v253 batch #417
Merged
v253 batch #417
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I do not think this is necessary, but all other places in libsystemd-network we clear buffer before receive. Without this, Coverity warns about use-of-uninitialized-values. Let's silence Coverity. Closes CID#1469721. (cherry picked from commit 40f9fa0) (cherry picked from commit 0d573787ea1610ba57a359cf437841f62b186e77) (cherry picked from commit aa93c07) (cherry picked from commit 74e844a)
As per the suggestion in systemd/systemd#33242. This reduces the number of /dev/ttySXX device units generated in mkosi from 32 to 4. (cherry picked from commit dc38f9a) (cherry picked from commit a3d94332a2b5128697373d3093c1cfa56649ec61) (cherry picked from commit 6391242) (cherry picked from commit 1a8549f)
This allows us to reserve a bunch of capacity ahead of time, improving the performance of hwdb significantly thanks to not having to reallocate so many times. Before: ``` $ sudo time valgrind --leak-check=full ./systemd-hwdb update ==113297== Memcheck, a memory error detector ==113297== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al. ==113297== Using Valgrind-3.23.0 and LibVEX; rerun with -h for copyright info ==113297== Command: ./systemd-hwdb update ==113297== ==113297== ==113297== HEAP SUMMARY: ==113297== in use at exit: 0 bytes in 0 blocks ==113297== total heap usage: 1,412,640 allocs, 1,412,640 frees, 117,920,009,195 bytes allocated ==113297== ==113297== All heap blocks were freed -- no leaks are possible ==113297== ==113297== For lists of detected and suppressed errors, rerun with: -s ==113297== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) 132.44user 21.15system 2:35.61elapsed 98%CPU (0avgtext+0avgdata 228560maxresident)k 0inputs+25296outputs (0major+6886930minor)pagefaults 0swaps ``` After: ``` $ sudo time valgrind --leak-check=full ./systemd-hwdb update ==112572== Memcheck, a memory error detector ==112572== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al. ==112572== Using Valgrind-3.23.0 and LibVEX; rerun with -h for copyright info ==112572== Command: ./systemd-hwdb update ==112572== ==112572== ==112572== HEAP SUMMARY: ==112572== in use at exit: 0 bytes in 0 blocks ==112572== total heap usage: 1,320,113 allocs, 1,320,113 frees, 70,614,501 bytes allocated ==112572== ==112572== All heap blocks were freed -- no leaks are possible ==112572== ==112572== For lists of detected and suppressed errors, rerun with: -s ==112572== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) 21.94user 0.19system 0:22.23elapsed 99%CPU (0avgtext+0avgdata 229876maxresident)k 0inputs+25264outputs (0major+57275minor)pagefaults 0swaps ``` Co-authored-by: Yu Watanabe <[email protected]> (cherry picked from commit 621b10f) (cherry picked from commit 514ef0f93b76cbe0ba6b4de07a7b21fd0c2b7bae) (cherry picked from commit aa0dd89) (cherry picked from commit 43ee651)
This check introduced in 91adc4d is intended to spare us from encountering broken resolver behavior we don't want to deal with. However if we aren't validating we more than likely don't know the state of the upstream resolver's support for dnssec. Let's let clients try these queries if they want. This brings the behavior of sd-resolved in-line with previouly stated change in the meaning of DNSSEC=no, which now means "don't validate" rather than "don't validate, because the upstream resolver is declared to be dnssec-unaware". Fixes: 9c47b33 ("resolved: enable DNS proxy mode if client wants DNSSEC") (cherry picked from commit 364c948) (cherry picked from commit ba031f1fe86e36d7adc0340b047de32399c98bf7) (cherry picked from commit 5299397) (cherry picked from commit a3a035e)
Historically, systemd-tmpfiles was designed to manager temporary files, but nowadays it has become a generic tool for managing all kinds of files. To avoid user confusion, let's remove "temporary" from the tool's description. As discussed in #33349 (cherry picked from commit b5c8cc0a3b8e4e2fea0539d6420a76b524ea5735) (cherry picked from commit 1a0e6961cfaed42bda542e111738c136f7b4d73f) (cherry picked from commit c752efd) (cherry picked from commit 269fb21)
If a symlink is leftover, still allow cleaning it up via 'disable'. This happens when a unit is stopped and removed, but not disabled, and a reload has already happened. At that point, cleaning up the old symlinks becomes impossible through the APIs, and needs to be done manually. Always allow cleaning up symlinks, if they exist, by only erroring out if there is an OOM. Follow-up for f31f10a (cherry picked from commit 5163c9b1e56293b1bb2803420613c5b374570892) (cherry picked from commit c26e56d08f30a2946dfa1d03781c63bfa9f56c1d) (cherry picked from commit 44c08e6) (cherry picked from commit 8c9fcb5)
See https://github.com/torvalds/linux/blob/v6.10-rc1/include/uapi/linux/loop.h Fixes a bug in b3fe33f. (cherry picked from commit eb6d3a5) (cherry picked from commit b097677) (cherry picked from commit f224a9d)
If the ceck for the ACPI TPM2 table did not work we currently check if the EFI TPM table exists to check if the firmware supports TPM2. Specifically we check if /sys/kernel/security/tpm0/binary_bios_measurements exists. But that's not enough, since that also exists on TPM1.2 systems. Hence, let's also check /sys/class/tpm/tpm0/tpm_version_major which should exist under similar conditions and tells us the kernel's idea of the TPM version in use. I originally intended to read the signature of the /sys/kernel/security/tpm0/binary_bios_measurements contents for this, but this is not ideal since that file has tight access mode, and our TPM availability check would thus not work anymore if invoked unpriv. Follow-up for 4b33911 Fixes: #33077 (cherry picked from commit aeaac9a) (cherry picked from commit b2046c3) (cherry picked from commit a55bb49)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.