1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 06:25:37 +03:00
Commit Graph

37517 Commits

Author SHA1 Message Date
Yu Watanabe
f9971018eb dhcp-identifier: introduce duid_type_to_string() 2022-02-14 14:58:49 +09:00
Yu Watanabe
6f3fc86131 sd-dhcp6-client: do not expose set_transaction_id()
This is mostly for tests or fuzzers. Hence, this makes the function
requires that the client is running in the test mode.

Also, now the function mask the value for message type.
2022-02-14 14:58:49 +09:00
Yu Watanabe
9e4dee4cec sd-dhcp6-client: use OrderedSet for vendor option
This also fixes memleak.
2022-02-14 14:58:49 +09:00
Yu Watanabe
885ea2ab1c ordered-set: introduce ordered_set_clear() 2022-02-14 14:58:49 +09:00
Yu Watanabe
1978efb9a5 sd-dhcp6-client: use struct hw_addr_data 2022-02-14 14:58:49 +09:00
Yu Watanabe
6f8ff34218 sd-dhcp6-client: stop IO event source when client entered bound state
Also when the client receives a reply when running in information
requesting mode.
2022-02-14 14:58:49 +09:00
Yu Watanabe
6f4490bb0c sd-dhcp6-client: adjust assertions 2022-02-14 14:58:46 +09:00
Yu Watanabe
65b85f2340 sd-dhcp6-client: log state transition 2022-02-14 14:57:35 +09:00
Yu Watanabe
e5d69be216 sd-dhcp6-client: rename client_set_state() -> client_start_transaction()
Previously, it obeys state transition, but now it is only used when
(re-)starting transaction. Let's rename again in more explanative name.
2022-02-14 14:57:35 +09:00
Yu Watanabe
fa78d165bb sd-dhcp6-client: use proper type for string table lookup funcs 2022-02-14 14:57:35 +09:00
Yu Watanabe
a8d1012f30 sd-dhcp6-client: voidify client_set_state() 2022-02-14 14:57:34 +09:00
Yu Watanabe
cfcc85bbca sd-dhcp6-client: log message is processed before state is changed 2022-02-14 14:57:34 +09:00
Yu Watanabe
c50c9e509f sd-dhcp6-client: move client_timeout_resend() and client_set_state()
These are deeply related to client_message_send(). Hence, move them near
the function.
2022-02-14 14:57:34 +09:00
Yu Watanabe
0eca25ba00 sd-dhcp6-client: move client_ensure_iaid()
No functional change.
2022-02-14 14:57:34 +09:00
Yu Watanabe
af2b484141 sd-dhcp6-client: merge client_start() and client_reset() 2022-02-14 14:56:54 +09:00
Yu Watanabe
ec7baf998d sd-dhcp6-client: use event_reset_time_relative() at one more place 2022-02-14 14:54:08 +09:00
Yu Watanabe
22ad018b5e sd-dhcp6-client: max_retransmit_count is only used when client is in DHCP6_STATE_REQUEST 2022-02-14 14:54:08 +09:00
Yu Watanabe
0f3b8b809c sd-dhcp6-client: drop unnecessary event_source_disable()
The event source will be soon re-enabled in the same function.

The function client_timeout_resend() may return earlier without
re-enabling the timer souce. However,
- the timer event source is one shot by default. Hence, it is not
  necessary to disable in the callback function,
- when it returns early, then client_set_state() or client_stop() is
  called before return, and they re-ernable or disable the timer.
2022-02-14 14:51:19 +09:00
Yu Watanabe
3bb18e707c sd-dhcp6-client: set lease expiration timer in client_enter_bound_state()
The timer must be active until the client get re-enter bound state,
and the timeout must be determined by the lease acquired when entering
the bound state.
2022-02-14 14:45:14 +09:00
Yu Watanabe
30b31359b0 sd-dhcp6-client: drop unnecessary assignment 2022-02-14 14:45:14 +09:00
Yu Watanabe
8ef959cd09 sd-dhcp6-client: initialize IO event source in sd_dhcp6_client_start() 2022-02-14 14:45:14 +09:00
Yu Watanabe
f814cd80de sd-dhcp6-client: make state transition stricter 2022-02-14 14:45:14 +09:00
Yu Watanabe
c2c878d806 sd-dhcp6-client: prohibit spurious state transition
Previously, `client_set_state(client, DHCP6_STATE_STOPPED)` might make
the client enter the SOLICIT state.
2022-02-14 14:45:14 +09:00
Yu Watanabe
220a88ca75 sd-dhcp6-client: disable T1 timer on T2
Otherwise, the client may be enter RENEW state after REBIND state.
2022-02-14 14:45:14 +09:00
Yu Watanabe
c41bdb17fc sd-dhcp6-client: call client_notify() in client_enter_bound_state() 2022-02-14 14:45:14 +09:00
Yu Watanabe
cdf3d8c584 sd-dhcp6-client: fix lifetime handling
This fixes the following issues:
- if T1 is finite and T2 is infinite, then the timer for T1 was not
  enabled,
- after T1 and T2 are randomized, T1 may be longer than T2.
2022-02-14 14:45:07 +09:00
Yu Watanabe
1d6cb4ce2a sd-dhcp6-client: use event_reset_time_relative() 2022-02-14 14:43:45 +09:00
Yu Watanabe
02354ee738 sd-dhcp6-client: introduce client_enter_bound_state()
To make client_set_state() smaller. This should not change any behavior.
2022-02-14 14:43:45 +09:00
Yu Watanabe
cc5184823f sd-dhcp6-client: fix overflow in calculating timeout value 2022-02-14 14:43:45 +09:00
Yu Watanabe
d0875a07dd sd-dhcp6-client: disable event source when client is stopped or freed 2022-02-14 14:43:45 +09:00
Yu Watanabe
7771233127 sd-dhcp6-client: use in6_addr_to_string() 2022-02-14 14:43:45 +09:00
Yu Watanabe
4db6334c9a sd-dhcp6-client: stop client on error in client state transition 2022-02-14 14:43:45 +09:00
Yu Watanabe
bfa1139af4 sd-dhcp6-client: add missing one more error handling 2022-02-14 14:43:45 +09:00
Yu Watanabe
06d5e856f8 sd-dhcp6-client: rename client_start() -> client_set_state() 2022-02-14 14:43:45 +09:00
Yu Watanabe
07a3b3408b sd-dhcp6-client: introduce client_process_*()
This is mostly for shortening `client_receive_message()`.

This also fixes the following:
- do not trigger SD_DHCP6_CLIENT_EVENT_INFORMATION_REQUEST notification
  when non-reply message,
- add several missing error handlings caused in client_start().
2022-02-14 14:43:45 +09:00
Yu Watanabe
0123b2dbac sd-dhcp6-client: fix possible unaligned read or write 2022-02-14 14:43:45 +09:00
Yu Watanabe
16347c15d8 sd-dhcp6-client: voidify client_reset() 2022-02-14 14:43:45 +09:00
Yu Watanabe
65ece4c85b sd-dhcp6-client: introduce dhcp6_lease_new_from_message() 2022-02-14 14:43:45 +09:00
Yu Watanabe
c930925841 sd-dhcp6-client: use structured initializer 2022-02-14 14:43:45 +09:00
Yu Watanabe
f4fbea7a0f sd-dhcp6-lease: unify lease lifetime calculation 2022-02-14 14:43:45 +09:00
Yu Watanabe
126277aceb sd-dhcp6-client: always use ENODATA when a lease does not have requested data 2022-02-14 14:43:45 +09:00
Yu Watanabe
29858a0f9e sd-dhcp6-client: unify dhcp6_option_append_{ia,pd}() 2022-02-14 14:43:45 +09:00
Yu Watanabe
877bfc78fd sd-dhcp6-client: store PD prefix hint in ia_pd
And allows to specify multiple hints.
2022-02-14 14:43:45 +09:00
Yu Watanabe
e5b0b87f51 sd-dhcp6-client: introduce dhcp6_ia_free() 2022-02-14 14:43:45 +09:00
Yu Watanabe
4b0f27173c sd-dhcp6-client: unify IA option header
This also fixes possible unaligned read of message.
2022-02-14 14:43:45 +09:00
Yu Watanabe
93bd7c4192 sd-dhcp6-lease: reset client or server ID when length is zero
Addresses https://github.com/systemd/systemd/pull/22406#issuecomment-1029391091.
2022-02-14 14:43:45 +09:00
Yu Watanabe
049fddfa7d sd-dhcp6-lease: convert assert_return() -> assert() in non-public functions 2022-02-14 14:43:45 +09:00
Yu Watanabe
7c999d38fa sd-dhcp6-client: rename ia -> ia_na, pd -> ia_pd in sd_dhcp6_lease
The previous naming is quite misleading.
2022-02-14 14:43:45 +09:00
Yu Watanabe
43b7a412b1 sd-dhcp6-client: fix typo ia_pd -> ia_na
Fortunately, currently both ia_pd and ia_na in sd_dhcp6_client are
equivalent now.
2022-02-14 14:43:45 +09:00
Yu Watanabe
5e4d135c60 sd-dhcp6-client: introduce two helpers to create message 2022-02-14 14:43:45 +09:00
Yu Watanabe
6fcf356b9a sd-dhcp6-client: trigger assertion whn invalid IA type is provided
If the condition hits, then it is an error in coding, instead of a user
misconfiguration or invalid receivd message.
2022-02-14 14:40:57 +09:00
Yu Watanabe
81db4f3dd8 network: drop managed configs on reconfigure when KeepConfiguration=yes
Otherwise, the managed configs, that is addresses, routes and so on
configured by the previously assigned .network file will not be dropped
on reconfiguring the interface.
2022-02-13 20:01:42 +09:00
Yu Watanabe
07c160a65c network: drop redundant condition
The function `link_drop_foreign_addresses()` is only called in
`link_drop_foreign_config()`, and the same condition is located in the
caller.
2022-02-13 20:01:29 +09:00
Yu Watanabe
74c60fcbec cgroup-util: refuse the case that both path and suffix are empty strings
Fixes CID#1322378.
2022-02-12 11:01:52 +00:00
Jan Janssen
ac3979abd7 boot: Correctly check the return value of CheckEvent
Fixes: #22428
2022-02-11 17:07:05 +00:00
Lennart Poettering
5483fca07a pid1: export cgroup ID among per-unit cgroup information
It's really interesting for debugging purposes and we have it already,
hence expose it as dbus property.
2022-02-11 13:36:39 +01:00
Lennart Poettering
a561253f0b cgroup-util: minor modernizations
Rename return parameters to "ret", use ternary op without second
argument, rebreak comments, use isempty() more.
2022-02-11 13:36:39 +01:00
Lennart Poettering
1b42022388 cgroup: downgrade warning if we can't get ID off cgroup
The cgroupid feature was not available in old cgroupvs2 kernels, hence
try to get it but if we can't because it's not supported, then only
debug log about it and proceed.

(We only needs this for cgroup bpf stuff, but that isn't available on
such old kernels anyway)

Fixes: #22483
2022-02-11 13:36:39 +01:00
Zbigniew Jędrzejewski-Szmek
e01e68e70a basic: do not warn in mkdir_p() when parent directory exists
This effectively disables warnings about type/mode/ownership of existing
directories when recursively creating parent directories. (Or files. If there's
a file in a place we expect a directory, the code will later try to create
a file and fail. This follows the general pattern where we do (void)mkdir()
if the mkdir() is immediately followed by opening of a file.)

I was recently debugging an issue with the fstab-generator [1], and it says:
'Directory "/tmp" already exists, but has mode 0777 that is too permissive (0644 was requested), refusing.'
which is very specific but totally wrong in this context.
This output was added in 37c1d5e97d, and I still
think it is worth to do it, because if you actually *do* want the directory, if
there's something wrong, the precise error message will make it much easier to
diagnose. And we can't easily pass the information what failed up the call chain
because there are multiple things we check (ownership, permission mask, type)…
So passing a param whether to warn or not down into the library code seems like
the best solution, despite not being very elegant.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=2051285
2022-02-11 10:05:21 +01:00
Evgeny Vereshchagin
a38f3ceeda resolve: describe mdns event sources
when they go down resolved prints
```
Event source mdns-ipv4 (type io) returned error, disabling
```
instead of
```
Event source n/a (type io) returned error, disabling
```
2022-02-11 07:01:58 +09:00
Frantisek Sumsal
da185cd04d tree-wide: move unsigned to the start of type declaration
Even though ISO C11 doesn't mandate in which order the type specifiers
should appear, having `unsigned` at the beginning of each type
declaration feels more natural and, more importantly, it unbreaks
Coccinelle, which has a hard time parsing `long unsigned` and others:

```
init_defs_builtins: /usr/lib64/coccinelle/standard.h
init_defs: /home/mrc0mmand/repos/systemd/coccinelle/macros.h
HANDLING: src/shared/mount-util.c
: 1: strange type1, maybe because of weird order: long unsigned
```

Most of the codebase already "complies", so let's fix the remaining
"offenders".
2022-02-10 21:00:22 +01:00
Yu Watanabe
8448321571 sd-dhcp6-client: add missing address existence check
This adds similar check as 58da18251f.
2022-02-10 21:50:02 +09:00
Yu Watanabe
2d88df457a
Merge pull request #22471 from yuwata/network-bridge-vlan-protocol
network: bridge: fix vlan protocol
2022-02-10 20:40:04 +09:00
Yu Watanabe
ac7e18be76
Merge pull request #22452 from yuwata/network-ipv6ll
network: use sysctl to set IPv6LL address generation mode when the interface is already up
2022-02-10 20:38:56 +09:00
Yu Watanabe
6eb35be8e0 network: bridge: fix endian of vlan protocol
Fixes #22469.
2022-02-10 17:47:17 +09:00
Joerie de Gram
77d65e5659 network: attempt to trigger kernel IPv6LL address generation
Try to ensure kernel IPv6 link local address generation occurs by
setting the per-if addr_gen_mode sysctl when the link is already up,
instead of the netlink interface (IFLA_INET6_ADDR_GEN_MODE).

The netlink setting is sufficient in cases where the interface is not
yet up when networkd configures an interface - bringing the interface
up will trigger in-kernel address generation.

If the interface is already up, yet the interface has no IPv6LL assigned
setting IFLA_INET6_ADDR_GEN_MODE has no effect.

Writing the addr_gen_mode sysctl is a best effort attempt at triggering
address generation regardless of interface state because it also works
in cases where the interface is already up.

Fixes #22424.
2022-02-10 17:35:41 +09:00
Yu Watanabe
2b25f4eb23 network: move link_set_ipv6ll_stable_secret() to networkd-ipv6ll.c 2022-02-10 17:34:06 +09:00
Yu Watanabe
05b8fc498e network: skip to set IPv6LL address generation mode if the requested mode is already set 2022-02-10 17:34:06 +09:00
Yu Watanabe
6614116458 network: use log_link_warning_errno() or friends where applicable 2022-02-10 17:34:06 +09:00
Yu Watanabe
7d0d832d67 network: monitor current IPv6LL address generation mode 2022-02-10 17:34:06 +09:00
Yu Watanabe
80f2647dfb network: introduce two helper functions for setting IPv6LL address generation mode 2022-02-10 17:34:02 +09:00
Alvin Šipraga
19ff06b3a4
udev/net: support Match.Firmware= in .link files (#22462)
In cbcdcaaa0e ("Add support for conditions on the machines firmware")
a new Firmware= directive was added for .netdev and .network files.
While it was also documented to work on .link files, in actual fact the
support was missing. Add that one extra line to make it work, and also
update the fuzzer directives.
2022-02-10 16:19:28 +09:00
Luca Boccassi
0b0ad494a0
Merge pull request #22458 from poettering/parse-safe-string
some safety tweaks to conf-parser.[ch]
2022-02-09 16:59:14 +00:00
Yu Watanabe
e6e2b66b8f
Merge pull request #22248 from yuwata/network-tc-use-request-queue
network: tc: use request queue to configure QDisc or TClass
2022-02-09 18:57:37 +09:00
Lennart Poettering
65a0ede2ed conf-parser: add specific parser for PID values 2022-02-09 10:17:37 +01:00
Lennart Poettering
a99a85242c tree-wide: use config_parse_safe_string() at various places 2022-02-09 10:17:33 +01:00
Lennart Poettering
0b95409928 conf-parser: update config_item_*_lookup() to follow modern coding style
Let's rename the return parameters ret_xyz, and always initialize them
if we return >= 0, as per our current coding style.
2022-02-09 10:17:23 +01:00
Lennart Poettering
cec7f09dc8 conf-parser: refuse section headers with control characters early, just in case 2022-02-09 10:17:20 +01:00
Lennart Poettering
73a4ac8a75 conf-parser: minor refactorings/modernizations 2022-02-09 10:17:17 +01:00
Lennart Poettering
deec0b6dd5 conf-parser: use _cleanup_free_ where appropriate 2022-02-09 10:17:13 +01:00
Lennart Poettering
2d17d699bb conf-parse: add generic config_parse_safe_string() helper
This helper is just like config_parse_string() but does some superficial
checks for control characters and quotes.

In most cases we currently use config_parse_string() we probably want to
use config_parse_safe_string() for safety reasons.
2022-02-09 10:16:42 +01:00
Santa Wiryaman
97f27f8a16 Add support for isolated parameter
Add the "Isolated" parameter in the *.network file, e.g.,

[Bridge]
Isolated=true|false

When the Isolated parameter is true, traffic coming out of this port
will only be forward to other ports whose Isolated parameter is false.

When Isolated is not specified, the port uses the kernel default
setting (false).

The "Isolated" parameter was introduced in Linux 4.19.
See man bridge(8) for more details.
But even though the kernel and bridge/iproute2 recognize the "Isolated"
parameter, systemd-networkd did not have a way to set it.
2022-02-09 17:37:37 +09:00
Yu Watanabe
e4bbd9c61e network: tc: use hashmap to store traffic control settings in .network files
As now each qdisc or tclass is configured when it is ready.
2022-02-09 14:43:19 +09:00
Yu Watanabe
7ec1846242 network: tc: introduce order dependency of traffic control 2022-02-09 14:43:19 +09:00
Yu Watanabe
1dec9d816b network: tc: use request queue to configure traffic control
But no dependency resolution is implemented.
2022-02-09 14:43:19 +09:00
Yu Watanabe
b3208e0fad network: tc/teql: set tca_kind in verify()
Then, qdisc_configure() can be simplified.
2022-02-09 14:43:19 +09:00
Yu Watanabe
828a81a937 network: tc: monitor qdisc and tclass 2022-02-09 14:43:19 +09:00
Yu Watanabe
e8b8b3eacb sd-netlink: allow to dump qdisc and tclass 2022-02-09 14:43:19 +09:00
Yu Watanabe
27e93a4b66 sd-netlink: make traffic control related message can be monitored 2022-02-09 14:43:19 +09:00
Yu Watanabe
1f38b6f9c6 sd-netlink: introduce sd_rtnl_message_traffic_control_get_{ifindex,parent,handle}() 2022-02-09 14:38:23 +09:00
Yu Watanabe
f50b93fed7 sd-netlink: unify sd_rtnl_message_new_qdisc() and sd_rtnl_message_new_tclass()
As the netlink message header types for both qdisc and tclass are
equivalent.
2022-02-09 14:35:25 +09:00
Yu Watanabe
89346ac6f6 network: coding style fixes 2022-02-09 14:35:25 +09:00
Yu Watanabe
55c6f705ba network: tc: drop unnecessary conditions
As TC_H_UNSPEC is 0.
2022-02-09 14:35:25 +09:00
Yu Watanabe
058fd55efa network: tc: drop unused QDisc::family element 2022-02-09 14:35:25 +09:00
Lennart Poettering
4d6ce52e7b
Merge pull request #22446 from poettering/sd-boot-cpuid-vm-tscd
sd-boot: don't read TSC in VM environments, and other TSC fixes
2022-02-08 21:57:38 +01:00
Yu Watanabe
de2f372ea2 network: move ipv6ll related functions to networkd-ipv6ll.[ch] 2022-02-09 02:14:40 +09:00
Yu Watanabe
5573ed2230
Merge pull request #22448 from poettering/coredump-raise-sizes
coredump: raise limits
2022-02-09 01:23:07 +09:00
Yu Watanabe
18f84f8aba udev/net: support to set MDI-X mode
Closes #22386.
2022-02-08 15:47:46 +00:00
Lennart Poettering
74694002e6
Merge pull request #22423 from poettering/repart-sector-size
repart: fix sector size handling
2022-02-08 14:47:00 +01:00
Curtis Klein
d6463a399d watchdog: saturate to kernel's max watchdog timeout
Since version 4.5, the max possible timeout is UINT_MAX / 1000 since it
does calculations in milliseconds. A small helper function is added to
make this conversion and saturation and will be used more in the next
commit.

Also document the usage of signed integers by the kernel userspace API.
2022-02-08 14:43:12 +01:00
Lennart Poettering
9eb0583feb
Merge pull request #22442 from DaanDeMeyer/fix-entry-iteration
journal: Fix entry array iteration in case of corruption
2022-02-08 14:29:24 +01:00
Daan De Meyer
586e485042
Merge pull request #22366 from poettering/journal-file-punch-fix
journald: some journal file hole punching fixes
2022-02-08 13:03:03 +00:00
Lennart Poettering
3bcc999fa5 sd-boot: don't use TSC in virtualized environments
Replaces: f699bd81e8

Fixes: #22060
2022-02-08 13:46:26 +01:00
Lennart Poettering
16cec133c6 sd-boot: return 0 (not 1) from ticks_read() in fallback implementation
The single consumer of ticks_read() (i.e. time_usec()) checks for == 0
to detect the "not supported/invalid" case, hence actually return the
right value for that.
2022-02-08 13:46:23 +01:00
Lennart Poettering
fb63526f72 sd-boot: encapsulate freq cache in ticks_freq()
It's usually nicer to abstract a cache away in the provider of a value,
hence do so.
2022-02-08 13:46:20 +01:00
Lennart Poettering
efbb86797d sd-boot: don't export ticks_read() and ticks_freq()
They only have a single user in time_usec(), hence don't expose them.
2022-02-08 13:46:17 +01:00
Lennart Poettering
476c0e969a sd-boot: add overflow check to TSC reads
On some archs the counter is 32bit, and in case of virtualization it
might actually overflow, who knows.
2022-02-08 13:46:14 +01:00
Lennart Poettering
1e66a23373 sd-boot: split out TSC/time API
These are a whole family of functions, let's give them their own .c/.h
file.

No code changes, just splitting things out.
2022-02-08 13:46:02 +01:00
Lennart Poettering
9b176fbdc0 Revert "boot-timestamps: Discard firmware init time when running in a VM"
This reverts commit f699bd81e8 (#22063)

We should suppress the TSC data when we generate it if we assume its
invalid, not when we consume it, because at that point we don't even
know if the data stems from TSC or something else.
2022-02-08 13:45:49 +01:00
Lennart Poettering
e677041e7a coredump: raise the coredump save size on 64bit systems to 32G (and lower it to 1G on 32bit systems)
Apparently 2G is too low for various real-life systems. But raising it
universally above 2^32 sounds wrong to me, since that makes no sense on
32bit systems, that we still support.

Hence, let's raise the limit to 32G on 64bit systems, and *lower* it to
1G on 32bit systems.

32G is 4 orders of magnitude higher then the old settings. Let's hope
that's enough for now. Should this not be enough we can raise it
further.

Fixes: #22076
2022-02-08 11:54:55 +01:00
Lennart Poettering
994b303123 repart: fix sector size handling
This queries the sector size from libfdisk instead of assuming 512, and
uses that when converting from bytes to the offset/size values libfdisk
expects.

This is an alternative to Tom Yan's #21823, but prefers using libfdisk's
own ideas of the sector size instead of going directly to the backing
device via ioctls. (libfdisk can after all also operate on regular
files, where the sector size concept doesn't necessarily apply the same
way.)

This also makes the "grain" variable, i.e. how we'll align the
partitions. Previously this was hardcoded to 4K, and that still will be
the minimum grain we use, but should the sector size be larger than that
we'll use the next multiple of the sector size instead.
2022-02-08 10:47:48 +01:00
Yu Watanabe
ecdfb9a1ae resolve: reuse timer event source for DnsQuery
If the query get CNAME or DNAME, then the query will be restarted.
Even in that case, previously, the event source was freed and allocated
again. Let's slightly optimize it.
2022-02-08 17:39:03 +09:00
Yu Watanabe
c704288c47 resolve: use _cleanup_ attribute for freeing DnsQuery 2022-02-08 17:38:42 +09:00
Yu Watanabe
fe8c5ce615 resolve: fix possible memleak
Fortunately, unlike the issue fixed in the previous commit, the memleak
should be superficial and not become apparent, as the queries handled
here are managed by the stub stream, and will be freed when the stream
is closed.

Just for safety, and slightly reducing the runtime memory usage by the
stub stream.
2022-02-08 17:38:42 +09:00
Yu Watanabe
73bfd7be04 resolve: fix potential memleak and use-after-free
When stub stream is closed early, then queries associated to the stream
are freed. Previously, the timer event source for queries may not be
disabled, hence may be triggered with already freed query.
See also dns_stub_stream_complete().

Note that we usually not set NULL or zero when freeing simple objects.
But, here DnsQuery is large and complicated object, and the element may
be referenced in subsequent freeing process in the future. Hence, for
safety, let's set NULL to the pointer.
2022-02-08 17:35:53 +09:00
Benjamin Berg
100abbc650 oom: Cleanup of information dump code after kill
This is a follow up to 29f4185a9c ("oomd: Dump top offenders after a
kill action") to clean up the code a bit for review comments that
happened after the code had been merged already.
2022-02-07 21:33:50 +00:00
Lennart Poettering
8eb0c7917d watchdog: work around Coverity confusion
Coverity (and I, initially) get really confused about "fn"'s validity
here. it doesn't grok that free_and_strdup() is actually a NOP in case
the string isn't changed, and assumes it always invalidates the
specified buffer, which it doesn't do though.

Follow-up for: f4b1a6b641
2022-02-07 20:48:36 +00:00
Daan De Meyer
952d1e784a journal: Improve handling of corruption during upwards entry iteration
If we're going upwards in the journal file during entry iteration and we
can't reach the current entry due to corruption, start iterating upwards
from the last reachable entry array. This is equivalent to skipping
all entries in the array that can't be reached anymore.

Fixes #22431
2022-02-07 20:40:30 +00:00
Daan De Meyer
aa00163d79 journal: Fix upwards iteration of entry items in case of corruption
8d801e35cb didn't take into account
upwards iteration of entry items when we're working on a corrupted
journal file. Instead of moving to the previous entry array, we'd
always move to the next array, regardless of the iteration direction.

To fix this, we introduce bump_entry_array() that moves to the next
or previous entry array depending on the given direction. Since the
entry array chains are singly linked lists, we have to start iterating
from the front to find the previous array. We only reach this logic
if we're working on a corrupted journal file so being slow here shouldn't
matter too much.
2022-02-07 20:40:28 +00:00
Luca Boccassi
3c84905b08
Merge pull request #22383 from yuwata/network-generator-keep-configuration
network: enable KeepConfiguration= when running on network filesystem
2022-02-07 18:06:24 +00:00
Michael Biebl
153c8624aa login: typo fix 2022-02-08 02:36:22 +09:00
Evgeny Vereshchagin
be1eae4fad tests: also fuzz packets sent in the DHCP6_STATE_SOLICITATION state
With aborts enabled the fuzzer can catch issues like
26a63b8132
Let's extend it a bit to let it cover issues like
https://github.com/systemd/systemd/pull/22406#discussion_r798932098
2022-02-05 14:50:12 +09:00
Thomas Haller
58da18251f sd-dhcp6-client: fix sending prefix delegation request during rebind
Fixes an assertion failure "pd->type == SD_DHCP6_OPTION_IA_PD" in dhcp6_option_append_pd().

Something similar was done in commit 26a63b8132 ('sd-dhcp6-client: Fix
sending prefix delegation request (#17136)'). The justification is
probably the same.
2022-02-05 14:11:33 +09:00
Yu Watanabe
ea853de57d network: enable KeepConfiguration= when running on network filesystem
Also, set KeepConfiguration=dhcp-on-stop by default when running in
initrd.

Fixes #21967.
2022-02-05 09:42:32 +09:00
Yu Watanabe
166e8e36eb
Merge pull request #22416 from fbuihuu/misc
Misc
2022-02-05 09:26:40 +09:00
Anita Zhang
a714b15d46
Merge pull request #22395 from benzea/benzea/oomd-dump-offenders
oomd: Dump top offenders after a kill action
2022-02-04 14:44:04 -08:00
Benjamin Berg
29f4185a9c oomd: Dump top offenders after a kill action
This hopefully makes it more transparent why a specific cgroup was
killed by systemd-oomd.
2022-02-04 20:00:35 +01:00
Lennart Poettering
a2012854f5 man: systemd-stdio-bridge doesn't connect "two busses"
In D-Bus, clients connect to a bus (the usual case), or use direct
questions to each other (the unusual case). A bus is a program one can
connect to and implemented by dbus-daemon or dbus-broker. HOwever,
busses never connect between each other, that doesn't exist. Hence don't
claim so.

This is probably confusion about the fact that sd-bus calls D-Bus
connection objects just "sd_bus" for simplicity, given they are used in
99% of the cases to connect to a bus — only in exceptional cases they
are used for direct connections between peers without involving a bus.

Follow-up for b7bb58ef70
2022-02-04 17:43:44 +00:00
Lennart Poettering
d94e8a5064 journal-file: explicitly handle file systems that do not support hole punching
Apparently the error code fallocate() returns if hole punching is not
supported is not too well defined (man page just says "an error is
returned"), hence let's accept the usual set of errors, and the
normalize it to EOPNOTSUPP, and generate a clear error message in this
case.
2022-02-04 16:37:39 +01:00
Lennart Poettering
47497593fa journal-file: fix error handling of pread() in journald_file_punch_holes() 2022-02-04 16:37:20 +01:00
Lennart Poettering
05aca54468
Merge pull request #22378 from bluca/on_fail_follow_ups
Follow-ups for #20833
2022-02-04 16:29:09 +01:00
Michael Olbrich
119d5126d1 shutdown: don't stop the watchdog
This basically reverts #22079.

Stopping the watchdog is wrong. The reboot watchdog is supposed to cover
the whole time from the point when systemd start systemd-reboot until the
hardware resets.
Otherwise the system may hang in the final shutdown phase.

Add a comment, why keeping the watchdog running is correct here.
2022-02-04 12:26:58 +01:00
Michael Olbrich
f4b1a6b641 watchdog: fix watchdog_set_device() when the default watchdog device is used
If watchdog_set_device() is not called before open_watchdog() then
'watchdog_device' remains 'NULL' while the device is open.

As a result, the "same device" check in watchdog_set_device() does not work
correctly: If no device is specified (e.g. from watchdog_free_device())
then the current fd is not closed.

Fix this by setting 'watchdog_device' to the correct device during
open_watchdog()
2022-02-04 12:26:58 +01:00
Franck Bui
e36b00e938 udev/net_id: show the correct identifier in the debug output of dev_pci_onboard() 2022-02-04 09:45:47 +01:00
Franck Bui
05c05dc0a3 core: make use of VALID_CHARS_WITH_AT in unit_name_is_valid() 2022-02-04 09:36:45 +01:00
Yu Watanabe
4e247216e5 stat-util: introduce path_is_network_fs() 2022-02-04 15:22:20 +09:00
Yu Watanabe
318a53d10a network-generator: rename DHCP_TYPE_DHCP -> DHCP_TYPE_DHCP4
To emphasize this is DHCPv4. No behavior is changed.
2022-02-04 13:59:42 +09:00
Lennart Poettering
e6fccf029b hostnamed: trivial optimization 2022-02-03 22:51:51 +00:00
Luca Boccassi
1d2bf1f0ee portable: reopen socket with O_RDONLY
Follow-up for e3f7ed944a
2022-02-03 22:50:56 +00:00
Anita Zhang
d83923bdb7
Merge pull request #22355 from yuwata/network-tunnel-external
network: tunnel: support external mode
2022-02-03 14:20:43 -08:00
Jan Janssen
ce5e7872f8 boot: Fix some error messages 2022-02-03 23:05:36 +01:00
Anita Zhang
1f087147ea
Merge pull request #22400 from poettering/resolved-single-invalid-list
resolved: maintain only a single list of "dont-resolve" domain names
2022-02-03 11:54:00 -08:00
Lennart Poettering
ff28d259c0 hostnamed: drop "iteractive" parameter from GetHardwareSerial()
Since a long time the D-Bus spec knows a special bit in its message
header for indicating that "interactive" authentication is OK. The
original hostnamed API is before that was added hence most functions
expose that boolean as explicit argument.

For new added functions let's get rid of it, the message flag is good
enough and replaces it with complete functionality.

No new APIs should carry the "interactive" boolean flag explicitly as
argument anymore.

Follow-up for: 9697662915
2022-02-03 19:52:18 +00:00
Lennart Poettering
f80c3d5c7a systemctl: use STR_IN_SET() where appropriate
Follow-up for: 8e98568165
2022-02-03 18:56:53 +00:00
Lennart Poettering
f4526f82c9 resolved: maintain only a single list of "dont-resolve" domain names
Follow-up for: 46b53e8035
2022-02-03 17:16:11 +01:00
Lennart Poettering
0bf78c12b1 boot: fix pretty nasty typo
Note to self: should I ever become a black hat hacker, this is how I'd
hide a vulnerability. ;-)

(No, this one is not a vulnerability)

Follow-up for: 163d1ea5dd
2022-02-03 14:57:35 +01:00
Lennart Poettering
5d04cec867 journal: when copying journal file to undo NOCOW flag, go via fd
We have the journal file open already, hence reference it via the fd
insted of the file name. After all, some other tool might have
renamed/deleted it already.

Let's not actually reuse the fd though, since we want a separate file
offset for the copying, hence just make it simply and reopen via
/proc/self/fd/.

Follow-up for d71ece3f0b
2022-02-03 11:34:24 +01:00
Lennart Poettering
362c62296a sd-boot: rename LOADER_STUB → LOADER_UNIFIED_LINUX
No actual code changes, just renaming.

Rationale: the focus here should be on the fact that these are "unified"
images, whether our stub is used or not, or something else doesn't
really matter. Moreover, these are still Linux entries. Hence, emphasize
that these are *unified* images, and *Linux* images, and deemphesize
that our sd-stub is likely used.
2022-02-03 13:44:28 +09:00
Evgeny Vereshchagin
697bb76589 tests: fuzz client_send_message
to make sure outgoing packets based on incoming packets are fine.
It's just another follow-up to
https://github.com/systemd/systemd/pull/10200.
Better late than never :-)
2022-02-03 13:43:49 +09:00
Yu Watanabe
1ae308abb5 network: tunnel: support external mode
Closes #22352.
2022-02-03 11:12:01 +09:00
Yu Watanabe
acd8abb7f9 network: tunnel: reorder setting ip6tnl attributes
Just for improving readability.
2022-02-03 11:10:15 +09:00
Yu Watanabe
a07e07cd9c network: tunnel: reduce indentation in config_parse_encap_limit() 2022-02-03 11:10:15 +09:00
Yu Watanabe
59c8bef008 network: tunnel: reduce indentation in config_parse_ipv6_flowlabel() 2022-02-03 11:10:15 +09:00
Yu Watanabe
396dfe0a14 network: tunnel: use "data" field to assign result 2022-02-03 11:10:15 +09:00
Lennart Poettering
a24e3938e8 udevadm: don't claim a sysattr was write only just because we get EPERM on read
it might be totally inaccessible, hence weaken our language a bit and
just say "not readable", thus making not claim whether it is writable or
not.

Follow-up for 3a90bef55a
2022-02-03 07:32:54 +09:00
Anita Zhang
3a17ffa68e
Merge pull request #22373 from DaanDeMeyer/journald-file-rename
journal: Rename JournaldFile to ManagedJournalFile
2022-02-02 13:53:18 -08:00
Luca Boccassi
dde009a879 core: simply freeing list in job_free()
Follow-up for cdebedb4d4
2022-02-02 16:33:25 +00:00
Luca Boccassi
b7b4252443 core: use strextend instead of strextendf when possible
Follow-up for cdebedb4d4
2022-02-02 16:33:25 +00:00
Luca Boccassi
5c10b98350
Merge pull request #22358 from yuwata/udevadm-test-support-dev-path-or-device-unit
udevadm: test,test-builtin: support /dev path or device unit
2022-02-02 15:32:20 +00:00
Yu Watanabe
84e8602dfe test: use rm_rf_physical_and_freep cleanup function 2022-02-02 15:31:40 +00:00
Daan De Meyer
d02af6f33b journal: Rename JournaldFile to ManagedJournalFile
JournalFile and JournaldFile are hard to distinguish from each other.
Let's use ManagedJournalFile instead to make the distinction more clear.
2022-02-02 14:39:39 +00:00
Yu Watanabe
613d65d88f network: update operational state when we remove an address 2022-02-02 20:44:47 +09:00
Evgeny Vereshchagin
9216fddc5a dhcp-identifier: always use a fixed machine-id while fuzzing
It's a follow-up to https://github.com/systemd/systemd/pull/10200 where
that fuzzer was introduced. At the time it was run regularly on machines
where machine-id wasn't present so it was kind of reproducible. Now
it's run on CIFuzz and CFLite using GHActions with the public OSS-Fuzz
corpora (based on that particular machine-id) so to fully utilize
those corpora it's necessary to use it always. Other than that
it makes it possible for fuzzers targeting outgoing packets
based on incoming packets like https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1795921
to get past client_parse_message on my machine :-)
2022-02-02 20:44:27 +09:00
Yu Watanabe
4900ae14a5 sd-device: drop device_new_from_synthetic_event() from libsystemd
It is used by only test-udev.c.
2022-02-02 20:34:38 +09:00
Yu Watanabe
043543f1bb udevadm: trigger: drop unnecessary slash 2022-02-02 20:34:38 +09:00
Yu Watanabe
f4f3249539 udevadm: make test and test-builtin command accept /dev path or device unit 2022-02-02 20:34:38 +09:00
Yu Watanabe
2079898088 sd-device: make device_set_action() take sd_device_action_t 2022-02-02 20:34:38 +09:00
Yu Watanabe
7f2e3eea28 sd-device: move device_read_uevent_file() to device-private.h
Then, it can be used by our tools or daemons.
2022-02-02 20:34:38 +09:00
Yu Watanabe
f30943c12f udev: do not generate format dynamically
Prompted by LGTM.
2022-02-02 20:34:31 +09:00
Yu Watanabe
e85fdacc8a test: allow to set NULL to intro or outro
Addresses https://github.com/systemd/systemd/pull/22338#discussion_r796741033.
2022-02-02 11:06:54 +00:00
Yu Watanabe
6f6b017b9b test: add a test for mkdir_p() 2022-02-02 15:09:45 +09:00
Yu Watanabe
5117059ee9 mkdir: allow to create directory whose path contains symlink
Fixes a regression caused by 3008a6f21c.

Before the commit, when `mkdir_parents_internal()` is called from `mkdir_p()`,
it uses `_mkdir()` as `flag` is zero. But after the commit, `mkdir_safe_internal()`
is always used. Hence, if the path contains a symlink, it fails with -ENOTDIR.

To fix the issue, this makes `mkdir_p()` calls `mkdir_parents_internal()` with
MKDIR_FOLLOW_SYMLINK flag.

Fixes #22334.
2022-02-02 15:09:45 +09:00
Yu Watanabe
e22916e61d mkdir: CHASE_NONEXISTENT cannot used in chase_symlinks_and_stat() 2022-02-02 15:09:45 +09:00
Yu Watanabe
e4de58c823 core/mount: fail early if directory cannot be created
Prompted by #22334.
2022-02-02 15:09:45 +09:00
Yu Watanabe
891c9b36cf
Merge pull request #22350 from poettering/journal-read-object-fix
journal: various fixes to journal_file_read_object()
2022-02-02 13:47:32 +09:00
Lennart Poettering
92b29166e1 systemctl: strings returned by sd_bus_message_read_basic() are immutable
It's totally not OK to write to the strings returned by it, the data is
shared by all code that references the message.

While we are at it, simplify the code via
json_variant_set_field_string().

Follow-up for: 5ef599b324
2022-02-02 13:46:46 +09:00
Lennart Poettering
e6d4a1106c journal-file: don't use pread() when determining where to append, use mmap as before
This partially undoes the effect of
ab6e257b3e.

Originally, we always used the mmap logic to determine the current end
of the file. ab6e257b3e changed this so
that we always used pread().

With this change we'll use pread() from the synchronization thread and
mmap otherwise.
2022-02-02 11:21:44 +09:00
Lennart Poettering
99839c7ebd tests: rework test macros to not take code as parameters
C macros are nasty. We use them, but we try to be conservative with
them. In particular passing literal, complex code blocks as argument is
icky, because of "," handling of C, and also because it's quite a
challange for most code highlighters and similar. Hence, let's avoid
that. Using macros for genreating functions is OK but if so, the
parameters should be simple words, not full code blocks.

hence, rework DEFINE_CUSTOM_TEST_MAIN() to take a function name instead
of code block as argument.

As side-effect this also fixes a bunch of cases where we might end up
returning a negative value from main().

Some uses of DEFINE_CUSTOM_TEST_MAIN() inserted local variables into the
main() functions, these are replaced by static variables, and their
destructors by the static destructor logic.

This doesn't fix any bugs or so, it's just supposed to make the code
easier to work with and improve it easthetically.

Or in other words: let's use macros where it really makes sense, but
let's not go overboard with it.

(And yes, FOREACH_DIRENT() is another one of those macros that take
code, and I dislike that too and regret I ever added that.)
2022-02-02 11:00:16 +09:00
Yu Watanabe
faa1b3c6c4 network: dhcp-server: make empty string to DNS= or friends clear previously specified servers 2022-02-02 10:02:57 +09:00
Yu Watanabe
32f8a613c5 sd-dhcp-lease: store static routes and classless static routes in different arrays
When classless static routes option is provided, then static routes
option should not be used. Hence, let's not mix and store them in one
storage.

This introduce sd_dhcp_lease_get_static_routes() and
sd_dhcp_lease_get_classless_routes().
2022-02-02 10:02:44 +09:00
Lennart Poettering
7ac29d2dab resolve: add missing OOM check 2022-02-02 07:08:03 +09:00
Luca Boccassi
86838bf08b core: warn on ExitType=cgroup with legacy cgroup setup
'cgroup empty' notifications are not reliable on v1, so log a warning.

See: https://github.com/systemd/systemd/issues/22320
2022-02-02 07:07:47 +09:00
Yu Watanabe
6a8ab6dd1e
Merge pull request #22332 from yuwata/network-dhcp-server-dns-server-address
network: dhcp-server: allow to specify server address for DNS= or friends
2022-02-02 07:07:22 +09:00
Yu Watanabe
e0ec975148
Merge pull request #22327 from joanbm/main_resolved_improvements
resolved: misc. small DnsStream refactors and improvements
2022-02-02 07:06:56 +09:00
Yu Watanabe
5f468b9f57 network: dhcp-server: introduce special value DNS=_server_address
Closes #15026.
2022-02-02 05:01:53 +09:00
Yu Watanabe
82140e956c
Merge pull request #22310 from yuwata/sd-dhcp-lease-fixes
sd-dhcp-lease: two fixes
2022-02-02 04:55:07 +09:00
Luca Boccassi
1e15b7c7f7
Merge pull request #22343 from poettering/assert-se-efi
efi: add/user assert_se()/ASSERT_SE_PTR() for OOM handling
2022-02-01 19:26:57 +00:00
Lennart Poettering
c0f65909cb analyze: correctly mention that --json= is also understood by inspect-elf 2022-02-02 03:55:51 +09:00
Joan Bruguera
c76120f1b8 resolved: Allow test-resolved-stream to run concurrently
Since test-resolved-stream brings up a simple DNS server on 127.0.0.1:12345,
only one instance could run at a time, so it would fail when run like
`meson test -C build test-resolved-stream --repeat=1000`.
Similarly, if by chance something is up on port 12345, the test would fail.

To make the test more reliable, run it in an isolated user + network namespace.
If this fails (some distributions disable user namespaces), just run as before.
2022-02-01 19:25:32 +01:00
Joan Bruguera
839a70c353 resolved: Read as much as possible per stream EPOLLIN event
In commit 2aaf6bb6e9, an issue was fixed where
systemd-resolved could get stuck for multiple seconds waiting for incoming data,
since GnuTLS/OpenSSL can buffer a TLS record, so data could be available, but
no EPOLLIN event would be generated.

To fix this, a somewhat elaborate logic consisting on asking the TLS library
whether it had buffered data, then "faking" an EPOLLIN event was implemented.

However, there is a much simpler solution: Always read as much data as available
(i.e. until we get an event like EAGAIN when trying to read) from the stream
when we get an EPOLLIN event, instead of at most a single packet per event.
This approach does not require asking the TLS library whether it has buffered
data, and the logic is exactly the same for both the TCP and TLS case.

test-resolved-stream is fixed to avoid a latent double free bug.
2022-02-01 19:25:32 +01:00
Joan Bruguera
aa892849d5 resolved: Avoid multiple SSL writes per DoT packet
In the DoT case, dns_stream_writev decomposed an iovec into multiple
dnstls_stream_write calls, which resulted in multiple SSL writes and multiple
TLS records. This can be checked from a network capture, e.g. using socat:
socat -v -x openssl-listen:853,reuseaddr,fork,cert=my.cert,key=my.key,verify=0 openssl:8.8.8.8:853

Instead, propagate the iovec as-is into the DoT handling code. For GnuTLS, the
library provides support for buffering ('corking') a record. OpenSSL has no
such facility, so we join the iovec into a single buffer then call SSL_write.

socat capture of `resolvectl -4 query --cache=no example.com` before the commit:

> 2022/01/30 13:35:52.194200  length=2 from=0 to=1
 00 28                                            .(
--
> 2022/01/30 13:35:52.194253  length=40 from=2 to=41
 1e b2 01 00 00 01 00 00 00 00 00 01 07 65 78 61  .............exa
 6d 70 6c 65 03 63 6f 6d 00 00 01 00 01 00 00 29  mple.com.......)
 ff e4 00 00 00 00 00 00                          ........
--
< 2022/01/30 13:35:52.232798  length=58 from=0 to=57
 00 38 1e b2 81 80 00 01 00 01 00 00 00 01 07 65  .8.............e
 78 61 6d 70 6c 65 03 63 6f 6d 00 00 01 00 01 c0  xample.com......
 0c 00 01 00 01 00 00 53 6f 00 04 5d b8 d8 22 00  .......So..]..".
 00 29 02 00 00 00 00 00 00 00                    .)........

socat capture of `resolvectl -4 query --cache=no example.com` after the commit:

> 2022/01/30 13:34:47.598099  length=42 from=504 to=545
 00 28 37 86 01 00 00 01 00 00 00 00 00 01 07 65  .(7............e
 78 61 6d 70 6c 65 03 63 6f 6d 00 00 01 00 01 00  xample.com......
 00 29 ff e4 00 00 00 00 00 00                    .)........
--
< 2022/01/30 13:34:47.613203  length=58 from=756 to=813
 00 38 37 86 81 80 00 01 00 01 00 00 00 01 07 65  .87............e
 78 61 6d 70 6c 65 03 63 6f 6d 00 00 01 00 01 c0  xample.com......
 0c 00 01 00 01 00 00 52 5e 00 04 5d b8 d8 22 00  .......R^..]..".
 00 29 02 00 00 00 00 00 00 00                    .)........
2022-02-01 19:24:40 +01:00
Joan Bruguera
eff107736e resolved: Make event flags logic robust for DoT
Since when handling a DNS over TLS stream, the TLS library can override the
requested events through dnstls_events for handshake/shutdown purposes,
obtaining the event flags through sd_event_source_get_io_events and checking
for EPOLLIN or EPOLLOUT does not really tell us whether we want to read/write
a packet. Instead, it could just be OpenSSL/GnuTLS doing something else.

To make the logic more robust (and simpler), save the flags that tell us
whether we want to read/write a packet, and check them instead of the IO flags.

(& use uint32_t for the flags like in sd_event_source_set_io_events prototype)
2022-02-01 19:24:40 +01:00
Lennart Poettering
e5d8473335 journal: various fixes to journal_file_read_object()
This fixes a bunch of issues:

pread() returns ssize_t, and returns errors in 'errno', handle that
correctly.

More importantly: it might incompletely read data in case we hit
EOF. Check for that, and handle it.

Finally, rename the function to journal_file_read_object_header(), since
it really doesn't read full objects, but only their headers.

Follow-up for: 117e21121e
2022-02-01 18:45:23 +01:00
Luca Boccassi
a1cad433bd
Merge pull request #22341 from poettering/pam-end-fix
pid1: pam_end() PAM_DATA_SILENT fix
2022-02-01 16:34:00 +00:00
Lennart Poettering
007e03b284 util: another set of CVE-2021-4034 assert()s
It's a good idea that we validate argc/argv when we are supposed to
store them away.
2022-02-01 14:44:08 +00:00
Lennart Poettering
1462d2451a efi: use assert_se() instead of assert() to guard for OOM issues in EFI code 2022-02-01 15:31:20 +01:00
Lennart Poettering
8890ec82f5 macro: add ASSERT_SE_PTR() macro
ASSERT_SE_PTR() is like ASSERT_PTR() but uses assert_se() instead of
assert() internally.

Code should use ASSERT_SE_PTR() where the check should never be
optimized away, even if NDEBUG is set.

Rationale: assert() is the right choice for validating assumptions about
our own code, i.e. checking conditions that are "impossible" to not
hold, because we ourselves hacked things up the "right" way of course.
assert_se() is the right choice for tests that come with a weaker
guarantee, they encode assumptions over other's API behaviour, i.e.
whether something can fail there or not.

When developing tools that are not oom-safe assert_se() is the right
choice: we know that on Linux OOM doesn't really happen, even though
theoretically the API allows it to happen.

Usecase for ASSERT_SE_PTR() is mostly the fatal memory allocation logic
for EFI memory allocations. So far it used regular assert() i.e. OOM
failurs would be totally ignored if NDEBUG is set. We'd rather have our
EFI program to print an assert message and freeze instead though.
2022-02-01 15:31:05 +01:00
Lennart Poettering
3b23a6c40a fundamental: support assert_se() in EFI mode too 2022-02-01 15:29:21 +01:00
Luca Boccassi
98fd285c28
Merge pull request #22331 from yuwata/network-xfrm-interface-id
network: xfrm: refuse zero interface ID
2022-02-01 13:25:38 +00:00
Lennart Poettering
421bb42d1b execute: document that the 'env' param is input *and* output 2022-02-01 13:50:28 +01:00