1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-22 13:33:56 +03:00
Commit Graph

50264 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
a22c7690d4 hwdb: update for v248
As usual, it seems to be additions and updates, no major removals.
2021-03-30 13:17:59 +02:00
Zbigniew Jędrzejewski-Szmek
8ce2255178 NEWS: update contributor list for v248 final 2021-03-30 13:17:59 +02:00
Zbigniew Jędrzejewski-Szmek
b242d2dec9 git-contrib: use non-breaking spaces in names
Some people have initials or abbreviated parts in the name and looks strange
when a line break occurs in the middle. Let's keep each name in one line.
2021-03-30 13:17:59 +02:00
Zbigniew Jędrzejewski-Szmek
75e53df7e3 mailmap: two more names 2021-03-30 13:17:58 +02:00
Yangyang Shen
119063d2b1 fix wrong statement JOURNAL_FILE_FORMAT.md doc 2021-03-29 19:11:27 +02:00
Christian Hesse
46cfe8f50d units: make locale directory writable for systemd-localed
With 8f20232fcb systemd-localed supports
generating locales when required. This fails if the locale directory is
read-only, so make it writable.

Closes #19138
2021-03-29 12:33:36 +02:00
Fangrui Song
945317a4b6 sd-bus: set retain attribute on BUS_ERROR_MAP_ELF_REGISTER
LLD 13 and GNU ld 2.37 support -z start-stop-gc which allows garbage
collection of C identifier name sections despite the __start_/__stop_
references.  Simply set the retain attribute so that GCC 11 (if
configure-time binutils is 2.36 or newer)/Clang 13 will set the
SHF_GNU_RETAIN section attribute to prevent garbage collection.

Without the patch, there are linker errors like the following with -z
start-stop-gc.

```
ld: error: undefined symbol: __start_SYSTEMD_BUS_ERROR_MAP
>>> referenced by bus-error.c:93 (../src/libsystemd/sd-bus/bus-error.c:93)
>>>               sd-bus_bus-error.c.o:(bus_error_name_to_errno) in archive src/libsystemd/libsystemd_static.a
```
2021-03-29 12:31:42 +02:00
Zbigniew Jędrzejewski-Szmek
8a773a30ba
Merge pull request #19116 from keszybz/readvirtualfile-opt
Optimize read_full_virtual_file() and another coverity issue
2021-03-29 10:51:32 +02:00
Zbigniew Jędrzejewski-Szmek
a81c7ac8d4
Merge pull request #19129 from keszybz/test-random-range
Test random_u64_range()
2021-03-26 20:22:29 +01:00
Luca Boccassi
a9dd1010f0 test-dhcp6-client: add one more assert on memory mapping
Same as 7489d0640a, one more case
that was missed.

Coverity CID #1394277
2021-03-26 20:17:35 +01:00
Zbigniew Jędrzejewski-Szmek
008adf875e
Merge pull request #19125 from keszybz/cat-config
config files: recommend systemd-analyze cat-config
2021-03-26 20:16:09 +01:00
Lennart Poettering
9ddf099f30 resolved: tweak how we signal authoritative answers
let's make sure we set the "aa" bit in the stub only if we answer with
fully authoritative data. For this ensure:

1. Either all data is synthetic, including all CNAME/DNAME redirects

2. Or all data comes from the local trust anchor or the local zones
   (i.e. not the network or the cache)

Follow-up for 4ad017cda5
2021-03-26 18:21:41 +01:00
Zbigniew Jędrzejewski-Szmek
bc52deda4b tests: drop calls to unsetenv SYSTEMD_MEMPOOL
Coverity was complaining that we don't check the return value, which we stopped
doing in 772e0a76f3.

But it seems that we don't want those calls at all. The test was originally
added with the call in a6ee01caf3, but I don't
see why we should override this. If the user wants to execute the test with
mempool disabled, we shouldn't ignore that.

Coverity CID#1444464, CID#1444466.
2021-03-26 15:54:58 +01:00
Zbigniew Jędrzejewski-Szmek
f1a8a66c35 basic/fileio: use malloc_usable_size() to use all allocated memory 2021-03-26 15:54:56 +01:00
Zbigniew Jędrzejewski-Szmek
a9899ff358 basic/fileio: optimize buffer sizes in read_full_virtual_file()
We'd proceed rather inefficiently: the initial buffer size was LINE_MAX/2,
i.e. only 1k. We can read 4k at the same cost.

Also, we'd try to allocate 1025, 2049, 4097 bytes, i.e. always one higher than
the power-of-two size. Effectively the allocation would be bigger, and we'd
waste the additional space. So let's allocate aligned to the power-of-two size.
size=4095, 8191, 16383, so we allocate 4k, 8k, 16k.
2021-03-26 15:53:50 +01:00
Zbigniew Jędrzejewski-Szmek
ca79564309 basic/fileio: simplify calculation of buffer size in read_full_virtual_file()
We'd first assign a value up to SSIZE_MAX, and then immediately check if we
have a value bigger than READ_FULL_BYTES_MAX. This wasn't exactly wrong, but a
bit roundabout. Let's immediately assign the value from the appropriate range
or error out.

Coverity CID#1450973.
2021-03-26 15:46:44 +01:00
David Tardon
cb6c4f37dc use the right member to define property 2021-03-26 14:44:01 +01:00
Zbigniew Jędrzejewski-Szmek
f2a8b8decf test-random-util: add stochastic test for random_u64_range() 2021-03-26 14:38:44 +01:00
Zbigniew Jędrzejewski-Szmek
93457c0c7a test-random-util: modernization 2021-03-26 14:28:24 +01:00
Zbigniew Jędrzejewski-Szmek
e355fb6fb1 basic/log: fix log_trace()
log_trace() was always on. It's supposed to be opt-in.
2021-03-26 13:08:24 +01:00
Zbigniew Jędrzejewski-Szmek
d83e90c73c Add READMEs in all .d directories 2021-03-26 09:35:07 +01:00
Zbigniew Jędrzejewski-Szmek
3b0754b16c config files: recommend systemd-analyze cat-config
This adds the same line to most of our .conf files.

Not for systemd/user.conf though, since we can't correctly display it right
now:
$ systemd-analyze cat-config --user systemd/user.conf
Option --user is not supported for cat-config right now.

For sysusers.d, tmpfiles.d, rules.d, etc, there is no single file. Maybe
we should short READMEs in /usr/lib/sysusers.d, /usr/lib/tmpfiles.d, etc.?

Inspired by #19118.
2021-03-26 08:45:04 +01:00
Zbigniew Jędrzejewski-Szmek
b240c08d09 docs: link to stable releases in the bug template
Also, ask people to use a recent stable release and provide useful version information.
Inspired by #19118.
2021-03-25 20:38:45 +00:00
Zbigniew Jędrzejewski-Szmek
7eafbd4270
Merge pull request #19112 from poettering/more-stub-fixes
resolved: two more tweaks to the stub
2021-03-25 21:31:27 +01:00
Luca Boccassi
6f4c93259e
Merge pull request #19117 from bluca/coverity
Two small coverity issues
2021-03-25 19:33:58 +00:00
Lennart Poettering
915ba31cfd resolved: rework CNAME logic a bit more
When following CNAME/DNAME redirects in the stub we currently first
iterate through the packet and pick up what we can use (in
dns_stub_collect_answer_by_question() and friends), following all
CNAMEs/DNAMEs, and would then issue dns_query_process_cname() to move
the DnsQuery object forward too, where we'd then possibly restart
the query and pick things up again, as above.

There's one thought error in this though: dns_query_process_cname()
tries to be smart and will internally follow not just a single
CNAME/DNAME redirect, but a chain of them if they are contained inside
the same packet until we reach the point where the answer is not
included in the packet anymore, where we'd restart the query. This was
great as long as we only focussed on the D-Bus and Varlink resolver
APIs, since there the CNAME/DNAME chain in the middle doesn't actually
matter, we just return information about the final name of the RR and
its content, and aren't interested in the chain to it. For the DNS stub
this is different however: there we need to place the full CNAME/DNAME
chain (and all the appropriate metadata RRs) in the stub reply.

Hence rework this so that we build on the fact that the previous commit
split dns_query_process_cname() in two:

1. dns_query_process_cname_one() will do exactly one CNAME/DNAME
   redirect step. This will be called by the stub, so that we can pick
   up matching RRs for every single step along the way.

2. dns_query_process_cname_many() will follow a chain as long as that's
   possible within the same packet. It's thus pretty much identical to
   the old dns_query_process_cname() call. This is what we now use in
   the D-Bus and Varlink APIs. dns_query_process_cname_many() is
   basically just a loop around dns_query_process_cname_one().

Any logic to follow and pick up RRs manually in the stub along the
CNAME/DNAME path is now dropped (i.e.
dns_stub_collect_answer_by_question() becomes trivially simple again),
we solely rely on dns_query_process_cname_one() to follow CNAME/DNAME
now: each step followed by a full call of dns_stub_assign_sections() to
copy out the RRs that matter.

Net result: things are a bit simpler again, as the only place we follow
CNAME/DNAME redirects is DnsQuery again, and stub answers are always
complete: they contain all CNAME/DNAME RRs on the way including all
their metadata we might pick up in the other sections.
2021-03-25 13:12:19 +01:00
Lennart Poettering
1db8e6d1db resolved: split dns_query_process_cname() into two separate functions
This does some refactoring: the dns_query_process_cname() function
becomes two: dns_query_process_cname_one() and
dns_query_process_cname_many(). The former will process exactly one
CNAME chain element, the latter will follow a chain for as long as
possible within the current packet.

dns_query_process_cname_many() is mostly identical to the old
dns_query_process_cname(), and all existing code is moved over to using
that.

This is mostly preparation for the next commit, where we make direct use
of dns_query_process_cname_one().

This also renames the DNS_QUERY_RESTARTED return value to
DNS_QUERY_CNAME. That's because in the dns_query_process_cname_many()
case as before if we return this we restarted the query in case we
reached the end of the chain without a conclusive answer, as before. But
in dns_query_process_cname_one() we'll only go one step anyway, and
leave restarting if needed to the caller. Hence DNS_QUERY_RESTARTED is a
bit of a misnomer in that case.

This also gets rid of the weird tail recursion in
dns_query_process_cname() and replaces it with an explicit loop in
dns_query_process_cname_many(). The old recursion wasn't a security
issue since we put a limit on the number of CNAMEs we follow anyway, but
it's still icky to scale stack use by that.
2021-03-25 13:12:19 +01:00
Luca Boccassi
7489d0640a test-dhcp6-client: add one more assert on memory mapping
Static analyzers need a hint that optval is not pointing
off the end of the msg_advertise array, since pos can go
up to the full length of it. The array is manually
constructed so we know this won't happen, but adding one
more assert should be enough to avoid false positives.

Coverity CID #1394277
2021-03-25 12:02:43 +00:00
Luca Boccassi
c0ef415862 test-firewall-util: add more asserts on allocated variables
Makes things nicer for readers, and hopefully gives static analyzers
a hint on the origin/cleanup of the ctx pointer.
Coverity CID #1451399
2021-03-25 10:49:06 +00:00
Lennart Poettering
d451f0e84b resolved: tweak sections we add answer RRs to
Previously we'd stick all answer sections RRs we acquired into
the authoritative section if we didn't find them directly answering our
question. Let's put them into additional instead. The authoritative
section should hence only include what comes from the upstream
authoritative section, and nothing else.
2021-03-25 11:42:39 +01:00
Lennart Poettering
8640566ac4 resolved: pass mDNS reply packets to each transaction exactly once
Previously we'd iterate through the RRs of an mDNS reply and then find
exactly one matching transaction on our scope for it, and pass it as
reply to that. If multiple RRs of the same packet match we'd pas the
packet multiple times to the transaction even.

This all doesn't really work anymore since there can be multiple open
transactions for the same key (with different flags), and it's kinda
ugly anywy. Hence let's turn this around: let's iterate through the
transactions and check if any of the included RRs match it, and if so
pass the packet to that transaction exactly once.

This speeds up mDNS a bit, since previously we'd oftentimes fail to find
all suitable transactions for an mDNS reply (because there can be
multiple transactions for the same RR key with different flags, and we
checked exactly one flag combination). Which would then mean the
transaction would time out, and be retried – at which point the cache
would be populated and thus it would still succeed, but only after this
timeout. With this fix this is corrected: every transaction that matches
will get the reply, instantly as we get it.
2021-03-25 11:37:30 +01:00
Lennart Poettering
9b564bbca5 resolved: upgrade log level to LOG_NOTICE if we switch to fallback server (or back)
This is inspired by a recent thread on fedora-devel: it's noteworthy
when we switch to the fallback servers, since it might (or might not)
indicate some configuration problem.

Fixes: #18788
2021-03-25 10:43:23 +01:00
simmon
390e67305d po: Translated using Weblate (Korean)
Currently translated at 100.0% (189 of 189 strings)

Co-authored-by: simmon <simmon@nplob.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/ko/
Translation: systemd/main
2021-03-25 10:42:02 +01:00
Lennart Poettering
729c5deb2e resolved: don't suppress OPT if we have no OPT
This is inspired by #18917. It suppresses a misleading log message about
suppressing OPT where we might not actually have OPT.
2021-03-25 11:38:53 +09:00
Luca Boccassi
a2c69debd9
Merge pull request #19076 from yuwata/firewall-util-modernizations
firewall-util: modernize code and improve test
2021-03-24 23:19:59 +00:00
David Tardon
d2f4a9488c local-addresses: fix use of uninitialized value
This can happen if ifi fails to be read from the netlink message and the
error is ENODATA.

Fixes the following valgrind message when running netstat:

==164141== Conditional jump or move depends on uninitialised value(s)
==164141==    at 0x524AE60: address_compare (local-addresses.c:29)
==164141==    by 0x48BCC78: msort_with_tmp.part.0 (msort.c:105)
==164141==    by 0x48BC9E4: msort_with_tmp (msort.c:45)
==164141==    by 0x48BC9E4: msort_with_tmp.part.0 (msort.c:53)
==164141==    by 0x48BCF85: msort_with_tmp (msort.c:45)
==164141==    by 0x48BCF85: qsort_r (msort.c:297)
==164141==    by 0x52500FC: UnknownInlinedFun (sort-util.h:47)
==164141==    by 0x52500FC: local_gateways.constprop.0 (local-addresses.c:310)
==164141==    by 0x5251C05: _nss_myhostname_gethostbyaddr2_r (nss-myhostname.c:456)
==164141==    by 0x5252006: _nss_myhostname_gethostbyaddr_r (nss-myhostname.c:500)
==164141==    by 0x498E7FE: gethostbyaddr_r@@GLIBC_2.2.5 (getXXbyYY_r.c:274)
==164141==    by 0x498E560: gethostbyaddr (getXXbyYY.c:135)
==164141==    by 0x121353: INET_rresolve.constprop.0 (inet.c:212)
==164141==    by 0x1135B9: INET_sprint (inet.c:261)
==164141==    by 0x121BFC: addr_do_one.constprop.0.isra.0 (netstat.c:1156)
2021-03-24 18:14:45 +01:00
Yu Watanabe
b5d2f4e757 test-firewall-util: use assert_se() at most places
Otherwise, we cannot notice any failures...
2021-03-25 01:05:54 +09:00
Pjotr Vertaalt
91a96a564f po: Translated using Weblate (Dutch)
Currently translated at 100.0% (189 of 189 strings)

Co-authored-by: Pjotr Vertaalt <pjotrvertaalt@gmail.com>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/master/nl/
Translation: systemd/main
2021-03-24 18:26:52 +09:00
Anita Zhang
7b7a060e83 process-util: dont allocate max length to read /proc/PID/cmdline
Alternative title: Replace get_process_cmdline()'s fopen()/fread() with
read_full_virtual_file().

When RLIMIT_STACK is set to infinity:infinity, _SC_ARG_MAX will
return 4611686018427387903 (depending on the system, but definitely
something larger than most systems have). It's impractical to allocate this
in one go when most cmdlines are much shorter than that.

Instead use read_full_virtual_file() which seems to increase the buffer
depending on the size of the contents.
2021-03-24 16:46:45 +09:00
Lincoln Ramsay
7325a2b2d1
pid1: do not use generated strings as format strings (#19098)
The generated string may include %, which will confuse both the
xprintf call, and the VA_FORMAT_ADVANCE macro.

Pass the generated string as an argument to a "%s" format string
instead.
2021-03-24 16:37:25 +09:00
hide
6b1ed5e7e6
network: fix ipv6 tunnel encapsulation limit (#19087)
The encapsulation limit of IPv6 tunnel can not be set to 4, which is the default value of the encapsulation limit.
2021-03-24 01:05:25 +09:00
Lennart Poettering
f19384b43f repart: remove spurious empty double newlines 2021-03-23 15:52:59 +00:00
Lennart Poettering
86b8610794 blockdev-util: actually specify an access mode on open()
Linux is pretty lenient here, but we should specify the access mode.
2021-03-23 16:37:05 +01:00
Lennart Poettering
49bd547b38 update TODO 2021-03-23 14:43:07 +01:00
Pjotr Vertaalt
798c65cf1f po: Added translation using Weblate (Dutch)
Co-authored-by: Pjotr Vertaalt <pjotrvertaalt@gmail.com>
2021-03-23 11:06:02 +01:00
David Tardon
f055cf7786 man: document differences in clean exit status for Type=oneshot
See commit 1f0958f640 .
2021-03-23 09:33:23 +01:00
Christian Hesse
3babb81625 man: rate limited services can be restartet from timer or socket
If rate limiting kicks in for Restart= logic it is still possible for a
timer or socket to restart the service.
2021-03-23 09:16:30 +01:00
Zbigniew Jędrzejewski-Szmek
39f756d3ae sd-event: disable epoll_pwait2 for now
This reverts the gist of commit 798445ab84.

Unfortunately the new syscall causes test-event to hang. 32 bit architectures
seem affected: i686 and arm32 in fedora koji. 32 bit build of test-event hangs
reliably under valgrind:

$ PKG_CONFIG_LIBDIR=/usr/lib/pkgconfig meson build-32 -Dc_args=-m32 -Dc_link_args=-m32 -Dcpp_args=-m32 -Dcpp_link_args=-m32 && ninja -C build-32 test-event && valgrind build/test-event

If I set epoll_pwait2_absent=true, so the new function is never called, then
the issue does not reproduce. It seems to be strictly tied to the syscall.

On amd64, the syscall is not used, at least with the kernel that Fedora
provides. The kernel patch 58169a52ebc9a733aeb5bea857bc5daa71a301bb says:

  For timespec, only support this new interface on 2038 aware platforms
  that define __kernel_timespec_t. So no CONFIG_COMPAT_32BIT_TIME.

And Fedora sets CONFIG_COMPAT_32BIT_TIME=y. I expect most other distros will too.

On amd64: epoll_wait_usec: epoll_pwait2: ret=-1 / errno=38
On i686 (same kernel): epoll_wait_usec: epoll_pwait2: ret=2 / errno=0

Is this some kind of emulation? Anyway, it seems that this is what is going wrong.

So let's disable the syscall until it becomes more widely available and the
kinks have been ironed out.

Fixes test-event issue in #19052.
2021-03-23 09:10:29 +01:00
Zbigniew Jędrzejewski-Szmek
ca83c7f88c
Merge pull request #19075 from keszybz/calendarspec-loop
Fix infinite loop in calendarspec calculation when timezone has negative DST save value
2021-03-23 09:06:16 +01:00
Yu Watanabe
0c4363a005 firewall-util: refuse IPv6 firewall rules when kernel does not support IPv6 2021-03-23 15:17:44 +09:00