Yu Watanabe [Tue, 1 Aug 2023 13:30:57 +0000 (22:30 +0900)]
udev-builtin-net_id: first parse USB or BCMA identifier, then parse PCI properties
Previously, we first generate names based on the PCI slot and ACPI
onboard index, and then append an identifier based on USB or BCMA bus
if it exists in between the PCI bus and the interface.
However, if there exists USB or BCMA bus, the name based on the
ACPI onboard index is not used.
So, let's invert the order; first generate USB or BCMA identifier if the
bus exists, then prepend the name with the PCI slot identifier.
With this change, we can drop Names struct, and each naming logic
becomes self-consistent.
Yu Watanabe [Tue, 1 Aug 2023 05:27:25 +0000 (14:27 +0900)]
udev-builtin-net_id: split out names_pci_onboard_label() from dev_pci_onboard()
Then call it only when it is necessary. The label is used only when the
interface is directly connected to the PCI bus, and it does not have the
SR-IOV feature (or the naming based on SR-IOV is disabled).
Curtis Klein [Fri, 5 May 2023 23:17:13 +0000 (16:17 -0700)]
watchdog: Allow the watchdog to be disabled at runtime
manager_{get|set|override}_watchdog check the validity of the new
timeout or the overridden timeout values using timestamp_is_set which
does not recognize "0" as a valid value. However since f16890f, "0"
indicates a disabled watchdog and so is a value we should be able to
configure in order to disable the watchdog. A value of USEC_INFINITY is
considered a no-op. The behavior should be the same for all watchdog
timeout configurations (runtime, pretimeout, and shutdown).
David Rheinsberg [Mon, 17 Jul 2023 10:17:56 +0000 (12:17 +0200)]
basic/memfd: fix memfd_map() seal test
Private mappings are required when F_SEAL_WRITE is set on a memfd,
because otherwise you could end up with writable mappings through
mprotect() and other calls. This is a limitation of the kernel
implementation, and might be lifted by future extensions.
Regardless, the current code tests for the full `is_sealed()` before
using MAP_PRIVATE. This might end up using MAP_SHARED for write-sealed
memfds, which will be refused by the kernel.
Fix this and make memfd_map() check for exactly `F_SEAL_WRITE`.
David Rheinsberg [Mon, 17 Jul 2023 10:01:18 +0000 (12:01 +0200)]
basic/memfd: reduce default seals to historic set
Rather than always setting all seals, make `memfd_set_seals()` employ
the original set of seals, that is: SEAL+GROW+SHRINK+WRITE
Historically, the memfd code was used with the out-of-tree memfd
patches, which merely supported a single seal ("SEALED", which
effectively was GROW+SHRINK+WRITE). When the code was adapted to the
upstream memfd seals, it was extended to the full seal set. With more
and more seals being added upstream, this because more problematic. In
particular, it is unclear what the function really is meant to achieve.
Instead of just adding all seals, the function is returned to its
original purpose: seal the memfd so futher modifications to its content
are prevented.
David Rheinsberg [Mon, 17 Jul 2023 09:48:50 +0000 (11:48 +0200)]
basic/memfd: drop test for F_SEAL_SEAL
With `F_SEAL_SEAL` a memfd can disable further sealing operations,
effectively sealing the set of seals. Testing for it ensures that no
further seals can be added, it never prevents seals from being dropped,
since seals cannot be dropped, ever.
Now testing for `F_SEAL_SEAL` makes sense if you want to ensure that
some seals are *not* set. That is, you either test for the entire set of
seals to match a local set, or you verify that a specific seal is not
set. Neither is what we are doing, so it feels wrong requiring it to be
set.
By dropping the requirement for `F_SEAL_SEAL`, the same FD can be shared
with other entities while retaining the ability to further restrict the
set of seals later on (e.g., being able to mark a region as executable
later on, and then adding `F_SEAL_EXEC`).
--oem can be used to only install OEM partitions (usr, verity,
verity-sig, ...). OEM= is used to indicate OEM partitions. If unset,
defaults to !FactoryReset. We also add a credential repart.oem to
allow configuring --oem via a credential.
repart: Allow combining CopyBlocks= and CopyFiles=
Let's allow the combination of these two options. When used, repart
will first try to apply the CopyBlocks= behavior. If that's not possible,
it falls back to the CopyFiles= behavior.
This is a first step in being able to also use the partition definition
files shipped in the image to build the image in mkosi instead of having
a separate set of repart definition files to build the image.
udev-builtin-net_id: split out get_dev_port() and make its failure critical
As dev_port and dev_id sysfs attributes are fundamental properties for
network interfaces. Hence, it should not fail.
Also, the type of dev_port is changed to unsigned. The kernel internally
uses 'unsigned short' for dev_port and dev_id. Hence, unsigned (that is,
32 bits) is still overkill, but should be enough.
Since not all fields of the dispatch table are mandatory we might end up
reading garbage if the optional field is not set.
In CIs we were lucky enough (or probably unfortunate enough) that the
garbage was printable, but in other cases the `show-server-state` verb
would just fail with:
$ resolvectl show-server-state
Failed to print table: Invalid argument
It is only used by the assertion in event_queue_insert().
We have similar check e.g. in sd-bus or sd-event, but udevd.c is not a
library code, hence such check is not necessary.
While doing that, the Manager object allocated by the main process
is now _not_ freed in the spawned worker process, to follow our usual
coding style. See discussion in #24043.
projects / thirdparty / systemd.git / log
