IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This is mostly for tests or fuzzers. Hence, this makes the function
requires that the client is running in the test mode.
Also, now the function mask the value for message type.
The event source will be soon re-enabled in the same function.
The function client_timeout_resend() may return earlier without
re-enabling the timer souce. However,
- the timer event source is one shot by default. Hence, it is not
necessary to disable in the callback function,
- when it returns early, then client_set_state() or client_stop() is
called before return, and they re-ernable or disable the timer.
The timer must be active until the client get re-enter bound state,
and the timeout must be determined by the lease acquired when entering
the bound state.
This fixes the following issues:
- if T1 is finite and T2 is infinite, then the timer for T1 was not
enabled,
- after T1 and T2 are randomized, T1 may be longer than T2.
This is mostly for shortening `client_receive_message()`.
This also fixes the following:
- do not trigger SD_DHCP6_CLIENT_EVENT_INFORMATION_REQUEST notification
when non-reply message,
- add several missing error handlings caused in client_start().
Otherwise, the managed configs, that is addresses, routes and so on
configured by the previously assigned .network file will not be dropped
on reconfiguring the interface.
The cgroupid feature was not available in old cgroupvs2 kernels, hence
try to get it but if we can't because it's not supported, then only
debug log about it and proceed.
(We only needs this for cgroup bpf stuff, but that isn't available on
such old kernels anyway)
Fixes: #22483
This effectively disables warnings about type/mode/ownership of existing
directories when recursively creating parent directories. (Or files. If there's
a file in a place we expect a directory, the code will later try to create
a file and fail. This follows the general pattern where we do (void)mkdir()
if the mkdir() is immediately followed by opening of a file.)
I was recently debugging an issue with the fstab-generator [1], and it says:
'Directory "/tmp" already exists, but has mode 0777 that is too permissive (0644 was requested), refusing.'
which is very specific but totally wrong in this context.
This output was added in 37c1d5e97d, and I still
think it is worth to do it, because if you actually *do* want the directory, if
there's something wrong, the precise error message will make it much easier to
diagnose. And we can't easily pass the information what failed up the call chain
because there are multiple things we check (ownership, permission mask, type)…
So passing a param whether to warn or not down into the library code seems like
the best solution, despite not being very elegant.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2051285
when they go down resolved prints
```
Event source mdns-ipv4 (type io) returned error, disabling
```
instead of
```
Event source n/a (type io) returned error, disabling
```
Even though ISO C11 doesn't mandate in which order the type specifiers
should appear, having `unsigned` at the beginning of each type
declaration feels more natural and, more importantly, it unbreaks
Coccinelle, which has a hard time parsing `long unsigned` and others:
```
init_defs_builtins: /usr/lib64/coccinelle/standard.h
init_defs: /home/mrc0mmand/repos/systemd/coccinelle/macros.h
HANDLING: src/shared/mount-util.c
: 1: strange type1, maybe because of weird order: long unsigned
```
Most of the codebase already "complies", so let's fix the remaining
"offenders".
Try to ensure kernel IPv6 link local address generation occurs by
setting the per-if addr_gen_mode sysctl when the link is already up,
instead of the netlink interface (IFLA_INET6_ADDR_GEN_MODE).
The netlink setting is sufficient in cases where the interface is not
yet up when networkd configures an interface - bringing the interface
up will trigger in-kernel address generation.
If the interface is already up, yet the interface has no IPv6LL assigned
setting IFLA_INET6_ADDR_GEN_MODE has no effect.
Writing the addr_gen_mode sysctl is a best effort attempt at triggering
address generation regardless of interface state because it also works
in cases where the interface is already up.
Fixes#22424.
In cbcdcaaa0e ("Add support for conditions on the machines firmware")
a new Firmware= directive was added for .netdev and .network files.
While it was also documented to work on .link files, in actual fact the
support was missing. Add that one extra line to make it work, and also
update the fuzzer directives.
This helper is just like config_parse_string() but does some superficial
checks for control characters and quotes.
In most cases we currently use config_parse_string() we probably want to
use config_parse_safe_string() for safety reasons.
Add the "Isolated" parameter in the *.network file, e.g.,
[Bridge]
Isolated=true|false
When the Isolated parameter is true, traffic coming out of this port
will only be forward to other ports whose Isolated parameter is false.
When Isolated is not specified, the port uses the kernel default
setting (false).
The "Isolated" parameter was introduced in Linux 4.19.
See man bridge(8) for more details.
But even though the kernel and bridge/iproute2 recognize the "Isolated"
parameter, systemd-networkd did not have a way to set it.
Since version 4.5, the max possible timeout is UINT_MAX / 1000 since it
does calculations in milliseconds. A small helper function is added to
make this conversion and saturation and will be used more in the next
commit.
Also document the usage of signed integers by the kernel userspace API.
The single consumer of ticks_read() (i.e. time_usec()) checks for == 0
to detect the "not supported/invalid" case, hence actually return the
right value for that.
This reverts commit f699bd81e8 (#22063)
We should suppress the TSC data when we generate it if we assume its
invalid, not when we consume it, because at that point we don't even
know if the data stems from TSC or something else.
Apparently 2G is too low for various real-life systems. But raising it
universally above 2^32 sounds wrong to me, since that makes no sense on
32bit systems, that we still support.
Hence, let's raise the limit to 32G on 64bit systems, and *lower* it to
1G on 32bit systems.
32G is 4 orders of magnitude higher then the old settings. Let's hope
that's enough for now. Should this not be enough we can raise it
further.
Fixes: #22076
This queries the sector size from libfdisk instead of assuming 512, and
uses that when converting from bytes to the offset/size values libfdisk
expects.
This is an alternative to Tom Yan's #21823, but prefers using libfdisk's
own ideas of the sector size instead of going directly to the backing
device via ioctls. (libfdisk can after all also operate on regular
files, where the sector size concept doesn't necessarily apply the same
way.)
This also makes the "grain" variable, i.e. how we'll align the
partitions. Previously this was hardcoded to 4K, and that still will be
the minimum grain we use, but should the sector size be larger than that
we'll use the next multiple of the sector size instead.
If the query get CNAME or DNAME, then the query will be restarted.
Even in that case, previously, the event source was freed and allocated
again. Let's slightly optimize it.
Fortunately, unlike the issue fixed in the previous commit, the memleak
should be superficial and not become apparent, as the queries handled
here are managed by the stub stream, and will be freed when the stream
is closed.
Just for safety, and slightly reducing the runtime memory usage by the
stub stream.
When stub stream is closed early, then queries associated to the stream
are freed. Previously, the timer event source for queries may not be
disabled, hence may be triggered with already freed query.
See also dns_stub_stream_complete().
Note that we usually not set NULL or zero when freeing simple objects.
But, here DnsQuery is large and complicated object, and the element may
be referenced in subsequent freeing process in the future. Hence, for
safety, let's set NULL to the pointer.
This is a follow up to 29f4185a9c ("oomd: Dump top offenders after a
kill action") to clean up the code a bit for review comments that
happened after the code had been merged already.
Coverity (and I, initially) get really confused about "fn"'s validity
here. it doesn't grok that free_and_strdup() is actually a NOP in case
the string isn't changed, and assumes it always invalidates the
specified buffer, which it doesn't do though.
Follow-up for: f4b1a6b641
If we're going upwards in the journal file during entry iteration and we
can't reach the current entry due to corruption, start iterating upwards
from the last reachable entry array. This is equivalent to skipping
all entries in the array that can't be reached anymore.
Fixes#22431
8d801e35cb didn't take into account
upwards iteration of entry items when we're working on a corrupted
journal file. Instead of moving to the previous entry array, we'd
always move to the next array, regardless of the iteration direction.
To fix this, we introduce bump_entry_array() that moves to the next
or previous entry array depending on the given direction. Since the
entry array chains are singly linked lists, we have to start iterating
from the front to find the previous array. We only reach this logic
if we're working on a corrupted journal file so being slow here shouldn't
matter too much.
Fixes an assertion failure "pd->type == SD_DHCP6_OPTION_IA_PD" in dhcp6_option_append_pd().
Something similar was done in commit 26a63b8132 ('sd-dhcp6-client: Fix
sending prefix delegation request (#17136)'). The justification is
probably the same.
In D-Bus, clients connect to a bus (the usual case), or use direct
questions to each other (the unusual case). A bus is a program one can
connect to and implemented by dbus-daemon or dbus-broker. HOwever,
busses never connect between each other, that doesn't exist. Hence don't
claim so.
This is probably confusion about the fact that sd-bus calls D-Bus
connection objects just "sd_bus" for simplicity, given they are used in
99% of the cases to connect to a bus — only in exceptional cases they
are used for direct connections between peers without involving a bus.
Follow-up for b7bb58ef70
Apparently the error code fallocate() returns if hole punching is not
supported is not too well defined (man page just says "an error is
returned"), hence let's accept the usual set of errors, and the
normalize it to EOPNOTSUPP, and generate a clear error message in this
case.
This basically reverts #22079.
Stopping the watchdog is wrong. The reboot watchdog is supposed to cover
the whole time from the point when systemd start systemd-reboot until the
hardware resets.
Otherwise the system may hang in the final shutdown phase.
Add a comment, why keeping the watchdog running is correct here.
If watchdog_set_device() is not called before open_watchdog() then
'watchdog_device' remains 'NULL' while the device is open.
As a result, the "same device" check in watchdog_set_device() does not work
correctly: If no device is specified (e.g. from watchdog_free_device())
then the current fd is not closed.
Fix this by setting 'watchdog_device' to the correct device during
open_watchdog()
Since a long time the D-Bus spec knows a special bit in its message
header for indicating that "interactive" authentication is OK. The
original hostnamed API is before that was added hence most functions
expose that boolean as explicit argument.
For new added functions let's get rid of it, the message flag is good
enough and replaces it with complete functionality.
No new APIs should carry the "interactive" boolean flag explicitly as
argument anymore.
Follow-up for: 9697662915
Note to self: should I ever become a black hat hacker, this is how I'd
hide a vulnerability. ;-)
(No, this one is not a vulnerability)
Follow-up for: 163d1ea5dd
We have the journal file open already, hence reference it via the fd
insted of the file name. After all, some other tool might have
renamed/deleted it already.
Let's not actually reuse the fd though, since we want a separate file
offset for the copying, hence just make it simply and reopen via
/proc/self/fd/.
Follow-up for d71ece3f0b
No actual code changes, just renaming.
Rationale: the focus here should be on the fact that these are "unified"
images, whether our stub is used or not, or something else doesn't
really matter. Moreover, these are still Linux entries. Hence, emphasize
that these are *unified* images, and *Linux* images, and deemphesize
that our sd-stub is likely used.
it might be totally inaccessible, hence weaken our language a bit and
just say "not readable", thus making not claim whether it is writable or
not.
Follow-up for 3a90bef55a
It's a follow-up to https://github.com/systemd/systemd/pull/10200 where
that fuzzer was introduced. At the time it was run regularly on machines
where machine-id wasn't present so it was kind of reproducible. Now
it's run on CIFuzz and CFLite using GHActions with the public OSS-Fuzz
corpora (based on that particular machine-id) so to fully utilize
those corpora it's necessary to use it always. Other than that
it makes it possible for fuzzers targeting outgoing packets
based on incoming packets like https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1795921
to get past client_parse_message on my machine :-)
Fixes a regression caused by 3008a6f21c.
Before the commit, when `mkdir_parents_internal()` is called from `mkdir_p()`,
it uses `_mkdir()` as `flag` is zero. But after the commit, `mkdir_safe_internal()`
is always used. Hence, if the path contains a symlink, it fails with -ENOTDIR.
To fix the issue, this makes `mkdir_p()` calls `mkdir_parents_internal()` with
MKDIR_FOLLOW_SYMLINK flag.
Fixes#22334.
It's totally not OK to write to the strings returned by it, the data is
shared by all code that references the message.
While we are at it, simplify the code via
json_variant_set_field_string().
Follow-up for: 5ef599b324
This partially undoes the effect of
ab6e257b3e.
Originally, we always used the mmap logic to determine the current end
of the file. ab6e257b3e changed this so
that we always used pread().
With this change we'll use pread() from the synchronization thread and
mmap otherwise.
C macros are nasty. We use them, but we try to be conservative with
them. In particular passing literal, complex code blocks as argument is
icky, because of "," handling of C, and also because it's quite a
challange for most code highlighters and similar. Hence, let's avoid
that. Using macros for genreating functions is OK but if so, the
parameters should be simple words, not full code blocks.
hence, rework DEFINE_CUSTOM_TEST_MAIN() to take a function name instead
of code block as argument.
As side-effect this also fixes a bunch of cases where we might end up
returning a negative value from main().
Some uses of DEFINE_CUSTOM_TEST_MAIN() inserted local variables into the
main() functions, these are replaced by static variables, and their
destructors by the static destructor logic.
This doesn't fix any bugs or so, it's just supposed to make the code
easier to work with and improve it easthetically.
Or in other words: let's use macros where it really makes sense, but
let's not go overboard with it.
(And yes, FOREACH_DIRENT() is another one of those macros that take
code, and I dislike that too and regret I ever added that.)
When classless static routes option is provided, then static routes
option should not be used. Hence, let's not mix and store them in one
storage.
This introduce sd_dhcp_lease_get_static_routes() and
sd_dhcp_lease_get_classless_routes().
Since test-resolved-stream brings up a simple DNS server on 127.0.0.1:12345,
only one instance could run at a time, so it would fail when run like
`meson test -C build test-resolved-stream --repeat=1000`.
Similarly, if by chance something is up on port 12345, the test would fail.
To make the test more reliable, run it in an isolated user + network namespace.
If this fails (some distributions disable user namespaces), just run as before.
In commit 2aaf6bb6e9, an issue was fixed where
systemd-resolved could get stuck for multiple seconds waiting for incoming data,
since GnuTLS/OpenSSL can buffer a TLS record, so data could be available, but
no EPOLLIN event would be generated.
To fix this, a somewhat elaborate logic consisting on asking the TLS library
whether it had buffered data, then "faking" an EPOLLIN event was implemented.
However, there is a much simpler solution: Always read as much data as available
(i.e. until we get an event like EAGAIN when trying to read) from the stream
when we get an EPOLLIN event, instead of at most a single packet per event.
This approach does not require asking the TLS library whether it has buffered
data, and the logic is exactly the same for both the TCP and TLS case.
test-resolved-stream is fixed to avoid a latent double free bug.
Since when handling a DNS over TLS stream, the TLS library can override the
requested events through dnstls_events for handshake/shutdown purposes,
obtaining the event flags through sd_event_source_get_io_events and checking
for EPOLLIN or EPOLLOUT does not really tell us whether we want to read/write
a packet. Instead, it could just be OpenSSL/GnuTLS doing something else.
To make the logic more robust (and simpler), save the flags that tell us
whether we want to read/write a packet, and check them instead of the IO flags.
(& use uint32_t for the flags like in sd_event_source_set_io_events prototype)
This fixes a bunch of issues:
pread() returns ssize_t, and returns errors in 'errno', handle that
correctly.
More importantly: it might incompletely read data in case we hit
EOF. Check for that, and handle it.
Finally, rename the function to journal_file_read_object_header(), since
it really doesn't read full objects, but only their headers.
Follow-up for: 117e21121e
ASSERT_SE_PTR() is like ASSERT_PTR() but uses assert_se() instead of
assert() internally.
Code should use ASSERT_SE_PTR() where the check should never be
optimized away, even if NDEBUG is set.
Rationale: assert() is the right choice for validating assumptions about
our own code, i.e. checking conditions that are "impossible" to not
hold, because we ourselves hacked things up the "right" way of course.
assert_se() is the right choice for tests that come with a weaker
guarantee, they encode assumptions over other's API behaviour, i.e.
whether something can fail there or not.
When developing tools that are not oom-safe assert_se() is the right
choice: we know that on Linux OOM doesn't really happen, even though
theoretically the API allows it to happen.
Usecase for ASSERT_SE_PTR() is mostly the fatal memory allocation logic
for EFI memory allocations. So far it used regular assert() i.e. OOM
failurs would be totally ignored if NDEBUG is set. We'd rather have our
EFI program to print an assert message and freeze instead though.