git.ipfire.org Git - thirdparty/systemd.git/commit

author	Luca Boccassi <luca.boccassi@gmail.com>
	Mon, 30 Mar 2026 23:29:19 +0000 (00:29 +0100)
committer	Luca Boccassi <luca.boccassi@gmail.com>
	Fri, 15 May 2026 12:46:08 +0000 (13:46 +0100)
commit	3dddbee290105aca53488f0d3c1202feee838675
tree	76f1c5ca57b64ab4692661e8935f916aef5fdfe2	tree \| snapshot
parent	257c35c1a3936f53b80f16397a6909f4cd81124d	commit \| diff

shutdown: prepare LUO session for FD Stores before kexec

Wires up the systemd-shutdown side of the kexec-via-LUO fd store preservation.

When rebooting via kexec, systemd builds a JSON description of the fd
stores of all loaded services and passes it to systemd-shutdown through
the SYSTEMD_LUO_SERIALIZE_FD environment variable. The FDs themselves
come in as part of the normal shutdown FDSet. systemd-shutdown's job is
then, at the very last moment before invoking the kexec syscall, to
move that state into a kernel LUO session so it survives the reboot.

Doing the LUO session creation here, rather than in PID 1, is
deliberate:

* It's the last point where we can be sure all other processes have
   already been killed, so nothing else can race us into creating (or
   worse, hijacking) the "systemd" session, as /dev/liveupdate is a
   singleton and a session name is global.
* Any kernel-visible side effects of preserving objects (memory
   pinning etc.) are delayed until the absolute last moment, minimizing
   the window in which they could affect the running system

No behaviour change for shutdown paths other than kexec, or for kexec
when systemd didn't hand over a serialization fd (e.g. because no
service had any fds stored, or because LUO wasn't supported at
serialization time).

src/shared/luo-util.c		diff \| blob \| blame \| history
src/shared/luo-util.h		diff \| blob \| blame \| history
src/shutdown/shutdown.c		diff \| blob \| blame \| history