1
0
mirror of https://github.com/systemd/systemd.git synced 2025-01-06 17:18:12 +03:00

Follow-ups for recent PRs plus modernizations prompted thereby (#35760)

Please backport the first commit to stable.
This commit is contained in:
Mike Yuan 2024-12-30 16:35:59 +01:00 committed by GitHub
commit 25a306f6c4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
27 changed files with 118 additions and 101 deletions

View File

@ -4,6 +4,7 @@
#include <string.h>
#include "alloc-util.h"
#include "bitfield.h"
#include "capability-util.h"
#include "cap-list.h"
#include "extract-word.h"
@ -83,7 +84,7 @@ int capability_set_to_string(uint64_t set, char **ret) {
for (unsigned i = 0; i <= cap_last_cap(); i++) {
const char *p;
if (!FLAGS_SET(set, UINT64_C(1) << i))
if (!BIT_SET(set, i))
continue;
p = CAPABILITY_TO_STRING(i);
@ -143,7 +144,7 @@ int capability_set_to_strv(uint64_t set, char ***ret) {
for (unsigned i = 0; i <= cap_last_cap(); i++) {
const char *p;
if (!FLAGS_SET(set, UINT64_C(1) << i))
if (!BIT_SET(set, i))
continue;
p = CAPABILITY_TO_STRING(i);

View File

@ -8,6 +8,7 @@
#include <unistd.h>
#include "alloc-util.h"
#include "bitfield.h"
#include "cap-list.h"
#include "capability-util.h"
#include "fd-util.h"
@ -113,14 +114,13 @@ int capability_ambient_set_apply(uint64_t set, bool also_inherit) {
int r;
/* Remove capabilities requested in ambient set, but not in the bounding set */
for (unsigned i = 0; i <= cap_last_cap(); i++) {
if (set == 0)
break;
BIT_FOREACH(i, set) {
assert((unsigned) i <= cap_last_cap());
if (FLAGS_SET(set, (UINT64_C(1) << i)) && prctl(PR_CAPBSET_READ, i) != 1) {
log_debug("Ambient capability %s requested but missing from bounding set,"
" suppressing automatically.", capability_to_name(i));
set &= ~(UINT64_C(1) << i);
if (prctl(PR_CAPBSET_READ, (unsigned long) i) != 1) {
log_debug("Ambient capability %s requested but missing from bounding set, suppressing automatically.",
capability_to_name(i));
CLEAR_BIT(set, i);
}
}
@ -140,23 +140,18 @@ int capability_ambient_set_apply(uint64_t set, bool also_inherit) {
}
for (unsigned i = 0; i <= cap_last_cap(); i++) {
if (set & (UINT64_C(1) << i)) {
if (BIT_SET(set, i)) {
/* Add the capability to the ambient set. */
if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_RAISE, i, 0, 0) < 0)
return -errno;
} else {
/* Drop the capability so we don't inherit capabilities we didn't ask for. */
r = prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_IS_SET, i, 0, 0);
if (r < 0)
return -errno;
if (r)
if (r > 0)
if (prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_LOWER, i, 0, 0) < 0)
return -errno;
}
}
@ -399,17 +394,15 @@ bool capability_quintet_mangle(CapabilityQuintet *q) {
combined = q->effective | q->bounding | q->inheritable | q->permitted | q->ambient;
for (unsigned i = 0; i <= cap_last_cap(); i++) {
unsigned long bit = UINT64_C(1) << i;
if (!FLAGS_SET(combined, bit))
BIT_FOREACH(i, combined) {
assert((unsigned) i <= cap_last_cap());
if (prctl(PR_CAPBSET_READ, (unsigned long) i) > 0)
continue;
if (prctl(PR_CAPBSET_READ, i) > 0)
continue;
SET_BIT(drop, i);
drop |= bit;
log_debug("Not in the current bounding set: %s", capability_to_name(i));
log_debug("Dropping capability not in the current bounding set: %s", capability_to_name(i));
}
q->effective &= ~drop;
@ -602,9 +595,8 @@ int capability_get_ambient(uint64_t *ret) {
r = prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_IS_SET, i, 0, 0);
if (r < 0)
return -errno;
if (r)
a |= UINT64_C(1) << i;
if (r > 0)
SET_BIT(a, i);
}
*ret = a;
@ -669,11 +661,7 @@ int pidref_get_capability(const PidRef *pidref, CapabilityQuintet *ret) {
}
}
if (q.effective == CAP_MASK_UNSET ||
q.inheritable == CAP_MASK_UNSET ||
q.permitted == CAP_MASK_UNSET ||
q.effective == CAP_MASK_UNSET ||
q.ambient == CAP_MASK_UNSET)
if (!capability_quintet_is_fully_set(&q))
return -EBADMSG;
r = pidref_verify(pidref);

View File

@ -10,8 +10,10 @@
#include "missing_capability.h"
#include "pidref.h"
/* Special marker used when storing a capabilities mask as "unset" */
/* Special marker used when storing a capabilities mask as "unset". This would need to be updated as soon as
* Linux learns more than 63 caps. */
#define CAP_MASK_UNSET UINT64_MAX
assert_cc(CAP_LAST_CAP < 64);
/* All possible capabilities bits on */
#define CAP_MASK_ALL UINT64_C(0x7fffffffffffffff)
@ -20,6 +22,10 @@
* be able to use UINT64_MAX as indicator for "not set". The latter makes capability 63 unavailable. */
#define CAP_LIMIT 62
static inline bool capability_is_set(uint64_t v) {
return v != CAP_MASK_UNSET;
}
unsigned cap_last_cap(void);
int have_effective_cap(int value);
int capability_gain_cap_setpcap(cap_t *return_caps);
@ -56,8 +62,7 @@ static inline bool cap_test_all(uint64_t caps) {
#define CAP_TO_MASK_CORRECTED(x) (1U << ((x) & 31U))
typedef struct CapabilityQuintet {
/* Stores all five types of capabilities in one go. Note that we use UINT64_MAX for unset here. This hence
* needs to be updated as soon as Linux learns more than 63 caps. */
/* Stores all five types of capabilities in one go. */
uint64_t effective;
uint64_t bounding;
uint64_t inheritable;
@ -65,13 +70,7 @@ typedef struct CapabilityQuintet {
uint64_t ambient;
} CapabilityQuintet;
assert_cc(CAP_LAST_CAP < 64);
#define CAPABILITY_QUINTET_NULL (CapabilityQuintet) { CAP_MASK_UNSET, CAP_MASK_UNSET, CAP_MASK_UNSET, CAP_MASK_UNSET, CAP_MASK_UNSET }
static inline bool capability_is_set(uint64_t v) {
return v != CAP_MASK_UNSET;
}
#define CAPABILITY_QUINTET_NULL (const CapabilityQuintet) { CAP_MASK_UNSET, CAP_MASK_UNSET, CAP_MASK_UNSET, CAP_MASK_UNSET, CAP_MASK_UNSET }
static inline bool capability_quintet_is_set(const CapabilityQuintet *q) {
return capability_is_set(q->effective) ||
@ -81,6 +80,14 @@ static inline bool capability_quintet_is_set(const CapabilityQuintet *q) {
capability_is_set(q->ambient);
}
static inline bool capability_quintet_is_fully_set(const CapabilityQuintet *q) {
return capability_is_set(q->effective) &&
capability_is_set(q->bounding) &&
capability_is_set(q->inheritable) &&
capability_is_set(q->permitted) &&
capability_is_set(q->ambient);
}
/* Mangles the specified caps quintet taking the current bounding set into account:
* drops all caps from all five sets if our bounding set doesn't allow them.
* Returns true if the quintet was modified. */

View File

@ -18,6 +18,7 @@
#endif
#include "alloc-util.h"
#include "bitfield.h"
#include "compress.h"
#include "fd-util.h"
#include "fileio.h"
@ -124,7 +125,10 @@ bool compression_supported(Compression c) {
(1U << COMPRESSION_LZ4) * HAVE_LZ4 |
(1U << COMPRESSION_ZSTD) * HAVE_ZSTD;
return c >= 0 && c < _COMPRESSION_MAX && FLAGS_SET(supported, 1U << c);
assert(c >= 0);
assert(c < _COMPRESSION_MAX);
return BIT_SET(supported, c);
}
#if HAVE_XZ

View File

@ -7,6 +7,7 @@
#include "alloc-util.h"
#include "architecture.h"
#include "bitfield.h"
#include "build.h"
#include "bus-common-errors.h"
#include "bus-get-properties.h"
@ -2085,9 +2086,9 @@ static int method_enqueue_marked_jobs(sd_bus_message *message, void *userdata, s
continue;
BusUnitQueueFlags flags;
if (FLAGS_SET(u->markers, 1u << UNIT_MARKER_NEEDS_RESTART))
if (BIT_SET(u->markers, UNIT_MARKER_NEEDS_RESTART))
flags = 0;
else if (FLAGS_SET(u->markers, 1u << UNIT_MARKER_NEEDS_RELOAD))
else if (BIT_SET(u->markers, UNIT_MARKER_NEEDS_RELOAD))
flags = BUS_UNIT_QUEUE_RELOAD_IF_POSSIBLE;
else
continue;

View File

@ -3,6 +3,7 @@
#include "sd-bus.h"
#include "alloc-util.h"
#include "bitfield.h"
#include "bpf-firewall.h"
#include "bus-common-errors.h"
#include "bus-get-properties.h"
@ -72,7 +73,7 @@ static int property_get_can_clean(
return r;
for (ExecDirectoryType t = 0; t < _EXEC_DIRECTORY_TYPE_MAX; t++) {
if (!FLAGS_SET(mask, 1U << t))
if (!BIT_SET(mask, t))
continue;
r = sd_bus_message_append(reply, "s", exec_resource_type_to_string(t));
@ -353,11 +354,7 @@ static int property_get_markers(
if (r < 0)
return r;
/* Make sure out values fit in the bitfield. */
assert_cc(_UNIT_MARKER_MAX <= sizeof(((Unit){}).markers) * 8);
for (UnitMarker m = 0; m < _UNIT_MARKER_MAX; m++)
if (FLAGS_SET(*markers, 1u << m)) {
BIT_FOREACH(m, *markers) {
r = sd_bus_message_append(reply, "s", unit_marker_to_string(m));
if (r < 0)
return r;

View File

@ -22,6 +22,7 @@
#endif
#include "argv-util.h"
#include "barrier.h"
#include "bitfield.h"
#include "bpf-dlopen.h"
#include "bpf-restrict-fs.h"
#include "btrfs-util.h"
@ -5359,7 +5360,7 @@ int exec_invoke(
}
if (keep_seccomp_privileges) {
if (!FLAGS_SET(capability_ambient_set, (UINT64_C(1) << CAP_SETUID))) {
if (!BIT_SET(capability_ambient_set, CAP_SETUID)) {
r = drop_capability(CAP_SETUID);
if (r < 0) {
*exit_status = EXIT_USER;
@ -5585,7 +5586,7 @@ int exec_invoke(
/* Only drop CAP_SYS_ADMIN if it's not in the bounding set, otherwise we'll break
* applications that use it. */
if (!FLAGS_SET(saved_bset, (UINT64_C(1) << CAP_SYS_ADMIN))) {
if (!BIT_SET(saved_bset, CAP_SYS_ADMIN)) {
r = drop_capability(CAP_SYS_ADMIN);
if (r < 0) {
*exit_status = EXIT_USER;
@ -5595,7 +5596,7 @@ int exec_invoke(
/* Only drop CAP_SETPCAP if it's not in the bounding set, otherwise we'll break
* applications that use it. */
if (!FLAGS_SET(saved_bset, (UINT64_C(1) << CAP_SETPCAP))) {
if (!BIT_SET(saved_bset, CAP_SETPCAP)) {
r = drop_capability(CAP_SETPCAP);
if (r < 0) {
*exit_status = EXIT_USER;

View File

@ -20,6 +20,7 @@
#include "af-list.h"
#include "alloc-util.h"
#include "async.h"
#include "bitfield.h"
#include "cap-list.h"
#include "capability-util.h"
#include "cgroup-setup.h"
@ -1666,7 +1667,7 @@ int exec_context_get_clean_directories(
assert(ret);
for (ExecDirectoryType t = 0; t < _EXEC_DIRECTORY_TYPE_MAX; t++) {
if (!FLAGS_SET(mask, 1U << t))
if (!BIT_SET(mask, t))
continue;
if (!prefix[t])

View File

@ -1,5 +1,6 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include "bitfield.h"
#include "bpf-restrict-ifaces.h"
#include "bpf-socket-bind.h"
#include "bus-util.h"
@ -21,10 +22,11 @@ static int serialize_markers(FILE *f, unsigned markers) {
if (markers == 0)
return 0;
bool space = false;
fputs("markers=", f);
for (UnitMarker m = 0; m < _UNIT_MARKER_MAX; m++)
if (FLAGS_SET(markers, 1u << m))
fputs(unit_marker_to_string(m), f);
BIT_FOREACH(m, markers)
fputs_with_separator(f, unit_marker_to_string(m), /* separator = */ NULL, &space);
fputc('\n', f);
return 0;
}
@ -494,8 +496,7 @@ void unit_dump(Unit *u, FILE *f, const char *prefix) {
if (u->markers != 0) {
fprintf(f, "%s\tMarkers:", prefix);
for (UnitMarker marker = 0; marker < _UNIT_MARKER_MAX; marker++)
if (FLAGS_SET(u->markers, 1u << marker))
BIT_FOREACH(marker, u->markers)
fprintf(f, " %s", unit_marker_to_string(marker));
fputs("\n", f);
}

View File

@ -10,6 +10,7 @@
#include "sd-json.h"
#include "alloc-util.h"
#include "bitfield.h"
#include "bus-common-errors.h"
#include "bus-get-properties.h"
#include "bus-log-control-api.h"
@ -88,7 +89,7 @@ static void context_reset(Context *c, uint64_t mask) {
assert(c);
for (int p = 0; p < _PROP_MAX; p++) {
if (!FLAGS_SET(mask, UINT64_C(1) << p))
if (!BIT_SET(mask, p))
continue;
c->data[p] = mfree(c->data[p]);

View File

@ -5,6 +5,7 @@
#include <sys/mman.h>
#include "alloc-util.h"
#include "bitfield.h"
#include "errno-util.h"
#include "fd-util.h"
#include "hashmap.h"
@ -109,7 +110,7 @@ static Window* window_unlink(Window *w) {
}
for (unsigned i = 0; i < _MMAP_CACHE_CATEGORY_MAX; i++)
if (FLAGS_SET(w->flags, 1u << i))
if (BIT_SET(w->flags, i))
assert_se(TAKE_PTR(m->windows_by_category[i]) == w);
return LIST_REMOVE(windows, w->fd->windows, w);
@ -193,7 +194,7 @@ static void category_detach_window(MMapCache *m, MMapCacheCategory c) {
if (!w)
return; /* Nothing attached. */
assert(FLAGS_SET(w->flags, 1u << c));
assert(BIT_SET(w->flags, c));
w->flags &= ~(1u << c);
if (WINDOW_IS_UNUSED(w)) {

View File

@ -3710,6 +3710,8 @@ _public_ int sd_varlink_server_listen_auto(sd_varlink_server *s) {
assert_return(s, -EINVAL);
n = sd_varlink_server_listen_name(s, "varlink");
if (n < 0)
return n;
/* Let's listen on an explicitly specified address */
const char *e = secure_getenv("SYSTEMD_VARLINK_LISTEN");

View File

@ -5,6 +5,7 @@
#include "sd-messages.h"
#include "alloc-util.h"
#include "bitfield.h"
#include "bus-error.h"
#include "bus-unit-util.h"
#include "bus-util.h"
@ -158,7 +159,7 @@ int handle_action_get_enabled_sleep_actions(HandleActionSleepMask mask, char ***
assert(ret);
FOREACH_ELEMENT(i, sleep_actions)
if (FLAGS_SET(mask, 1U << *i)) {
if (BIT_SET(mask, *i)) {
r = strv_extend(&actions, handle_action_to_string(*i));
if (r < 0)
return r;

View File

@ -5,6 +5,7 @@
#include "af-list.h"
#include "alloc-util.h"
#include "bitfield.h"
#include "firewall-util.h"
#include "in-addr-prefix-util.h"
#include "logarithm.h"
@ -84,7 +85,7 @@ int address_flags_to_string_alloc(uint32_t flags, int family, char **ret) {
assert(ret);
for (size_t i = 0; i < ELEMENTSOF(map); i++)
if (FLAGS_SET(flags, 1 << i) && map[i])
if (BIT_SET(flags, i) && map[i])
if (!strextend_with_separator(
&str, ",",
family == AF_INET6 && (1 << i) == IFA_F_SECONDARY ? "temporary" : map[i]))

View File

@ -13,6 +13,7 @@
#include "alloc-util.h"
#include "arphrd-util.h"
#include "batadv.h"
#include "bitfield.h"
#include "bond.h"
#include "bridge.h"
#include "bus-util.h"
@ -2988,7 +2989,7 @@ int link_flags_to_string_alloc(uint32_t flags, char **ret) {
assert(ret);
for (size_t i = 0; i < ELEMENTSOF(map); i++)
if (FLAGS_SET(flags, 1 << i) && map[i])
if (BIT_SET(flags, i) && map[i])
if (!strextend_with_separator(&str, ",", map[i]))
return -ENOMEM;

View File

@ -3,6 +3,7 @@
#include <linux/rtnetlink.h>
#include "alloc-util.h"
#include "bitfield.h"
#include "logarithm.h"
#include "missing_threads.h"
#include "networkd-address.h"
@ -405,7 +406,7 @@ int route_flags_to_string_alloc(uint32_t flags, char **ret) {
assert(ret);
for (size_t i = 0; i < ELEMENTSOF(map); i++)
if (FLAGS_SET(flags, 1 << i) && map[i])
if (BIT_SET(flags, i) && map[i])
if (!strextend_with_separator(&str, ",", map[i]))
return -ENOMEM;

View File

@ -1,5 +1,6 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include "bitfield.h"
#include "condition.h"
#include "conf-parser.h"
#include "escape.h"
@ -38,12 +39,9 @@ int network_config_state_to_string_alloc(NetworkConfigState s, char **ret) {
assert(ret);
for (size_t i = 0; i < ELEMENTSOF(states); i++)
if (FLAGS_SET(s, 1 << i)) {
assert(states[i]);
if (!strextend_with_separator(&buf, ",", states[i]))
if (BIT_SET(s, i))
if (!strextend_with_separator(&buf, ",", ASSERT_PTR(states[i])))
return -ENOMEM;
}
*ret = TAKE_PTR(buf);
return 0;

View File

@ -10,6 +10,7 @@
#include "sd-varlink.h"
#include "ask-password-api.h"
#include "bitfield.h"
#include "blockdev-util.h"
#include "boot-entry.h"
#include "build.h"
@ -2260,7 +2261,7 @@ static int show_pcr_table(EventLog *el, sd_json_variant **ret_variant) {
bool fully_recognized = el->registers[pcr].fully_recognized;
/* Whether any unmatched components touch this PCR */
bool missing_components = FLAGS_SET(el->missing_component_pcrs, UINT32_C(1) << pcr);
bool missing_components = BIT_SET(el->missing_component_pcrs, pcr);
const char *emoji = special_glyph(
!hash_match ? SPECIAL_GLYPH_DEPRESSED_SMILEY :
@ -2675,7 +2676,7 @@ static int event_log_pcr_mask_checks_out(EventLog *el, uint32_t mask) {
for (uint32_t pcr = 0; pcr < TPM2_PCRS_MAX; pcr++) {
if (!FLAGS_SET(mask, UINT32_C(1) << pcr))
if (!BIT_SET(mask, pcr))
continue;
if (!event_log_pcr_checks_out(el, el->registers + pcr))
@ -2815,7 +2816,7 @@ static int make_pcrlock_record_from_stream(
for (uint32_t i = 0; i < TPM2_PCRS_MAX; i++) {
_cleanup_(sd_json_variant_unrefp) sd_json_variant *record = NULL;
if (!FLAGS_SET(pcr_mask, UINT32_C(1) << i))
if (!BIT_SET(pcr_mask, i))
continue;
r = sd_json_buildo(
@ -3669,7 +3670,7 @@ static int verb_lock_pe(int argc, char *argv[], void *userdata) {
for (uint32_t i = 0; i < TPM2_PCRS_MAX; i++) {
_cleanup_(sd_json_variant_unrefp) sd_json_variant *digests = NULL;
if (!FLAGS_SET(arg_pcr_mask, UINT32_C(1) << i))
if (!BIT_SET(arg_pcr_mask, i))
continue;
FOREACH_ARRAY(pa, tpm2_hash_algorithms, TPM2_N_HASH_ALGORITHMS) {
@ -3894,7 +3895,7 @@ static int event_log_reduce_to_safe_pcrs(EventLog *el, uint32_t *pcrs) {
for (uint32_t pcr = 0; pcr < TPM2_PCRS_MAX; pcr++) {
if (!FLAGS_SET(*pcrs, UINT32_C(1) << pcr))
if (!BIT_SET(*pcrs, pcr))
continue;
if (!event_log_pcr_checks_out(el, el->registers + pcr)) {
@ -3907,7 +3908,7 @@ static int event_log_reduce_to_safe_pcrs(EventLog *el, uint32_t *pcrs) {
goto drop;
}
if (FLAGS_SET(el->missing_component_pcrs, UINT32_C(1) << pcr)) {
if (BIT_SET(el->missing_component_pcrs, pcr)) {
log_notice("PCR %" PRIu32 " (%s) is touched by component we can't find in event log. Removing from set of PCRs.", pcr, strna(tpm2_pcr_index_to_string(pcr)));
goto drop;
}
@ -4191,7 +4192,7 @@ static int event_log_show_predictions(Tpm2PCRPrediction *context, uint16_t alg)
for (uint32_t pcr = 0; pcr < TPM2_PCRS_MAX; pcr++) {
Tpm2PCRPredictionResult *result;
if (!FLAGS_SET(context->pcrs, UINT32_C(1) << pcr))
if (!BIT_SET(context->pcrs, pcr))
continue;
if (ordered_set_isempty(context->results[pcr])) {
@ -4240,7 +4241,7 @@ static int tpm2_pcr_prediction_run(
for (uint32_t pcr = 0; pcr < TPM2_PCRS_MAX; pcr++) {
_cleanup_free_ Tpm2PCRPredictionResult *result = NULL;
if (!FLAGS_SET(context->pcrs, UINT32_C(1) << pcr))
if (!BIT_SET(context->pcrs, pcr))
continue;
result = new0(Tpm2PCRPredictionResult, 1);

View File

@ -19,6 +19,7 @@
#include "architecture.h"
#include "audit-util.h"
#include "battery-util.h"
#include "bitfield.h"
#include "blockdev-util.h"
#include "cap-list.h"
#include "capability-util.h"
@ -718,7 +719,7 @@ static int condition_test_capability(Condition *c, char **env) {
if (r < 0)
return r;
return !!(q.bounding & ((UINT64_C(1) << value)));
return BIT_SET(q.bounding, value);
}
static int condition_test_needs_update(Condition *c, char **env) {

View File

@ -1,5 +1,6 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include "bitfield.h"
#include "dissect-image.h"
#include "extract-word.h"
#include "fd-util.h"
@ -149,7 +150,7 @@ int fdisk_partition_set_attrs_as_uint64(struct fdisk_partition *pa, uint64_t fla
assert(pa);
for (unsigned i = 0; i < sizeof(flags) * 8; i++) {
if (!FLAGS_SET(flags, UINT64_C(1) << i))
if (!BIT_SET(flags, i))
continue;
r = strextendf_with_separator(&attrs, ",", "%u", i);

View File

@ -1,5 +1,6 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include "bitfield.h"
#include "group-record.h"
#include "json-util.h"
#include "strv.h"
@ -334,7 +335,7 @@ int group_record_match(GroupRecord *h, const UserDBMatch *match) {
if (h->gid < match->gid_min || h->gid > match->gid_max)
return false;
if (!FLAGS_SET(match->disposition_mask, UINT64_C(1) << group_record_disposition(h)))
if (!BIT_SET(match->disposition_mask, group_record_disposition(h)))
return false;
if (!strv_isempty(match->fuzzy_names)) {

View File

@ -4,6 +4,7 @@
#include "alloc-util.h"
#include "ansi-color.h"
#include "bitfield.h"
#include "constants.h"
#include "creds-util.h"
#include "cryptsetup-util.h"
@ -6687,7 +6688,7 @@ int tpm2_pcr_prediction_to_json(
_cleanup_(sd_json_variant_unrefp) sd_json_variant *vj = NULL;
Tpm2PCRPredictionResult *banks;
if (!FLAGS_SET(prediction->pcrs, UINT32_C(1) << pcr))
if (!BIT_SET(prediction->pcrs, pcr))
continue;
ORDERED_SET_FOREACH(banks, prediction->results[pcr]) {
@ -6812,7 +6813,7 @@ int tpm2_calculate_policy_super_pcr(
_cleanup_free_ Tpm2PCRValue *single_values = NULL;
size_t n_single_values = 0;
for (uint32_t pcr = 0; pcr < TPM2_PCRS_MAX; pcr++) {
if (!FLAGS_SET(prediction->pcrs, UINT32_C(1) << pcr))
if (!BIT_SET(prediction->pcrs, pcr))
continue;
if (ordered_set_size(prediction->results[pcr]) != 1)
@ -6848,7 +6849,7 @@ int tpm2_calculate_policy_super_pcr(
size_t n_pcr_policy_digest_variants = 0;
Tpm2PCRPredictionResult *banks;
if (!FLAGS_SET(prediction->pcrs, UINT32_C(1) << pcr))
if (!BIT_SET(prediction->pcrs, pcr))
continue;
if (ordered_set_size(prediction->results[pcr]) <= 1) /* We only care for PCRs with 2 or more variants in this loop */
@ -6921,7 +6922,7 @@ int tpm2_policy_super_pcr(
/* Look for all PCRs that have only a singled allowed hash value, and synthesize a single PolicyPCR policy item for them */
for (uint32_t pcr = 0; pcr < TPM2_PCRS_MAX; pcr++) {
if (!FLAGS_SET(prediction->pcrs, UINT32_C(1) << pcr))
if (!BIT_SET(prediction->pcrs, pcr))
continue;
if (ordered_set_size(prediction->results[pcr]) != 1)
@ -6951,7 +6952,7 @@ int tpm2_policy_super_pcr(
for (uint32_t pcr = 0; pcr < TPM2_PCRS_MAX; pcr++) {
size_t n_branches;
if (!FLAGS_SET(prediction->pcrs, UINT32_C(1) << pcr))
if (!BIT_SET(prediction->pcrs, pcr))
continue;
n_branches = ordered_set_size(prediction->results[pcr]);

View File

@ -2,6 +2,7 @@
#include <sys/mount.h>
#include "bitfield.h"
#include "cap-list.h"
#include "cgroup-util.h"
#include "dns-domain.h"
@ -2671,7 +2672,7 @@ int user_record_match(UserRecord *u, const UserDBMatch *match) {
if (u->uid < match->uid_min || u->uid > match->uid_max)
return false;
if (!FLAGS_SET(match->disposition_mask, UINT64_C(1) << user_record_disposition(u)))
if (!BIT_SET(match->disposition_mask, user_record_disposition(u)))
return false;
if (!strv_isempty(match->fuzzy_names)) {

View File

@ -3,6 +3,7 @@
#include <sys/stat.h>
#include "architecture.h"
#include "bitfield.h"
#include "chase.h"
#include "fd-util.h"
#include "fs-util.h"
@ -108,7 +109,7 @@ static int errno_from_mode(uint32_t type_mask, mode_t found) {
if (type_mask == 0) /* type doesn't matter */
return 0;
if (FLAGS_SET(type_mask, UINT32_C(1) << IFTODT(found)))
if (BIT_SET(type_mask, IFTODT(found)))
return 0;
if (type_mask == (UINT32_C(1) << DT_BLK))
@ -164,7 +165,7 @@ static int pin_choice(
return log_debug_errno(errno, "Failed to stat discovered inode '%s': %m", prefix_roota(toplevel_path, inode_path));
if (filter->type_mask != 0 &&
!FLAGS_SET(filter->type_mask, UINT32_C(1) << IFTODT(st.st_mode)))
!BIT_SET(filter->type_mask, IFTODT(st.st_mode)))
return log_debug_errno(
SYNTHETIC_ERRNO(errno_from_mode(filter->type_mask, st.st_mode)),
"Inode '%s' has wrong type, found '%s'.",
@ -596,7 +597,7 @@ int path_pick(
filter_type_mask = filter->type_mask;
if (slash_suffix) {
/* If the pattern is suffixed by a / then we are looking for directories apparently. */
if (filter_type_mask != 0 && !FLAGS_SET(filter_type_mask, UINT32_C(1) << DT_DIR))
if (filter_type_mask != 0 && !BIT_SET(filter_type_mask, DT_DIR))
return log_debug_errno(SYNTHETIC_ERRNO(errno_from_mode(filter_type_mask, S_IFDIR)),
"Specified pattern ends in '/', but not looking for directories, refusing.");
filter_type_mask = UINT32_C(1) << DT_DIR;

View File

@ -19,6 +19,7 @@
#include "acl-util.h"
#include "alloc-util.h"
#include "bitfield.h"
#include "btrfs-util.h"
#include "build.h"
#include "capability-util.h"
@ -3120,7 +3121,7 @@ static char *age_by_to_string(AgeBy ab, bool is_dir) {
return NULL;
for (size_t i = 0; i < ELEMENTSOF(ab_map); i++)
if (FLAGS_SET(ab, 1U << i))
if (BIT_SET(ab, i))
ret[j++] = is_dir ? ascii_toupper(ab_map[i]) : ab_map[i];
ret[j] = 0;

View File

@ -3,6 +3,7 @@
#include <getopt.h>
#include <stdio.h>
#include "bitfield.h"
#include "device-private.h"
#include "device-util.h"
#include "string-util.h"
@ -57,7 +58,7 @@ UdevReloadFlags udev_builtin_should_reload(void) {
void udev_builtin_reload(UdevReloadFlags flags) {
for (UdevBuiltinCommand i = 0; i < _UDEV_BUILTIN_MAX; i++) {
if (!FLAGS_SET(flags, 1u << i) || !builtins[i])
if (!BIT_SET(flags, i) || !builtins[i])
continue;
if (builtins[i]->exit)
builtins[i]->exit();

View File

@ -2,6 +2,7 @@
#include <getopt.h>
#include "bitfield.h"
#include "build.h"
#include "dirent-util.h"
#include "errno-list.h"
@ -194,7 +195,7 @@ static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
FOREACH_ELEMENT(i, uid_range_table) {
_cleanup_free_ char *name = NULL, *comment = NULL;
if (!FLAGS_SET(arg_disposition_mask, UINT64_C(1) << i->disposition))
if (!BIT_SET(arg_disposition_mask, i->disposition))
continue;
if (!uid_range_covers(p, i->first, i->last - i->first + 1))
@ -585,7 +586,7 @@ static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
FOREACH_ELEMENT(i, uid_range_table) {
_cleanup_free_ char *name = NULL, *comment = NULL;
if (!FLAGS_SET(arg_disposition_mask, UINT64_C(1) << i->disposition))
if (!BIT_SET(arg_disposition_mask, i->disposition))
continue;
if (!uid_range_covers(p, i->first, i->last - i->first + 1))