resolved: rework a few functions to return early on error
The implementation is a bit ugly because we set the output variable
twice. But we were already doing this on error, so this is not
significantly worse. Doing this allows us to avoid goto's, and the
compiler should be able to figure this out and only set once.
We'd return -1 (-EPERM), even though we have a general rule to use real errno
values. The particular case that caught my attention was:
$ sudo udevadm control -l asdf
Failed to parse log priority 'asdf': Operation not permitted
... but "git grep 'r =.*_from_string' src/" return 110 hits. Confusingly, some
of the _from_string functions already return a proper errno value, so not all
of those are broken, but probably quite a few.
A hole was/is present after the booleans, so changing them to be one byte each
doesn't change the structure size (122 bits on amd64). If we add more stuff
later, it might make sense to turn some of those into bitfields again. For now,
let's take the easy route. EINVAL fits into type now.
Code size it minimally reduced:
-rwxrwxr-x 1 zbyszek zbyszek 4109792 Feb 10 14:00 build/libsystemd.so.0.30.0
-rwxrwxr-x 1 zbyszek zbyszek 4109712 Feb 10 14:01 build/libsystemd.so.0.30.0
sd-netlink: pahole optimization of sd_netlink_slot
By rearranging the fields, we can avoid one of the holes (on amd64).
By adding more space for .type, -EINVAL can be used as a value later on.
The structure is reduced from 96 to 88 bytes (on amd64).
Text size is also smaller:
-rwxrwxr-x 1 zbyszek zbyszek 4109832 Feb 9 19:50 build/libsystemd.so.0.30.0
-rwxrwxr-x 1 zbyszek zbyszek 4109792 Feb 9 19:51 build/libsystemd.so.0.30.0
Every bitfield may make the object a little smaller, but requires additional
code when accessing the field. So it only makes sense in objects that are
created in many many copies. The Manager is pretty much a singleton.
-rwxrwxr-x 1 zbyszek zbyszek 4443840 Feb 9 16:14 build/systemd
-rwxrwxr-x 1 zbyszek zbyszek 4442552 Feb 9 16:42 build/systemd
We save 1288 bytes of code by "wasting" a few bytes on storage. (The speed
advantages are probably more important, but harder to measure…)
Doing it all in one line and with negation in front seemed like a good
idea at some point, but I think it is vastly easier to understand when
it is split out a bit.
fuzz-journal-remote: do not assert on resource conditions
We have a number of issues where oss-fuzz reports input-independent crashes of
fuzz-journal-remote. Instead of asserting that stuff that allocated fds and
memory never fails, let's instead just return an error.
I don't see any docs as to whether LLVMFuzzerTestOneInput() is allowed to
return non-zero. Propagating the error code is easiest, so let's just do that.
If it turns out that this causes oss-fuzz to still report a failure, we can
suppress that later.
ci: temporarily pin Arch repositories to glibc 2.32-5
glibc 2.33-3 shipped on 2021-02-06 breaks running Arch containers on
systems with older kernels (like Ubuntu Focal). Until the issue is
resolved, let's pin the Arch repositories to glibc 2.32-5 to mitigate
the annoying CI fails.
network: Delay addition of IPv6 Proxy NDP addresses
Setting of IPv6 Proxy NDP addresses must be done at the same
time as static addresses, static routes, and other link attributes
that must be configured when the link is up. Doing this ensures
that they are reconfigured on the link if the link goes down
and returns to service.
Yu Watanabe [Wed, 3 Feb 2021 18:21:08 +0000 (03:21 +0900)]
fundamental: move several macros and functions into src/fundamental/
sd-boot has a copy of a subset of codes from libbasic. This makes
sd-boot share the code with libbasic, and dedup the code.
Note, startswith_no_case() is dropped from sd-boot, as
- it is not used,
- the previous implementation is not correct,
- gnu-efi does not have StrniCmp() or so.
Yu Watanabe [Fri, 22 Jan 2021 07:38:52 +0000 (16:38 +0900)]
hostname: re-read file later when failed to update file
Previously, even when writing e.g. /etc/hostname fails, the static
hostname in Context is not restored. So, the subsequent call of the same
method succeeds:
```
$ sudo chattr +i /etc/hostname
$ sudo hostnamectl --static set-hostname aaa
Could not set static hostname: Access denied
$ echo $?
1
$ sudo hostnamectl --static set-hostname aaa
$ echo $?
0
```
This makes when updating file is failed, the saved stat is cleared. So,
the static hostname or machine information in the context are always
consistent to the corresponding files.
Yu Watanabe [Fri, 22 Jan 2021 02:20:50 +0000 (11:20 +0900)]
hostnamectl: try to set transient hostname even if updating static or pretty hostname failed
If no target (--pretty, --static, or --transient) is specified, then
let's try to set transient hostname even if setting static or pretty
hostname failed. This may be useful for read-only filesystem.
tree-wide: fix the string concatenation warning with clang-12
e.g.:
./src/shared/dissect-image.c:2218:39: error: suspicious concatenation of string literals in an array initialization; did you mean to separate the elements with a comma? [-Werror,-Wstring-concatenation]
"/usr/lib/os-release\0",
^
../src/shared/dissect-image.c:2217:39: note: place parentheses around the string literal to silence warning
[META_OS_RELEASE] = "/etc/os-release\0"
^
1 error generated.
Antonius Frie [Mon, 8 Feb 2021 08:15:15 +0000 (09:15 +0100)]
Use correct config parser for MountAPIVFS (#18501)
As far as I can see, at some point the parser function for MountAPIVFS
was changed from the generic bool parser to a custom implementation, to
allow the context to keep track of whether MountAPIVFS had been set
explicitly. If not, exec_context_get_effective_mount_apivfs would fall
back to a default value. However, the corresponding entry in the big
parser table wasn't updated, meaning that the old bool parser was still
used, meaning that context->mount_apivfs_set remained at its default
value of false, meaning that the default value was always used and the
config option was effectively ignored.
When executed in test mode, "OUTDATED" is appropriate. But when executed
to actually update the text, after the tool executes, those pages are the
opposite, not outdated.
It happens too often that what people ask for already is implemented.
Let's help cut the noise a bit, and make people check things first
hopefully, and at least make it either for us to detect such cases.
resolved: suppress ifindex info in varlink JSON responses if zero
If we don't have ifindex info, don't set the field for it.
We already do that for parsed IP address replies, let's do it for all
cases: it's a bit nicer to suppress the ifindex prop if it doesn't apply
than to pass it invalid.
This is the other side of #18482, i.e. fixes things so that the parser
doesn't get tripped up by this.
(This too makes a problem go away we should track down properly, i.e.
figure out how the ifindex got lost in
https://github.com/systemd/systemd/pull/17823#issuecomment-742439422 )
nss-resolve: accept zero ifindex when parsing resolved reply
Sometimes a reply isn't associated to any specific interface, it might
be a general truth (for example served from /etc/hosts or so). In this
case the server might pass ifindex == 0. Accept that.
Since the test suite overhaul, the test units are now under
/usr/lib/systemd/tests/testdata/tetsuite-06.units with
system_u:object_r:lib_t context. This causes an AVC denial, since the
systemd unit files are expected to have the
system_u:object_r:systemd_unit_file_t context. Let's fix this by using a
custom file context definition.
Apparently the range is like that:
$ sudo bash -c 'echo "default 1001" >/sys/fs/cgroup/user.slice/io.bfq.weight'
bash: line 0: echo: write error: Numerical result out of range
test-fs-util: beef up test for conservative_renameat()
Instead of using a short fixed string, let's use a huge blob for
testing, with randomized size and contents, that definitely is above the
16K buffer size conservative_renameat() uses internally.
David Edmundson [Wed, 3 Feb 2021 12:29:28 +0000 (12:29 +0000)]
xdg-autostart: Generate autostart services with templated name
The "XDG standardization for applications" specification states that
services should be in the form:
app[-<launcher>]-<ApplicationID>[@<RANDOM>].service or
app[-<launcher>]-<ApplicationID>-<RANDOM>.scope
In this case "autostart" takes the place of [RANDOM] to provide a unique
identifier if the same app is launched elsewhere. As it is a service
that means it should be set as a template not using a hyphen delimiter.
Daan De Meyer [Wed, 3 Feb 2021 00:24:32 +0000 (00:24 +0000)]
boot: Replace efivar_set() persistent argument with flags argument
To add secure-boot enrolling support, we need to be able to specify
the EFI_VARIABLE_APPEND_WRITE flag so let's make the efivar_set()
methods more generic so we can set that flag.
Let's make sure we still look at the etags reported by http 304 (i.e.
the cache management code). Otherwise we won't properly realize we
already downloaded this before.
The old name originates when this was used to discover "machine" images,
as managed by machined/machinectl. But nowadays this is also used by
portable services and system extensions, hence let's use a more generic
name for this API. Taking inspiration from "dissect-image.[ch]", let's call
this "discover-image.[ch]".
Deprecate builds with split-usr, prepare for removal
There is no technical reason to support systems with split-usr, except for
backwards compatibility. Even though systemd itself makes an effort to support
this, many other tools aren't as careful. Despite those efforts, we
(collectively) get it wrong often, because doing it "wrong" on systems with
merged-usr has no consequences. Since almost all developers are on such
systems, any issues are only discovered late. Supporting this split-usr mode
makes both code and documentation more complicated. The split is purely
artificial and has no justification except to allow old installation to not
update. Mechanisms to update existing systems are available though: Fedora
did that in https://fedoraproject.org/wiki/Features/UsrMove, Debian has
the usrmerge package.
The next version of Debian will only support systems with split-usr=false,
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978636#178:
The Technical Committee resolves that Debian 'bookworm' should
support only the merged-usr root filesystem layout, dropping support
for the non-merged-usr layout.
Let's start warning if split-usr mode is used, in preparation to removing the
split in one of the future releases.
Let's split out the two codepaths a bit, and emphasize which ones it the
new-style and which the old-style codepath, and let's clearly convert
the params of the old-stye into the new style for further processing, so
that the old style path is brief and isolated.
Yu Watanabe [Wed, 20 Jan 2021 06:50:01 +0000 (15:50 +0900)]
network,udev: move TransmitQueues=/ReceiveQueues= from .network to .link
As the settings are mostly hardware setup, and merely see from network
layer.
See also discussions in
https://github.com/systemd/systemd/pull/18170#issuecomment-758807497
https://github.com/orgs/systemd/teams/systemd/discussions/1
Anita Zhang [Tue, 2 Feb 2021 22:16:03 +0000 (14:16 -0800)]
oom: rework *MemoryPressureLimit= properties to have 1/10000 precision
Requested in
https://github.com/systemd/systemd/pull/15206#discussion_r505506657,
preserve the full granularity for memory pressure limits (permyriad)
instead of capping out at percent.
Let's tighten the logic behind path_extract_filename() a bit: first of
all, refuse all cases of invalid paths with -EINVAL. More importantly
though return a recognizable error when a valid path is specified that
does not contain any filename. Specifically, "/" will now result in
-EADDRNOTAVAIL.
This changes API, but none of the existing callers care about the return
value, hence the change should be fine.
projects / thirdparty / systemd.git / log
