David Herrmann [Sat, 30 Nov 2013 10:31:59 +0000 (11:31 +0100)]
util: add greedy_realloc0()
Compared to greedy_realloc(), this sets all newly allocated memory to 0.
As the old variant has been used a lot for string-handling, we avoid
changing it as clearing memory is not needed there.
David Herrmann [Sat, 30 Nov 2013 10:37:32 +0000 (11:37 +0100)]
logind: fix "CanGraphical" attribute to return correct value
We should return seat_can_graphical() instead of seat_can_tty() for the
public dbus CanGraphical attribute. This used to work, but the
dbus -> sd-bus conversion introduced this regression.
systemctl: do not show SourcePath when FragmentPath cannot be found
Those files can be in a completely deferent format and also
arbitrarily long, and usually contain information about other
stuff. If we ever add SourceLine= or SourceLines= in addition
to SourcePath=, and can show the relevant information only, this
commit can be reverted.
man: explicitly say when multiple units can be specified
itistoday> how do you specify multiple dependencies in a unit file? i've been
googling and can't find this basic thing :-\
itistoday> do you use a comma, or use multiple After= statements?
bus: do kdbus only if this is enabled on the configure switch
Since we want to retain the ability to break kernel ←→ userspace ABI
after the next release, let's not make use by default of kdbus, so that
people with future kernels will not suddenly break with current systemd
versions.
kdbus support is left in all builds but must now be explicitly requested
at runtime (for example via setting $DBUS_SESSION_BUS). Via a configure
switch the old behaviour can be restored. In fact, we change autogen.sh
to do this, so that git builds (which run autogen.sh) get kdbus by
default, but tarball builds (which ue the configure defaults) do not get
it, and hence this stays out of the distros by default.
Daniel Mack [Sat, 30 Nov 2013 12:31:04 +0000 (13:31 +0100)]
libsystemd-bus: catch up with latest kdbus changes
The name list and query functions now work differently in kdbus, as the
result is stored in the connection's pool, rather than being copied back
through the ioctl buffer. That also safes us some logic, as we don't
have to resize the communication buffer in a loop with growing buffer
sizes.
Due to this, KDBUS_CMD_MSG_RELEASE was renamed to KDBUS_CMD_FREE, as it
is now used outside the message logic as well.
bus: don't generate NameAcquired/NameLost messages in the library
The signals appear entirely redundant due to NameOwnerChange, hence
don't do them in the new library, instead leave them for the
compatibility bridge only.
Also, set the serial number for synthesized messages to (uint32_t) -1.
build-sys: no longer rebuild various bits and pieces such as man pages each time the Makefile changes
We don't do this for .c files either, even they are also influence quite
a bit by makefile settings. Given that XSLT is a lot slower then the
rest of the build let's make our build a bit faster if people end up
touching the Makefile.
bus: add the ability for backends to queue to input messages at the same time
We need this so that one incoming kernel message can result in two
high-level bus messages, for the case where we synthesize NameAcquired
and NameOwnerChanged in the same instance.
Daniel Mack [Fri, 15 Nov 2013 17:05:27 +0000 (18:05 +0100)]
systemd-stdio-bridge: make it socket-activatable and usable as kdbus bridge
Augment systemd-stdio-bridge a bit to make it a 1:1 bridge from legacy
DBus clients to kdbus. In particular,
* allow setting the bus path of the upstream bus as command line
argument
* use sd_listen_fds() for systemd's socket activation
* omit calling sd_bus_negotiate_fds() when upstream bus is kdbus
* reply to bus send errors with proper dbus error messages
* treat -ECONNRESET as expected end-of-connection condition
Daniel Mack [Tue, 26 Nov 2013 16:24:18 +0000 (17:24 +0100)]
libsystemd-bus: sd_bus_request_name: fix return value for kdbus
kdbus returns -EALREADY if the requesting connection is already the
owner of a name, and -EEXIST if the name already exists and the
connection is not able to take it over.
Also, n->flags needs a translation as well to match the SD_BUS_* enum
values.
Flags used to request a name from kdbus are not identical to what DBus
and sd_bus use internally. Introduce a simple function to do the
translation for us. It's factored out to a separate function so the
dbus-driver instance can make use of it as well.
Daniel Mack [Fri, 15 Nov 2013 14:55:27 +0000 (15:55 +0100)]
libsystemd-bus: bring definitions in sync with kdbus
In particular, KDBUS_ITEM_NEXT is now called KDBUS_PART_NEXT, and
KDBUS_ITEM_FOREACH was renamed to KDBUS_PART_FOREACH and takes one more
argument to make it more flexible.
It didn't build on arm. Let's simplify it a bit by
splitting x86 specific parts out, which should also make
things easier when arm virtualization support is added.
bus: add new sd_bus_creds object to encapsulate process credentials
This way we can unify handling of credentials that are attached to
messages, or can be queried for bus name owners or connection peers.
This also adds the ability to extend incomplete credential information
with data from /proc,
Also, provide a convenience call that will automatically determine the
most appropriate credential object for an incoming message, by using the
the attached information if possible, the sending name information if
available and otherwise the peer's credentials.
David Herrmann [Thu, 28 Nov 2013 16:29:01 +0000 (17:29 +0100)]
logind: remove unused session->closing field
This field is always false, drop it. If you want a reliable way to get
session state, call session_get_state(). Testing for any flags directly
doesn't work currently so don't pretend it would.
David Herrmann [Thu, 28 Nov 2013 16:25:25 +0000 (17:25 +0100)]
logind: require VTs on seat0 and forbid elsewhere
Sessions on seat0 must pass us a vtnr, otherwise, you shouldn't try
attaching it to seat0. For seats without VTs, we do the exact opposite: we
forbid VTs.
There can be odd situations if the session-files contain invalid
combinations. However, we try to keep sessions alive and restore state as
good as possible.
David Herrmann [Thu, 28 Nov 2013 16:05:34 +0000 (17:05 +0100)]
logind: make VT numbers unsigned
Fix the whole code to use "unsigned int" for vtnr. 0 is an invalid vtnr so
we don't need negative numbers at all.
Note that most code already assumes it's unsigned so in case there's a
negative vtnr, our code may, under special circumstances, silently break.
So this patch makes sure all sources of vtnrs verify the validity. Also
note that the dbus api already uses unsigned ints.
David Herrmann [Wed, 27 Nov 2013 09:36:35 +0000 (10:36 +0100)]
event: allow EPOLLET as event flag
EPOLLET enables edge-triggered mode (see epoll(7) for more). For most
use-cases, level-triggered is just fine, but for master-TTYs we need
edge-triggered to catch EPOLLHUP. master-TTYs signal EPOLLHUP if no client
is connected, but a client may connect some time later (same happens
during vhangup(2)).
However, epoll doesn't allow masking EPOLLHUP so it's signaled constantly.
To avoid this, edge-triggered mode is needed.
David Herrmann [Thu, 28 Nov 2013 14:10:24 +0000 (15:10 +0100)]
logind: mute/restore VT on behalf of session controllers
If a session process calls TakeControl(), we now put the VT into
KD_GRAPHICS+K_OFF mode. This way, the new session controller can solely
rely on the logind-dbus API to manage the session.
Once the controller exits or calls ReleaseControl(), we restore the VT. We
also restore it, if we lost a controller during crash/restart (but only if
there really *was* a controller previously).
Note that we also must put the VT into VT_PROCESS mode. We want VT_AUTO
semantics, but VT_AUTO+KD_GRAPHICS actually disables *all* VT switches
(who came up with that great idea?). Hence, we set VT_PROCESS for logind
but acknowledge *all* requests immediately.
If a compositor wants custom VT setups, they can still get this by *first*
calling TakeControl() and afterwards setting up the VT. logind doesn't
touch the VT during controller runtime, only during setup/teardown. This
is actually what weston already does.
David Herrmann [Thu, 28 Nov 2013 13:58:57 +0000 (14:58 +0100)]
logind: restore session-controller after crash
We now save the unique bus-name of a session-controller as CONTROLLER=%s
in the session files. This allows us to restore the controller after a
crash or restart.
Note that we test whether the name is still valid (dbus guarantees that
the name is unique as long as the machine is up and running). If it is,
we know that the controller still exists and can safely restore it. Our
dbus-name-tracking guarantees that we're notified once it exits.
Also note that session-devices are *not* restored. We have no way to know
which devices where used before the crash. We could store all these on
disk, too, or mark them via udev. However, this seems to be rather
cumbersome. Instead, we expect controllers to listen for NewSession
signals for their own session. This is sent on session_load() and they can
then re-request all devices.
The only race I could find is if logind crashes, then the session
controller tries calling ReleaseControl() (which will fail as logind is
down) but keeps the bus-connection valid for other independent requests.
If logind is restarted, it will restore the old controller and thus block
the session.
However, this seems unlikely for several reasons:
- The ReleaseControl() call must occur exactly in the timespan where
logind is dead.
- A process which calls ReleaseControl() usually closes the
bus-connection afterwards. Especially if ReleaseControl() fails, the
process should notice that something is wrong and close the bus.
- A process calling ReleaseControl() usually exits afterwards. There may
be any cleanup pending, but other than that, usual compositors exit.
- If a session-controller calls ReleaseControl(), a session is usually
considered closing. There is no known use-case where we hand-over
session-control in a single session. So we don't care whether the
controller is locked afterwards.
David Herrmann [Thu, 28 Nov 2013 13:51:40 +0000 (14:51 +0100)]
logind: ignore failing close() on session-devices
Unfortunately, close() on a revoked/removed character-device fails with
ENODEV. I tried tracking this down in the kernel, but couldn't figure out
were exactly it comes from. However, can be easily reproduced with:
fd = open("/dev/input/event0", O_RDWR);
ioctl(fd, EVIOCREVOKE, 0);
r = close(fd);
A second close on @fd would return EBADF so the close is actually valid.
We simply ignore close() errors for all session-devices as their access
may be revoked asynchronously, or the device might get unplugged.
We use close_nointr() in case anyone ever looks at the return value (or
anyone runs "grep 'close(' -r src/" to find broken close() calls).
Fixes:
systemd-logind[31992]: Assertion 'close_nointr(fd) == 0' failed at src/shared/util.c:185, function close_nointr_nofail(). Aborting.
David Herrmann [Thu, 28 Nov 2013 09:52:18 +0000 (10:52 +0100)]
login: revert lazy session-activation on non-VT seats
Existing applications like gdm already depend on new sessions to get
immediately activated on seats without VTs. Fixes a bug reported as:
[systemd-devel] systemd 208:trouble with inactive user sessions at non-seat0 seats
This patch restores the original behavior. We either need to add a new
flag for session-creation or some other heuristic to avoid activating new
sessions in the future.