1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-22 22:03:43 +03:00

Merge pull request #21392 from keszybz/memleak-fix-and-assorted-fs-code-cleanups

Memleak fix and assorted fs code cleanups
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2021-11-16 18:57:04 +01:00 committed by GitHub
commit af5e64be2e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 81 additions and 74 deletions

View File

@ -1197,6 +1197,12 @@ $ systemd-analyze verify /tmp/source:alias.service
<xi:include href="user-system-options.xml" xpointer="host" />
<xi:include href="user-system-options.xml" xpointer="machine" />
<varlistentry>
<term><option>--quiet</option></term>
<listitem><para>Suppress hints and other non-essential output.</para></listitem>
</varlistentry>
<xi:include href="standard-options.xml" xpointer="help" />
<xi:include href="standard-options.xml" xpointer="version" />
<xi:include href="standard-options.xml" xpointer="no-pager" />

View File

@ -50,7 +50,7 @@ _systemd_analyze() {
local -A OPTS=(
[STANDALONE]='-h --help --version --system --user --global --order --require --no-pager
--man=no --generators=yes'
--man=no --generators=yes --quiet'
[ARG]='-H --host -M --machine --fuzz --from-pattern --to-pattern --root'
)

View File

@ -1,32 +1,11 @@
#compdef systemd-analyze
# SPDX-License-Identifier: LGPL-2.1-or-later
(( $+functions[_systemd-analyze_log-level] )) ||
_systemd-analyze_log-level() {
local -a _levels
_levels=(debug info notice warning err crit alert emerg)
_describe -t level 'logging level' _levels || compadd "$@"
}
(( $+functions[_systemd-analyze_log-target] )) ||
_systemd-analyze_log-target() {
local -a _targets
_targets=(console journal kmsg journal-or-kmsg null)
_describe -t target 'logging target' _targets || compadd "$@"
}
(( $+functions[_systemd-analyze_verify] )) ||
_systemd-analyze_verify() {
_sd_unit_files
}
(( $+functions[_systemd-analyze_service-watchdogs] )) ||
_systemd-analyze_service-watchdogs() {
local -a _states
_states=(on off)
_describe -t state 'state' _states || compadd "$@"
}
(( $+functions[_systemd-analyze_cat-config] )) ||
_systemd-analyze_cat-config() {
_files -W '(/run/systemd/ /etc/systemd/ /usr/lib/systemd/)' -P 'systemd/'
@ -37,6 +16,20 @@
_sd_unit_files
}
(( $+functions[_systemd-analyze_syscall-filter] )) ||
_systemd-analyze_syscall-filter() {
local -a _groups
_groups=( $(systemd-analyze --quiet --no-pager syscall-filter | grep '^@') )
_describe -t groups 'syscall groups' _groups || compadd "$@"
}
(( $+functions[_systemd-analyze_filesystems] )) ||
_systemd-analyze_filesystems() {
local -a _groups
_groups=( $(systemd-analyze --quiet --no-pager filesystems | grep '^@') )
_describe -t groups 'file system groups' _groups || compadd "$@"
}
(( $+functions[_systemd-analyze_commands] )) ||
_systemd-analyze_commands(){
local -a _systemd_analyze_cmds
@ -52,16 +45,16 @@
'unit-files:List files and symlinks for units'
'unit-paths:List unit load paths'
'exit-status:List known exit statuses'
'syscall-filter:List syscalls in seccomp filter'
'capability:List capability definitions'
'syscall-filter:List syscalls in seccomp filters'
'filesystems:List known filesystems'
'condition:Evaluate Condition*= and Assert*= assignments'
'verify:Check unit files for correctness'
'calendar:Validate repetitive calendar time events'
'timestamp:Parse a systemd syntax timestamp'
'timespan:Parse a systemd syntax timespan'
'security:Analyze security settings of a service'
# 'log-level:Get/set systemd log threshold'
# 'log-target:Get/set systemd log target'
# 'service-watchdogs:Get/set service watchdog status'
# log-level, log-target, service-watchdogs have been deprecated
)
if (( CURRENT == 1 )); then
@ -90,12 +83,13 @@ _arguments \
'--root=[Add support for root argument]:PATH' \
'--image=[Add support for discrete images]:PATH' \
'--recursive-errors=[When verifying a unit, control dependency verification]:MODE' \
'--offline=[Perform a security review of the specified unit file(s)]:BOOL' \
'--offline=[Perform a security review of the specified unit files]:BOOL:(yes no)' \
'--threshold=[Set a value to compare the overall security exposure level with]: NUMBER' \
'--security-policy=[Allow user to use customized requirements to compare unit file(s) against]: PATH' \
'--json=[Generate a JSON output of the security analysis table]:MODE:(pretty short off)' \
'--no-pager[Do not pipe output into a pager]' \
'--man=[Do (not) check for existence of man pages]:boolean:(1 0)' \
'--man=[Do (not) check for existence of man pages]:BOOL:(yes no)' \
'--generators=[Do (not) run unit generators]:BOOL:(yes no)' \
'--order[When generating graph for dot, show only order]' \
'--require[When generating graph for dot, show only requirement]' \
'--fuzz=[When printing the tree of the critical chain, print also services, which finished TIMESPAN earlier, than the latest in the branch]:TIMESPAN' \
@ -103,4 +97,5 @@ _arguments \
'--to-pattern=[When generating a dependency graph, filter only destinations]:GLOB' \
{-H+,--host=}'[Operate on remote host]:userathost:_sd_hosts_or_user_at_host' \
{-M+,--machine=}'[Operate on local container]:machine:_sd_machines' \
'--quiet[Do not show hints]' \
'*::systemd-analyze commands:_systemd-analyze_commands'

View File

@ -103,20 +103,20 @@ _udevadm_test-builtin(){
(( $+functions[_udevadm_mounts] )) ||
_udevadm_mounts(){
local dev_tmp dpath_tmp mp_tmp mline
local dev_tmp dpath_tmp mp_tmp mline
tmp=( "${(@f)$(< /proc/self/mounts)}" )
dev_tmp=( "${(@)${(@)tmp%% *}:#none}" )
mp_tmp=( "${(@)${(@)tmp#* }%% *}" )
local MATCH
mp_tmp=("${(@q)mp_tmp//(#m)\\[0-7](#c3)/${(#)$(( 8#${MATCH[2,-1]} ))}}")
dpath_tmp=( "${(@Mq)dev_tmp:#/*}" )
dev_tmp=( "${(@q)dev_tmp:#/*}" )
local MATCH
mp_tmp=("${(@q)mp_tmp//(#m)\\[0-7](#c3)/${(#)$(( 8#${MATCH[2,-1]} ))}}")
dpath_tmp=( "${(@Mq)dev_tmp:#/*}" )
dev_tmp=( "${(@q)dev_tmp:#/*}" )
_alternative \
'device-paths: device path:compadd -a dpath_tmp' \
'directories:mount point:compadd -a mp_tmp'
_alternative \
'device-paths: device path:compadd -a dpath_tmp' \
'directories:mount point:compadd -a mp_tmp'
}
(( $+functions[_udevadm_commands] )) ||

View File

@ -104,6 +104,7 @@ static unsigned arg_iterations = 1;
static usec_t arg_base_time = USEC_INFINITY;
static char *arg_unit = NULL;
static JsonFormatFlags arg_json_format_flags = JSON_FORMAT_OFF;
static bool arg_quiet = false;
STATIC_DESTRUCTOR_REGISTER(arg_dot_from_patterns, strv_freep);
STATIC_DESTRUCTOR_REGISTER(arg_dot_to_patterns, strv_freep);
@ -1361,7 +1362,7 @@ static int dot(int argc, char *argv[], void *userdata) {
" red = Conflicts\n"
" green = After\n");
if (on_tty())
if (on_tty() && !arg_quiet)
log_notice("-- You probably want to process this output with graphviz' dot tool.\n"
"-- Try a shell pipeline like 'systemd-analyze dot | dot -Tsvg > systemd.svg'!\n");
@ -1707,13 +1708,14 @@ static int dump_syscall_filters(int argc, char *argv[], void *userdata) {
if (strv_isempty(strv_skip(argv, 1))) {
_cleanup_set_free_ Set *kernel = NULL, *known = NULL;
const char *sys;
int k;
int k = 0; /* explicit initialization to appease gcc */
NULSTR_FOREACH(sys, syscall_filter_sets[SYSCALL_FILTER_SET_KNOWN].value)
if (set_put_strdup(&known, sys) < 0)
return log_oom();
k = load_kernel_syscalls(&kernel);
if (!arg_quiet)
k = load_kernel_syscalls(&kernel);
for (int i = 0; i < _SYSCALL_FILTER_SET_MAX; i++) {
const SyscallFilterSet *set = syscall_filter_sets + i;
@ -1727,6 +1729,9 @@ static int dump_syscall_filters(int argc, char *argv[], void *userdata) {
first = false;
}
if (arg_quiet) /* Let's not show the extra stuff in quiet mode */
return 0;
if (!set_isempty(known)) {
_cleanup_free_ char **l = NULL;
char **syscall;
@ -1748,7 +1753,8 @@ static int dump_syscall_filters(int argc, char *argv[], void *userdata) {
if (k < 0) {
fputc('\n', stdout);
fflush(stdout);
log_notice_errno(k, "# Not showing unlisted system calls, couldn't retrieve kernel system call list: %m");
if (!arg_quiet)
log_notice_errno(k, "# Not showing unlisted system calls, couldn't retrieve kernel system call list: %m");
} else if (!set_isempty(kernel)) {
_cleanup_free_ char **l = NULL;
char **syscall;
@ -1800,8 +1806,8 @@ static int dump_syscall_filters(int argc, char *argv[], void *userdata) {
static int load_available_kernel_filesystems(Set **ret) {
_cleanup_set_free_ Set *filesystems = NULL;
_cleanup_free_ char *t = NULL;
int r;
char *t;
assert(ret);
@ -1930,6 +1936,9 @@ static int dump_filesystems(int argc, char *argv[], void *userdata) {
first = false;
}
if (arg_quiet) /* Let's not show the extra stuff in quiet mode */
return 0;
if (!set_isempty(known)) {
_cleanup_free_ char **l = NULL;
char **filesystem;
@ -2090,7 +2099,7 @@ static int dump_timespan(int argc, char *argv[], void *userdata) {
putchar('\n');
}
return EXIT_SUCCESS;
return 0;
}
static int test_timestamp_one(const char *p) {
@ -2452,9 +2461,8 @@ static int help(int argc, char *argv[], void *userdata) {
" unit-paths List load directories for units\n"
" exit-status [STATUS...] List exit status definitions\n"
" capability [CAP...] List capability definitions\n"
" syscall-filter [NAME...] Print list of syscalls in seccomp\n"
" filter\n"
" filesystems [NAME...] Print list of filesystems\n"
" syscall-filter [NAME...] List syscalls in seccomp filters\n"
" filesystems [NAME...] List known filesystems\n"
" condition CONDITION... Evaluate conditions and asserts\n"
" verify FILE... Check unit files for correctness\n"
" calendar SPEC... Validate repetitive calendar time\n"
@ -2463,12 +2471,10 @@ static int help(int argc, char *argv[], void *userdata) {
" timespan SPAN... Validate a time span\n"
" security [UNIT...] Analyze security of unit\n"
"\nOptions:\n"
" -h --help Show this help\n"
" --recursive-errors=MODE Control which units are verified\n"
" --offline=BOOL Perform a security review on unit file(s)\n"
" --threshold=N Exit with a non-zero status when overall\n"
" exposure level is over threshold value\n"
" --version Show package version\n"
" --security-policy=PATH Use custom JSON security policy instead\n"
" of built-in one\n"
" --json=pretty|short|off Generate JSON output of the security\n"
@ -2491,6 +2497,9 @@ static int help(int argc, char *argv[], void *userdata) {
" --iterations=N Show the specified number of iterations\n"
" --base-time=TIMESTAMP Calculate calendar times relative to\n"
" specified time\n"
" -h --help Show this help\n"
" --version Show package version\n"
" -q --quiet Do not emit hints\n"
"\nSee the %s for details.\n",
program_invocation_short_name,
ansi_highlight(),
@ -2532,6 +2541,7 @@ static int parse_argv(int argc, char *argv[]) {
static const struct option options[] = {
{ "help", no_argument, NULL, 'h' },
{ "version", no_argument, NULL, ARG_VERSION },
{ "quiet", no_argument, NULL, 'q' },
{ "order", no_argument, NULL, ARG_ORDER },
{ "require", no_argument, NULL, ARG_REQUIRE },
{ "root", required_argument, NULL, ARG_ROOT },
@ -2569,6 +2579,13 @@ static int parse_argv(int argc, char *argv[]) {
case 'h':
return help(0, NULL, NULL);
case ARG_VERSION:
return version();
case 'q':
arg_quiet = true;
break;
case ARG_RECURSIVE_ERRORS:
if (streq(optarg, "help")) {
DUMP_STRING_TABLE(recursive_errors, RecursiveErrors, _RECURSIVE_ERRORS_MAX);
@ -2581,9 +2598,6 @@ static int parse_argv(int argc, char *argv[]) {
arg_recursive_errors = r;
break;
case ARG_VERSION:
return version();
case ARG_ROOT:
r = parse_path_argument(optarg, /* suppress_root= */ true, &arg_root);
if (r < 0)

View File

@ -7,32 +7,22 @@ import sys
def filter_fsname(name):
# File system magics are sometimes not unique, because file systems got new
# revisions or got renamed. Let's prefer newer over older here, and thus
# ignore the old names. Specifically:
#
# → cgroupfs took over the magic of cpuset
# → devtmpfs is not a file system of its own, but just a "named superblock" of tmpfs
# → ext4 is the newest revision of ext2 + ext3
# → fuseblk is closely related to fuse, so close that they share a single magic, but the latter is more common
# → gfs2 is the newest revision of gfs
# → vfat is the newest revision of msdos
# → ncpfs (not ncp) was the last name of the netware `file_system_type` name before it was removed in 2018
# → nfs4 is the newest revision of nfs
# → orangefs is the new name of pvfs2
# → smb3 is an alias for cifs
# ignore the old names.
return name in (
"cpuset",
"devtmpfs",
"ext2",
return name in {
"cpuset", # magic taken over by cgroupfs
"devtmpfs", # not a file system of its own, but just a "named superblock" of tmpfs
"ext2", # ext4 is the newest revision of ext2 + ext3
"ext3",
"fuseblk",
"gfs",
"msdos",
"ncp",
"nfs",
"pvfs2",
"smb3",
)
"fuseblk", # closely related to fuse; they share a single magic, but the latter is more common
"gfs", # magic taken over by gfs2
"msdos", # vfat is the newest revision of msdos
"ncp", # ncpfs (not ncp) was the last name of the netware `file_system_type`
# name before it was removed in 2018
"nfs", # nfs4 is the newest revision of nfs
"pvfs2", # orangefs is the new name of pvfs2
"smb3", # smb3 is an alias for cifs
}
gperf_file = sys.argv[1]

View File

@ -411,6 +411,7 @@ bool fstype_is_ro(const char *fstype) {
/* All Linux file systems that are necessarily read-only */
return STR_IN_SET(fstype,
"DM_verity_hash",
"cramfs",
"erofs",
"iso9660",
"squashfs");
@ -419,6 +420,7 @@ bool fstype_is_ro(const char *fstype) {
bool fstype_can_discard(const char *fstype) {
return STR_IN_SET(fstype,
"btrfs",
"f2fs",
"ext4",
"vfat",
"xfs");