From 440a7172f82fd7e9b9f6be263dbfeac5aa893c88 Mon Sep 17 00:00:00 2001 From: Mike Yuan Date: Wed, 24 Jul 2024 16:28:48 +0200 Subject: [PATCH 01/21] basic/log: do not treat all negative errnos as synthetic Currently, IS_SYNTHETIC_ERRNO() evaluates to true for all negative errnos, because of the two's-complement negative value representation. Subsequently, ERRNO= is not logged for most of our own code. Let's fix this, by formatting all synthetic errnos as positive. Then, treat all negative values as non-synthetic. While at it, mark the evaluation order explicitly, and remove unneeded comment. Fixes #33800 (cherry picked from commit 268f58076f7e0258dce75f521d08199092279853) (cherry picked from commit 4ad6b2631d73a574859a62d33715a7bdef810bcf) (cherry picked from commit 1fc7e3473c2fec27bdc0b19753e4ea84cd39644f) (cherry picked from commit 9463b376bcbb1a177bf46d64845b52eae79af739) (cherry picked from commit 273146fc75e2e069f3176eb34a6bbee2159bf68d) --- src/basic/log.h | 5 ++--- src/test/test-log.c | 14 +++++++++----- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/src/basic/log.h b/src/basic/log.h index 560686ec162..d6e1126df8b 100644 --- a/src/basic/log.h +++ b/src/basic/log.h @@ -32,9 +32,8 @@ typedef enum LogTarget{ * used a regular log level. */ #define LOG_NULL (LOG_EMERG - 1) -/* Note to readers: << and >> have lower precedence (are evaluated earlier) than & and | */ -#define SYNTHETIC_ERRNO(num) (1 << 30 | (num)) -#define IS_SYNTHETIC_ERRNO(val) ((val) >> 30 & 1) +#define SYNTHETIC_ERRNO(num) (abs(num) | (1 << 30)) +#define IS_SYNTHETIC_ERRNO(val) (((val) >> 30) == 1) #define ERRNO_VALUE(val) (abs(val) & ~(1 << 30)) /* The callback function to be invoked when syntax warnings are seen diff --git a/src/test/test-log.c b/src/test/test-log.c index ae3d073d827..fa3d452f1d1 100644 --- a/src/test/test-log.c +++ b/src/test/test-log.c @@ -9,11 +9,6 @@ #include "string-util.h" #include "util.h" -assert_cc(IS_SYNTHETIC_ERRNO(SYNTHETIC_ERRNO(EINVAL))); -assert_cc(!IS_SYNTHETIC_ERRNO(EINVAL)); -assert_cc(IS_SYNTHETIC_ERRNO(SYNTHETIC_ERRNO(0))); -assert_cc(!IS_SYNTHETIC_ERRNO(0)); - #define X10(x) x x x x x x x x x x #define X100(x) X10(X10(x)) #define X1000(x) X100(X10(x)) @@ -71,6 +66,15 @@ static void test_log_syntax(void) { } int main(int argc, char* argv[]) { + assert_se(IS_SYNTHETIC_ERRNO(SYNTHETIC_ERRNO(EINVAL))); + assert_se(IS_SYNTHETIC_ERRNO(SYNTHETIC_ERRNO(-EINVAL))); + assert_cc(!IS_SYNTHETIC_ERRNO(EINVAL)); + assert_cc(!IS_SYNTHETIC_ERRNO(-EINVAL)); + assert_se(IS_SYNTHETIC_ERRNO(SYNTHETIC_ERRNO(0))); + assert_cc(!IS_SYNTHETIC_ERRNO(0)); + assert_se(ERRNO_VALUE(EINVAL) == EINVAL); + assert_se(ERRNO_VALUE(SYNTHETIC_ERRNO(-EINVAL)) == EINVAL); + test_file(); assert_se(log_info_errno(SYNTHETIC_ERRNO(EUCLEAN), "foo") == -EUCLEAN); From a625b77d138c30adbf9fac139b47f4c21aa7da20 Mon Sep 17 00:00:00 2001 From: David Tardon Date: Thu, 25 Jul 2024 10:06:34 +0200 Subject: [PATCH 02/21] sd-event: do not assert on invalid signal The signalfd_siginfo struct is received from outside via a FD, hence assert() is not appropriate way to check it. Just do a normal runtime check. (cherry picked from commit 7a64c5f23efbb51fe4f1229c1a8aed6dd858a0a9) (cherry picked from commit 7a48ea958bf146a45cb4a3b7ff7aeb5885469196) (cherry picked from commit 5fa8b5d74aa81e884613ba68c6f765834e6dd02c) (cherry picked from commit 74fa56ebc3d323bd6cd2315eb8b1057f0ea359a8) (cherry picked from commit e681d161fbc2f586f88a2ea5372e0d509c6e06fa) --- src/libsystemd/sd-event/sd-event.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c index 6f34dd184f1..b319b381d3d 100644 --- a/src/libsystemd/sd-event/sd-event.c +++ b/src/libsystemd/sd-event/sd-event.c @@ -3428,7 +3428,8 @@ static int process_signal(sd_event *e, struct signal_data *d, uint32_t events, i if (_unlikely_(n != sizeof(si))) return -EIO; - assert(SIGNAL_VALID(si.ssi_signo)); + if (_unlikely_(!SIGNAL_VALID(si.ssi_signo))) + return -EINVAL; if (e->signal_sources) s = e->signal_sources[si.ssi_signo]; From c80ebea1a82bf3c84e9772e98d339485ed467d2c Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Sun, 4 Aug 2024 11:29:03 +0900 Subject: [PATCH 03/21] sd-event: change error code -EINVAL -> -EIO EINVAL should be used when a function is called with an invalid argument. Here, the signal is not a function argument. Follow-up for 7a64c5f23efbb51fe4f1229c1a8aed6dd858a0a9. (cherry picked from commit ab9af70edb23f2a66e93e2e16f87cd98873885b7) (cherry picked from commit 84f0eda3781f49ff7f3035861b02fe247b89d65e) (cherry picked from commit da81ee2f78526f78b3c57661a59de681d208e35e) (cherry picked from commit 42885ab01726b5937390704f1d6ec33f0321fd53) (cherry picked from commit 7ac2395b6bed42bfc2a68ce024d82511d2ede2bd) --- src/libsystemd/sd-event/sd-event.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libsystemd/sd-event/sd-event.c b/src/libsystemd/sd-event/sd-event.c index b319b381d3d..6eb2d51cb5b 100644 --- a/src/libsystemd/sd-event/sd-event.c +++ b/src/libsystemd/sd-event/sd-event.c @@ -3429,7 +3429,7 @@ static int process_signal(sd_event *e, struct signal_data *d, uint32_t events, i return -EIO; if (_unlikely_(!SIGNAL_VALID(si.ssi_signo))) - return -EINVAL; + return -EIO; if (e->signal_sources) s = e->signal_sources[si.ssi_signo]; From 6e533ee03c18f8adae7fe6ba43203e807d291aa5 Mon Sep 17 00:00:00 2001 From: Jose Ignacio Tornos Martinez Date: Fri, 26 Jul 2024 10:28:21 +0200 Subject: [PATCH 04/21] kernel-install: remove depmod generated file modules.weakdep The new file, modules.weakdep, generated by depmod to get the weak dpendencies information can be present (https://github.com/kmod-project/kmod/commit/05828b4a6e9327a63ef94df544a042b5e9ce4fe7), so remove it like the other similar files. Signed-off-by: Jose Ignacio Tornos Martinez (cherry picked from commit eef4cd51f94d837bd0e71512c831634a2902522d) (cherry picked from commit 0cdec6e1fef4174c0d04aaca195ab56750437535) (cherry picked from commit ae0c61b4a722a7eacd2cc544798467e209238bf7) (cherry picked from commit d9abcf946689cf26f531d0faa82c9be114b9cacc) (cherry picked from commit f410f290202cbc5e94cdf491f7ea7876a237dbb2) --- src/kernel-install/50-depmod.install | 1 + 1 file changed, 1 insertion(+) diff --git a/src/kernel-install/50-depmod.install b/src/kernel-install/50-depmod.install index 88f858fed9c..08247c735b6 100755 --- a/src/kernel-install/50-depmod.install +++ b/src/kernel-install/50-depmod.install @@ -44,6 +44,7 @@ case "$COMMAND" in "/lib/modules/$KERNEL_VERSION/modules.dep.bin" \ "/lib/modules/$KERNEL_VERSION/modules.devname" \ "/lib/modules/$KERNEL_VERSION/modules.softdep" \ + "/lib/modules/$KERNEL_VERSION/modules.weakdep" \ "/lib/modules/$KERNEL_VERSION/modules.symbols" \ "/lib/modules/$KERNEL_VERSION/modules.symbols.bin" ;; From d142f5e2227c90d7c43f83361651987836c93431 Mon Sep 17 00:00:00 2001 From: Vladimir Panteleev Date: Sat, 27 Jul 2024 11:43:47 +0000 Subject: [PATCH 05/21] man: improve ManagerEnvironment documentation - Improve wording for explanation when these variables are inherited - Clarify that these variables are not placed in the process environment block, so /proc/PID/environ cannot be used as a debugging tool (cherry picked from commit 6c1e0823b04525716d9ee0031a2b6735d3f7dfa4) (cherry picked from commit 5cf0c45f64079430b0b7c12ad323f238386260b0) (cherry picked from commit 79f335d0ef2d3c35fdf4c19988c711a3abd31ee0) (cherry picked from commit bb28a6c0b68a4a9dc2aa33972b3419680d333c05) (cherry picked from commit 0b5bb2b1da217500a23c1bb2074d66d9c4c85748) --- man/systemd-system.conf.xml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml index 2bdfa1c0204..3c6334f324a 100644 --- a/man/systemd-system.conf.xml +++ b/man/systemd-system.conf.xml @@ -421,10 +421,12 @@ ManagerEnvironment= Takes the same arguments as DefaultEnvironment=, see above. Sets - environment variables just for the manager process itself. In contrast to user managers, these variables - are not inherited by processes spawned by the system manager, use DefaultEnvironment= + environment variables for the manager process itself. These variables are inherited by processes + spawned by user managers, but not the system manager - use DefaultEnvironment= for that. Note that these variables are merged into the existing environment block. In particular, in - case of the system manager, this includes variables set by the kernel based on the kernel command line. + case of the system manager, this includes variables set by the kernel based on the kernel command line. + As with DefaultEnvironment=, this environment block is internal, and changes are not + reflected in the manager's /proc/PID/environ. Setting environment variables for the manager process may be useful to modify its behaviour. See ENVIRONMENT for a descriptions of some From fd74868ff42b0ef3905159b005dc43e216c996f2 Mon Sep 17 00:00:00 2001 From: Vladimir Panteleev Date: Sat, 27 Jul 2024 11:49:20 +0000 Subject: [PATCH 06/21] man: clarify systemd-path variable source (cherry picked from commit 3f24fa57df552accc2a6f9ab4d36724ba7227eff) (cherry picked from commit ec3f2c8c8ad86004d6048510382167ee5f1ded61) (cherry picked from commit 8e0cb57134161105f4eceae321a3ad3e51c60639) (cherry picked from commit 53493370d24ecaa0b49175c9ab5849a193a5935c) (cherry picked from commit ba8c10a19534e869f87507b1a00dbf1b24820fe2) --- man/systemd-path.xml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/man/systemd-path.xml b/man/systemd-path.xml index f2ca87d3684..7c4046368f8 100644 --- a/man/systemd-path.xml +++ b/man/systemd-path.xml @@ -43,6 +43,12 @@ The variables whose name begins with search- do not refer to individual paths, but instead to a list of colon-separated search paths, in their order of precedence. + + Note that paths which depend on environment variables are + computed with systemd-path's invoked + environment, and not the system or user manager's environment. As + such, the output of systemd-path may not + reflect the behavior of manager processes. From 4b19f0f957e1ff8b01454813411c39bb84a66242 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Mon, 29 Jul 2024 15:41:51 +0200 Subject: [PATCH 07/21] kernel-install: Try some more initrd variants in 90-loaderentry.install On CentOS/Fedora, dracut is configured to write the initrd to /boot/initramfs-$KERNEL_VERSION...img so let's check for that as well if no initrds were supplied. (cherry picked from commit b56920e36c5692c0dde701bfb48330653a9c62c9) (cherry picked from commit 1cb21b2cb194501464c52c1f32ae55f593689cc3) (cherry picked from commit 22acfc05a72da8d79e907e1a1f34896735e00b22) (cherry picked from commit 7182b54b8660f2429115cf41dafa321cee7baf27) (cherry picked from commit c98e7cdedf46806fc8710b8fbfff06f57730830f) --- src/kernel-install/90-loaderentry.install | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/src/kernel-install/90-loaderentry.install b/src/kernel-install/90-loaderentry.install index 41a05534b93..627323e62e1 100755 --- a/src/kernel-install/90-loaderentry.install +++ b/src/kernel-install/90-loaderentry.install @@ -155,8 +155,18 @@ mkdir -p "${LOADER_ENTRY%/*}" || { have_initrd=yes done - # Try "initrd", generated by dracut in its kernel-install hook, if no initrds were supplied - [ -z "$have_initrd" ] && [ -f "$ENTRY_DIR_ABS/initrd" ] && echo "initrd $ENTRY_DIR/initrd" + # Try a few variations that are generated by various initrd generators in their kernel-install hooks if + # no initrds were supplied. + + if [ -z "$have_initrd" ] && [ -f "$ENTRY_DIR_ABS/initrd" ]; then + echo "initrd $ENTRY_DIR/initrd" + have_initrd=yes + fi + + if [ -z "$have_initrd" ] && [ -f "$BOOT_ROOT/initramfs-$KERNEL_VERSION.img" ]; then + echo "initrd /initramfs-$KERNEL_VERSION.img" + have_initrd=yes + fi : } >"$LOADER_ENTRY" || { echo "Error: could not create loader entry '$LOADER_ENTRY'." >&2 From f50ba8921d6dc3efafd2d30e51fb119cbd585dc9 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 31 Jul 2024 03:04:04 +0900 Subject: [PATCH 08/21] network: do not bring down bound interfaces immediately Even if a timespan specified to IgnoreCarrierLoss= for an interface, when the carrier of the interface lost, bound interfaces might be bring down immediately. Let's also postpone bringing down bound interfaces with the specified timespan. (cherry picked from commit e8eaed0240d642e70c567b08f3593e4cf45a255a) (cherry picked from commit 9468a6ea47cfb8412875923d09b8a8ae6ee02119) (cherry picked from commit 80e93a0640e06b9fbe7d7354b4fad8a6ad140140) (cherry picked from commit f2e34bdb57edbed90bb6eafd3d2d08d5f4e5436f) (cherry picked from commit bb8b029b3b5f16284a975cf21dd663412bdb8f9e) --- src/network/networkd-link.c | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/src/network/networkd-link.c b/src/network/networkd-link.c index cb219295b9b..e39a6fefe39 100644 --- a/src/network/networkd-link.c +++ b/src/network/networkd-link.c @@ -1569,17 +1569,19 @@ static int link_carrier_gained(Link *link) { } static int link_carrier_lost_impl(Link *link) { - int r, ret = 0; + int ret = 0, r; assert(link); link->previous_ssid = mfree(link->previous_ssid); + ret = link_handle_bound_by_list(link); + if (IN_SET(link->state, LINK_STATE_FAILED, LINK_STATE_LINGER)) - return 0; + return ret; if (!link->network) - return 0; + return ret; r = link_stop_engines(link, false); if (r < 0) @@ -1608,22 +1610,17 @@ static int link_carrier_lost_handler(sd_event_source *s, uint64_t usec, void *us static int link_carrier_lost(Link *link) { uint16_t dhcp_mtu; usec_t usec; - int r; assert(link); - r = link_handle_bound_by_list(link); - if (r < 0) - return r; - if (link->iftype == ARPHRD_CAN) /* let's shortcut things for CAN which doesn't need most of what's done below. */ - return 0; + usec = 0; - if (!link->network) - return 0; + else if (!link->network) + usec = 0; - if (link->network->ignore_carrier_loss_set) + else if (link->network->ignore_carrier_loss_set) /* If IgnoreCarrierLoss= is explicitly specified, then use the specified value. */ usec = link->network->ignore_carrier_loss_usec; From 163e0f0a9ff72cf15d2d3b39eee51a41ebf69a09 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Wed, 31 Jul 2024 01:46:58 +0100 Subject: [PATCH 09/21] efi: fix link to legacy EFI handover protocol (cherry picked from commit 4d6ab7e8440845301c90211beb22015e7232faa1) (cherry picked from commit c12c122e2ad3668848ffff69913006d420bda41d) (cherry picked from commit 407ac39dd8c3ac41c7c9c6f2f9c8307cd60b5ce9) (cherry picked from commit 2fa6dd17940b9f49d30d1be99f4f03ec99e9e000) (cherry picked from commit f94e0a3a6b4d5b1fd2ae01fa3bffc3c8d929ea1c) --- src/boot/efi/linux_x86.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/boot/efi/linux_x86.c b/src/boot/efi/linux_x86.c index 6a5e4311079..7c3664c5d7f 100644 --- a/src/boot/efi/linux_x86.c +++ b/src/boot/efi/linux_x86.c @@ -7,7 +7,7 @@ * this x86 specific linux_exec function passes the initrd by setting the * corresponding fields in the setup_header struct. * - * see https://docs.kernel.org/x86/boot.html + * see https://docs.kernel.org/arch/x86/boot.html */ #include From 3d79a4e8288eb06c3643414e5602759c11618796 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 31 Jul 2024 06:49:32 +0900 Subject: [PATCH 10/21] network: request non-NULL SSID when a wlan interface is configured as station To avoid conflicts with user .network file for the wlan interface with Bond=. See https://github.com/systemd/systemd/issues/19832#issuecomment-857661200. (cherry picked from commit e2becab08506d8a085f4c18231c7f354db16df9f) (cherry picked from commit ad861b6ae6ee9660912f03f73f771c98f426753c) (cherry picked from commit 2a182ae521331fc71cf5aabc20bf0e8f0b38ae42) (cherry picked from commit d00860118d9fa6787ed4f35cbde047c819548c12) (cherry picked from commit 9d9458a00e99d256e244966c46cc0f7bf7887d62) --- network/80-wifi-station.network.example | 1 + 1 file changed, 1 insertion(+) diff --git a/network/80-wifi-station.network.example b/network/80-wifi-station.network.example index 160b4eb5e30..600ce4c5ea1 100644 --- a/network/80-wifi-station.network.example +++ b/network/80-wifi-station.network.example @@ -12,6 +12,7 @@ [Match] Type=wlan WLANInterfaceType=station +SSID=* [Network] DHCP=yes From 15245a4132577c7164460a8bbd8356155d8767b1 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Thu, 1 Aug 2024 12:03:54 +0900 Subject: [PATCH 11/21] import: check overflow Fixes CID#1548022 and CID#1548075. (cherry picked from commit f7012a93a7f04fa29c7933a4963aa17fcf120e97) (cherry picked from commit 11c15905cd4759b89a1da63d05772c1f7c3744a4) (cherry picked from commit a920cc9b3a8fc8b9ee57fa5c4a30d9234eb7a819) (cherry picked from commit ff17a1023e2715ee5f54cc741b47e1eb1c444f35) (cherry picked from commit 2d261daa16d181bca7acf5fa049c7f079733022b) --- src/import/import-raw.c | 5 +++++ src/import/import-tar.c | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/src/import/import-raw.c b/src/import/import-raw.c index 30f5b9050ba..515f16fb4ed 100644 --- a/src/import/import-raw.c +++ b/src/import/import-raw.c @@ -409,6 +409,11 @@ static int raw_import_process(RawImport *i) { goto finish; } + if ((size_t) l > sizeof(i->buffer) - i->buffer_size) { + r = log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Read input file exceeded maximum size."); + goto finish; + } + i->buffer_size += l; if (i->compress.type == IMPORT_COMPRESS_UNKNOWN) { diff --git a/src/import/import-tar.c b/src/import/import-tar.c index f31d3d75a1f..8120f7c6801 100644 --- a/src/import/import-tar.c +++ b/src/import/import-tar.c @@ -276,6 +276,11 @@ static int tar_import_process(TarImport *i) { goto finish; } + if ((size_t) l > sizeof(i->buffer) - i->buffer_size) { + r = log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Read input file exceeded maximum size."); + goto finish; + } + i->buffer_size += l; if (i->compress.type == IMPORT_COMPRESS_UNKNOWN) { From 08b5fe4a89b91f7888860e5edb243e1defe97ee9 Mon Sep 17 00:00:00 2001 From: Ronan Pigott Date: Thu, 1 Aug 2024 10:59:12 -0700 Subject: [PATCH 12/21] resolved: don't treat conn reset as packet loss tcp reset / icmp port-unreachable are markedly different conditions than packet loss. It doesn't make much sense to retry in this case. It's actually not clear if there is any benefit at all retrying tcp connections, which were presumably already retried as necessary by the tcp stack. (cherry picked from commit ddd710a355acc698b48159f3e501dda5a7dc2704) (cherry picked from commit f5376fea7de173e9369e8af569fc6ecabd0d7282) (cherry picked from commit 030dbbc39e54666bd0f393ef47f0b0d9b2dfe8b4) (cherry picked from commit 1b5bc5ab49fccd1e23d6ee6ba5f37d8347156790) (cherry picked from commit b8316a0ca3cbcf156f970b56b020324ce2416a26) --- src/resolve/resolved-dns-stream.c | 6 ++++++ src/resolve/resolved-dns-transaction.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/resolve/resolved-dns-stream.c b/src/resolve/resolved-dns-stream.c index dd3da7b5db3..6fff69cb168 100644 --- a/src/resolve/resolved-dns-stream.c +++ b/src/resolve/resolved-dns-stream.c @@ -322,6 +322,12 @@ static int on_stream_io(sd_event_source *es, int fd, uint32_t revents, void *use return dns_stream_complete(s, -r); } + if (revents & EPOLLERR) { + socklen_t errlen = sizeof(r); + if (getsockopt(s->fd, SOL_SOCKET, SO_ERROR, &r, &errlen) == 0) + return dns_stream_complete(s, r); + } + if ((revents & EPOLLOUT) && s->write_packet && s->n_written < sizeof(s->write_size) + s->write_packet->size) { diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index e23ec4ce4b1..f7b77c3b3a2 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -632,7 +632,7 @@ static int on_stream_complete(DnsStream *s, int error) { if (ERRNO_IS_DISCONNECT(error) && s->protocol != DNS_PROTOCOL_LLMNR) { log_debug_errno(error, "Connection failure for DNS TCP stream: %m"); - if (s->transactions) { + if (error != ECONNRESET && s->transactions) { DnsTransaction *t; t = s->transactions; From 890c5f98853d1cb1b680b8bf62f01fb2852a0e4c Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Sun, 4 Aug 2024 00:00:05 +0100 Subject: [PATCH 13/21] base-filesystem: do not attempt to create a /lib64 -> /usr/lib/ symlink In multi-arch distributions (debian and derivatives) multiarch tuples under /usr/lib are used, such as /usr/lib/x86_64-linux-gnu/ but the /lib64 symlink should never point there, it should always point to /usr/lib64, as that's how they are set up by distribution-specific tools. https://packages.debian.org/bookworm/amd64/libc6-i386/filelist https://packages.debian.org/bookworm/mipsel/libc6-mips64/filelist https://salsa.debian.org/md/usrmerge/-/blob/master/convert-usrmerge?ref_type=heads#L295 https://salsa.debian.org/md/usrmerge/-/blob/master/convert-usrmerge?ref_type=heads#L517 http://bugs.debian.org/1076491 Fixes https://github.com/systemd/systemd/issues/33919 (cherry picked from commit b75c13731ee0867a8d7889348fc8da1869af7551) (cherry picked from commit 38caeac7680b3f7a81b741336f57f9b56d040297) (cherry picked from commit b2738ee8155a826e3812253f5672ac8acaa5aa8c) (cherry picked from commit 3b1f76da88453a2c3e94fa351b45ecab619d717f) (cherry picked from commit d62a0aaf0c5cf08b0296570b8cbe1514c438f0cc) --- src/shared/base-filesystem.c | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c index 950ed1e835d..f59438ce464 100644 --- a/src/shared/base-filesystem.c +++ b/src/shared/base-filesystem.c @@ -50,8 +50,7 @@ static const BaseFilesystem table[] = { /* aarch64 ELF ABI actually says dynamic loader is in /lib/, but Fedora puts it in /lib64/ anyway and * just symlinks /lib/ld-linux-aarch64.so.1 to ../lib64/ld-linux-aarch64.so.1. For this to work * correctly, /lib64/ must be symlinked to /usr/lib64/. */ - { "lib64", 0, "usr/lib/"LIB_ARCH_TUPLE"\0" - "usr/lib64\0", "ld-linux-aarch64.so.1" }, + { "lib64", 0, "usr/lib64\0", "ld-linux-aarch64.so.1" }, # define KNOW_LIB64_DIRS 1 #elif defined(__alpha__) #elif defined(__arc__) || defined(__tilegx__) @@ -59,21 +58,17 @@ static const BaseFilesystem table[] = { /* No /lib64 on arm. The linker is /lib/ld-linux-armhf.so.3. */ # define KNOW_LIB64_DIRS 1 #elif defined(__i386__) || defined(__x86_64__) - { "lib64", 0, "usr/lib/"LIB_ARCH_TUPLE"\0" - "usr/lib64\0", "ld-linux-x86-64.so.2" }, + { "lib64", 0, "usr/lib64\0", "ld-linux-x86-64.so.2" }, # define KNOW_LIB64_DIRS 1 #elif defined(__ia64__) #elif defined(__loongarch_lp64) # define KNOW_LIB64_DIRS 1 # if defined(__loongarch_double_float) - { "lib64", 0, "usr/lib/"LIB_ARCH_TUPLE"\0" - "usr/lib64\0", "ld-linux-loongarch-lp64d.so.1" }, + { "lib64", 0, "usr/lib64\0", "ld-linux-loongarch-lp64d.so.1" }, # elif defined(__loongarch_single_float) - { "lib64", 0, "usr/lib/"LIB_ARCH_TUPLE"\0" - "usr/lib64\0", "ld-linux-loongarch-lp64f.so.1" }, + { "lib64", 0, "usr/lib64\0", "ld-linux-loongarch-lp64f.so.1" }, # elif defined(__loongarch_soft_float) - { "lib64", 0, "usr/lib/"LIB_ARCH_TUPLE"\0" - "usr/lib64\0", "ld-linux-loongarch-lp64s.so.1" }, + { "lib64", 0, "usr/lib64\0", "ld-linux-loongarch-lp64s.so.1" }, # else # error "Unknown LoongArch ABI" # endif @@ -89,8 +84,7 @@ static const BaseFilesystem table[] = { # endif #elif defined(__powerpc__) # if defined(__PPC64__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ - { "lib64", 0, "usr/lib/"LIB_ARCH_TUPLE"\0" - "usr/lib64\0", "ld64.so.2" }, + { "lib64", 0, "usr/lib64\0", "ld64.so.2" }, # define KNOW_LIB64_DIRS 1 # elif defined(__powerpc64__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ /* powerpc64-linux-gnu */ @@ -101,15 +95,13 @@ static const BaseFilesystem table[] = { # if __riscv_xlen == 32 # elif __riscv_xlen == 64 /* Same situation as for aarch64 */ - { "lib64", 0, "usr/lib/"LIB_ARCH_TUPLE"\0" - "usr/lib64\0", "ld-linux-riscv64-lp64d.so.1" }, + { "lib64", 0, "usr/lib64\0", "ld-linux-riscv64-lp64d.so.1" }, # define KNOW_LIB64_DIRS 1 # else # error "Unknown RISC-V ABI" # endif #elif defined(__s390x__) - { "lib64", 0, "usr/lib/"LIB_ARCH_TUPLE"\0" - "usr/lib64\0", "ld-lsb-s390x.so.3" }, + { "lib64", 0, "usr/lib64\0", "ld-lsb-s390x.so.3" }, # define KNOW_LIB64_DIRS 1 #elif defined(__s390__) /* s390-linux-gnu */ From 42ebfb9314a447947b2a47dcd596e4c176fdb925 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 5 Aug 2024 10:46:41 +0900 Subject: [PATCH 14/21] resolve: refuse invalid service without type field Fixes Fixes #33935. (cherry picked from commit b48ab08732a76b7337628e1e716f11c687000903) (cherry picked from commit 0195db6e919e80bdd6b4b706ebc24d5e935f5422) (cherry picked from commit 7b1bb6e0bc5608e5d14964faf302242827387583) (cherry picked from commit bafd8fcb364ebb655671ccb3cb7ca1dbe1259e74) (cherry picked from commit 643780a559ca13e8f15d63dc9b830c2400373cae) --- src/resolve/resolved-bus.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c index b2d8273c729..1f7d637a3dd 100644 --- a/src/resolve/resolved-bus.c +++ b/src/resolve/resolved-bus.c @@ -1133,6 +1133,11 @@ static void resolve_service_all_complete(DnsQuery *query) { if (r < 0) goto finish; + if (isempty(type)) { + r = reply_method_errorf(q, BUS_ERROR_NO_SUCH_SERVICE, "'%s' does not provide valid service", dns_query_string(q)); + goto finish; + } + r = sd_bus_message_append( reply, "ssst", From efacb19b42f18d88896d637af6cd7b7334c09625 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Mon, 5 Aug 2024 15:24:07 +0900 Subject: [PATCH 15/21] journal: comment the default value in journald.conf (cherry picked from commit 0d113f8e70243c1a8f0587105195e51e027a4725) (cherry picked from commit 8d5806b1e22798d8ee18b889af47568f5fccf3ed) (cherry picked from commit 5ee15b924edf1c43ccabf47c489936173ced0249) (cherry picked from commit 459fdc1c34e15d9ffe22e289e1ec3adf3bf6573c) (cherry picked from commit bc255767a760f97442e4d4548e1320cd3fdccaae) --- src/journal/journald.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/journal/journald.conf b/src/journal/journald.conf index 5a60a9d39c5..30474cb5265 100644 --- a/src/journal/journald.conf +++ b/src/journal/journald.conf @@ -30,7 +30,7 @@ #RuntimeKeepFree= #RuntimeMaxFileSize= #RuntimeMaxFiles=100 -#MaxRetentionSec= +#MaxRetentionSec=0 #MaxFileSec=1month #ForwardToSyslog=no #ForwardToKMsg=no From 6ac285aab3d0bef323784d34ded8f32136c182d6 Mon Sep 17 00:00:00 2001 From: Nick Rosbrook Date: Mon, 5 Aug 2024 20:43:15 -0400 Subject: [PATCH 16/21] sysusers: check if requested group name matches user name in queue When creating a user, check if the requested group name matches a user name in the queue. If that matched user name is also going to be a group name, then use it for the new user too. In other words, allow the following: u foo - u bar -:foo when both foo and bar are new users. Fixes #33547 (cherry picked from commit 18a8f03e5160ca3828d327d9bbd1b32f26d792a3) (cherry picked from commit edf52384c2e99cd5af9bcd4ae4b13fd8f79596d3) (cherry picked from commit 25003a6450810aeb0722ff6fb566f41297595f49) (cherry picked from commit ed2da0379a0f1414e6246fd3e8cf200cd8127859) (cherry picked from commit f2c2b65ba76cd9fcf22603a57e9bcb5e8751540f) --- src/sysusers/sysusers.c | 8 +++++++- test/test-sysusers/test-16.expected-group | 1 + test/test-sysusers/test-16.expected-passwd | 2 ++ test/test-sysusers/test-16.input | 7 +++++++ 4 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 test/test-sysusers/test-16.expected-group create mode 100644 test/test-sysusers/test-16.expected-passwd create mode 100644 test/test-sysusers/test-16.input diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c index 1d406b81b53..9f4f319afca 100644 --- a/src/sysusers/sysusers.c +++ b/src/sysusers/sysusers.c @@ -1356,9 +1356,15 @@ static int process_item(Item *i) { case ADD_USER: { Item *j = NULL; - if (!i->gid_set) + if (!i->gid_set) { j = ordered_hashmap_get(groups, i->group_name ?: i->name); + /* If that's not a match, also check if the group name + * matches a user name in the queue. */ + if (!j && i->group_name) + j = ordered_hashmap_get(users, i->group_name); + } + if (j && j->todo_group) { /* When a group with the target name is already in queue, * use the information about the group and do not create diff --git a/test/test-sysusers/test-16.expected-group b/test/test-sysusers/test-16.expected-group new file mode 100644 index 00000000000..54918e417ac --- /dev/null +++ b/test/test-sysusers/test-16.expected-group @@ -0,0 +1 @@ +foo:x:SYSTEM_UGID_MAX: diff --git a/test/test-sysusers/test-16.expected-passwd b/test/test-sysusers/test-16.expected-passwd new file mode 100644 index 00000000000..8823813f82d --- /dev/null +++ b/test/test-sysusers/test-16.expected-passwd @@ -0,0 +1,2 @@ +foo:x:SYSTEM_UGID_MAX:SYSTEM_UGID_MAX::/:NOLOGIN +bar:x:300:SYSTEM_UGID_MAX::/:NOLOGIN diff --git a/test/test-sysusers/test-16.input b/test/test-sysusers/test-16.input new file mode 100644 index 00000000000..2d80d81c0c0 --- /dev/null +++ b/test/test-sysusers/test-16.input @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# Test fix for https://github.com/systemd/systemd/issues/33547. +# +#Type Name ID +u foo - +u bar 300:foo From 9e81aaf55a1d60ab8c82188a9365e067de2cba77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= Date: Sun, 4 Aug 2024 18:51:54 -0400 Subject: [PATCH 17/21] basic|boot: silence Wunterminated-string-initialization gcc15 warnings gcc15 has -Wunterminated-string-initialization in -Wextra and warns about string constants that are not null terminated even though the functions do do out of bounds access. Silence the warnings by simply not providing an explicit size. (cherry picked from commit af1a6db58fde8f64edcf7d27e1f3b636c999934c) (cherry picked from commit ca09bc33e8b2cbc7c410c300b6df5cf3ce437a3b) (cherry picked from commit f6f0d85135f472eeae58807918311a6fa78596a1) (cherry picked from commit e49ce1b1a57e9b32bf90ff33a68370f805a0d3bd) (cherry picked from commit a26459885d34095e03ee4c3dd576a5fda4e549b2) --- src/basic/hexdecoct.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/basic/hexdecoct.c b/src/basic/hexdecoct.c index 0ff8eb3256e..c5b11d176e8 100644 --- a/src/basic/hexdecoct.c +++ b/src/basic/hexdecoct.c @@ -36,7 +36,7 @@ int undecchar(char c) { } char hexchar(int x) { - static const char table[16] = "0123456789abcdef"; + static const char table[] = "0123456789abcdef"; return table[x & 15]; } @@ -171,8 +171,8 @@ int unhexmem_full(const char *p, size_t l, bool secure, void **ret, size_t *ret_ * useful when representing NSEC3 hashes, as one can then verify the * order of hashes directly from their representation. */ char base32hexchar(int x) { - static const char table[32] = "0123456789" - "ABCDEFGHIJKLMNOPQRSTUV"; + static const char table[] = "0123456789" + "ABCDEFGHIJKLMNOPQRSTUV"; return table[x & 31]; } @@ -522,9 +522,9 @@ int unbase32hexmem(const char *p, size_t l, bool padding, void **mem, size_t *_l /* https://tools.ietf.org/html/rfc4648#section-4 */ char base64char(int x) { - static const char table[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" - "abcdefghijklmnopqrstuvwxyz" - "0123456789+/"; + static const char table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz" + "0123456789+/"; return table[x & 63]; } @@ -532,9 +532,9 @@ char base64char(int x) { * since we don't want "/" appear in interface names (since interfaces appear in sysfs as filenames). * See section #5 of RFC 4648. */ char urlsafe_base64char(int x) { - static const char table[64] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" - "abcdefghijklmnopqrstuvwxyz" - "0123456789-_"; + static const char table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz" + "0123456789-_"; return table[x & 63]; } From 67a6d59137958a50039d9ff8a68e56ceb2e9c8fb Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 7 Aug 2024 14:03:13 +0900 Subject: [PATCH 18/21] meson: enable -Wunterminated-string-initialization With af1a6db58fde8f64edcf7d27e1f3b636c999934c, now we can build with the option. (cherry picked from commit f548bc4011bcdab008b125b9d0993817efa00718) (cherry picked from commit 772549666cf291d85c28d3bfc1ab2b7227422d4f) (cherry picked from commit da229ea89a9b5e861e978d3787f9cf422be21553) (cherry picked from commit fbc4335a4ac84645768225107ab0944725db26e2) (cherry picked from commit 5159b7af6138329da487c6fa4360179625cd3108) --- meson.build | 1 + 1 file changed, 1 insertion(+) diff --git a/meson.build b/meson.build index ef6cf88c7f5..28f823a9459 100644 --- a/meson.build +++ b/meson.build @@ -384,6 +384,7 @@ possible_common_cc_flags = [ '-Wstrict-aliasing=2', '-Wstrict-prototypes', '-Wsuggest-attribute=noreturn', + '-Wunterminated-string-initialization', '-Wunused-function', '-Wwrite-strings', From 409286cd6c0cec557a96a1e49093a5227e989cfc Mon Sep 17 00:00:00 2001 From: Ivan Shapovalov Date: Wed, 7 Aug 2024 10:02:45 +0200 Subject: [PATCH 19/21] core/exec-invoke: call setpriority() after sched_setattr() The nice value is part of struct sched_attr, and consequently invoking sched_setattr() after setpriority() would clobber the nice value with the default (as we are not setting it in struct sched_attr). It would be best to combine both calls, but for now simply invoke setpriority() after sched_setattr() to make sure Nice= remains effective when used together with CPUSchedulingPolicy=. (cherry picked from commit 711a157738b3dcd29a5ebc8f498eb46bfac59652) (cherry picked from commit b628d4dfa61234d28ffaa648ec09c5e9972f832a) (cherry picked from commit 4994f15f35c183792afcfc12de91b9074379a09c) (cherry picked from commit c90ba5eb8cf12d8180efc37ce0db243115f1e2ac) (cherry picked from commit 468144c1f56d620ba1710bb217c82b228550a62c) --- src/core/execute.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/core/execute.c b/src/core/execute.c index e25f10ecb01..bdb6dde2902 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -4438,14 +4438,6 @@ static int exec_child( } } - if (context->nice_set) { - r = setpriority_closest(context->nice); - if (r < 0) { - *exit_status = EXIT_NICE; - return log_unit_error_errno(unit, r, "Failed to set up process scheduling priority (nice level): %m"); - } - } - if (context->cpu_sched_set) { struct sched_attr attr = { .size = sizeof(attr), @@ -4461,6 +4453,14 @@ static int exec_child( } } + if (context->nice_set) { + r = setpriority_closest(context->nice); + if (r < 0) { + *exit_status = EXIT_NICE; + return log_unit_error_errno(unit, r, "Failed to set up process scheduling priority (nice level): %m"); + } + } + if (context->cpu_affinity_from_numa || context->cpu_set.set) { _cleanup_(cpu_set_reset) CPUSet converted_cpu_set = {}; const CPUSet *cpu_set; From d879bc0c7c021eabba3f36e83da26ec3eb7d9c3b Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Tue, 13 Aug 2024 10:36:40 +0200 Subject: [PATCH 20/21] docs: Mention the new mount API in the container interface doc Let's mention that the new mount API may be used to establish new mounts in a container without needing the /run/host/incoming directory. (cherry picked from commit 74cc5e2041a2c32e1824b32316bd95f2c8a811f5) (cherry picked from commit 65eff444c4fa7be5eb1be71c5d94ab8732167e11) (cherry picked from commit 53d92de4b4e6bd383abb2c6e96ae63cbe42f7f89) (cherry picked from commit c12ef9e5dd3663d04158634aa747e959c88cf8df) (cherry picked from commit 778f622380e2c03e081dcc5eb9711743f9bed2dc) --- docs/CONTAINER_INTERFACE.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/CONTAINER_INTERFACE.md b/docs/CONTAINER_INTERFACE.md index b74c4782b31..19987f7fa4b 100644 --- a/docs/CONTAINER_INTERFACE.md +++ b/docs/CONTAINER_INTERFACE.md @@ -230,7 +230,9 @@ care should be taken to avoid naming conflicts. `systemd` (and in particular directory: it's used by code outside the container to insert mounts inside it only, and is mostly an internal vehicle to achieve this. Other container managers that want to implement similar functionality might consider using - the same directory. + the same directory. Alternatively, the new mount API may be used by the + container manager to establish new mounts in the container without the need + for the `/run/host/incoming/` directory. 2. The `/run/host/inaccessible/` directory may be set up by the container manager to include six file nodes: `reg`, `dir`, `fifo`, `sock`, `chr`, From 2451f6a61013ea633d21105004c9948e17ec2c11 Mon Sep 17 00:00:00 2001 From: Thorsten Scherer Date: Wed, 14 Aug 2024 22:32:44 +0200 Subject: [PATCH 21/21] repart: Fix misleading typo in GPT partition flag Bit 60 is the one corresponding to ReadOnly, not 50. Fix this. (cherry picked from commit 932cc94436e653d0487c29e0dd44685610cd7bcb) (cherry picked from commit 2665618555d08fc3877043cac392f1b6573811b7) (cherry picked from commit f38c19bc695636700d85c5eb689680b017cc29e8) (cherry picked from commit 5ae6c773e4e6f3e95db8de7d6b4e1a8ff45f7e10) (cherry picked from commit 3630195780cb4ddd2a9560cfd67c8e6d58b5c231) --- man/repart.d.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/repart.d.xml b/man/repart.d.xml index ebbb31cc20e..120732db6ac 100644 --- a/man/repart.d.xml +++ b/man/repart.d.xml @@ -562,7 +562,7 @@ fstab5. - If both bit 50 and 59 are set for a partition (i.e. the partition is marked both read-only and + If both bit 60 and 59 are set for a partition (i.e. the partition is marked both read-only and marked for file system growing) the latter is typically without effect: the read-only flag takes precedence in most tools reading these flags, and since growing the file system involves writing to the partition it is consequently ignored.