1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-06 16:59:03 +03:00
Commit Graph

33934 Commits

Author SHA1 Message Date
Iwan Timmer
91ccab1e40 resolved: TCP fast open connections
Add suport for TCP fast open connection to reduce latency for successive DNS request over TCP
2018-06-11 21:35:58 +02:00
Iwan Timmer
98767d75d7 resolved: longlived TCP connections
Keep DNS over TCP connection open until it's closed by the server or after a timeout.
2018-06-11 20:17:51 +02:00
Zbigniew Jędrzejewski-Szmek
65be7e0652 pid1: do not reset subtree_control on already-existing units with delegation
Fixes #8364.

Reproducer:
$ sudo systemd-run -t -p Delegate=yes bash
# mkdir /sys/fs/cgroup/system.slice/run-u6958.service/supervisor
# echo $$ > /sys/fs/cgroup/system.slice/run-u6958.service/supervisor/cgroup.procs
# echo +memory > /sys/fs/cgroup/system.slice/run-u6958.service/cgroup.subtree_control
# cat /sys/fs/cgroup/system.slice/run-u6958.service/cgroup.subtree_control
memory
# systemctl daemon-reload
# cat /sys/fs/cgroup/system.slice/run-u6958.service/cgroup.subtree_control
(empty)

With patch, the last command shows 'memory'.
2018-06-11 18:12:30 +02:00
Zbigniew Jędrzejewski-Szmek
d28b67d46a meson: also reject shifts that change the sign bit
../src/test/test-sizeof.c: In function ‘main’:
../src/test/test-sizeof.c:70:24: error: result of ‘1 << 31’ requires 33 bits to represent, but ‘int’ only has 32 bits [-Werror=shift-overflow=]
                 X = (1 << 31),
                        ^~
cc1: some warnings being treated as errors

Follow-up for b05ecb8cad.
2018-06-11 17:06:58 +02:00
Zbigniew Jędrzejewski-Szmek
86ab333d00 basic/path-util: fix ordering in error message
Jun 11 14:29:12 krowka systemd[1]: /etc/systemd/system/workingdir.service:6: = path is not normalizedWorkingDirectory: /../../etc
   ↓
Jun 11 14:32:12 krowka systemd[1]: /etc/systemd/system/workingdir.service:6: WorkingDirectory= path is not normalized: /../../etc
2018-06-11 17:06:23 +02:00
Zbigniew Jędrzejewski-Szmek
bbac65bcc2
Merge pull request #9157 from poettering/unit-config-load-error
introduce a new "bad-setting" unit load state in order to improve "systemctl status" output when bad settings are used
2018-06-11 14:37:10 +02:00
Bruno Vernay
8d00da49fb Table is easier to grasp
State goes in CONFIG for users

3rd review
2018-06-11 13:52:55 +02:00
Lennart Poettering
7590ebc5e7
Merge pull request #9185 from marckleinebudde/can
networkd: add support to configure CAN devices
2018-06-11 12:58:55 +02:00
xginn8
a98f7575ae Add counter for socket unit refuse events (#9217)
core: add counter for socket unit rejection events
2018-06-11 12:56:26 +02:00
Lennart Poettering
6f40aa4547 core: add a couple of more error cases that should result in "bad-setting"
This changes a number of EINVAL cases to ENOEXEC, so that we enter
"bad-setting" state if they fail.
2018-06-11 12:53:12 +02:00
Lennart Poettering
9a0abfa8aa systemctl: load_error is a string, don't compare it with 0
Using isempty() is nicer anyway.
2018-06-11 12:53:12 +02:00
Lennart Poettering
c4555ad8f6 core: introduce a new load state "bad-setting"
Since bb28e68477 parsing failures of
certain unit file settings will result in load failures of units. This
introduces a new load state "bad-setting" that is entered in precisely
this case.

With this addition error messages on bad settings should be a lot more
explicit, as we don't have to show some generic "errno" error in that
case, but can explicitly say that a bad setting is at fault.

Internally this unit load state is entered as soon as any configuration
loader call returns ENOEXEC. Hence: config parser calls should return
ENOEXEC now for such essential unit file settings. Turns out, they
generally already do.

Fixes: #9107
2018-06-11 12:53:12 +02:00
Lennart Poettering
443dee9d2e man: don't mention "stub" and "merged" unit load states
These states should never be visible to the outside, as they are used
only internally while loading unit. Hence let's drop them from the
documentation.
2018-06-11 12:53:12 +02:00
Lennart Poettering
8ace1db703 core: rework manager_load_startable_unit_or_warn() on top of unit_validate_load_state()
These functions do very similar work, let's unify common code.
2018-06-11 12:53:12 +02:00
Lennart Poettering
fd1e3fd8de core: use bus_unit_validate_load_state() for generating LoadError unit bus property
The load_error is only valid in some load_state cases, lets generate
prettier messages for other cases too, by reusing the
bus_unit_validate_load_state() call which does jus that.

Clients (such as systemctl) ignored LoadError unles LoadState was
"error" before. With this change they could even show LoadError in other
cases and it would show a useful name.
2018-06-11 12:53:12 +02:00
Lennart Poettering
e49da001c4 core: rename (and modernize) bus_unit_check_load_state() → bus_unit_validate_load_state()
Let's use a switch() statement, cover more cases with pretty messages.
Also let's rename it to "validate", as that's more specific that
"check", as it implies checking for a "valid"/"good" state, which is
what this function does.
2018-06-11 12:53:12 +02:00
Lennart Poettering
c602fd0f19
Merge pull request #9246 from keszybz/ellipsize-invalid-mem-ref
Fix invalid memory reference in ellipsize_mem()
2018-06-11 12:52:38 +02:00
Lennart Poettering
0b491556ac resolved: rework NSEC covering tests
This makes two changes: first of all we will now explicitly check
whether a domain to test against an NSEC record is actually below the
signer's name. This is relevant for NSEC records that chain up the end
and the beginning of a zone: we shouldn't alow that NSEC record to match
against domains outside of the zone.

This also fixes how we handle NSEC checks for domains that are prefixes
of the NSEC RR domain itself, fixing #8164 which triggers this specific
case. The non-wildcard NSEC check is simplified for that, we can
directly make our between check, there's no need to find the "Next
Closer" first, as the between check should not be affected by additional
prefixes. For the wild card NSEC check we'll prepend the asterisk in
this case to the NSEC RR itself to make a correct check.

Fixes: #8164
2018-06-11 10:43:14 +02:00
Zbigniew Jędrzejewski-Szmek
cfc01c1e02 basic/format-table: remove parameter with constant value 2018-06-11 10:04:10 +02:00
Zbigniew Jędrzejewski-Szmek
21e4e3e06f basic/ellipsize: do not assume the string is NUL-terminated when length is given
oss-fuzz flags this as:

==1==WARNING: MemorySanitizer: use-of-uninitialized-value

0. 0x7fce77519ca5 in ascii_is_valid systemd/src/basic/utf8.c:252:9
1. 0x7fce774d203c in ellipsize_mem systemd/src/basic/string-util.c:544:13
2. 0x7fce7730a299 in print_multiline systemd/src/shared/logs-show.c:244:37
3. 0x7fce772ffdf3 in output_short systemd/src/shared/logs-show.c:495:25
4. 0x7fce772f5a27 in show_journal_entry systemd/src/shared/logs-show.c:1077:15
5. 0x7fce772f66ad in show_journal systemd/src/shared/logs-show.c:1164:29
6. 0x4a2fa0 in LLVMFuzzerTestOneInput systemd/src/fuzz/fuzz-journal-remote.c:64:21
...

I didn't reproduce the issue, but this looks like an obvious error: the length
is specified, so we shouldn't use the string with any functions for normal
C-strings.
2018-06-11 10:04:10 +02:00
Zbigniew Jędrzejewski-Szmek
4215ed6dbd meson: add fuzz regressions to list
Apparently I haven't been very good at remembering to do this.
2018-06-11 10:03:30 +02:00
Zbigniew Jędrzejewski-Szmek
d9cd8ee65a
Merge pull request #9253 from yuwata/fix-timezone_is_valid
util-lib: reject too long path for timedate_is_valid()
2018-06-11 09:12:21 +02:00
Yu Watanabe
b474ff59e6 fuzz: add testcase for issue 8827 2018-06-11 12:39:59 +09:00
Yu Watanabe
1c73b60b4d util-lib: reject too long path for timedate_is_valid()
This should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8827.
2018-06-11 12:38:34 +09:00
Zbigniew Jędrzejewski-Szmek
b05ecb8cad meson: do not allow bit-shift overflows
The primary motivation is to catch enum values created through a shift that is
too big:

../src/test/test-sizeof.c:26:29: error: left shift count >= width of type [-Werror=shift-count-overflow]
         enum_with_shift = 1 << 32,
                             ^~
cc1: some warnings being treated as errors

The compiler will now reject those.

This is an alternative to #9224.
2018-06-09 12:42:30 -07:00
Hiram van Paassen
06828bb617 networkd-link: add support to configure CAN interfaces
This patch adds support for kind "can". Fixes: #4042.
2018-06-09 15:12:31 +02:00
Marc Kleine-Budde
bd5038f8b7 networkd-link: link_up_can(): move function upwards
This patch is a preparation patch, to avoid forward declarations in the
next patch.
2018-06-09 15:12:31 +02:00
Marc Kleine-Budde
93ea77505e networkd-link: link_configure(); factor out link_configure_can() into separate function 2018-06-09 15:12:31 +02:00
Marc Kleine-Budde
c07b23ca7e conf-parser: add config_parse_permille() 2018-06-09 15:12:31 +02:00
Marc Kleine-Budde
958acea18b parse-util: add permille parser + tests 2018-06-09 15:12:31 +02:00
Zbigniew Jędrzejewski-Szmek
294a3121aa basic/utf8: add ascii_is_valid_n() 2018-06-09 13:41:24 +02:00
Lennart Poettering
b5cbe199c7
Merge pull request #9240 from poettering/ds-validate
resolved: fix DNSKEY validation by DS RR
2018-06-08 20:44:01 +02:00
Ivan Shapovalov
ee73a176a2 mymachines: fix getgrnam()
getgrnam() was returning input gid instead of the mapped one. Fix that.
2018-06-08 17:52:18 +02:00
Susant Sahani
194c03c839 networkd: tunnel ignore wrong conf rather than assert
Closes #9234
2018-06-08 16:09:19 +02:00
Zbigniew Jędrzejewski-Szmek
5e55cde9b8 resolved: fix typo in macro name 2018-06-08 16:05:18 +02:00
Filipe Brandenburger
df560cf6b1 analyze: use _cleanup_ for struct unit_times
This introduces a has_data boolean field in struct unit_files which can
be used to detect the end of the array.

Use a _cleanup_ for struct unit_files in acquire_time_data and its
callers. Code for acquire_time_data is also simplified by replacing
goto's with straight returns.

Tested: By running the commands below, also checking them under valgrind.
  - build/systemd-analyze blame
  - build/systemd-analyze critical-chain
  - build/systemd-analyze plot

Fixes: Coverity finding CID 996464.
2018-06-08 15:46:07 +02:00
Lennart Poettering
6561918f59 resolved: use Oxford comma at once place
As suggested by @keszybz in https://github.com/systemd/systemd/pull/9235#pullrequestreview-127150950
2018-06-08 15:41:39 +02:00
Lennart Poettering
6d67385fcd test: add www.dnssec-bogus.sg to list of domains to test in DNSSEC complex test 2018-06-08 15:40:32 +02:00
Lennart Poettering
c910c520cf resolved: fix DNSKEY validation against DS
Let's use the wireformat name, not the text version.

Fixes: #8901
2018-06-08 15:40:32 +02:00
Zbigniew Jędrzejewski-Szmek
89278d96dc
Merge pull request #9221 from poettering/bus-track-destroy
add sd_bus_track and sd_event_source destroy callbacks too
2018-06-08 15:35:45 +02:00
Lennart Poettering
63b1219130 resolved: whenever a link starts/stops being relevant flush global DNS caches
Let's add some protection for split horizon setups, where different
zones are visible on the same global DNS servers depending on where you
come from.

Fixes: #9196
2018-06-08 15:16:10 +02:00
Filipe Brandenburger
3ad9705824 scsi_id: use _cleanup_free_ on buffer allocated by get_file_options
This simplifies the code a bit and hopefully fixes Coverity finding
CID 1382966. There was not actually a resource leak here (Coverity
seemed to be confused by thinking log_oom() could actually return 0),
but the fix doesn't hurt and should make this code more resilient to
future refactorings.

Tested: builds fine, manually called scsi_id, seems to work ok.
2018-06-08 15:15:02 +02:00
Lennart Poettering
6cdf635de0 resolved: document .local domain routing a bit more in detail
Inspired by the discussions in #8851, even though the issue appears to
be entirely unrelated to the .local domain in the end.
2018-06-08 15:03:08 +02:00
Lennart Poettering
0323073878
Merge pull request #9213 from poettering/copy-mount
copy() mount detection fixes
2018-06-08 12:09:23 +02:00
Filipe Brandenburger
d23c3e4c28 lldp: check that lldp neighbor raw data size is in expected range
This fixes an insecure use of tainted data as argument to functions that
allocate memory and read from files, which could be tricked into getting
networkctl to allocate a large amount of memory and fill it with file
data.

This was uncovered by Coverity. Fixes CID 1393254.
2018-06-08 08:54:25 +02:00
Filipe Brandenburger
15b8332e7c networkd: add missing _cleanup_ in prefix_new
This should fix a leak of the allocated Prefix if sd_radv_prefix_new
fails for some reason.

The code was already initializing prefix to NULL and using TAKE_PTR to
return it, so only the _cleanup_ was missing.

Fixes Coverity finding CID 1382976.
2018-06-08 00:48:41 +02:00
Filipe Brandenburger
9d635f50b8 udev-builtin-usb_id: Check full range of size returned by read()
This shouldn't be necessary, since read() should never return a size
larger than the size of the buffer passed in, but Coverity doesn't seem
to understand that.

We could possibly fix this with a model file for Coverity, but given
changing the code is not that much of a biggie, let's just do that
instead.

Fixes CID 996458: Overflowed or truncated value (or a value computed
from an overflowed or truncated value) `pos` used as array index.

Tested: `ninja -C build/ test`, builds without warnings, test cases pass.
2018-06-08 00:46:44 +02:00
Filipe Brandenburger
fffafb2b5e udev: fix usage of udev_device_new_from_stat_rdev() in journalctl
The refactor in #9200 inadvertently dropped the variable assignment to
traverse the device and its hierarchy in add_matches_for_device().

This was uncovered by Coverity (CID #1393310).

Fix that by restoring the assignment.

Tested: `journalctl /dev/sda` now filters journalctl output again.
2018-06-08 00:45:22 +02:00
Zbigniew Jędrzejewski-Szmek
ad119a3293
Merge pull request #9218 from systemd/finalize-coverity
coverity.sh: check that coverity responds with 200
2018-06-07 20:47:45 +02:00
Evegeny Vereshchagin
f5dd4eeca2 README.md: embed the Travis CI badge
It should make it easier to keep track of the status
of daily cron jobs uploading data to Coverity Scan.
2018-06-07 17:53:43 +00:00