Yu Watanabe [Sun, 21 Feb 2021 02:00:19 +0000 (11:00 +0900)]
dissect-image: filter out enumerated or triggered devices without "partition" sysattr
This also adds more filters for device enumerator and monitor.
These newly added filters should be mostly redundant. But this hides
spurious error in sd_device_get_sysattr_value(). See,
https://github.com/systemd/systemd/pull/18684#discussion_r579700977
sd_device_monitor_filter_add_match_subsystem_devtype() now returns 1 to signify
that something was done, and 0 to signify that nothing was done, but
udev_monitor_filter_add_match_subsystem_devtype() needs to return 0 as documented.
udev_monitor_filter_add_match_tag() is adjusted to match.
This makes gdm start successfully here again.
Before, it would just not boot, with nothing very obvious in the logs:
gdm[1756]: Gdm: GdmDisplay: Session never registered, failing
The issue was introduced in the refactoring in 775ae35403f8f3c01b7ac13387fe8aac1759993f.
We would pass an initialized value to a helper function. We would only *use*
it if it was initialized. But the mere passing of an unitialized variable is
UB, so let's not do that. This silences a gcc warning.
backlight: refactor get_max_brightness() to appease gcc
The old code was just fine, but gcc doesn't understand that max_brightness is
initialized. Let's rework it a bit to move some logic to the main function. Now
get_max_brightness() just retrieves and parses the attribute, and the main
function decides what to do with it.
[988/1664] Compiling C object systemd-oomd.p/src_oom_oomd.c.o
In file included from ../src/basic/path-util.h:10,
from ../src/shared/pretty-print.c:14,
from ../src/oom/oomd.c:15:
../src/shared/pretty-print.c: In function ‘conf_files_cat’:
../src/basic/strv.h:123:32: warning: ‘prefixes’ may be used uninitialized [-Wmaybe-uninitialized]
123 | for ((s) = (l); (s) && *(s); (s)++)
| ^
In file included from ../src/oom/oomd.c:15:
../src/shared/pretty-print.c:283:16: note: ‘prefixes’ was declared here
283 | char **prefixes, **prefix;
| ^~~~~~~~
../src/shared/pretty-print.c:305:12: warning: ‘is_collection’ may be used uninitialized in this function [-Wmaybe-uninitialized]
305 | if (!is_collection) {
| ^
../src/shared/pretty-print.c:301:13: warning: ‘extension’ may be used uninitialized in this function [-Wmaybe-uninitialized]
301 | r = conf_files_list_strv(&files, extension, root, 0, (const char* const*) dirs);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Maybe this is caused by the statis char** variables?
[1/429] Compiling C object src/shared/libsystemd-shared-248.a.p/bus-message-util.c.o
../src/shared/bus-message-util.c: In function ‘bus_message_read_dns_servers’:
../src/shared/bus-message-util.c:165:21: warning: ‘family’ may be used uninitialized in this function [-Wmaybe-uninitialized]
165 | r = in_addr_full_new(family, &a, port, 0, server_name, dns + n);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../src/shared/bus-message-util.c:165:21: warning: ‘port’ may be used uninitialized in this function [-Wmaybe-uninitialized]
../src/shared/bus-message-util.c:165:21: warning: ‘server_name’ may be used uninitialized in this function [-Wmaybe-uninitialized]
The warning would be there despite all the asserts in bus_error_setfv() and
sd_bus_error_set(). So let's add an explicit assert.
[2/3] Compiling C object test-capability.p/src_test_test-capability.c.o
../src/test/test-capability.c: In function ‘main’:
../src/test/test-capability.c:270:12: warning: ‘run_ambient’ may be used uninitialized in this function [-Wmaybe-uninitialized]
270 | if (run_ambient)
| ^
[91/180] Compiling C object libsystemd.a.p/src_libsystemd_sd-event_sd-event.c.o
In file included from ../src/basic/macro.h:12,
from ../src/basic/alloc-util.h:9,
from ../src/libsystemd/sd-event/sd-event.c:11:
../src/libsystemd/sd-event/sd-event.c: In function ‘sd_event_wait’:
../src/fundamental/macro-fundamental.h:86:63: warning: ‘child_min_priority’ may be used uninitialized in this function [-Wmaybe-uninitialized]
86 | UNIQ_T(A, aq) < UNIQ_T(B, bq) ? UNIQ_T(A, aq) : UNIQ_T(B, bq); \
| ^
../src/libsystemd/sd-event/sd-event.c:3983:45: note: ‘child_min_priority’ was declared here
3983 | int64_t epoll_min_priority, child_min_priority;
| ^~~~~~~~~~~~~~~~~~
varlink: use two local flag variables to silence gcc warning
[59/655] Compiling C object src/shared/libsystemd-shared-248.a.p/varlink.c.o
../src/shared/varlink.c: In function ‘varlink_write’:
../src/shared/varlink.c:459:12: warning: ‘n’ may be used uninitialized in this function [-Wmaybe-uninitialized]
459 | if (n < 0) {
| ^
../src/shared/varlink.c: In function ‘varlink_process’:
../src/shared/varlink.c:541:12: warning: ‘n’ may be used uninitialized in this function [-Wmaybe-uninitialized]
541 | if (n < 0) {
| ^
../src/shared/varlink.c:486:17: note: ‘n’ was declared here
486 | ssize_t n;
| ^
It was one giant all of text in pseudo-random order. Let's split it into
paragraphs talk about one subject each.
And unfortunately, the description of what happens when the error is not
set was not correct. In general, various functions treat 0/NULL as
not-an-error, and return 0.
sd-bus: add assert to tell the compiler that the error code is positive
I was hoping it would help with the following gcc warning:
[35/657] Compiling C object src/shared/libsystemd-shared-248.a.p/bus-message-util.c.o
../src/shared/bus-message-util.c: In function ‘bus_message_read_dns_servers’:
../src/shared/bus-message-util.c:165:21: warning: ‘family’ may be used uninitialized in this function [-Wmaybe-uninitialized]
165 | r = in_addr_full_new(family, &a, port, 0, server_name, dns + n);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../src/shared/bus-message-util.c:165:21: warning: ‘port’ may be used uninitialized in this function [-Wmaybe-uninitialized]
../src/shared/bus-message-util.c:165:21: warning: ‘server_name’ may be used uninitialized in this function [-Wmaybe-uninitialized]
It actually doesn't, but the compiler has a point here: the code is specified
in sd_bus_error_map[], and it has no way of knowning that we want it to be a
positive value.
I think this should be an assert, because if this assumption fails, a
programming error has occured, something that'd want to catch.
[11/657] Compiling C object src/basic/libbasic.a.p/fileio.c.o
../src/basic/fileio.c: In function ‘write_string_stream_ts’:
../src/basic/fileio.c:167:21: warning: ‘fd’ may be used uninitialized in this function [-Wmaybe-uninitialized]
167 | if (futimens(fd, twice) < 0)
| ^~~~~~~~~~~~~~~~~~~
basic/socket-util: add hint to silence gcc's maybe-unitialized warning
[59/1551] Compiling C object src/basic/libbasic.a.p/socket-util.c.o
../src/basic/socket-util.c: In function ‘socket_get_mtu’:
../src/basic/socket-util.c:1393:16: warning: ‘mtu’ may be used uninitialized in this function [-Wmaybe-uninitialized]
1393 | *ret = (size_t) mtu;
| ^~~~~~~~~~~~
Same motivation as in the parent commit: let's define variables later, ideally
right when they are first initialized, so it's easier to figure out that they
are properly initialized.
error_id and r_tuple* were previously initialized, but I don't see why they
would need to be.
nss-resolve: fix parsing of io.systemd.Resolve.ResolveAddress reply
Since the switch to varlink in 0c73f4f075a2d23f7cabe708b589f19f4bbbec37, the
code wasn't functional. The JSON_VARIANT_UNSIGNED/JSON_VARIANT_STRING mismatch
meant that we'd reject any reply. Once past that, the code would use
unitialized 'c' and 'n' variables, so it's lucky we never got that far ;)
With -Wmaybe-unitialized, gcc would warn.
I think that declaring the huge list of local variables with very short names
at the top of the function was making it harder to understand what is going on
in the function. So let's rename the variables a bit, and initialize them upon
declaration if possible.
_nss_resolve_gethostbyaddr2_r("10.38.5.41") → status=NSS_STATUS_SUCCESS
errno=999/--- h_errno=0/Resolver Error 0 (no error) ttl=0
"squid.redhat.com"
alias "squid.corp.redhat.com"
alias "squid2.corp.redhat.com"
alias "squid3.corp.redhat.com"
alias "squid4.corp.redhat.com"
alias "squid5.corp.redhat.com"
AF_INET 10.38.5.41
_nss_resolve_gethostbyaddr_r("10.38.5.41") → status=NSS_STATUS_SUCCESS
errno=999/--- h_errno=0/Resolver Error 0 (no error)
"squid.redhat.com"
alias "squid.corp.redhat.com"
alias "squid2.corp.redhat.com"
alias "squid3.corp.redhat.com"
alias "squid4.corp.redhat.com"
alias "squid5.corp.redhat.com"
AF_INET 10.38.5.41
(I have 10.38.5.41 squid.redhat.com squid.corp.redhat.com squid2.corp.redhat.com squid3.corp.redhat.com squid4.corp.redhat.com squid5.corp.redhat.com
in /etc/hosts for testing.)
Luca Boccassi [Tue, 23 Jun 2020 12:09:42 +0000 (13:09 +0100)]
portabled: add --extension parameter for layered images support
Add an --extension parameter to portablectl, and new DBUS methods
to attach/detach/reattach/inspect.
Allows to append separate images on top of the root directory (os-release
will be searched in there) and mount the images using an overlay-like
setup (unit files will be searched in there) using the new ExtensionImages
service option.
rpm: when disabling a unit, do not complain if systemd is not running
$ sudo dnf remove --installroot=/var/tmp/img1 systemd-networkd
...
Running scriptlet: systemd-networkd-248~rc4-4.fc32.x86_64 1/1
Removed /etc/systemd/system/multi-user.target.wants/systemd-networkd.service.
Removed /etc/systemd/system/sockets.target.wants/systemd-networkd.socket.
Removed /etc/systemd/system/dbus-org.freedesktop.network1.service.
Removed /etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service.
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to bus: Host is down
(Another option would be make --now do nothing if systemd is not running.
But I think that's not too good. 'disable --now' doing nothing would be OK,
since if systemd is not running, the service is not running either, so we are
in the desired state. But that argument doesn't work for 'enable --now'. And
accepting 'disable --now' but not 'enable --now' seems overly complex. So I
think it is better to make the scriptlet handle this case explicitly.)
Also, let's reindent the file to 4 spaces. Very deeply nested scriptlets are
harder to read, and the triggers file is indented to 4 spaces already.
shared: add new IMAGE_VERSION=/IMAGE_ID= field to /etc/os-release
This specifes two new optional fields for /etc/os-release:
IMAGE_VERSION= and IMAGE_ID= that are supposed to identify the image of
the current booted system by name and version.
This is inspired by the versioning stuff in
https://github.com/systemd/mkosi/pull/683.
In environments where pre-built images are installed and updated as a
whole the existing os-release version/distro identifier are not
sufficient to describe the system's version, as they describe only the
distro an image is built from, but not the image itself, even if that
image is deployed many times on many systems, and even if that image
contains more resources than just the RPMs/DEBs.
In particular, "mkosi" is a tool for building disk images based on
distro RPMs with additional resources dropped in. The combination of all
of these together with their versions should also carry an identifier
and version, and that's what IMAGE_VERSION= and IMAGE_ID= is supposed to
be.
basic/fileio: fix reading of not-too-small virtual files
This code is trying to do two things: when reading a file with working
st.st_size, detect when the file size changes between the fstat() and our
allocation of the buffer based on the returned size, and the subsequent read().
When reading a file without st.st_size, read up to READ_FULL_BYTES_MAX.
But this second scenario was partially broken: we'd start with size = 4095, and
double the size up to three times, i.e. up to 32767. But we want to read up to
READ_FULL_BYTES_MAX.
So let's listentangle the two cases a bit: if a file returns non-zero st._size,
proceed as before. But if we don't know the size, let's immediately allocate
the buffer of maximum size of READ_FULL_BYTES_MAX. I think that allocating 4MB
and 1MB is going to take pretty much the same time as long as the memory is not
written to, so by allocating 1MB, 2MB, and 4MB, we wouldn't really be saving
anything internally, but wasting time on repeated reads, if the file is long
enough.
Also, don't do the seek if we know we're going to return an error immediately
after.
This should fix reading of any files in /proc, which all have size == 0. In
particular, various files read by coredump might be larger than 32767.
What about /sys? The file there return a fake value, usually 4096. So we'll
allocate a small buffer and read that.
Anita Zhang [Fri, 26 Mar 2021 10:01:38 +0000 (03:01 -0700)]
oomd: make it more clear when a kill happens
Improve the logging to only print if systemd-oomd killed something. And
also print which cgroup was targeted.
Demote general swap above/pressure above messages to debug.
№1 0x00007fb5f13ae87f in selabel_lookup_raw (rec=<optimized out>, con=con@entry=0x7fffef307380, key=key@entry=0x55f616ac4750 "/run/user/1000/systemd/units/invocation:systemd-tmpfiles-clean.service", type=type@entry=40960) at label.c:256
lr = <optimized out>
'rec' is passed through as is to selabel_lookup_common().
№2 0x00007fb5f1561b2d in selinux_create_file_prepare_abspath (abspath=0x55f616ac4750 "/run/user/1000/systemd/units/invocation:systemd-tmpfiles-clean.service", mode=40960) at ../src/basic/selinux-util.c:368
filecon = 0x0
r = <optimized out>
__PRETTY_FUNCTION__ = "selinux_create_file_prepare_abspath"
__func__ = "selinux_create_file_prepare_abspath"
№3 0x00007fb5f1561ec3 in mac_selinux_create_file_prepare (path=<optimized out>, mode=40960) at ../src/basic/selinux-util.c:431
r = 0
abspath = 0x55f616ac4750 "/run/user/1000/systemd/units/invocation:systemd-tmpfiles-clean.service"
__PRETTY_FUNCTION__ = "mac_selinux_create_file_prepare"
We checked label_hnd != NULL, but then we apparently called
avc_netlink_check_nb(), which reset label_hnd. Yay for global state!
№4 0x00007fb5f1549950 in symlink_atomic_label (from=0x55f6169d8b50 "69a8dcf7a7ac46b29306f2fddbed3edc", to=0x55f616ab8380 "/run/user/1000/systemd/units/invocation:systemd-tmpfiles-clean.service") at ../src/basic/label.c:55
r = <optimized out>
__PRETTY_FUNCTION__ = "symlink_atomic_label"
In the logs:
Mar 29 14:48:44 fedorapad.home systemd[1974]: selinux: avc: received policyload notice (seqno=2)
Mar 29 14:48:44 fedorapad.home systemd[1974]: Failed to initialize SELinux labeling handle: No such file or directory
Mar 29 14:48:44 fedorapad.home systemd[1974]: selinux: avc: received policyload notice (seqno=3)
Mar 29 14:48:44 fedorapad.home systemd[1974]: selinux: avc: received setenforce notice (enforcing=0)
Christian Hesse [Sun, 28 Mar 2021 11:00:49 +0000 (13:00 +0200)]
units: make locale directory writable for systemd-localed
With 8f20232fcb52dbe6255f3df6101fc057af90bcfa systemd-localed supports
generating locales when required. This fails if the locale directory is
read-only, so make it writable.
Fangrui Song [Mon, 29 Mar 2021 06:35:06 +0000 (23:35 -0700)]
sd-bus: set retain attribute on BUS_ERROR_MAP_ELF_REGISTER
LLD 13 and GNU ld 2.37 support -z start-stop-gc which allows garbage
collection of C identifier name sections despite the __start_/__stop_
references. Simply set the retain attribute so that GCC 11 (if
configure-time binutils is 2.36 or newer)/Clang 13 will set the
SHF_GNU_RETAIN section attribute to prevent garbage collection.
Without the patch, there are linker errors like the following with -z
start-stop-gc.
```
ld: error: undefined symbol: __start_SYSTEMD_BUS_ERROR_MAP
>>> referenced by bus-error.c:93 (../src/libsystemd/sd-bus/bus-error.c:93)
>>> sd-bus_bus-error.c.o:(bus_error_name_to_errno) in archive src/libsystemd/libsystemd_static.a
```
But it seems that we don't want those calls at all. The test was originally
added with the call in a6ee01caf3409ba9820e8824b9262fbac31a9f77, but I don't
see why we should override this. If the user wants to execute the test with
mempool disabled, we shouldn't ignore that.
basic/fileio: optimize buffer sizes in read_full_virtual_file()
We'd proceed rather inefficiently: the initial buffer size was LINE_MAX/2,
i.e. only 1k. We can read 4k at the same cost.
Also, we'd try to allocate 1025, 2049, 4097 bytes, i.e. always one higher than
the power-of-two size. Effectively the allocation would be bigger, and we'd
waste the additional space. So let's allocate aligned to the power-of-two size.
size=4095, 8191, 16383, so we allocate 4k, 8k, 16k.
basic/fileio: simplify calculation of buffer size in read_full_virtual_file()
We'd first assign a value up to SSIZE_MAX, and then immediately check if we
have a value bigger than READ_FULL_BYTES_MAX. This wasn't exactly wrong, but a
bit roundabout. Let's immediately assign the value from the appropriate range
or error out.
As noted in https://github.com/systemd/systemd/pull/17535#discussion_r534129256,
"raw" is misleading in this context. Let's use a more descriptive term.
projects / thirdparty / systemd.git / log
