
+. "$(dirname "$0")"/util.sh
+
+at_exit() {
+ set +e
+ userdel -r foobarbaz
+ umount /run/systemd/userdb/
+}
+
+# Check that we indeed run under root to make the rest of the test work
+[[ "$(id -u)" -eq 0 ]]
+
+trap at_exit EXIT
+
+# Ensure that a non-responsive NSS socket doesn't make sysusers fail
+mount -t tmpfs tmpfs /run/systemd/userdb/
+touch /run/systemd/userdb/io.systemd.DynamicUser
+echo 'u foobarbaz' | SYSTEMD_LOG_LEVEL=debug systemd-sysusers -
+grep -q foobarbaz /etc/passwd
--
2.33.0

21
systemd.spec
View File

@ -25,7 +25,7 @@
Name: systemd Name: systemd
Url: https://systemd.io/ Url: https://systemd.io/
Version: 255 Version: 255
Release: 34 Release: 35
License: MIT and LGPLv2+ and GPLv2+ License: MIT and LGPLv2+ and GPLv2+
Summary: System and Service Manager Summary: System and Service Manager
@ -80,6 +80,22 @@ Patch6026: backport-shutdown-clean-up-sync_with_progress-a-bit.patch
Patch6027: backport-shutdown-replace-unbounded-fsync-with-bounded-sync_w.patch Patch6027: backport-shutdown-replace-unbounded-fsync-with-bounded-sync_w.patch
Patch6028: backport-shutdown-teach-sync_with_progress-to-optionally-sync.patch Patch6028: backport-shutdown-teach-sync_with_progress-to-optionally-sync.patch
Patch6029: backport-core-reliably-check-if-varlink-socket-has-been-deser.patch Patch6029: backport-core-reliably-check-if-varlink-socket-has-been-deser.patch
Patch6030: backport-fs-util-readlinkat-supports-an-empty-string.patch
Patch6031: backport-exec-invoke-correct-dont_close-size.patch
Patch6032: backport-core-Fix-file-descriptor-leak.patch
Patch6033: backport-core-service-fix-accept-socket-deserialization.patch
Patch6034: backport-coredump-correctly-take-tmpfs-size-into-account-for-.patch
Patch6035: backport-sysusers-handle-NSS-errors-gracefully.patch
Patch6036: backport-shared-log-error-when-execve-fail.patch
Patch6037: backport-sd-event-do-not-assert-on-invalid-signal.patch
Patch6038: backport-sd-event-change-error-code-EINVAL-EIO.patch
Patch6039: backport-basic-log-do-not-treat-all-negative-errnos-as-synthe.patch
Patch6040: backport-sd-ipv4acd-fix-assertion-triggered-when-an-ARP-recei.patch
Patch6041: backport-resolved-log-error-messages-for-openssl-gnutls-conte.patch
Patch6042: backport-journalctl-erase-verify-key-before-free.patch
Patch6043: backport-core-service-use-log_unit_-where-appropriate.patch
Patch6044: backport-core-Bump-log-level-of-reexecute-request-to-notice.patch
Patch6045: backport-core-Log-in-more-scenarios-about-which-process-initi.patch
Patch9008: update-rtc-with-system-clock-when-shutdown.patch Patch9008: update-rtc-with-system-clock-when-shutdown.patch
Patch9009: udev-add-actions-while-rename-netif-failed.patch Patch9009: udev-add-actions-while-rename-netif-failed.patch
@ -1673,6 +1689,9 @@ fi
%{_unitdir}/veritysetup.target %{_unitdir}/veritysetup.target
%changelog %changelog
* Tue Dec 24 2024 wangyuhang <wangyuhang27@huawei.com> - 255-35
- sync patches from systemd community
* Mon Dec 23 2024 zhangyao <zhangyao108@huawei.com> - 255-34 * Mon Dec 23 2024 zhangyao <zhangyao108@huawei.com> - 255-34
- systemd-fstab-generator print logs only to kmsg - systemd-fstab-generator print logs only to kmsg