Ralf Habacker [Thu, 12 May 2016 22:56:42 +0000 (00:56 +0200)]
Eliminates a race condition accessing DBusBabysitter instance at startup of babysitter() on Windows.
Ensure that the babysitter thread already owns its one reference to the
babysitter when it starts up, and eliminates the race condition.
This patch requires that DBusBabysitter refcounting is thread-safe
and is based on an analysis and proposal of Simon Mc Vittie.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=95191 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
sysdeps: increase listen() backlog of AF_UNIX sockets to SOMAXCONN
Previously, the listen() backlog was set to an arbitrary 30. This means
that if dbus-daemon is overloaded only 30 more connections may be queued
by the kernel, before connect() fails with EAGAIN. (Note that EAGAIN !=
EINPROGRESS -- the latter is what is returned if a connection is queued
and being processed for asynchronous sockets; EAGAIN in this case is
really an error, that cannot be recovered from).
Most software simply sets SOMAXCONN as backlog for AF_UNIX sockets, to
allow queuing of as many connections as the kernel allows. SOMAXCONN is
128 on Linux, which is not particularly high, but at least higher than
30.
This patch changes dbus-daemon to do the same.
I noticed this when flooding dbus-daemon with a lot of connections,
where it pretty quickly ceased to respond, much earlier than it really
should.
Note that the backlog has nothing to do with the number of concurrent
connections allowed, it simply controls how many queued, but not
accept()ed connections there may be on the listening socket.
dbus_internal_do_not_use_try_message_data: Calling _dbus_message_loader_get_max_message_size(loader) is only useful for its return value, which is ignored (CID 54725).
Reported by Coverity: CID 54725: Useless call (USELESS_CALL)
Simon McVittie [Mon, 15 Feb 2016 15:00:22 +0000 (15:00 +0000)]
DBusMessageIter: eliminate padding on 64-bit platforms
Previously, 64-bit (LP64 or LLP64) platforms would have had 32 bits
of padding between pad2 and pad3. We want to guarantee that an ISO C
compiler will copy the entire struct when assigning between structs,
but padding is not guaranteed to be copied, so we want to ensure that
the struct is "packed".
Statically assert that the old ABI is compatible with the new ABI.
Reviewed-by: Thiago Macieira <thiago@kde.org>
[smcv: change >= to == as Thiago requested] Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=94136
Simon McVittie [Mon, 15 Feb 2016 14:58:59 +0000 (14:58 +0000)]
DBusMessage: assert the properties we need DBusMessageIter to have
We already asserted that DBusMessageIter must be at least as large
as DBusMessageRealIter (so that casting DBusMessageIter * to
DBusMessageRealIter * does not result in overflowing the stack
variable). Also assert that it must have alignment requirements at
least as strict as those of DBusMessageRealIter * (so that casting
does not increase the required alignment).
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Thiago Macieira <thiago@kde.org>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=94136
Simon McVittie [Mon, 8 Feb 2016 20:32:34 +0000 (20:32 +0000)]
name-test: run most C tests directly, not via run-test.sh
The exception is test-autolaunch, which is really not particularly
useful as a build-time test. The only way we can really test
autolaunch is as a whole-system integration test, and "make check"
is not that.
The two tests written in Python and one test based on dbus-send
are also not run directly yet; in particular, that includes both
the tests in run-test-systemserver.sh.
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92899 Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Simon McVittie [Mon, 8 Feb 2016 20:09:58 +0000 (20:09 +0000)]
Replace $DBUS_USE_TEST_BINARY with $DBUS_TEST_DBUS_LAUNCH
Instead of using $DBUS_USE_TEST_BINARY to control whether to use the
hard-coded test binary TEST_BUS_LAUNCH_BINARY, we can just use
$DBUS_TEST_DBUS_LAUNCH to control what we launch directly, as we
were already doing for $DBUS_TEST_DAEMON.
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92899 Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Simon McVittie [Mon, 8 Feb 2016 20:32:34 +0000 (20:32 +0000)]
name-test: run most C tests directly, not via run-test.sh
The exception is test-autolaunch, which is really not particularly
useful as a build-time test. The only way we can really test
autolaunch is as a whole-system integration test, and "make check"
is not that.
The two tests written in Python and one test based on dbus-send
are also not run directly yet; in particular, that includes both
the tests in run-test-systemserver.sh.
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92899 Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Simon McVittie [Mon, 8 Feb 2016 20:09:58 +0000 (20:09 +0000)]
Replace $DBUS_USE_TEST_BINARY with $DBUS_TEST_DBUS_LAUNCH
Instead of using $DBUS_USE_TEST_BINARY to control whether to use the
hard-coded test binary TEST_BUS_LAUNCH_BINARY, we can just use
$DBUS_TEST_DBUS_LAUNCH to control what we launch directly, as we
were already doing for $DBUS_TEST_DAEMON.
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92899 Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Simon McVittie [Wed, 10 Feb 2016 13:15:56 +0000 (13:15 +0000)]
AppArmor: do not mix dbus_bool_t with int
libdbus uses dbus_bool_t for booleans; that type is unsigned 32-bit.
However, libapparmor uses int, which is signed, leading to
-Wpointer-sign warnings when we pass a dbus_bool_t * where an int *
was expected.
This file is Linux-specific, and all Linux platforms have 32-bit int
and an in-memory representation of the integers 0 and 1 that is
independent of signedness, so the previous code was harmless
in practice.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=93069 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Simon McVittie [Wed, 10 Feb 2016 13:11:28 +0000 (13:11 +0000)]
Consistently use socklen_t for getsockname, getsockopt etc.
This fixes signedness mismatch warnings on platforms where socklen_t
is unsigned, notably Linux (where it's an unsigned int).
We still use int for the fallback case where the platform does not
define socklen_t, because that was the traditional (pre-POSIX) type:
for details see NOTES in Linux accept(2),
<http://manpages.debian.org/cgi-bin/man.cgi?query=accept&sektion=2>.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=93069 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Nick Lewycky [Thu, 28 Jan 2016 20:24:56 +0000 (12:24 -0800)]
marshal-validate: run all the tests instead of just the even ones
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=93908 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
[smcv: Re-enable the failing test that Nick disabled, and fix the
expected result; the result given by our current implementation is
reasonable.]
Simon McVittie [Mon, 8 Feb 2016 17:25:38 +0000 (17:25 +0000)]
configure.ac: support large-file for stat64
dbus-daemon is not expected to open files with large *sizes*, but without
large file support, calling [f]stat() on a file that happens to have a
large inode number will fail with EOVERFLOW (see stat(2)). For example,
files mounted from an NFS server might have large inode numbers.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=93545 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
[smcv: shorten and clarify commit message; move AC_SYS_LARGEFILE
after AC_USE_SYSTEM_EXTENSIONS because nothing should compile C before
that point] Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Simon McVittie [Tue, 1 Dec 2015 17:31:18 +0000 (17:31 +0000)]
add travis-ci.org build machinery
The idea is that .travis.yml is specific to Travis-CI, but most of the
actual work is done in tools/ci-build.sh, which should be reasonably
CI-platform-agnostic (it currently assumes that build-dependendencies are
preinstalled, that the "native" platform we're building on is GNU/Linux
or something very close, and that "mingw" means mingw-w64 as packaged
in Debian and Ubuntu).
Simon McVittie [Fri, 27 Nov 2015 11:50:57 +0000 (11:50 +0000)]
Fix shell syntax for installcheck-local with no DESTDIR
A closing brace must be preceded by a semicolon. The CI integration
added later in this branch actually runs "make installcheck"
with no DESTDIR; apparently nobody else has ever tried that.
Simon McVittie [Fri, 27 Nov 2015 11:31:03 +0000 (11:31 +0000)]
Do not require systemd to have a service file if using it for activation
With --systemd-activation we special-case the name
org.freedesktop.systemd1 by assuming that it will eventually connect
to the bus. With that in mind, we can ignore whether it has a
.service file, and let it be "activated" regardless.
This fixes a regression test failure on non-systemd systems such
as the Ubuntu 14.04 OS on travis-ci.org: UpdateActivationEnvironment
failed, because it tried to update the (fake) systemd environment,
but because systemd was not actually installed, there was no
service file for it in the system's search paths. We could address this
by placing a dummy service file with Exec=/bin/false in our search path
like the real systemd does, but it seems cleaner to not require this;
this would eventually enable the real systemd to stop installing
that dummy service file.
This would not happen outside the regression tests, because there is
no sense in using --systemd-activation without systemd installed.
Simon McVittie [Tue, 24 Nov 2015 01:19:27 +0000 (01:19 +0000)]
embedded tests: accept and ignore --tap argument
This makes them semi-command-line-compatible with a way we can
invoke the GLib-based tests to get more useful debug logs.
These tests still do not actually produce TAP output yet; I tried
implementing that, but it requires changing a lot of noise on stdout
to come out of stderr, and there was something weird going on with
subprocesses restarting the test numbering which will need further
investigation before making that change.
Simon McVittie [Tue, 1 Dec 2015 17:31:18 +0000 (17:31 +0000)]
add travis-ci.org build machinery
The idea is that .travis.yml is specific to Travis-CI, but most of the
actual work is done in tools/ci-build.sh, which should be reasonably
CI-platform-agnostic (it currently assumes that build-dependendencies are
preinstalled, that the "native" platform we're building on is GNU/Linux
or something very close, and that "mingw" means mingw-w64 as packaged
in Debian and Ubuntu).
Simon McVittie [Fri, 27 Nov 2015 11:50:57 +0000 (11:50 +0000)]
Fix shell syntax for installcheck-local with no DESTDIR
A closing brace must be preceded by a semicolon. The CI integration
added later in this branch actually runs "make installcheck"
with no DESTDIR; apparently nobody else has ever tried that.
Simon McVittie [Fri, 27 Nov 2015 11:31:03 +0000 (11:31 +0000)]
Do not require systemd to have a service file if using it for activation
With --systemd-activation we special-case the name
org.freedesktop.systemd1 by assuming that it will eventually connect
to the bus. With that in mind, we can ignore whether it has a
.service file, and let it be "activated" regardless.
This fixes a regression test failure on non-systemd systems such
as the Ubuntu 14.04 OS on travis-ci.org: UpdateActivationEnvironment
failed, because it tried to update the (fake) systemd environment,
but because systemd was not actually installed, there was no
service file for it in the system's search paths. We could address this
by placing a dummy service file with Exec=/bin/false in our search path
like the real systemd does, but it seems cleaner to not require this;
this would eventually enable the real systemd to stop installing
that dummy service file.
This would not happen outside the regression tests, because there is
no sense in using --systemd-activation without systemd installed.
Simon McVittie [Tue, 24 Nov 2015 01:19:27 +0000 (01:19 +0000)]
embedded tests: accept and ignore --tap argument
This makes them semi-command-line-compatible with a way we can
invoke the GLib-based tests to get more useful debug logs.
These tests still do not actually produce TAP output yet; I tried
implementing that, but it requires changing a lot of noise on stdout
to come out of stderr, and there was something weird going on with
subprocesses restarting the test numbering which will need further
investigation before making that change.
Initialize SELinux and Apparmor after capabilities are set
avc_init() in the SELinux code path is creating a new thread, we need to
set to capabilities before it gets created so it has the permission to
send audit messages.
It also make more sense to open the audit netlink before the different
logging callbacks are set.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92832
[smcv: add comments explaining why initialization must happen in this
specific order] Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Simon McVittie [Thu, 26 Nov 2015 10:37:48 +0000 (10:37 +0000)]
Do not attempt to call child_setup on Windows
child_setup() is defined to be called after fork() and before exec(),
but Windows' process model does not have fork(): the equivalent of
those two operations is a single CreateProcess() call. This means
that there is no point at which we could call child_setup() and
have it affect only the child's process-global state. At the point
where it is currently executed, it affects the parent's process-global
state instead, which would be actively harmful if we used any
child_setup() function that was not a no-op on Windows.
The equivalent function in GLib, g_spawn_async_with_pipes(), documents
child_setup() as unused on Windows. Do the same here.
In practice, our only use of child_setup() outside tests
is #ifdef DBUS_UNIX anyway, so this change has no practical effect
right now.
projects / thirdparty / dbus.git / log
