1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 14:55:37 +03:00
Commit Graph

32637 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
c028bed19b basic/cgroup-util: fix typo in debug message 2018-03-18 21:05:43 +01:00
Zbigniew Jędrzejewski-Szmek
1c56d50109 fuzz: add test case for oss-fuzz #6897 and a work-around
The orignal reproducer from oss-fuzz depends on the hostname (via %H and %c).
The hostname needs a dash for msan to report this, so a simpler case from
@evverx with the dash hardcoded is also added.

The issue is a false positive from msan, which does not instruct stpncpy
(https://github.com/google/sanitizers/issues/926). Let's add a work-around
until this is fixed.
2018-03-17 09:48:22 +01:00
Zbigniew Jędrzejewski-Szmek
10062bbc35 unit-file: do not allow bogus IOSchedulingClass values
We have only three bits of space, i.e. 8 possible classes. Immediately reject
anything outside of that range. Add the fuzzer test case and an additional
unit test.

oss-fuzz #6908.
2018-03-17 09:01:53 +01:00
Zbigniew Jędrzejewski-Szmek
064c593899 core/service: fix memleak of USBFunctionStrings and USBFunctionDescriptors
oss-fuzz #6892.
2018-03-17 09:01:53 +01:00
Zbigniew Jędrzejewski-Szmek
4b8d0cdf04 Add .gitattributes for test/fuzz-regressions
Those reproducers are essentially binary, hence let's ignore whitespace
in them.
2018-03-17 09:01:53 +01:00
Zbigniew Jędrzejewski-Szmek
7435315812 basic/calendarspec: set a limit on length of calendarspec component chains
We probably should allow very deep calls of our recursive functions. Let's add
a limit to avoid resource exhaustion. 240 is 10 per hour (if somebody is using
this for time based triggers...), so it should be more than enough for most use
cases, and is conveniently below the 250 stack limit in msan.

oss-fuzz #6917.
2018-03-17 08:59:25 +01:00
Zbigniew Jędrzejewski-Szmek
5ee45c6d63 test-calendarspec: add the test case from oss-fuzz 6886
Before the fix 55a30fd4e8 in this would crash in calendarspec_from_time_t().
2018-03-15 00:15:15 +01:00
Evgeny Vereshchagin
3b71cf46be
Merge pull request #8441 from keszybz/oss-fuzz-fixes
Fixes for bugs found by oss-fuzz
2018-03-14 21:25:56 +03:00
Zbigniew Jędrzejewski-Szmek
55a30fd4e8 basic/calendarspec: fix assert crash when year is too large in calendarspec_from_time_t()
gmtime_r() will return NULL in that case, and we would crash.

I committed the reproducer case in fuzz-regressions/, even though we don't have
ubsan hooked up yet. Let's add it anyway in case it is useful in the future. We
actually crash anyway when compiled with asserts, so this can be easily
reproduced without ubsan.

oss-fuzz #6886.
2018-03-14 16:50:09 +01:00
Zbigniew Jędrzejewski-Szmek
20d52ab60e shared/conf-parser: fix crash when specifiers cannot be resolved in config_parse_device_allow()
oss-fuzz #6885.
2018-03-14 16:50:08 +01:00
Zbigniew Jędrzejewski-Szmek
0d032da993 TODO: trim obsolete entries
set -e is now used in test/TEST-*/test.sh, BUILD_DIR may be specified,
and symlinks are created as of ba7f4ae617.
2018-03-14 16:37:09 +01:00
Zbigniew Jędrzejewski-Szmek
8d89e51f3c fuzz: commit test case for oss-fuzz issue 6884
This seems to be a false positive in msan:
https://github.com/google/sanitizers/issues/767.

I don't see anything wrong with the code either, and valgrind does not see the
issue. Anyway, let's add the test case.

We don't have msan hooked up yet, but hopefully we'll in the future.

oss-fuzz #6884.
2018-03-14 15:20:02 +01:00
Zbigniew Jędrzejewski-Szmek
52d4d1d339 test: run all fuzz regression tests with all sanitizers
We currently have just one sanitizer for tests, asan, but we may add more in
the future. So let's keep the loop over the sanitizers in meson.build, but
just enable all regression cases under all sanitizers. If it fails under one
of them, it might fail under a different one.

In subsequent commits I'll add test cases which might not fail under asan,
but it's good to commit them for future use.

The test names are made more verbose:
256/257 fuzz-dns-packet:oss-fuzz-5465:address   OK       0.04 s
257/257 fuzz-dns-packet:issue-7888:address      OK       0.03 s
2018-03-14 14:27:04 +01:00
Peter Hutterer
539ad37f18 hwdb: add axis override for the Razer Blade Stealth (#8436)
This touchpad has heavy jitter, set a fuzz of 8 to work around this.

From https://bugs.freedesktop.org/show_bug.cgi?id=105409
2018-03-14 05:36:29 +09:00
Zbigniew Jędrzejewski-Szmek
d4f5c00153
Merge pull request #8429 from medhefgo/sd-shutdown
sd-shutdown improvements
2018-03-13 09:47:09 +01:00
Doug Christman
ce21568dc3 zsh-completion: add calendar to systemd-analyze (#8438) 2018-03-13 09:41:07 +01:00
Evgeny Vereshchagin
7a30dfeb18
Merge pull request #8423 from keszybz/unit-file-fuzzer
Unit file fuzzer
2018-03-12 23:08:32 +03:00
Jan Janssen
456b2199f6 shutdown: Reduce log level of unmounts
There is little point in logging about unmounting errors if the
exact mountpoint will be successfully unmounted in a later retry
due unmounts below it having been removed.

Additionally, don't log those errors if we are going to switch back
to a initrd, because that one is also likely to finalize the remaining
mountpoints. If not, it will log errors then.
2018-03-12 18:32:26 +01:00
Jan Janssen
e783b4902f umount: Don't bother remounting api and ro filesystems read-only 2018-03-12 18:32:26 +01:00
Jan Janssen
8645ffd12b umount: Try unmounting even if remounting read-only failed
In the case of some api filesystems remounting read-only fails
while unmounting succeeds.
2018-03-12 18:32:26 +01:00
Jan Janssen
3bc341bee9 umount: Provide the same mount flags too when remounting read-only
This most likely amounts to no real benefits and is just here for
completeness sake.
2018-03-12 18:32:26 +01:00
Jan Janssen
1d62d22d94 umount: Decide whether to remount read-only earlier 2018-03-12 18:32:26 +01:00
Jan Janssen
0494cae03d umount: Add more asserts and remove some unused arguments 2018-03-12 18:32:10 +01:00
Zbigniew Jędrzejewski-Szmek
99eae076eb
Merge pull request #8296 from poettering/resolvconf
resolvconf(8) compat interface
2018-03-12 17:27:39 +01:00
Yu Watanabe
dace710c4a dhcp4: introduce new option 'duid-only' for ClientIdentifier= (#8350)
This makes users can configure DHCPv4 client with ClientIdentifier=duid-only.
If set so, then DHCP client sends only DUID as the client identifier.
This may not be RFC compliant, but some setups require this.

Closes #7828.
2018-03-12 17:18:07 +01:00
Zbigniew Jędrzejewski-Szmek
36cd9913ce tools/oss-fuzz: add clang library dir using -L
I have no idea why clang doesn't do this on its own, and why clang
makes it so hard to query this path (-dumpversion returns something
unrelated...).

I know this is an ugly hack, but this is a very specialized script,
so it should be OK to make it a bit hacky.

Tested to work on Fedora (27) and Debian (unstable).

Fixes #8428.
2018-03-12 15:59:25 +01:00
Zbigniew Jędrzejewski-Szmek
9037a0e022 Rename scripts/oss-fuzz.sh to tools/oss-fuzz.sh 2018-03-12 15:40:37 +01:00
Zbigniew Jędrzejewski-Szmek
748c59b110 Rename scripts/coverity.sh to tools/coverity.sh
There are only two files in tools/, I don't think we need a separate
directory for them.
2018-03-12 15:39:21 +01:00
Jan Janssen
659b15313b umount: Fix memory leak 2018-03-12 13:40:14 +01:00
Zbigniew Jędrzejewski-Szmek
6910dceef2
Merge pull request #8377 from sourcejedi/logind_restart_is_sorely_lacking_in_testing3
login: don't remove all devices from PID1 when only one was removed
2018-03-11 16:40:41 +01:00
Zbigniew Jędrzejewski-Szmek
d14829c8b7 fuzz-dhcp-server: fix name of options file 2018-03-11 16:33:59 +01:00
Zbigniew Jędrzejewski-Szmek
170dd5f916 fuzz-unit-file: add a dump of systemd.directives(7) as a corpus entry
$ ( echo service; man systemd.directives|grep =|grep -v -e --|sed 's/ //g'
  ) >> test/fuzz-corpus/unit-file/directives.service
2018-03-11 16:33:59 +01:00
Zbigniew Jędrzejewski-Szmek
b872843c4d fuzz: allow logging to be configured, disable in fuzz-unit-file
fuzz-unit-file generated too much logs about invalid config lines. This just
slows things down and fills the logs. If necessary, it's better to rerun the
interesting cases with SYSTEMD_LOG_LEVEL=debug.
2018-03-11 16:33:59 +01:00
Zbigniew Jędrzejewski-Szmek
af7bce4165 fuzz: skip bus error map in bus_error_name_to_errno()
Fuzzing with AddressSanitizer reports an error here:
==11==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7fe53f5497d8 at pc 0x7fe53ef055c9 bp 0x7ffd344e9380 sp 0x7ffd344e9378
READ of size 4 at 0x7fe53f5497d8 thread T0
SCARINESS: 27 (4-byte-read-global-buffer-overflow-far-from-bounds)
    #0 0x7fe53ef055c8 in bus_error_name_to_errno /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:118:24
    #1 0x7fe53ef0577b in bus_error_setfv /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:274:17
    #2 0x7fe53ef0595a in sd_bus_error_setf /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:284:21
    #3 0x561059 in manager_load_unit_prepare /work/build/../../src/systemd/src/core/manager.c
    #4 0x560680 in manager_load_unit /work/build/../../src/systemd/src/core/manager.c:1773:13
    #5 0x5d49a6 in unit_add_dependency_by_name /work/build/../../src/systemd/src/core/unit.c:2882:13
    #6 0x538996 in config_parse_unit_deps /work/build/../../src/systemd/src/core/load-fragment.c:152:21
    #7 0x6db771 in next_assignment /work/build/../../src/systemd/src/shared/conf-parser.c:155:32
    #8 0x6d697e in parse_line /work/build/../../src/systemd/src/shared/conf-parser.c:273:16
    #9 0x6d5c48 in config_parse /work/build/../../src/systemd/src/shared/conf-parser.c:390:21
    #10 0x535678 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-unit-file.c:41:16
    #11 0x73bd60 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:517:13
    #12 0x73a39f in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:442:3
    #13 0x73d9bc in fuzzer::Fuzzer::MutateAndTestOne() /src/libfuzzer/FuzzerLoop.cpp:650:19
    #14 0x73fa05 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:773:5
    #15 0x71f75d in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:754:6
    #16 0x71285c in main /src/libfuzzer/FuzzerMain.cpp:20:10
    #17 0x7fe53da0482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #18 0x430e68 in _start (/out/fuzz-unit-file+0x430e68)

0x7fe53f5497d8 is located 8 bytes to the right of global variable 'bus_common_errors' defined in '../../src/systemd/src/libsystemd/sd-bus/bus-common-errors.c:28:51' (0x7fe53f549300) of size 1232
SUMMARY: AddressSanitizer: global-buffer-overflow /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:118:24 in bus_error_name_to_errno
Shadow bytes around the buggy address:
  0x0ffd27ea12a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffd27ea12b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffd27ea12c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffd27ea12d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffd27ea12e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ffd27ea12f0: 00 00 00 00 00 00 00 00 00 00 f9[f9]f9 f9 f9 f9
  0x0ffd27ea1300: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
  0x0ffd27ea1310: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
  0x0ffd27ea1320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffd27ea1330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffd27ea1340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==11==ABORTING

but I think it's a false positive because of our low-level magic in how this
area is constructed.
2018-03-11 16:33:59 +01:00
Zbigniew Jędrzejewski-Szmek
ec7a02ea54 Add fuzzer for unit file parser 2018-03-11 16:33:59 +01:00
Zbigniew Jędrzejewski-Szmek
e8112e67e4 Make MANAGER_TEST_RUN_MINIMAL just allocate data structures
When running tests like test-unit-name, there is not point in setting
up the cgroup and signals and interacting with the environment. Similarly
when running fuzz testing of the parser.

Add new MANAGER_TEST_RUN_BASIC which takes the role of MANAGER_TEST_RUN_MINIMAL,
and redefine MANAGER_TEST_RUN_MINIMAL to just create the basic data structures.
2018-03-11 16:33:59 +01:00
Zbigniew Jędrzejewski-Szmek
dc409696cf Introduce _cleanup_(unit_freep) 2018-03-11 16:33:58 +01:00
Zbigniew Jędrzejewski-Szmek
c70cac548a Introduce _cleanup_(manager_freep) 2018-03-11 16:33:57 +01:00
Zbigniew Jędrzejewski-Szmek
f37d383582 man: add some basic documentation for sd-boot (#8379)
I'm sure this can be improved in various ways, but I think
it's a good start.
2018-03-11 19:22:09 +09:00
Zbigniew Jędrzejewski-Szmek
9aa2e409bc shared/sleep-config: fix unitialized variable and use STR_IN_SET (#8416) 2018-03-11 17:13:03 +09:00
Alan Jenkins
f270533760 login: effectively revert "open device if needed"
This replaces commit 4d3900f1b7.
The underlying cause of issue #8291 has been fixed, so there is no reason
to paper over it any more.

But it might still be useful not to crash in the face of bad restart data.
That can cause several restarts, or maybe at some point an infinite loop
of restarts.  Fail the start (or stop!) request, and write an error to the
system log.  Each time reflects a user request where we fail to resume the
display server's access (or revoke it), and it can be useful if the log
shows the most recent one.
2018-03-10 10:47:18 +00:00
Alan Jenkins
1bef256cf5 login: don't remove all devices from PID1 when only one was removed
FDSTOREREMOVE=1 removes all fds with the specified name.  And we had named
the fds after the session.  Better fix that.

Closes #8344.

AFAICT there's no point providing compatibility code for this transition.
No-one would be restarting logind on a system with a GUI (where the
session devices are used), because doing so has been killing the GUI, and
even causing startup of the GUI to fail leading to a restart loop.

Upgrading logind on a running system with a GUI might start being possible
after this commit (and after also fixing the display server of your
choice).
2018-03-10 10:46:01 +00:00
Zbigniew Jędrzejewski-Szmek
fd4249da1d
Merge pull request #8403 from evverx/test-mount-util
tests: skip the rest of test_mnt_id after getting any error
2018-03-10 09:28:16 +01:00
Michal Sekletar
aa77e234fc core: ignore errors from cg_create_and_attach() in test mode (#8401)
Reproducer:

$ meson build && cd build
$ ninja
$ sudo useradd test
$ sudo su test
$ ./systemd --system --test
...
Failed to create /user.slice/user-1000.slice/session-6.scope/init.scope control group: Permission denied
Failed to allocate manager object: Permission denied

Above error message is caused by the fact that user test didn't have its
own session and we tried to set up init.scope already running as user
test in the directory owned by different user.

Let's try to setup cgroup hierarchy, but if that fails return error only
when not running in the test mode.

Fixes #8072
2018-03-09 23:30:32 +01:00
Zbigniew Jędrzejewski-Szmek
6fed2cc41f
Merge pull request #8412 from keszybz/meson-warning-fixes
Meson warning fixes
2018-03-09 20:12:37 +01:00
Zbigniew Jędrzejewski-Szmek
aa8f97bdad
Merge pull request #8415 from Werkov/fix-man
Fix default values for KillUserProcesses and MemoryAccounting in documentation
2018-03-09 20:11:41 +01:00
Michal Koutný
c7f7e859f0 man: Correct value of default KillUserProcesses= 2018-03-09 18:29:25 +01:00
Michal Koutný
7f672e865a man: Unify values of boolean configuration values with sample config 2018-03-09 18:29:05 +01:00
Evegeny Vereshchagin
c8d980a3e9 tests: skip g_dbus_message_new_from_blob under asan
Some versions of asan report the following false positive
when strict_string_checks=1 is passed:

=================================================================
==3297==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f64e4090286 bp 0x7ffe46acd9a0 sp 0x7ffe46acd118 T0)
==3297==The signal is caused by a READ memory access.
==3297==Hint: address points to the zero page.
    #0 0x7f64e4090285 in __strlen_sse2 (/lib64/libc.so.6+0xaa285)
    #1 0x7f64e5a51e46  (/lib64/libasan.so.4+0x41e46)
    #2 0x7f64e4e5e3a0  (/lib64/libglib-2.0.so.0+0x383a0)
    #3 0x7f64e4e5e536 in g_dgettext (/lib64/libglib-2.0.so.0+0x38536)
    #4 0x7f64e48fac5f  (/lib64/libgio-2.0.so.0+0xc1c5f)
    #5 0x7f64e4c03978 in g_type_class_ref (/lib64/libgobject-2.0.so.0+0x30978)
    #6 0x7f64e4be9567 in g_object_new_with_properties (/lib64/libgobject-2.0.so.0+0x16567)
    #7 0x7f64e4be9fd0 in g_object_new (/lib64/libgobject-2.0.so.0+0x16fd0)
    #8 0x7f64e48fd43e in g_dbus_message_new_from_blob (/lib64/libgio-2.0.so.0+0xc443e)
    #9 0x564a6aa0de52 in main ../src/libsystemd/sd-bus/test-bus-marshal.c:228
    #10 0x7f64e4007009 in __libc_start_main (/lib64/libc.so.6+0x21009)
    #11 0x564a6aa0a569 in _start (/home/vagrant/systemd/build/test-bus-marshal+0x5569)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib64/libc.so.6+0xaa285) in __strlen_sse2
==3297==ABORTING

It's an external library and errors in external libraries are generally not very
useful for looking for internal bugs.

It would be better not to change the code and use standard suppression
techinques decribed at
https://clang.llvm.org/docs/AddressSanitizer.html#suppressing-reports-in-external-libraries,
but, unfortunaley, none of them seems to be able to suppress fatal errors in asan intself.
2018-03-09 15:17:03 +00:00
Evegeny Vereshchagin
c58fd466a3 tests: make / private after creating a mount namespace
so that the test never affects the root namespace.
2018-03-09 14:39:26 +00:00