1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-22 22:03:43 +03:00

58818 Commits

Author SHA1 Message Date
Daan De Meyer
ec5565d802 mount-util: Downgrade another noisy debug log to trace level
(cherry picked from commit 61f695f40a49a92c261d95bd6ced296691716a3d)
(cherry picked from commit 3a4601bc6459c61265b909a8e204ec3e5cfad277)
(cherry picked from commit b0ad6bc662c65fd7b95d2ff756355bc2bb209140)
2023-07-10 22:01:38 +01:00
Frantisek Sumsal
a0573a980c sd-network: avoid leaking DHCPLease
If we fail any allocation prior adding the lease to the server lease
hashmap.

==2103==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 128 byte(s) in 2 object(s) allocated from:
    #0 0x4a203e in __interceptor_calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:77:3
    #1 0x4f6341 in calloc (/build/fuzz-dhcp-server+0x4f6341)
    #2 0x4ec818 in add_lease /work/build/../../src/systemd/src/libsystemd-network/fuzz-dhcp-server.c:26:9
    #3 0x4ec2bf in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/libsystemd-network/fuzz-dhcp-server.c:75:9
    #4 0x4f68a8 in NaloFuzzerTestOneInput (/build/fuzz-dhcp-server+0x4f68a8)
    #5 0x5158b3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #6 0x51509a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
    #7 0x516769 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19
    #8 0x517435 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5
    #9 0x50679f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
    #10 0x507068 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10
    #11 0x4f6b25 in main (/build/fuzz-dhcp-server+0x4f6b25)
    #12 0x7f16084e3082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)

DEDUP_TOKEN: __interceptor_calloc--calloc--add_lease
SUMMARY: AddressSanitizer: 128 byte(s) leaked in 2 allocation(s).

Found by Nallocufzz.

(cherry picked from commit aca607d18d4324e921dc6c4e4190d9b496a4ac55)
(cherry picked from commit 18e08a46f7786c3b71c91e1bfe803f45536eb85f)
(cherry picked from commit aa0fb9c39438f564de004cf1887c0eb833130b37)
2023-07-10 22:01:38 +01:00
Frantisek Sumsal
30767c809c test: split the ASan wrapper into smaller blocks and tidy it up a bit
No functional change (hopefully), just making it easier on the eyes.

(cherry picked from commit ba79e8c2ccdea132c2c0a820deb27c66a5aa6956)
(cherry picked from commit 91f08ecca311bf06d2fe74e9f5c94a0dfc973637)
(cherry picked from commit bf60262374a6300651659ae5e5c02e36776f29fd)
2023-07-10 22:01:38 +01:00
Yu Watanabe
61d72099d7 core/unit: drop doubled empty line
(cherry picked from commit 512df9de23890fcfd5fdbfe633250fe848195d4b)
(cherry picked from commit 9104e618cda156d6e1f959f216982ba0c965a421)
(cherry picked from commit 27fa0f4f2898c844b8df6a7b688de6b313b7fc4f)
2023-07-10 22:01:38 +01:00
David Tardon
3c6a4b6b5f man: add trailing =
(cherry picked from commit 30765fcb16cdc78c0f27a007bb8cfc3237246d47)
(cherry picked from commit ed799b98a17a5c64752760ade87a729d2afcf408)
(cherry picked from commit ad82535635ecb6b971e72f074313c554cdb1e9c3)
2023-07-10 22:01:38 +01:00
Frantisek Sumsal
d6ff3663d2 specifier: avoid leaking memory on allocation error
==8036==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 64 byte(s) in 1 object(s) allocated from:
    #0 0x4a10bc in __interceptor_realloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:85:3
    #1 0x4deef1 in realloc (/build/fuzz-unit-file+0x4deef1)
    #2 0x7ffa35abfe23 in greedy_realloc /work/build/../../src/systemd/src/basic/alloc-util.c:70:13
    #3 0x7ffa35aefad2 in parse_env_file_internal /work/build/../../src/systemd/src/basic/env-file.c:127:38
    #4 0x7ffa35af08a6 in parse_env_file_fdv /work/build/../../src/systemd/src/basic/env-file.c:374:13
    #5 0x7ffa35b6391e in parse_extension_release_atv /work/build/../../src/systemd/src/basic/os-util.c:323:16
    #6 0x7ffa35b63c8a in parse_extension_release_sentinel /work/build/../../src/systemd/src/basic/os-util.c:360:13
    #7 0x7ffa35a5e3f5 in parse_os_release_specifier /work/build/../../src/systemd/src/shared/specifier.c:292:13
    #8 0x7ffa35a5e3f5 in specifier_os_id /work/build/../../src/systemd/src/shared/specifier.c:303:16
    #9 0x7ffa35a5c7f5 in specifier_printf /work/build/../../src/systemd/src/shared/specifier.c:70:45
    #10 0x7ffa3690b279 in unit_full_printf_full /work/build/../../src/systemd/src/core/unit-printf.c:264:16
    #11 0x7ffa367de795 in config_parse_bus_name /work/build/../../src/systemd/src/core/load-fragment.c:2401:13
    #12 0x7ffa358fe5ec in next_assignment /work/build/../../src/systemd/src/shared/conf-parser.c:151:24
    #13 0x7ffa358fe5ec in parse_line /work/build/../../src/systemd/src/shared/conf-parser.c:257:16
    #14 0x7ffa358fd653 in config_parse /work/build/../../src/systemd/src/shared/conf-parser.c:400:21
    #15 0x4de828 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/core/fuzz-unit-file.c:72:16
    #16 0x4df208 in NaloFuzzerTestOneInput (/build/fuzz-unit-file+0x4df208)
    #17 0x4fe213 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #18 0x4fd9fa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
    #19 0x4ff0c9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19
    #20 0x4ffd95 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5
    #21 0x4ef0ff in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
    #22 0x4ef9c8 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10
    #23 0x4df485 in main (/build/fuzz-unit-file+0x4df485)
    #24 0x7ffa35232082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)

DEDUP_TOKEN: __interceptor_realloc--realloc--greedy_realloc
SUMMARY: AddressSanitizer: 64 byte(s) leaked in 1 allocation(s).

Found by Nallocfuzz.

(cherry picked from commit 6c13a39ac731a23c38685aa65b38bc0b10449b81)
(cherry picked from commit b4c9a9bfca3b65a573329056095961446462aae9)
(cherry picked from commit 6b8b0f5dcaec4e8e4a64f8ce4cdda5c0db9da42c)
2023-07-10 22:01:38 +01:00
Yu Watanabe
17be878e74 update-utmp: reconnect after sleep when PID1 is reexecuting
Fixes #27167.

(cherry picked from commit fcb2343175d80b45659817e02a7d0d4771d0a854)
(cherry picked from commit c715627fd0d9462620bf8e3259d74343ef789802)
(cherry picked from commit 8748bab75869c0a2b596d18132127651fbdf0d89)
2023-07-10 22:01:38 +01:00
Yu Watanabe
d7359172de update-utmp: downgrade log level of ignored failure
(cherry picked from commit 86da32ee0c081d5d740ed5ff2d1d58c0d697c324)
(cherry picked from commit 0b45822938fde851c3ae681c5e05896d2b6dd551)
(cherry picked from commit 47639e7d770a3ebe135f92e84ba2b1fdc825c86e)
2023-07-10 22:01:38 +01:00
Daan De Meyer
c897d67b44 timer: Use dual_timestamp_is_set() in one more place
(cherry picked from commit e21f75afcd95a46261a36a2614712eff6bc119f4)
(cherry picked from commit 49d1608e6aa2153d353db9f549fa10125f223e24)
(cherry picked from commit a3a892eaac18563c700104235dfb305eea919f3b)
2023-07-10 22:01:38 +01:00
Lennart Poettering
ef852d88c4 execute: add missing NULL handling
(cherry picked from commit 00078fb3096d8a117f4c4322f1804bb7d95bcbc4)
(cherry picked from commit 7ff8bc5de4dbef6f417713ee13c8478bc7507e91)
(cherry picked from commit f288866121597842f6dd13669a8e02d98eca0f1e)
2023-07-10 22:01:38 +01:00
Zbigniew Jędrzejewski-Szmek
956b099903 hwdb: update to 2533fdd0fbe71e4a3fa7a2cca9830cd864fb9136
git restore -s origin/main hwdb.d/ test/hwdb.d test/hwdb-test.sh

(cherry picked from commit 991158e8b9a6f6907ae4ea11fc61163da7936b04)
(cherry picked from commit 50507d8f1f902f38dcbd49fdabadd86c843117cc)
v251.17
2023-06-02 22:45:46 +01:00
Jan Janssen
899eb671a0 boot: Use stddef.h offsetof
(cherry picked from commit 11f9a32de054d7b7142e6f0ad256a66a63391349)
2023-06-02 22:45:46 +01:00
Yu Watanabe
361326993e test-network: add tests for vlan QoS mapping
(cherry picked from commit 73d24e45f8ac18eaaebf1df2b1f055c14179c6ff)
(cherry picked from commit d1087bc599125ab474c39eeaf8cc0814dd8e86b9)
(cherry picked from commit d8450b3cd92b72fb9acca4dc24c78f9adbf286e7)
2023-06-02 22:45:46 +01:00
Yu Watanabe
84e97c0ccc network/vlan: paranoia about type safety
No functional change, as the struct is defined as the following:
```
struct ifla_vlan_qos_mapping {
      __u32 from;
      __u32 to;
};
```

(cherry picked from commit 4194478af861f80a73905d1f9e570a09862f91a7)
(cherry picked from commit 7ed7b07a921621ef35b83af8599a58e8773a0395)
(cherry picked from commit 96d8cec3ca5cb909311ef9d233cfe83b1f8aa167)
2023-06-02 22:45:46 +01:00
Yu Watanabe
e5f0a52e24 network/vlan: drop unnecessary restriction for QoS mapping
Fixes #27460.

(cherry picked from commit 4d13d175f8454df63843a880c78badd4f6d720ca)
(cherry picked from commit b20bc7c1ffe79c246f1d341149d771c1e95488ed)
(cherry picked from commit 35f61f0c644596dda126f493d9aff0206ad59db0)
2023-06-02 22:45:46 +01:00
Yu Watanabe
1807b8f1fc udev: do not set ID_PATH and by-path symlink for nvmf disks
Prompted by #27391.

(cherry picked from commit 39a39f18f2bd2b1ef7b4fa4823472d129c514030)
(cherry picked from commit dbf50f19112cf39c6f281c6dd2a0a9177774f932)
(cherry picked from commit 5ec7ad9588172bae561ce77ffadfa8f9eb44aa45)
2023-06-02 22:45:46 +01:00
Yu Watanabe
7510be9167 journalctl: fix --no-tail handling
Fixes a bug introduced by 62f21ec91ad8e7e24079962f4df066b0094fe68d.

(cherry picked from commit 3f2203f64df1d71564acd8b878906254f2a76c35)
(cherry picked from commit 75d4967502d0f59e5485c354fcfeab45b1c4c728)
(cherry picked from commit 9e452bb5ef7d0ac024ccaca1b427e3bb86d3ebb8)
2023-06-02 22:45:46 +01:00
Yu Watanabe
f6234a5643 journalctl: use correct variable to check if --since is specified
(cherry picked from commit 20e933ae7404154f642fd5459c11532102f8a598)
(cherry picked from commit f1ea9cd55e236d89b082529411f0d98776af2ba0)
(cherry picked from commit 46ee98edd5da6515ce0aac71885027a5c37898ad)
2023-06-02 22:45:46 +01:00
Zbigniew Jędrzejewski-Szmek
43c49bb918 test-fstab-generator: fix test on systemd with systemd-boot
(… or other boot loaders implementing the Boot Loader Interface.)

Fixes #27857.

(cherry picked from commit 088d8c99fe98e00eefdb8263cc9ce218a8023718)
(cherry picked from commit 3222272c46fc47c983df52063810e99c63c77439)
(cherry picked from commit a00581680eb331d8f8e32a1aaca5fb83b22f9bc9)
2023-06-02 22:45:46 +01:00
Frantisek Sumsal
f0d1dac86e home: move the assert back to the intended place
98d81cf974 moved the assertion at the beginning of home_dispatch_acquire(),
which is however before we even check for any ongoing operation, hence we
might hit it even in legitimate cases.

Let's move it back to after we check for any possibly ongoing operation, to
make it once again a safety check.

Follow-up to 98d81cf974.
Resolves: #22443 and #24036

(cherry picked from commit e4ab2db9df997e2c7d788440fbfe645b2d816306)
(cherry picked from commit 23b7bf3d0151d5344bc2bf10c58272d74cdd2fdf)
(cherry picked from commit 6e55a4d928260a1a40cee3d6b7ba4b0d37aa2b44)
2023-06-02 22:45:46 +01:00
Yu Watanabe
3840485879 basic/syscall: update syscall list
Only notable change is that memfd_secret is now defined on s390(x).

(cherry picked from commit 7b975e9f45940d781d522a7ef814cd7784c7e23b)
(cherry picked from commit 5f3ca32d0c3ce46623b3ceba92526287524ac524)
(cherry picked from commit a95176e436a49306d013903874081547ea022b0a)
2023-06-02 22:45:46 +01:00
Daan De Meyer
4e605aa46c tree-wide: Downgrade a few more noisy log messages to trace
(cherry picked from commit 30868c1c8d6e518a4da9c491df7eb8559951365d)
(cherry picked from commit 375e6be16cf455d23b81f6b60aeaeca5606e587f)
(cherry picked from commit ae8679d7a734d404b7b9c43d7cb75d36fbcb18d1)
2023-06-02 22:45:46 +01:00
Daan De Meyer
0907bfbaf1 units: Shut down networkd and resolved on switch-root
Let's explicitly order these against initrd-switch-root.target, so
that they are properly shut down before we switch root. Otherwise,
there's a race condition where networkd might only shut down after
switching root and after we've already we've loaded the unit graph,
meaning it won't be restarted in the rootfs.

Fixes #27718

(cherry picked from commit 75efd16fb001ba19d12362198ba5c44cb6f40d04)
(cherry picked from commit 2e10f8874aeb1972322c3e0c8237cb8263bccd53)
(cherry picked from commit bc3bad00567d02e00888e6690e1230a554432077)
2023-06-02 22:45:46 +01:00
Frantisek Sumsal
27b90b61b7 resolve: avoid memory leak from a partially processed RR
==5==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 4096 byte(s) in 1 object(s) allocated from:
    #0 0x4a2056 in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
    #1 0x5180a9 in malloc (/build/fuzz-resource-record+0x5180a9)
    #2 0x4f7182 in dns_packet_extend /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:371:36
    #3 0x4f8b8b in dns_packet_append_uint8 /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:433:13
    #4 0x4f8b8b in dns_packet_append_name /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:597:13
    #5 0x4f8f16 in dns_packet_append_key /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:622:13
    #6 0x4fa9a0 in dns_packet_append_rr /work/build/../../src/systemd/src/resolve/resolved-dns-packet.c:883:13
    #7 0x4eb00c in dns_resource_record_to_wire_format /work/build/../../src/systemd/src/resolve/resolved-dns-rr.c:1224:13
    #8 0x4df7be in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/resolve/fuzz-resource-record.c:32:16
    #9 0x518428 in NaloFuzzerTestOneInput (/build/fuzz-resource-record+0x518428)
    #10 0x537433 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #11 0x536c1a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
    #12 0x5382e9 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19
    #13 0x538fb5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5
    #14 0x52831f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
    #15 0x528be8 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10
    #16 0x5186a5 in main (/build/fuzz-resource-record+0x5186a5)
    #17 0x7f991fab8082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)

DEDUP_TOKEN: __interceptor_malloc--malloc--dns_packet_extend
SUMMARY: AddressSanitizer: 4096 byte(s) leaked in 1 allocation(s).

Found by Nallocfuzz.

(cherry picked from commit b453ebf1c15935f1ba38fa6775ee26f223e29171)
(cherry picked from commit 9dde31ac74567739d3919b3354e04257207e06c6)
(cherry picked from commit 06b4e1fba1d076024a6d64a255a205070eb34d77)
2023-06-02 22:45:46 +01:00
Frantisek Sumsal
541d8d76b9 sd-journal: avoid double-free
If we fail to combine the new entry with a previous one, or update it in
the hashmap, we might later on attempt a double-free:

=================================================================
==10==ERROR: AddressSanitizer: attempting double-free on 0x611000039fc0 in thread T0:
SCARINESS: 42 (double-free)
    #0 0x4a0962 in __interceptor_free /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3
    #1 0x7f55e431d9f2 in _hashmap_clear /work/build/../../src/systemd/src/basic/hashmap.c:927:33
    #2 0x7f55e431d4c8 in _hashmap_free /work/build/../../src/systemd/src/basic/hashmap.c:896:17
    #3 0x4de1de in ordered_hashmap_free_free_free /work/build/../../src/systemd/src/basic/hashmap.h:120:24
    #4 0x4de1de in ordered_hashmap_free_free_freep /work/build/../../src/systemd/src/basic/hashmap.h:434:1
    #5 0x4de1de in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-catalog.c:26:1
    #6 0x4de8b8 in NaloFuzzerTestOneInput (/build/fuzz-catalog+0x4de8b8)
    #7 0x4fd8c3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #8 0x4fd0aa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
    #9 0x4fe779 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19
    #10 0x4ff445 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5
    #11 0x4ee7af in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
    #12 0x4ef078 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10
    #13 0x4deb35 in main (/build/fuzz-catalog+0x4deb35)
    #14 0x7f55e3a32082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
    #15 0x41f7cd in _start (/build/fuzz-catalog+0x41f7cd)

DEDUP_TOKEN: __interceptor_free--_hashmap_clear--_hashmap_free
0x611000039fc0 is located 0 bytes inside of 224-byte region [0x611000039fc0,0x61100003a0a0)
freed by thread T0 here:
    #0 0x4a0962 in __interceptor_free /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3
    #1 0x7f55e451493d in freep /work/build/../../src/systemd/src/basic/alloc-util.h:107:22
    #2 0x7f55e451493d in finish_item /work/build/../../src/systemd/src/libsystemd/sd-journal/catalog.c:187:1
    #3 0x7f55e4513e56 in catalog_import_file /work/build/../../src/systemd/src/libsystemd/sd-journal/catalog.c:313:45
    #4 0x4de1be in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-catalog.c:23:16
    #5 0x4de8b8 in NaloFuzzerTestOneInput (/build/fuzz-catalog+0x4de8b8)
    #6 0x4fd8c3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #7 0x4fd0aa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
    #8 0x4fe779 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19
    #9 0x4ff445 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5
    #10 0x4ee7af in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
    #11 0x4ef078 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10
    #12 0x4deb35 in main (/build/fuzz-catalog+0x4deb35)
    #13 0x7f55e3a32082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)

DEDUP_TOKEN: __interceptor_free--freep--finish_item
previously allocated by thread T0 here:
    #0 0x4a0c06 in __interceptor_malloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
    #1 0x4de539 in malloc (/build/fuzz-catalog+0x4de539)
    #2 0x7f55e42bf96b in memdup /work/build/../../src/systemd/src/basic/alloc-util.c:16:15
    #3 0x7f55e451475d in finish_item /work/build/../../src/systemd/src/libsystemd/sd-journal/catalog.c:176:28
    #4 0x7f55e4513e56 in catalog_import_file /work/build/../../src/systemd/src/libsystemd/sd-journal/catalog.c:313:45
    #5 0x4de1be in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-catalog.c:23:16
    #6 0x4de8b8 in NaloFuzzerTestOneInput (/build/fuzz-catalog+0x4de8b8)
    #7 0x4fd8c3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #8 0x4fd0aa in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
    #9 0x4fe779 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19
    #10 0x4ff445 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5
    #11 0x4ee7af in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
    #12 0x4ef078 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10
    #13 0x4deb35 in main (/build/fuzz-catalog+0x4deb35)
    #14 0x7f55e3a32082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)

DEDUP_TOKEN: __interceptor_malloc--malloc--memdup
SUMMARY: AddressSanitizer: double-free /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3 in __interceptor_free

Found by Nallocfuzz.

(cherry picked from commit ac874b8fb13bf293986a3814149a820729b27a30)
(cherry picked from commit b1663b83338dc335e86eda05e28f229f25bdfa48)
(cherry picked from commit 6ebbc8fcdc844e1fa82cc995880470e0f8b31239)
2023-06-02 22:45:46 +01:00
Daan De Meyer
c8bf66188f core/timer: Always use inactive_exit_timestamp if it is set
If we're doing a daemon-reload, we'll be going from TIMER_DEAD => TIMER_WAITING,
so we won't use inactive_exit_timestamp because TIMER_DEAD != UNIT_ACTIVE, even
though inactive_exit_timestamp is serialized/deserialized and will be valid after
the daemon-reload.

This issue can lead to timers never firing as we'll always calculate the next
elapse based on the current realtime on daemon-reload, so if daemon-reload happens
often enough, the elapse interval will be moved into the future every time, which
means the timer will never trigger.

To fix the issue, let's always use inactive_exit_timestamp if it is set, and only
fall back to the current realtime if it is not set.

(cherry picked from commit 6546045fa0bf84737bd8b2e1e8bf7dd3941d8352)
(cherry picked from commit aa48ecb0a6fa80a2d9295d699716f663a34f13a8)
(cherry picked from commit 48445d27c76c1ae5d40e63ddf31173ffe3e20ae5)
2023-06-02 22:45:46 +01:00
msizanoen1
0a57d0d177 core: Do not check child freezability when thawing slice
We want thawing operations to still succeed even in the presence of an
unfreezable unit type (e.g. mount) appearing under a slice after the
slice was frozen. The appearance of such units should never cause the
slice thawing operation to fail to prevent potential future repeats of
https://github.com/systemd/systemd/issues/25356.

(cherry picked from commit b458659a1619337fa83353b5f41bae35d7ad4c69)
(cherry picked from commit ac380e43a4f850ea212247639ba5ab80c58d73f0)
(cherry picked from commit d901bfa0c92aba4bdaf77d256068bec5c22a73e8)
2023-06-02 22:45:46 +01:00
Daan De Meyer
975951abde tree-wide: Fix false positives on newer gcc
Recent gcc versions have started to trigger false positive
maybe-uninitialized warnings. Let's make sure we initialize
variables annotated with _cleanup_ to avoid these.

(cherry picked from commit 3d41b6b8e864abbf7b81c938532f42e97a900e22)
(cherry picked from commit 53bc78d3e0c3e1b7e1c0f1ce5fe7056805d889eb)
(cherry picked from commit d2208e4b8457421283f5d1ffabb083d4686b7476)
2023-06-02 22:45:46 +01:00
Frantisek Sumsal
3ee1306688 json: correctly handle magic strings when parsing variant strv
We can't dereference the variant object directly, as it might be
a magic object (which has an address on a faulting page); use
json_variant_is_sensitive() instead that handles this case.

For example, with an empty array:

==1547789==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000023 (pc 0x7fd616ca9a18 bp 0x7ffcba1dc7c0 sp 0x7ffcba1dc6d0 T0)
==1547789==The signal is caused by a READ memory access.
==1547789==Hint: address points to the zero page.
SCARINESS: 10 (null-deref)
    #0 0x7fd616ca9a18 in json_variant_strv ../src/shared/json.c:2190
    #1 0x408332 in oci_args ../src/nspawn/nspawn-oci.c:173
    #2 0x7fd616cc09ce in json_dispatch ../src/shared/json.c:4400
    #3 0x40addf in oci_process ../src/nspawn/nspawn-oci.c:428
    #4 0x7fd616cc09ce in json_dispatch ../src/shared/json.c:4400
    #5 0x41fef5 in oci_load ../src/nspawn/nspawn-oci.c:2187
    #6 0x4061e4 in LLVMFuzzerTestOneInput ../src/nspawn/fuzz-nspawn-oci.c:23
    #7 0x40691c in main ../src/fuzz/fuzz-main.c:50
    #8 0x7fd61564a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)
    #9 0x7fd61564a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8)
    #10 0x405da4 in _start (/home/fsumsal/repos/@systemd/systemd/build-san/fuzz-nspawn-oci+0x405da4)

DEDUP_TOKEN: json_variant_strv--oci_args--json_dispatch
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ../src/shared/json.c:2190 in json_variant_strv
==1547789==ABORTING

Or with an empty string in an array:

../src/shared/json.c:2202:39: runtime error: member access within misaligned address 0x000000000007 for type 'struct JsonVariant', which requires 8 byte alignment
0x000000000007: note: pointer points here
<memory cannot be printed>
    #0 0x7f35f4ca9bcf in json_variant_strv ../src/shared/json.c:2202
    #1 0x408332 in oci_args ../src/nspawn/nspawn-oci.c:173
    #2 0x7f35f4cc09ce in json_dispatch ../src/shared/json.c:4400
    #3 0x40addf in oci_process ../src/nspawn/nspawn-oci.c:428
    #4 0x7f35f4cc09ce in json_dispatch ../src/shared/json.c:4400
    #5 0x41fef5 in oci_load ../src/nspawn/nspawn-oci.c:2187
    #6 0x4061e4 in LLVMFuzzerTestOneInput ../src/nspawn/fuzz-nspawn-oci.c:23
    #7 0x40691c in main ../src/fuzz/fuzz-main.c:50
    #8 0x7f35f364a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)
    #9 0x7f35f364a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8)
    #10 0x405da4 in _start (/home/fsumsal/repos/@systemd/systemd/build-san/fuzz-nspawn-oci+0x405da4)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/shared/json.c:2202:39 in

Note: this happens only if json_variant_copy() in json_variant_set_source() fails.

Found by Nallocfuzz.

(cherry picked from commit 909eb4c01de03a32c915a2267166501dca5b78f6)
(cherry picked from commit 58c1816aa43b96b5ce0953bc8ff78c37c4226216)
(cherry picked from commit 89ab32d166a6920a14c19b90fe528c02ed5f4142)
2023-06-02 22:45:46 +01:00
Zbigniew Jędrzejewski-Szmek
e512c7674b sysusers: fix argument confusion in error message
Bug introduced in 335f6ab4f13abcd8073fe84f2a3c70c67271126e. pw/sp are totally
wrong in this context, most likely NULL.

(cherry picked from commit 7e4c61491a720d7a28186cf9e7e144049885a926)
(cherry picked from commit fbb2c5ab19d9b17387a44a87ecec4c085657345c)
(cherry picked from commit fe09df464cd2feb8a309169f4b07a626af2b31be)
2023-06-02 22:45:46 +01:00
Zbigniew Jędrzejewski-Szmek
e4983ef9d0 man: extend description of --boot
(cherry picked from commit a3256ea8f4684ff92622ca9df1dc18dc517a4c6e)
(cherry picked from commit 286ce2be44422e53347edd8f79acd5532b96780c)
(cherry picked from commit 5cfc6e18b794c647bd238cd358d292573cc6f99b)
2023-06-02 22:45:46 +01:00
Michal Sekletar
344a843685 core/service: when resetting PID also reset known flag
Re-watching pids on cgroup v1 (needed because of unreliability of cgroup
empty notifications in containers) is handled bellow at the end of
service_sigchld_event() and depends on value main_pid_known flag.

In CentOS Stream 8 container on cgroup v1 the stop action would get stuck
indefinitely on unit like this,

$ cat /run/systemd/system/foo.service
[Service]
ExecStart=/bin/bash -c 'trap "nohup sleep 1 & exit 0" TERM;  sleep infinity'
ExecStop=/bin/bash -c 'kill -s TERM $MAINPID'
TimeoutSec=0

However, upstream works "fine" because in upstream version of systemd we
actually never wait on processes killed in containers and proceed
immediately to sending SIGKILL hence re-watching of pids in the cgroup
is not necessary. But for the sake of correctness we should merge the
patch also upstream.

(cherry picked from commit ff32060f2ed37b68dc26256b05e2e69013b0ecfe)
(cherry picked from commit ae83e97a51519ca33e70d7ba142cb3ed24212825)
(cherry picked from commit 03c270fa6bf0488d1b6b6151f8c03fdbd8a1b869)
2023-06-02 22:45:46 +01:00
Frantisek Sumsal
ef1eae46ef shared: correctly propagate possible allocation errors
instead of just asserting in case the memstream couldn't be resized.

Found by Nallocufuzz.

(cherry picked from commit 3575c371697a07995c3e65ae03aed55262ab00ed)
(cherry picked from commit f0bb96738803a5b0a905fedf1d52c98860b619c5)
(cherry picked from commit 3bf6ebc61331c335191577973b9945013ad70d28)
2023-06-02 22:45:46 +01:00
Yu Watanabe
b80afb4403 wait-online: downgrade log level of failure that interface is removed or unmanaged during processing it
Closing #27145.

(cherry picked from commit 6554f563618bedf2c7b84edb90a95704c93c2ebc)
(cherry picked from commit 318c9d5fec3412e73563b232ac610423d8cc13a0)
(cherry picked from commit 7647af4220bca8a6e89e17c8dfb24205cca3fb9f)
2023-06-02 22:45:46 +01:00
Frantisek Sumsal
5162256e5d test: check if we can use --merge with --follow
Provides coverage for #24565.

(cherry picked from commit c11c50a53f677f3977f3144b9fc5f02a3516de9f)
(cherry picked from commit debce7c1849877f233c105bffb509bc5902c4748)
(cherry picked from commit 420944320ce07b13b4701b9117d05ea34f8e0885)
2023-06-02 22:45:46 +01:00
Frantisek Sumsal
646b8c5dd0 journalctl: make --follow work with --merge again
Set --boot with --follow only if it's not already set and if --merge is
not used, since it's not compatible with --boot.

Follow-up to 2dd9285bac.
Resolves: #24565

(cherry picked from commit e47622a61cc252df3f19190d362de5a27c93060d)
(cherry picked from commit 604d132fdefbb5ca2697a0f64922b4bc5ccbc1dd)
(cherry picked from commit 8920580f6a031b4edd3a3f30de745e27be09042e)
2023-06-02 22:45:46 +01:00
Frantisek Sumsal
caab3233e4 test: make the stress test slightly less stressful on slower machines
Without acceleration this part of the test takes over 10 minutes (!),
which feels quite unnecessary. Let's cut down the number of stuff we
dump to the journal in such case, but keep the original value if we run
with acceleration (since in that case it takes less than 10 seconds).

(cherry picked from commit ff40235b9bd2a944131c36b1c7ccfd88f49a194e)
(cherry picked from commit 6a4c05c61558961ded25d4e1faaed5fdf4692265)
(cherry picked from commit d4cea5d5f54d0df5cf7715141af4e0cf1eeb1a0d)
2023-06-02 22:45:46 +01:00
Yu Watanabe
f799497b51 core/device: downgrade error when units specified in SYSTEMD_WANTS= not found
Closes #27693.

(cherry picked from commit b4e2fcb6bb29775f61d78e60547814eb74be1918)
(cherry picked from commit a08cb80451faae5c3d89dc6e869da9402d1d3bca)
(cherry picked from commit 1949e5e06b3517d8e6e8366be09b283c85a8ea9d)
2023-06-02 22:45:46 +01:00
Yu Watanabe
59e5639a67 unit: add conditions and deps to make oomd.socket and .service consistent
Fixes #27690.

(cherry picked from commit d0e3ae838f5417c7cda1cc32d944a32f55af2e96)
(cherry picked from commit eb5dad0a727e1f70ffb3f0a349c6bb3831af6c4b)
(cherry picked from commit 9f1538aab551a53ec44c7db8158e9def6e6545c2)
2023-06-02 22:45:46 +01:00
Zbigniew Jędrzejewski-Szmek
8e8c650614 oomd: shorten message
We can make the message shorter and more direct without changing
the meaning.

(cherry picked from commit d0cf9a9562fd396ca471613cc9155191b1d77295)
(cherry picked from commit c756ffea57c7c979e720a6150be14d2fdf829e53)
(cherry picked from commit 9dc52d7592fc1e5955a0614561648b2bf845d283)
2023-06-02 22:45:46 +01:00
Zbigniew Jędrzejewski-Szmek
a1d045bb9c sd-bus,sd-event: allow querying of description even after fork
This in unnecessarilly unpleasant: the code might report about a bus
connection, e.g. in an error message or assert. Let's let it query
the name of the object.

This partially reverts f4b2933ee7890e5d414ab266d8586f19027a2bd9.

(cherry picked from commit ed7a6f51eab5af40d3d7884ce846f74aea0c00f0)
(cherry picked from commit a3e5eb5606d92b5c4db9306cbd3fcac56e9ff10a)
(cherry picked from commit 299573b5d7eeec6b25e07cf6ec12b2ffef151f85)
2023-06-02 22:45:46 +01:00
Zbigniew Jędrzejewski-Szmek
186aeddc8b sd-bus: do not assert if bus description is not set
The code has an explicit fallback using runtime_scope_to_string(), which
is also documented in the man page. So -ENXIO should only be returned when
the fallback doesn't work, i.e. bus->runtime_scope == -EINVAL.

Fixup for f4b2933ee7890e5d414ab266d8586f19027a2bd9.

This should fix the following errors during boot:
May 18 16:05:37 fedora systemd-update-utmp[263]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:38 fedora systemctl[360]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:38 fedora systemctl[363]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:38 fedora systemd-update-utmp[372]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:38 fedora @ystemctl[387]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:40 fedora systemd-update-utmp[477]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:41 fedora systemd-homed[509]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:41 fedora systemd-logind[510]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:41 fedora systemd-update-utmp[529]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:42 fedora systemd-user-runtime-dir[531]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:42 fedora systemctl[542]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.
May 18 16:05:42 fedora systemd-hostnamed[556]: Assertion 'bus->description' failed at src/libsystemd/sd-bus/sd-bus.c:4201, function sd_bus_get_description(). Ignoring.

(cherry picked from commit aa77ed55e1dc0f7bcb633d637eb604cdc3807957)
(cherry picked from commit e91557a1e08c4f34b8ce91636e316143a60c4490)
(cherry picked from commit 06f8fd3244eb5fa613ffcf19af71b02484c54db0)
2023-06-02 22:45:46 +01:00
Frantisek Sumsal
ced8cf9e3a test: don't mount /sys & /proc if already mounted
(cherry picked from commit 0d4519dd84878ff1f94ba8f08d4a81350c3b1d08)
(cherry picked from commit 93b3bd12ac5f0e60c63de57c6728dc6f155e84be)
(cherry picked from commit 2bf86d04f06c120fe82f5fee0c62108711cb5568)
2023-06-02 22:45:46 +01:00
Frantisek Sumsal
5b8a90899f nspawn: make the error message less confusing
by not printing (null) and dropping the extraneous slash, e.g.:

systemd-nspawn[2049]: Failed to resolve (null)//proc: Permission denied

(cherry picked from commit e85c644ede7ee73a7bd72702b68a727fe2740f16)
(cherry picked from commit c51273941d41ecdd5cc2fda7d363f0aae2555124)
(cherry picked from commit 27efa4a0dc76f99c63d94b326b339640efecf408)
2023-06-02 22:45:46 +01:00
Mike Yuan
55d0253aba Revert (partially) "man: Clarify when OnFailure= activates after restarts (#7646)"
This reverts part of commit bd2538b50ba283c9ce39142d5d16d90184a55b90,
specifically changes to the description of service state between auto-restarts.

Fixes #27594

(cherry picked from commit 2200cf47ce7e0f049bcda156a897565f45233838)
(cherry picked from commit e85daabd3ebf06add790c00d19b1df5bdd7b9e4b)
(cherry picked from commit 3d00dba68ea2dba44f73035e5b45f85cec1cb542)
2023-06-02 22:45:46 +01:00
Zbigniew Jędrzejewski-Szmek
02d6de716e man/tmpfiles: fix off-by-one in example
Reported and diagnosed by gitterman. Fixes #26617.

(cherry picked from commit f90360eb7417e083650034ad819790df0c389bd1)
(cherry picked from commit 3e286a7b2e1a97ff71282cd78087a3a7f43a53f0)
(cherry picked from commit cb511894bdf38d2bad2ecf6609b3748bd89ff67b)
2023-06-02 22:45:46 +01:00
Zbigniew Jędrzejewski-Szmek
bc8ac5b42c man: explain allowed values for /sys/power/{disk,state}
Also fix the grammar: "neither" can only be used with two values, and
here we have an inderminate number >= 1.

Fixes #26460.

(cherry picked from commit 2f76f1cfaee2f775df8b367cb77aed751af45956)
(cherry picked from commit cb6641bde3d2d8d236c4eccf16172a77d6295d5f)
(cherry picked from commit fdac06ec81a48a7a79181bd4935cf3fb35c9f430)
2023-06-02 22:45:46 +01:00
Zbigniew Jędrzejewski-Szmek
dec29d01a2 man: say that ProtectClock= also affects reads
Fixes #26413: the docs said that the filter prevents writes, but it just a
filter at the system call level, and some of those calls are used for writing
and reading. This is confusing esp. when a higher level library call like
ntp_gettime() is denied.

I don't think it's realistic that we'll make the filter smarter in the near
future, so let's change the docs to describe the implementation.

Also, split out the advice part into a separate paragraph.

(cherry picked from commit 42eccfec6e47a5436bd143ee357d2a2da620c2f2)
(cherry picked from commit 65bf6c5a8f16448528af674cc381fd05fcc6c338)
(cherry picked from commit 54652191b4e7c5ce886378e6821d310b7ca4741d)
2023-06-02 22:45:46 +01:00
Frantisek Sumsal
295e8321b1 nspawn: make sure the device type survives when setting device mode
(cherry picked from commit cd70372b934bded2249f26c72d4b6ab9bdf50a13)
(cherry picked from commit 1809fff3927c21b908b5f4e1b0d80a58a98d4c42)
(cherry picked from commit cf56245d57cd3acb97e41841d0dfd08e5729a0db)
2023-06-02 22:45:46 +01:00
Frantisek Sumsal
ccb4b3522c nspawn: fix a global-buffer-overflow
Whoopsie.

=================================================================
==3789231==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000051d0b8 at pc 0x7f70850bc904 bp 0x7ffd9bbdf660 sp 0x7ffd9bbdf658
READ of size 8 at 0x00000051d0b8 thread T0
    #0 0x7f70850bc903 in json_dispatch ../src/shared/json.c:4347
    #1 0x4a5b54 in oci_seccomp_syscalls ../src/nspawn/nspawn-oci.c:1838
    #2 0x7f70850bd359 in json_dispatch ../src/shared/json.c:4395
    #3 0x4a668c in oci_seccomp ../src/nspawn/nspawn-oci.c:1905
    #4 0x7f70850bd359 in json_dispatch ../src/shared/json.c:4395
    #5 0x4a7d8c in oci_linux ../src/nspawn/nspawn-oci.c:2030
    #6 0x7f70850bd359 in json_dispatch ../src/shared/json.c:4395
    #7 0x4aa31c in oci_load ../src/nspawn/nspawn-oci.c:2198
    #8 0x446cec in load_oci_bundle ../src/nspawn/nspawn.c:4744
    #9 0x44ffa7 in run ../src/nspawn/nspawn.c:5477
    #10 0x4552fb in main ../src/nspawn/nspawn.c:5920
    #11 0x7f7083a4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f)
    #12 0x7f7083a4a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8)
    #13 0x40d284 in _start (/home/fsumsal/repos/@systemd/systemd/build-san/systemd-nspawn+0x40d284)

0x00000051d0b8 is located 40 bytes to the left of global variable 'bus_standard_errors_copy_0' defined in '../src/libsystemd/sd-bus/bus-error.h:57:1' (0x51d0e0) of size 8
0x00000051d0b8 is located 0 bytes to the right of global variable 'table' defined in '../src/nspawn/nspawn-oci.c:1829:43' (0x51d040) of size 120
SUMMARY: AddressSanitizer: global-buffer-overflow ../src/shared/json.c:4347 in json_dispatch
Shadow bytes around the buggy address:
  0x00008009b9c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008009b9d0: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 00
  0x00008009b9e0: 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
  0x00008009b9f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008009ba00: 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
=>0x00008009ba10: 00 00 00 00 00 00 00[f9]f9 f9 f9 f9 00 f9 f9 f9
  0x00008009ba20: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008009ba30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008009ba40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008009ba50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00008009ba60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==3789231==ABORTING

(cherry picked from commit 525c3e3438a7e4cd78b42f5f6ccdc3df1e363ca9)
(cherry picked from commit b8ed81660f0ad27f047153da8c28d9be4e8e1540)
(cherry picked from commit 6f52d1bf9e0a4a4e959c9967d4643084b9ed6f17)
2023-06-02 22:45:46 +01:00