v255 batch

docs/CONTAINER_INTERFACE.md

@@ -230,7 +230,9 @@ care should be taken to avoid naming conflicts. `systemd` (and in particular
    directory: it's used by code outside the container to insert mounts inside
    it only, and is mostly an internal vehicle to achieve this. Other container
    managers that want to implement similar functionality might consider using
-   the same directory.
+   the same directory. Alternatively, the new mount API may be used by the
+   container manager to establish new mounts in the container without the need
+   for the `/run/host/incoming/` directory.
 
 2. The `/run/host/inaccessible/` directory may be set up by the container
    manager to include six file nodes: `reg`, `dir`, `fifo`, `sock`, `chr`,

man/repart.d.xml

@@ -690,7 +690,7 @@
         <citerefentry
         project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
 
-        <para>If both bit 50 and 59 are set for a partition (i.e. the partition is marked both read-only and
+        <para>If both bit 60 and 59 are set for a partition (i.e. the partition is marked both read-only and
         marked for file system growing) the latter is typically without effect: the read-only flag takes
         precedence in most tools reading these flags, and since growing the file system involves writing to
         the partition it is consequently ignored.</para>

man/systemd-detect-virt.xml

@@ -62,7 +62,7 @@
         </thead>
         <tbody>
           <row>
-            <entry valign="top" morerows="16">VM</entry>
+            <entry valign="top" morerows="17">VM</entry>
             <entry><varname>qemu</varname></entry>
             <entry>QEMU software virtualization, without KVM</entry>
           </row>
@@ -217,6 +217,50 @@
     WSL is categorized as a container for practical purposes.
     Multiple WSL environments share the same kernel and services
     should generally behave like when being run in a container.</para>
+
+    <para>When executed with <option>--cvm</option>, instead of
+    printing the virtualization technology, it will display the
+    confidential virtual machine technology, if any. The
+    following technologies are currently identified:</para>
+
+    <table>
+      <title>Known confidential virtualization technologies</title>
+      <tgroup cols='2' align='left' colsep='1' rowsep='1'>
+        <colspec colname="id" />
+        <colspec colname="product" />
+        <thead>
+          <row>
+            <entry>Arch</entry>
+            <entry>ID</entry>
+            <entry>Technology</entry>
+          </row>
+        </thead>
+        <tbody>
+          <row>
+            <entry valign="top" morerows="3">x86_64</entry>
+            <entry><varname>sev</varname></entry>
+            <entry>AMD Secure Encrypted Virtualization</entry>
+          </row>
+          <row>
+            <entry><varname>sev-es</varname></entry>
+            <entry>AMD Secure Encrypted Virtualization - Encrypted State</entry>
+          </row>
+          <row>
+            <entry><varname>sev-snp</varname></entry>
+            <entry>AMD Secure Encrypted Virtualization - Secure Nested Paging</entry>
+          </row>
+          <row>
+            <entry><varname>tdx</varname></entry>
+            <entry>Intel Trust Domain Extensions</entry>
+          </row>
+          <row>
+            <entry>s390x</entry>
+            <entry><varname>protvirt</varname></entry>
+            <entry>IBM Protected Virtualization (Secure Execution)</entry>
+          </row>
+        </tbody>
+      </tgroup>
+    </table>
   </refsect1>
 
   <refsect1>

man/systemd-path.xml

@@ -43,6 +43,12 @@
     The variables whose name begins with <literal>search-</literal>
     do not refer to individual paths, but instead to a list of
     colon-separated search paths, in their order of precedence.</para>
+
+    <para>Note that paths which depend on environment variables are
+    computed with <command>systemd-path</command>'s invoked
+    environment, and not the system or user manager's environment. As
+    such, the output of <command>systemd-path</command> may not
+    reflect the behavior of manager processes.</para>
   </refsect1>
 
   <refsect1>

man/systemd-system.conf.xml

@@ -455,10 +455,12 @@
         <term><varname>ManagerEnvironment=</varname></term>
 
         <listitem><para>Takes the same arguments as <varname>DefaultEnvironment=</varname>, see above. Sets
-        environment variables just for the manager process itself. In contrast to user managers, these variables
-        are not inherited by processes spawned by the system manager, use <varname>DefaultEnvironment=</varname>
+        environment variables for the manager process itself. These variables are inherited by processes
+        spawned by user managers, but not the system manager - use <varname>DefaultEnvironment=</varname>
         for that. Note that these variables are merged into the existing environment block. In particular, in
-        case of the system manager, this includes variables set by the kernel based on the kernel command line.</para>
+        case of the system manager, this includes variables set by the kernel based on the kernel command line.
+        As with <varname>DefaultEnvironment=</varname>, this environment block is internal, and changes are not
+        reflected in the manager's <filename>/proc/PID/environ</filename>.</para>
 
         <para>Setting environment variables for the manager process may be useful to modify its behaviour.
         See <ulink url="https://systemd.io/ENVIRONMENT">Known Environment Variables</ulink> for a

man/systemd.net-naming-scheme.xml

@@ -478,7 +478,8 @@
           bridge as that would create naming conflict when there are more child devices on that bridge. Now,
           this is relaxed and we will use slot information to generate the name based on it but only if
           the PCI device has multiple functions. This is safe because distinct function number is a part of
-          the device name for multifunction devices.</para>
+          the device name for multifunction devices. Note, this is reverted in <constant>v255</constant>.
+          See below.</para>
 
           <xi:include href="version-info.xml" xpointer="v251"/>
           </listitem>
@@ -521,6 +522,9 @@
           <listitem><para>Naming was changed for SR-IOV virtual device representors to enable the
           change introduced in <constant>v254</constant> by default.</para>
 
+          <para>If we detect that a PCI device associated with a slot is a PCI bridge, we no longer set
+          <varname>ID_NET_NAME_SLOT</varname>, reverting a change that was introduced in v251.</para>
+
           <xi:include href="version-info.xml" xpointer="v255"/>
           </listitem>
         </varlistentry>

man/systemd.network.xml

@@ -1074,6 +1074,18 @@ Table=1234</programlisting></para>
           carrier. Defaults to false. If enabled, and the <varname>IgnoreCarrierLoss=</varname> setting
           is not explicitly set, then it is enabled as well.</para>
 
+          <para>With this enabled, to make the interface enter the <literal>configured</literal> state,
+          which is required to make <command>systemd-networkd-wait-online</command> work properly for the
+          interface, all dynamic address configuration mechanisms like <varname>DHCP=</varname> and
+          <varname>IPv6AcceptRA=</varname> (which is enabled by default in most cases) need to be disabled.
+          Also, <varname>DuplicateAddressDetection=</varname> (which is enabled by default for IPv4
+          link-local addresses and all IPv6 addresses) needs to be disabled for all static address
+          configurations. Otherwise, without carrier, the interface will be stuck in the
+          <literal>configuring</literal> state, and <command>systemd-networkd-wait-online</command> for the
+          interface will timeout. Also, it is recommended to set
+          <varname>RequiredForOnline=no-carrier</varname> to make
+          <command>systemd-networkd-wait-online</command> work for the interface.</para>
+
           <xi:include href="version-info.xml" xpointer="v235"/>
         </listitem>
       </varlistentry>
@@ -1563,7 +1575,8 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
           one of predefined names <literal>default</literal>, <literal>main</literal>, and
           <literal>local</literal>, and names defined in <varname>RouteTable=</varname> in
           <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
-          or a number between 1 and 4294967295. Defaults to <literal>main</literal>.</para>
+          or a number between 1 and 4294967295. Defaults to <literal>main</literal>.
+          Ignored if <varname>L3MasterDevice=</varname> is true.</para>
 
           <xi:include href="version-info.xml" xpointer="v235"/>
         </listitem>

man/systemd.service.xml

@@ -622,6 +622,12 @@
         <citerefentry><refentrytitle>sd_notify</refentrytitle><manvolnum>3</manvolnum></citerefentry>).
         </para>
 
+        <para>Note that the start timeout is also applied to service reloads, regardless if implemented
+        through <varname>ExecReload=</varname> or via the reload logic enabled via <varname>Type=notify-reload</varname>.
+        If the reload does not complete within the configured time, the reload will be considered failed and
+        the service will continue running with the old configuration. This will not affect the running service,
+        but will be logged and will cause e.g. <command>systemctl reload</command> to fail.</para>
+
         <xi:include href="version-info.xml" xpointer="v188"/></listitem>
       </varlistentry>
 

meson.build

@@ -369,6 +369,7 @@ possible_common_cc_flags = [
         '-Wstrict-aliasing=2',
         '-Wstrict-prototypes',
         '-Wsuggest-attribute=noreturn',
+        '-Wunterminated-string-initialization',
         '-Wunused-function',
         '-Wwrite-strings',
         '-Wzero-length-bounds',
@@ -381,7 +382,7 @@ possible_common_cc_flags = [
         '-fno-common',
         '-fstack-protector',
         '-fstack-protector-strong',
-        '-fstrict-flex-arrays',
+        '-fstrict-flex-arrays=3',
         '--param=ssp-buffer-size=4',
 ]
 

mkosi.extra/root/.gdbinit

@@ -0,0 +1,4 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+set debuginfod enabled off
+set pagination off

network/80-wifi-station.network.example

@@ -12,6 +12,7 @@
 [Match]
 Type=wlan
 WLANInterfaceType=station
+SSID=*
 
 [Network]
 DHCP=yes

rules.d/50-udev-default.rules.in

@@ -30,6 +30,9 @@ SUBSYSTEM=="pci|usb|platform", IMPORT{builtin}="path_id"
 
 SUBSYSTEM=="net", IMPORT{builtin}="net_driver"
 
+SUBSYSTEM=="ptp", ATTR{clock_name}=="KVM virtual PTP", SYMLINK+="ptp_kvm"
+SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK+="ptp_hyperv"
+
 ACTION!="add", GOTO="default_end"
 
 SUBSYSTEM=="tty", KERNEL=="ptmx", GROUP="tty", MODE="0666"
@@ -119,7 +122,4 @@ KERNEL=="vhost-net", GROUP="kvm", MODE="{{DEV_KVM_MODE}}", OPTIONS+="static_node
 
 KERNEL=="udmabuf", GROUP="kvm"
 
-SUBSYSTEM=="ptp", ATTR{clock_name}=="KVM virtual PTP", SYMLINK+="ptp_kvm"
-SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK+="ptp_hyperv"
-
 LABEL="default_end"

src/basic/cgroup-util.c

@@ -116,7 +116,9 @@ int cg_read_pidref(FILE *f, PidRef *ret, CGroupFlags flags) {
                 if (pid == 0)
                         return -EREMOTE;
 
-                if (FLAGS_SET(flags, CGROUP_NO_PIDFD)) {
+                /* We might read kernel thread pids from cgroup.procs for which we cannot create a pidfd so
+                 * catch those and don't try to create a pidfd for them. */
+                if (FLAGS_SET(flags, CGROUP_NO_PIDFD) || pid_is_kernel_thread(pid) > 0) {
                         *ret = PIDREF_MAKE_FROM_PID(pid);
                         return 1;
                 }
@@ -348,6 +350,12 @@ static int cg_kill_items(
                         if (set_get(s, PID_TO_PTR(pidref.pid)) == PID_TO_PTR(pidref.pid))
                                 continue;
 
+                        /* Ignore kernel threads to mimick the behavior of cgroup.kill. */
+                        if (pidref_is_kernel_thread(&pidref) > 0) {
+                                log_debug("Ignoring kernel thread with pid " PID_FMT " in cgroup '%s'", pidref.pid, path);
+                                continue;
+                        }
+
                         if (log_kill)
                                 ret_log_kill = log_kill(&pidref, sig, userdata);
 

src/basic/confidential-virt.c

@@ -11,6 +11,7 @@
 #include "confidential-virt-fundamental.h"
 #include "confidential-virt.h"
 #include "fd-util.h"
+#include "fileio.h"
 #include "missing_threads.h"
 #include "string-table.h"
 #include "utf8.h"
@@ -76,7 +77,7 @@ static uint64_t msr(uint64_t index) {
         return ret;
 }
 
-static bool detect_hyperv_sev(void) {
+static bool detect_hyperv_cvm(uint32_t isoltype) {
         uint32_t eax, ebx, ecx, edx, feat;
         char sig[13] = {};
 
@@ -100,7 +101,7 @@ static bool detect_hyperv_sev(void) {
                 ebx = ecx = edx = 0;
                 cpuid(&eax, &ebx, &ecx, &edx);
 
-                if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == CPUID_HYPERV_ISOLATION_TYPE_SNP)
+                if ((ebx & CPUID_HYPERV_ISOLATION_TYPE_MASK) == isoltype)
                         return true;
         }
 
@@ -133,7 +134,7 @@ static ConfidentialVirtualization detect_sev(void) {
         if (!(eax & EAX_SEV)) {
                 log_debug("No sev in CPUID, trying hyperv CPUID");
 
-                if (detect_hyperv_sev())
+                if (detect_hyperv_cvm(CPUID_HYPERV_ISOLATION_TYPE_SNP))
                         return CONFIDENTIAL_VIRTUALIZATION_SEV_SNP;
 
                 log_debug("No hyperv CPUID");
@@ -171,6 +172,11 @@ static ConfidentialVirtualization detect_tdx(void) {
         if (memcmp(sig, CPUID_SIG_INTEL_TDX, sizeof(sig)) == 0)
                 return CONFIDENTIAL_VIRTUALIZATION_TDX;
 
+        log_debug("No tdx in CPUID, trying hyperv CPUID");
+
+        if (detect_hyperv_cvm(CPUID_HYPERV_ISOLATION_TYPE_TDX))
+                return CONFIDENTIAL_VIRTUALIZATION_TDX;
+
         return CONFIDENTIAL_VIRTUALIZATION_NONE;
 }
 
@@ -189,40 +195,62 @@ static bool detect_hypervisor(void) {
         return is_hv;
 }
 
-ConfidentialVirtualization detect_confidential_virtualization(void) {
-        static thread_local ConfidentialVirtualization cached_found = _CONFIDENTIAL_VIRTUALIZATION_INVALID;
+static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {
         char sig[13] = {};
-        ConfidentialVirtualization cv = CONFIDENTIAL_VIRTUALIZATION_NONE;
-
-        if (cached_found >= 0)
-                return cached_found;
 
         /* Skip everything on bare metal */
         if (detect_hypervisor()) {
                 cpuid_leaf(0, sig, true);
 
                 if (memcmp(sig, CPUID_SIG_AMD, sizeof(sig)) == 0)
-                        cv = detect_sev();
+                        return detect_sev();
                 else if (memcmp(sig, CPUID_SIG_INTEL, sizeof(sig)) == 0)
-                        cv = detect_tdx();
+                        return detect_tdx();
         }
 
-        cached_found = cv;
-        return cv;
+        return CONFIDENTIAL_VIRTUALIZATION_NONE;
 }
+#elif defined(__s390x__)
+static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {
+        _cleanup_free_ char *s = NULL;
+        size_t readsize;
+        int r;
+
+        r = read_full_virtual_file("/sys/firmware/uv/prot_virt_guest", &s, &readsize);
+        if (r < 0) {
+                log_debug_errno(r, "Unable to read /sys/firmware/uv/prot_virt_guest: %m");
+                return CONFIDENTIAL_VIRTUALIZATION_NONE;
+        }
+
+        if (readsize >= 1 && s[0] == '1')
+                return CONFIDENTIAL_VIRTUALIZATION_PROTVIRT;
+
+        return CONFIDENTIAL_VIRTUALIZATION_NONE;
+}
+
 #else /* ! x86_64 */
-ConfidentialVirtualization detect_confidential_virtualization(void) {
+static ConfidentialVirtualization detect_confidential_virtualization_impl(void) {
         log_debug("No confidential virtualization detection on this architecture");
         return CONFIDENTIAL_VIRTUALIZATION_NONE;
 }
 #endif /* ! x86_64 */
 
+ConfidentialVirtualization detect_confidential_virtualization(void) {
+        static thread_local ConfidentialVirtualization cached_found = _CONFIDENTIAL_VIRTUALIZATION_INVALID;
+
+        if (cached_found == _CONFIDENTIAL_VIRTUALIZATION_INVALID)
+                cached_found = detect_confidential_virtualization_impl();
+
+        return cached_found;
+}
+
 static const char *const confidential_virtualization_table[_CONFIDENTIAL_VIRTUALIZATION_MAX] = {
-        [CONFIDENTIAL_VIRTUALIZATION_NONE]    = "none",
-        [CONFIDENTIAL_VIRTUALIZATION_SEV]     = "sev",
-        [CONFIDENTIAL_VIRTUALIZATION_SEV_ES]  = "sev-es",
-        [CONFIDENTIAL_VIRTUALIZATION_SEV_SNP] = "sev-snp",
-        [CONFIDENTIAL_VIRTUALIZATION_TDX]     = "tdx",
+        [CONFIDENTIAL_VIRTUALIZATION_NONE]     = "none",
+        [CONFIDENTIAL_VIRTUALIZATION_SEV]      = "sev",
+        [CONFIDENTIAL_VIRTUALIZATION_SEV_ES]   = "sev-es",
+        [CONFIDENTIAL_VIRTUALIZATION_SEV_SNP]  = "sev-snp",
+        [CONFIDENTIAL_VIRTUALIZATION_TDX]      = "tdx",
+        [CONFIDENTIAL_VIRTUALIZATION_PROTVIRT] = "protvirt",
 };
 
 DEFINE_STRING_TABLE_LOOKUP(confidential_virtualization, ConfidentialVirtualization);

src/basic/confidential-virt.h

@@ -13,6 +13,7 @@ typedef enum ConfidentialVirtualization {
         CONFIDENTIAL_VIRTUALIZATION_SEV_ES,
         CONFIDENTIAL_VIRTUALIZATION_SEV_SNP,
         CONFIDENTIAL_VIRTUALIZATION_TDX,
+        CONFIDENTIAL_VIRTUALIZATION_PROTVIRT,
 
         _CONFIDENTIAL_VIRTUALIZATION_MAX,
         _CONFIDENTIAL_VIRTUALIZATION_INVALID = -EINVAL,