From 7cf671c18bca19f7fc52b5f548687fa842aefe66 Mon Sep 17 00:00:00 2001 From: Zhao Hang Date: Wed, 6 Sep 2023 10:17:10 +0800 Subject: [PATCH 1/8] update to systemd-239-74.el8_8.3.src.rpm Signed-off-by: Zhao Hang --- ...LESSSECURE-whenver-we-invoke-a-pager.patch | 32 ++- ...FLAGS_AUTOCLEAR-after-LOOP_CLR_FD-cl.patch | 66 ----- ...s-test-sd_pid_get_owner_uid-moderniz.patch | 264 +++++++++++++++++ ...-secure-when-under-euid-is-changed-o.patch | 66 ++++- ...OMEDIUM-error-from-sd_pid_get_cgroup.patch | 30 ++ ...-and-forward-dummy-arguments-instead.patch | 31 ++ ...gathering-metadata-for-source-git-au.patch | 51 ++++ ...-the-source-git-automation-commit-li.patch | 103 +++++++ ...ing-error-check-for-session_set_lead.patch | 32 +++ ...sion-leader-if-we-know-for-a-fact-th.patch | 77 +++++ ...ull-reference-case-in-load_from_path.patch | 34 --- ...-t-pass-null-directive-argument-to-s.patch | 25 -- ...roduce-EXIT_EXCEPTION-mapping-to-255.patch | 52 ---- ...e-PID-1-in-containers-exit-with-non-.patch | 52 ---- ...t-go-into-freeze-when-systemd-crashd.patch | 103 ------- ...ge-the-system-mount-propagation-to-s.patch | 62 ---- ...-definition-of-CGROUP_CONTROLLER_TO_.patch | 26 -- ...only-siblings-that-got-realized-once.patch | 46 --- ...g-item-to-support-setting-the-value-.patch | 120 -------- ...9-systemd-anolis-support-loongarch64.patch | 56 ---- ...x-coredump-when-compiled-under-GCC10.patch | 56 ---- 10011-hwdb-add-Iluvatar-CoreX.patch | 44 --- 10012-seccomp-add-loongarch-support.patch | 101 ------- ..._static-for-sd_pid_get_owner_uid-in-.patch | 26 -- ...ding-a-full-file-into-memory-refuse-.patch | 120 -------- ...explicit_bzero_safe-for-explicit-mem.patch | 61 ---- ...util-introduce-erase_and_free-helper.patch | 48 ---- ...READ_FULL_FILE_SECURE-flag-for-readi.patch | 207 ------------- ...roduce-warn_file_is_world_accessible.patch | 67 ----- ...l_file_full-also-warns-when-file-is-.patch | 64 ----- ...x-memory-leak-if-READ_FULL_FILE_SECU.patch | 30 -- ...icit-flag-for-generating-world-execu.patch | 44 --- ..._fd-parameter-to-read_full_file_full.patch | 142 --------- ...ort-for-read_full_file-on-AF_UNIX-st.patch | 271 ------------------ ...READ_FULL_FILE_CONNECT_SOCKET-to-all.patch | 181 ------------ ...ad_full_file_full-to-read-from-offse.patch | 246 ---------------- ...-cryptsetup-s-main-key-file-logic-ov.patch | 95 ------ systemd.spec | 90 ++---- 38 files changed, 680 insertions(+), 2541 deletions(-) rename 10013-pager-set-LESSSECURE-whenver-we-invoke-a-pager.patch => 0905-pager-set-LESSSECURE-whenver-we-invoke-a-pager.patch (85%) delete mode 100644 0905-umount-check-LO_FLAGS_AUTOCLEAR-after-LOOP_CLR_FD-cl.patch create mode 100644 0906-test-login-always-test-sd_pid_get_owner_uid-moderniz.patch rename 10014-pager-make-pager-secure-when-under-euid-is-changed.patch => 0907-pager-make-pager-secure-when-under-euid-is-changed-o.patch (82%) create mode 100644 0908-test-ignore-ENOMEDIUM-error-from-sd_pid_get_cgroup.patch create mode 100644 0909-pstore-fix-crash-and-forward-dummy-arguments-instead.patch create mode 100644 0910-ci-workflow-for-gathering-metadata-for-source-git-au.patch create mode 100644 0911-ci-first-part-of-the-source-git-automation-commit-li.patch create mode 100644 0912-login-add-a-missing-error-check-for-session_set_lead.patch create mode 100644 0913-logind-reset-session-leader-if-we-know-for-a-fact-th.patch delete mode 100644 10000-core-fix-a-null-reference-case-in-load_from_path.patch delete mode 100644 10001-sysctl-Don-t-pass-null-directive-argument-to-s.patch delete mode 100644 10002-exit-status-introduce-EXIT_EXCEPTION-mapping-to-255.patch delete mode 100644 10003-main-don-t-freeze-PID-1-in-containers-exit-with-non-.patch delete mode 100644 10004-Do-not-go-into-freeze-when-systemd-crashd.patch delete mode 100644 10005-mount-setup-change-the-system-mount-propagation-to-s.patch delete mode 100644 10006-cgroup-util-make-definition-of-CGROUP_CONTROLLER_TO_.patch delete mode 100644 10007-cgroup-update-only-siblings-that-got-realized-once.patch delete mode 100644 10008-core-add-a-config-item-to-support-setting-the-value-.patch delete mode 100644 10009-systemd-anolis-support-loongarch64.patch delete mode 100644 10010-test-catalog-Fix-coredump-when-compiled-under-GCC10.patch delete mode 100644 10011-hwdb-add-Iluvatar-CoreX.patch delete mode 100644 10012-seccomp-add-loongarch-support.patch delete mode 100644 10015-link-libsystemd_static-for-sd_pid_get_owner_uid-in-.patch delete mode 100644 10016-fileio-when-reading-a-full-file-into-memory-refuse-.patch delete mode 100644 10017-util-introduce-explicit_bzero_safe-for-explicit-mem.patch delete mode 100644 10018-util-introduce-erase_and_free-helper.patch delete mode 100644 10019-util-introduce-READ_FULL_FILE_SECURE-flag-for-readi.patch delete mode 100644 10020-fileio-introduce-warn_file_is_world_accessible.patch delete mode 100644 10021-fileio-read_full_file_full-also-warns-when-file-is-.patch delete mode 100644 10022-basic-fileio-Fix-memory-leak-if-READ_FULL_FILE_SECU.patch delete mode 100644 10023-fileio-add-explicit-flag-for-generating-world-execu.patch delete mode 100644 10024-fileio-add-dir_fd-parameter-to-read_full_file_full.patch delete mode 100644 10025-fileio-add-support-for-read_full_file-on-AF_UNIX-st.patch delete mode 100644 10026-fileio-beef-up-READ_FULL_FILE_CONNECT_SOCKET-to-all.patch delete mode 100644 10027-fileio-teach-read_full_file_full-to-read-from-offse.patch delete mode 100644 10028-cryptsetup-port-cryptsetup-s-main-key-file-logic-ov.patch diff --git a/10013-pager-set-LESSSECURE-whenver-we-invoke-a-pager.patch b/0905-pager-set-LESSSECURE-whenver-we-invoke-a-pager.patch similarity index 85% rename from 10013-pager-set-LESSSECURE-whenver-we-invoke-a-pager.patch rename to 0905-pager-set-LESSSECURE-whenver-we-invoke-a-pager.patch index 094195b..caba846 100644 --- a/10013-pager-set-LESSSECURE-whenver-we-invoke-a-pager.patch +++ b/0905-pager-set-LESSSECURE-whenver-we-invoke-a-pager.patch @@ -1,13 +1,18 @@ -From 02dca3c62216002f8c1b15171d4f957a6f80458b Mon Sep 17 00:00:00 2001 -From: Liwei Ge -Date: Wed, 28 Jun 2023 15:31:39 +0800 -Subject: [PATCH 10013/10014] pager: set $LESSSECURE whenver we invoke a pager +From e0488facf5b6e1faa292460548cfe0d7c542918d Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Mon, 31 Aug 2020 19:37:13 +0200 +Subject: [PATCH] pager: set $LESSSECURE whenver we invoke a pager -backport patch from -https://github.com/systemd/systemd/pull/16916/commits/ -9358eb98ee7ff3407dbcad010b53cfcc35a4060d +Some extra safety when invoked via "sudo". With this we address a +genuine design flaw of sudo, and we shouldn't need to deal with this. +But it's still a good idea to disable this surface given how exotic it +is. -Signed-off-by: Liwei Ge +Prompted by #5666 + +(cherry picked from commit 612ebf6c913dd0e4197c44909cb3157f5c51a2f0) + +Related: #2175623 --- man/less-variables.xml | 8 ++++++++ man/systemctl.xml | 1 + @@ -16,7 +21,7 @@ Signed-off-by: Liwei Ge 4 files changed, 32 insertions(+), 2 deletions(-) diff --git a/man/less-variables.xml b/man/less-variables.xml -index a3faa38..9dad424 100644 +index a3faa38997..9dad4247da 100644 --- a/man/less-variables.xml +++ b/man/less-variables.xml @@ -36,5 +36,13 @@ @@ -34,7 +39,7 @@ index a3faa38..9dad424 100644 diff --git a/man/systemctl.xml b/man/systemctl.xml -index a71e6c7..abc386e 100644 +index a71e6c7c4f..abc386e6fb 100644 --- a/man/systemctl.xml +++ b/man/systemctl.xml @@ -2010,6 +2010,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err @@ -46,7 +51,7 @@ index a71e6c7..abc386e 100644 diff --git a/man/systemd.xml b/man/systemd.xml -index 17ab59b..66ae4d8 100644 +index 17ab59beb5..66ae4d841d 100644 --- a/man/systemd.xml +++ b/man/systemd.xml @@ -862,6 +862,8 @@ @@ -59,7 +64,7 @@ index 17ab59b..66ae4d8 100644 $LISTEN_PID $LISTEN_FDS diff --git a/src/basic/pager.c b/src/basic/pager.c -index f241261..4efb01c 100644 +index f241261119..4efb01c483 100644 --- a/src/basic/pager.c +++ b/src/basic/pager.c @@ -11,6 +11,7 @@ @@ -106,6 +111,3 @@ index f241261..4efb01c 100644 if (pager) { execlp(pager, pager, NULL); execl("/bin/sh", "sh", "-c", pager, NULL); --- -2.27.0 - diff --git a/0905-umount-check-LO_FLAGS_AUTOCLEAR-after-LOOP_CLR_FD-cl.patch b/0905-umount-check-LO_FLAGS_AUTOCLEAR-after-LOOP_CLR_FD-cl.patch deleted file mode 100644 index c24ff51..0000000 --- a/0905-umount-check-LO_FLAGS_AUTOCLEAR-after-LOOP_CLR_FD-cl.patch +++ /dev/null @@ -1,66 +0,0 @@ -From b877c3b06f15a025748b9f09621ddf1bd00cacce Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 20 Dec 2019 17:58:03 +0100 -Subject: [PATCH] umount: check LO_FLAGS_AUTOCLEAR after LOOP_CLR_FD claimed - success - -Fixes: #14410 -Replaces: #14386 - ---- - systemd-239/src/core/umount.c | 29 ++++++++++++++++++++++------- - 1 file changed, 22 insertions(+), 7 deletions(-) - -diff --git a/src/core/umount.c b/src/core/umount.c -index 241fe6f..4400b3c 100644 ---- a/src/core/umount.c -+++ b/src/core/umount.c -@@ -334,23 +334,38 @@ static int dm_list_get(MountPoint **head) { - - static int delete_loopback(const char *device) { - _cleanup_close_ int fd = -1; -- int r; -+ struct loop_info64 info; - - assert(device); - - fd = open(device, O_RDONLY|O_CLOEXEC); - if (fd < 0) - return errno == ENOENT ? 0 : -errno; -+ -+ if (ioctl(fd, LOOP_CLR_FD, 0) < 0) { -+ if (errno == ENXIO) /* Nothing bound, didn't do anything */ -+ return 0; -+ -+ return -errno; -+ } - -- r = ioctl(fd, LOOP_CLR_FD, 0); -- if (r >= 0) -+ if (ioctl(fd, LOOP_GET_STATUS64, &info) < 0) { -+ /* If the LOOP_CLR_FD above succeeded we'll see ENXIO here. */ -+ if (errno == ENXIO) -+ log_debug("Successfully detached loopback device %s.", device); -+ else -+ log_debug_errno(errno, "Failed to invoke LOOP_GET_STATUS64 on loopback device %s, ignoring: %m", device); /* the LOOP_CLR_FD at least worked, let's hope for the best */ - return 1; -+ } - -- /* ENXIO: not bound, so no error */ -- if (errno == ENXIO) -- return 0; -+ /* Linux makes LOOP_CLR_FD succeed whenever LO_FLAGS_AUTOCLEAR is set without actually doing -+ * anything. Very confusing. Let's hence not claim we did anything in this case. */ -+ if (FLAGS_SET(info.lo_flags, LO_FLAGS_AUTOCLEAR)) -+ log_debug("Successfully called LOOP_CLR_FD on a loopback device %s with autoclear set, which is a NOP.", device); -+ else -+ log_debug("Weird, LOOP_CLR_FD succeeded but the device is still attached on %s.", device); - -- return -errno; -+ return -EBUSY; /* Nothing changed, the device is still attached, hence it apparently is still busy */; - } - - static int delete_dm(dev_t devnum) { --- -2.31.1 - diff --git a/0906-test-login-always-test-sd_pid_get_owner_uid-moderniz.patch b/0906-test-login-always-test-sd_pid_get_owner_uid-moderniz.patch new file mode 100644 index 0000000..b1691c3 --- /dev/null +++ b/0906-test-login-always-test-sd_pid_get_owner_uid-moderniz.patch @@ -0,0 +1,264 @@ +From cd2d72208df18c0894d2e6eea0656603e326f9cf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Mon, 12 Oct 2020 18:57:32 +0200 +Subject: [PATCH] test-login: always test sd_pid_get_owner_uid(), modernize + +A long time some function only worked when in a session, and the test +didn't execute them when sd_pid_get_session() failed. Let's always call +them to increase coverage. + +While at it, let's test for ==0 not >=0 where we don't expect the function +to return anything except 0 or error. + +(cherry picked from commit 1b5b507cd2d1d7a2b053151abb548475ad9c5c3b) + +Related: #2175623 +--- + src/libsystemd/sd-login/test-login.c | 132 ++++++++++++++------------- + 1 file changed, 71 insertions(+), 61 deletions(-) + +diff --git a/src/libsystemd/sd-login/test-login.c b/src/libsystemd/sd-login/test-login.c +index ccb1905a46..60ef889ec0 100644 +--- a/src/libsystemd/sd-login/test-login.c ++++ b/src/libsystemd/sd-login/test-login.c +@@ -8,20 +8,22 @@ + #include "sd-login.h" + + #include "alloc-util.h" ++#include "errno-list.h" + #include "fd-util.h" + #include "format-util.h" + #include "log.h" + #include "string-util.h" + #include "strv.h" +-#include "util.h" ++#include "time-util.h" ++#include "user-util.h" + + static char* format_uids(char **buf, uid_t* uids, int count) { +- int pos = 0, k, inc; ++ int pos = 0, inc; + size_t size = (DECIMAL_STR_MAX(uid_t) + 1) * count + 1; + + assert_se(*buf = malloc(size)); + +- for (k = 0; k < count; k++) { ++ for (int k = 0; k < count; k++) { + sprintf(*buf + pos, "%s"UID_FMT"%n", k > 0 ? " " : "", uids[k], &inc); + pos += inc; + } +@@ -32,6 +34,10 @@ static char* format_uids(char **buf, uid_t* uids, int count) { + return *buf; + } + ++static const char *e(int r) { ++ return r == 0 ? "OK" : errno_to_name(r); ++} ++ + static void test_login(void) { + _cleanup_close_pair_ int pair[2] = { -1, -1 }; + _cleanup_free_ char *pp = NULL, *qq = NULL, +@@ -41,65 +47,71 @@ static void test_login(void) { + *seat = NULL, *session = NULL, + *unit = NULL, *user_unit = NULL, *slice = NULL; + int r; +- uid_t u, u2; +- char *t, **seats, **sessions; ++ uid_t u, u2 = UID_INVALID; ++ char *t, **seats = NULL, **sessions = NULL; + + r = sd_pid_get_unit(0, &unit); +- assert_se(r >= 0 || r == -ENODATA); +- log_info("sd_pid_get_unit(0, …) → \"%s\"", strna(unit)); ++ log_info("sd_pid_get_unit(0, …) → %s / \"%s\"", e(r), strnull(unit)); ++ assert_se(IN_SET(r, 0, -ENODATA)); + + r = sd_pid_get_user_unit(0, &user_unit); +- assert_se(r >= 0 || r == -ENODATA); +- log_info("sd_pid_get_user_unit(0, …) → \"%s\"", strna(user_unit)); ++ log_info("sd_pid_get_user_unit(0, …) → %s / \"%s\"", e(r), strnull(user_unit)); ++ assert_se(IN_SET(r, 0, -ENODATA)); + + r = sd_pid_get_slice(0, &slice); +- assert_se(r >= 0 || r == -ENODATA); +- log_info("sd_pid_get_slice(0, …) → \"%s\"", strna(slice)); ++ log_info("sd_pid_get_slice(0, …) → %s / \"%s\"", e(r), strnull(slice)); ++ assert_se(IN_SET(r, 0, -ENODATA)); ++ ++ r = sd_pid_get_owner_uid(0, &u2); ++ log_info("sd_pid_get_owner_uid(0, …) → %s / "UID_FMT, e(r), u2); ++ assert_se(IN_SET(r, 0, -ENODATA)); + + r = sd_pid_get_session(0, &session); +- if (r < 0) { +- log_warning_errno(r, "sd_pid_get_session(0, …): %m"); +- if (r == -ENODATA) +- log_info("Seems we are not running in a session, skipping some tests."); +- } else { +- log_info("sd_pid_get_session(0, …) → \"%s\"", session); +- +- assert_se(sd_pid_get_owner_uid(0, &u2) == 0); +- log_info("sd_pid_get_owner_uid(0, …) → "UID_FMT, u2); +- +- assert_se(sd_pid_get_cgroup(0, &cgroup) == 0); +- log_info("sd_pid_get_cgroup(0, …) → \"%s\"", cgroup); +- +- r = sd_uid_get_display(u2, &display_session); +- assert_se(r >= 0 || r == -ENODATA); +- log_info("sd_uid_get_display("UID_FMT", …) → \"%s\"", +- u2, strnull(display_session)); +- +- assert_se(socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == 0); +- sd_peer_get_session(pair[0], &pp); +- sd_peer_get_session(pair[1], &qq); +- assert_se(streq_ptr(pp, qq)); +- +- r = sd_uid_get_sessions(u2, false, &sessions); ++ log_info("sd_pid_get_session(0, …) → %s / \"%s\"", e(r), strnull(session)); ++ ++ r = sd_pid_get_cgroup(0, &cgroup); ++ log_info("sd_pid_get_cgroup(0, …) → %s / \"%s\"", e(r), strnull(cgroup)); ++ assert_se(r == 0); ++ ++ r = sd_uid_get_display(u2, &display_session); ++ log_info("sd_uid_get_display("UID_FMT", …) → %s / \"%s\"", u2, e(r), strnull(display_session)); ++ if (u2 == UID_INVALID) ++ assert_se(r == -EINVAL); ++ else ++ assert_se(IN_SET(r, 0, -ENODATA)); ++ ++ assert_se(socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == 0); ++ sd_peer_get_session(pair[0], &pp); ++ sd_peer_get_session(pair[1], &qq); ++ assert_se(streq_ptr(pp, qq)); ++ ++ r = sd_uid_get_sessions(u2, false, &sessions); ++ assert_se(t = strv_join(sessions, " ")); ++ log_info("sd_uid_get_sessions("UID_FMT", …) → %s \"%s\"", u2, e(r), t); ++ if (u2 == UID_INVALID) ++ assert_se(r == -EINVAL); ++ else { + assert_se(r >= 0); + assert_se(r == (int) strv_length(sessions)); +- assert_se(t = strv_join(sessions, " ")); +- strv_free(sessions); +- log_info("sd_uid_get_sessions("UID_FMT", …) → [%i] \"%s\"", u2, r, t); +- free(t); ++ } ++ sessions = strv_free(sessions); ++ free(t); + +- assert_se(r == sd_uid_get_sessions(u2, false, NULL)); ++ assert_se(r == sd_uid_get_sessions(u2, false, NULL)); + +- r = sd_uid_get_seats(u2, false, &seats); ++ r = sd_uid_get_seats(u2, false, &seats); ++ assert_se(t = strv_join(seats, " ")); ++ log_info("sd_uid_get_seats("UID_FMT", …) → %s \"%s\"", u2, e(r), t); ++ if (u2 == UID_INVALID) ++ assert_se(r == -EINVAL); ++ else { + assert_se(r >= 0); + assert_se(r == (int) strv_length(seats)); +- assert_se(t = strv_join(seats, " ")); +- strv_free(seats); +- log_info("sd_uid_get_seats("UID_FMT", …) → [%i] \"%s\"", u2, r, t); +- free(t); +- +- assert_se(r == sd_uid_get_seats(u2, false, NULL)); + } ++ seats = strv_free(seats); ++ free(t); ++ ++ assert_se(r == sd_uid_get_seats(u2, false, NULL)); + + if (session) { + r = sd_session_is_active(session); +@@ -111,7 +123,7 @@ static void test_login(void) { + log_info("sd_session_is_remote(\"%s\") → %s", session, yes_no(r)); + + r = sd_session_get_state(session, &state); +- assert_se(r >= 0); ++ assert_se(r == 0); + log_info("sd_session_get_state(\"%s\") → \"%s\"", session, state); + + assert_se(sd_session_get_uid(session, &u) >= 0); +@@ -125,16 +137,16 @@ static void test_login(void) { + log_info("sd_session_get_class(\"%s\") → \"%s\"", session, class); + + r = sd_session_get_display(session, &display); +- assert_se(r >= 0 || r == -ENODATA); ++ assert_se(IN_SET(r, 0, -ENODATA)); + log_info("sd_session_get_display(\"%s\") → \"%s\"", session, strna(display)); + + r = sd_session_get_remote_user(session, &remote_user); +- assert_se(r >= 0 || r == -ENODATA); ++ assert_se(IN_SET(r, 0, -ENODATA)); + log_info("sd_session_get_remote_user(\"%s\") → \"%s\"", + session, strna(remote_user)); + + r = sd_session_get_remote_host(session, &remote_host); +- assert_se(r >= 0 || r == -ENODATA); ++ assert_se(IN_SET(r, 0, -ENODATA)); + log_info("sd_session_get_remote_host(\"%s\") → \"%s\"", + session, strna(remote_host)); + +@@ -160,7 +172,7 @@ static void test_login(void) { + assert_se(r == -ENODATA); + } + +- assert_se(sd_uid_get_state(u, &state2) >= 0); ++ assert_se(sd_uid_get_state(u, &state2) == 0); + log_info("sd_uid_get_state("UID_FMT", …) → %s", u, state2); + } + +@@ -172,11 +184,11 @@ static void test_login(void) { + assert_se(sd_uid_is_on_seat(u, 0, seat) > 0); + + r = sd_seat_get_active(seat, &session2, &u2); +- assert_se(r >= 0); ++ assert_se(r == 0); + log_info("sd_seat_get_active(\"%s\", …) → \"%s\", "UID_FMT, seat, session2, u2); + + r = sd_uid_is_on_seat(u, 1, seat); +- assert_se(r >= 0); ++ assert_se(IN_SET(r, 0, 1)); + assert_se(!!r == streq(session, session2)); + + r = sd_seat_get_sessions(seat, &sessions, &uids, &n); +@@ -184,8 +196,8 @@ static void test_login(void) { + assert_se(r == (int) strv_length(sessions)); + assert_se(t = strv_join(sessions, " ")); + strv_free(sessions); +- log_info("sd_seat_get_sessions(\"%s\", …) → %i, \"%s\", [%i] {%s}", +- seat, r, t, n, format_uids(&buf, uids, n)); ++ log_info("sd_seat_get_sessions(\"%s\", …) → %s, \"%s\", [%u] {%s}", ++ seat, e(r), t, n, format_uids(&buf, uids, n)); + free(t); + + assert_se(sd_seat_get_sessions(seat, NULL, NULL, NULL) == r); +@@ -203,7 +215,7 @@ static void test_login(void) { + + r = sd_seat_get_active(NULL, &t, NULL); + assert_se(IN_SET(r, 0, -ENODATA)); +- log_info("sd_seat_get_active(NULL, …) (active session on current seat) → %s", strnull(t)); ++ log_info("sd_seat_get_active(NULL, …) (active session on current seat) → %s / \"%s\"", e(r), strnull(t)); + free(t); + + r = sd_get_sessions(&sessions); +@@ -243,13 +255,11 @@ static void test_login(void) { + + static void test_monitor(void) { + sd_login_monitor *m = NULL; +- unsigned n; + int r; + +- r = sd_login_monitor_new("session", &m); +- assert_se(r >= 0); ++ assert_se(sd_login_monitor_new("session", &m) == 0); + +- for (n = 0; n < 5; n++) { ++ for (unsigned n = 0; n < 5; n++) { + struct pollfd pollfd = {}; + usec_t timeout, nw; + diff --git a/10014-pager-make-pager-secure-when-under-euid-is-changed.patch b/0907-pager-make-pager-secure-when-under-euid-is-changed-o.patch similarity index 82% rename from 10014-pager-make-pager-secure-when-under-euid-is-changed.patch rename to 0907-pager-make-pager-secure-when-under-euid-is-changed-o.patch index 0161d6b..543ff64 100644 --- a/10014-pager-make-pager-secure-when-under-euid-is-changed.patch +++ b/0907-pager-make-pager-secure-when-under-euid-is-changed-o.patch @@ -1,21 +1,46 @@ -From cb0335a867e8a9dfce737ed5f91f1e35bcb16af1 Mon Sep 17 00:00:00 2001 -From: Liwei Ge -Date: Wed, 28 Jun 2023 15:36:12 +0800 -Subject: [PATCH 10014/10014] pager: make pager secure when under euid is - changed +From 9c8a6018ed4a4da6efb1fc6958e70f9324bb5b1e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Wed, 7 Oct 2020 11:15:05 +0200 +Subject: [PATCH] pager: make pager secure when under euid is changed or + explicitly requested -backport patch from -https://github.com/systemd/systemd/commit/ -0a42426d797406b4b01a0d9c13bb759c2629d108 +The variable is renamed to SYSTEMD_PAGERSECURE (because it's not just about +less now), and we automatically enable secure mode in certain cases, but not +otherwise. -Signed-off-by: Liwei Ge +This approach is more nuanced, but should provide a better experience for +users: + +- Previusly we would set LESSSECURE=1 and trust the pager to make use of + it. But this has an effect only on less. We need to not start pagers which + are insecure when in secure mode. In particular more is like that and is a + very popular pager. + +- We don't enable secure mode always, which means that those other pagers can + reasonably used. + +- We do the right thing by default, but the user has ultimate control by + setting SYSTEMD_PAGERSECURE. + +Fixes #5666. + +v2: +- also check $PKEXEC_UID + +v3: +- use 'sd_pid_get_owner_uid() != geteuid()' as the condition + +(cherry picked from commit 0a42426d797406b4b01a0d9c13bb759c2629d108) + +Resolves: #2175623 --- man/less-variables.xml | 28 ++++++++++++++--- + meson.build | 3 +- src/basic/pager.c | 69 +++++++++++++++++++++++++++--------------- - 2 files changed, 67 insertions(+), 30 deletions(-) + 3 files changed, 69 insertions(+), 31 deletions(-) diff --git a/man/less-variables.xml b/man/less-variables.xml -index 9dad424..5f3a53c 100644 +index 9dad4247da..5f3a53c8dd 100644 --- a/man/less-variables.xml +++ b/man/less-variables.xml @@ -37,12 +37,30 @@ @@ -54,8 +79,22 @@ index 9dad424..5f3a53c 100644 +diff --git a/meson.build b/meson.build +index 673800a1a7..d986dd24ac 100644 +--- a/meson.build ++++ b/meson.build +@@ -1467,7 +1467,8 @@ test_dlopen = executable( + 'test-dlopen', + test_dlopen_c, + include_directories : includes, +- link_with : [libbasic], ++ link_with : [libsystemd_static, ++ libbasic], + dependencies : [libdl]) + + foreach tuple : [['myhostname', 'ENABLE_NSS_MYHOSTNAME'], diff --git a/src/basic/pager.c b/src/basic/pager.c -index 4efb01c..c7e1012 100644 +index 4efb01c483..c7e101235d 100644 --- a/src/basic/pager.c +++ b/src/basic/pager.c @@ -10,6 +10,8 @@ @@ -157,6 +196,3 @@ index 4efb01c..c7e1012 100644 pager_fallback(); /* not reached */ --- -2.27.0 - diff --git a/0908-test-ignore-ENOMEDIUM-error-from-sd_pid_get_cgroup.patch b/0908-test-ignore-ENOMEDIUM-error-from-sd_pid_get_cgroup.patch new file mode 100644 index 0000000..405232b --- /dev/null +++ b/0908-test-ignore-ENOMEDIUM-error-from-sd_pid_get_cgroup.patch @@ -0,0 +1,30 @@ +From 1d8931bb5d65e9f77b470835786a97f814bd93ea Mon Sep 17 00:00:00 2001 +From: Dan Streetman +Date: Fri, 23 Oct 2020 15:50:28 -0400 +Subject: [PATCH] test: ignore ENOMEDIUM error from sd_pid_get_cgroup() + +Ubuntu builds on the Launchpad infrastructure run inside a chroot that does +not have the sysfs cgroup dirs mounted, so this call will return ENOMEDIUM +from cg_unified_cached() during the build-time testing, for example when +building the package in a Launchpad PPA. + +(cherry picked from commit 352ab9d74049b4ac694fdba1a6e67339f12ded93) + +Related: #2175623 +--- + src/libsystemd/sd-login/test-login.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libsystemd/sd-login/test-login.c b/src/libsystemd/sd-login/test-login.c +index 60ef889ec0..d24a04ccc8 100644 +--- a/src/libsystemd/sd-login/test-login.c ++++ b/src/libsystemd/sd-login/test-login.c +@@ -71,7 +71,7 @@ static void test_login(void) { + + r = sd_pid_get_cgroup(0, &cgroup); + log_info("sd_pid_get_cgroup(0, …) → %s / \"%s\"", e(r), strnull(cgroup)); +- assert_se(r == 0); ++ assert_se(IN_SET(r, 0, -ENOMEDIUM)); + + r = sd_uid_get_display(u2, &display_session); + log_info("sd_uid_get_display("UID_FMT", …) → %s / \"%s\"", u2, e(r), strnull(display_session)); diff --git a/0909-pstore-fix-crash-and-forward-dummy-arguments-instead.patch b/0909-pstore-fix-crash-and-forward-dummy-arguments-instead.patch new file mode 100644 index 0000000..588c30f --- /dev/null +++ b/0909-pstore-fix-crash-and-forward-dummy-arguments-instead.patch @@ -0,0 +1,31 @@ +From 5bb3dd9c96b55a4a9da23ed96b5a2681d82dc500 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Wed, 26 Apr 2023 20:07:10 +0200 +Subject: [PATCH] pstore: fix crash and forward dummy arguments instead of NULL + +[msekleta: in our version of systemd "const char path*" argument of +path_join() can't be NULL. Here we don't really want any subdirs paths +passed into move_file(), but we can't just pass NULL pointers because +they will be forwarded to path_join(). Hence, let's just pass "/" +instead.] + +rhel-only + +Related: #2190153 +--- + src/pstore/pstore.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/pstore/pstore.c b/src/pstore/pstore.c +index 9f61e8f7f8..5335c9f92d 100644 +--- a/src/pstore/pstore.c ++++ b/src/pstore/pstore.c +@@ -366,7 +366,7 @@ static int run(int argc, char *argv[]) { + + /* Move left over files out of pstore */ + for (size_t n = 0; n < list.n_entries; n++) +- (void) move_file(&list.entries[n], NULL, NULL); ++ (void) move_file(&list.entries[n], "/", "/"); + + return 0; + } diff --git a/0910-ci-workflow-for-gathering-metadata-for-source-git-au.patch b/0910-ci-workflow-for-gathering-metadata-for-source-git-au.patch new file mode 100644 index 0000000..3b3abf3 --- /dev/null +++ b/0910-ci-workflow-for-gathering-metadata-for-source-git-au.patch @@ -0,0 +1,51 @@ +From d78272e6c2dddcbca891cb5d561f23ff766486a8 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Mon, 24 Apr 2023 15:13:08 +0200 +Subject: [PATCH] ci: workflow for gathering metadata for source-git automation + +Workflow gathers metadata like pull request numbers and information about commits. +This metadata is used for commit validation and other actions. +This workflow also triggers for rest of the source-git automation workflows. + +rhel-only + +Related: #2190153 +--- + .github/workflows/gather-metadata.yml | 28 +++++++++++++++++++++++++++ + 1 file changed, 28 insertions(+) + create mode 100644 .github/workflows/gather-metadata.yml + +diff --git a/.github/workflows/gather-metadata.yml b/.github/workflows/gather-metadata.yml +new file mode 100644 +index 0000000000..f432f41811 +--- /dev/null ++++ b/.github/workflows/gather-metadata.yml +@@ -0,0 +1,28 @@ ++name: Gather Pull Request Metadata ++on: ++ pull_request: ++ types: [ opened, reopened, synchronize ] ++ branches: ++ - main ++ - rhel-8.*.0 ++ ++permissions: ++ contents: read ++ ++jobs: ++ gather-metadata: ++ runs-on: ubuntu-latest ++ ++ steps: ++ - name: Repository checkout ++ uses: actions/checkout@v3 ++ ++ - id: Metadata ++ name: Gather Pull Request Metadata ++ uses: redhat-plumbers-in-action/gather-pull-request-metadata@v1 ++ ++ - name: Upload artifact with gathered metadata ++ uses: actions/upload-artifact@v3 ++ with: ++ name: pr-metadata ++ path: ${{ steps.Metadata.outputs.metadata-file }} diff --git a/0911-ci-first-part-of-the-source-git-automation-commit-li.patch b/0911-ci-first-part-of-the-source-git-automation-commit-li.patch new file mode 100644 index 0000000..e6dc994 --- /dev/null +++ b/0911-ci-first-part-of-the-source-git-automation-commit-li.patch @@ -0,0 +1,103 @@ +From e08bdd25344ed475f48d22a1c303421e19489427 Mon Sep 17 00:00:00 2001 +From: Jan Macku +Date: Mon, 24 Apr 2023 15:15:00 +0200 +Subject: [PATCH] ci: first part of the source-git automation - commit linter + +Add a GitHub Workflow that is triggered on `workflow_run` events. +It uses metadata provided by `redhat-plumbers-in-action/gather-pull-request-metadata` +GitHub Action to get the PR number and the commit metadata. +The commit metadata is then used to check if the commit message contains +all required information (tracker and upstream reference). GitHub Action +responsible for commit verification `redhat-plumbers-in-action/advanced-commit-linter` +is configured via the `advanced-commit-linter.yml` file. + +rhel-only + +Related: #2190153 +--- + .github/advanced-commit-linter.yml | 23 +++++++++++ + .github/workflows/source-git-automation.yml | 45 +++++++++++++++++++++ + 2 files changed, 68 insertions(+) + create mode 100644 .github/advanced-commit-linter.yml + create mode 100644 .github/workflows/source-git-automation.yml + +diff --git a/.github/advanced-commit-linter.yml b/.github/advanced-commit-linter.yml +new file mode 100644 +index 0000000000..491836abbb +--- /dev/null ++++ b/.github/advanced-commit-linter.yml +@@ -0,0 +1,23 @@ ++policy: ++ cherry-pick: ++ upstream: ++ - github: systemd/systemd ++ - github: systemd/systemd-stable ++ exception: ++ note: ++ - rhel-only ++ tracker: ++ - keyword: ++ - 'Resolves: #?' ++ - 'Related: #?' ++ - 'Reverts: #?' ++ issue-format: ++ - '\d+$' ++ url: 'https://bugzilla.redhat.com/show_bug.cgi?id=' ++ - keyword: ++ - 'Resolves: ' ++ - 'Related: ' ++ - 'Reverts: ' ++ issue-format: ++ - 'RHEL-\d+$' ++ url: 'https://issues.redhat.com/browse/' +diff --git a/.github/workflows/source-git-automation.yml b/.github/workflows/source-git-automation.yml +new file mode 100644 +index 0000000000..140f21b116 +--- /dev/null ++++ b/.github/workflows/source-git-automation.yml +@@ -0,0 +1,45 @@ ++name: Source git Automation ++on: ++ workflow_run: ++ workflows: [ Gather Pull Request Metadata ] ++ types: ++ - completed ++ ++permissions: ++ contents: read ++ ++jobs: ++ download-metadata: ++ if: > ++ github.event.workflow_run.event == 'pull_request' && ++ github.event.workflow_run.conclusion == 'success' ++ runs-on: ubuntu-latest ++ ++ outputs: ++ pr-metadata: ${{ steps.Artifact.outputs.pr-metadata-json }} ++ ++ steps: ++ - id: Artifact ++ name: Download Artifact ++ uses: redhat-plumbers-in-action/download-artifact@v1 ++ with: ++ name: pr-metadata ++ ++ commit-linter: ++ needs: [ download-metadata ] ++ runs-on: ubuntu-latest ++ ++ outputs: ++ validated-pr-metadata: ${{ steps.commit-linter.outputs.validated-pr-metadata }} ++ ++ permissions: ++ statuses: write ++ pull-requests: write ++ ++ steps: ++ - id: commit-linter ++ name: Lint Commits ++ uses: redhat-plumbers-in-action/advanced-commit-linter@v1 ++ with: ++ pr-metadata: ${{ needs.download-metadata.outputs.pr-metadata }} ++ token: ${{ secrets.GITHUB_TOKEN }} diff --git a/0912-login-add-a-missing-error-check-for-session_set_lead.patch b/0912-login-add-a-missing-error-check-for-session_set_lead.patch new file mode 100644 index 0000000..7a23c6a --- /dev/null +++ b/0912-login-add-a-missing-error-check-for-session_set_lead.patch @@ -0,0 +1,32 @@ +From 1ac7d4d5ee3bb00a3e7d310f7b8803812940e0a4 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Thu, 14 Feb 2019 10:59:13 +0900 +Subject: [PATCH] login: add a missing error check for session_set_leader() + +session_set_leader() may fail. If it fails, then manager_start_scope() +will trigger assertion. + +This may be related to RHBZ#1663704. + +(cherry picked from commit fe3ab8458b9c0ead4b3e14ac25b342d8c34376fe) + +Related: #2223602 +--- + src/login/logind-dbus.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c +index 81aacb4eed..5edcf4e43f 100644 +--- a/src/login/logind-dbus.c ++++ b/src/login/logind-dbus.c +@@ -784,7 +784,9 @@ static int method_create_session(sd_bus_message *message, void *userdata, sd_bus + goto fail; + + session_set_user(session, user); +- session_set_leader(session, leader); ++ r = session_set_leader(session, leader); ++ if (r < 0) ++ goto fail; + + session->type = t; + session->class = c; diff --git a/0913-logind-reset-session-leader-if-we-know-for-a-fact-th.patch b/0913-logind-reset-session-leader-if-we-know-for-a-fact-th.patch new file mode 100644 index 0000000..b08b3b7 --- /dev/null +++ b/0913-logind-reset-session-leader-if-we-know-for-a-fact-th.patch @@ -0,0 +1,77 @@ +From 33c66376740d069502ae807d0fa582865cddc359 Mon Sep 17 00:00:00 2001 +From: Michal Sekletar +Date: Wed, 5 Jul 2023 15:27:38 +0200 +Subject: [PATCH] logind: reset session leader if we know for a fact that it is + gone + +rhel-only + +Related: #2223602 +--- + src/login/logind-dbus.c | 3 +++ + src/login/logind-session.c | 18 ++++++++++++++++++ + src/login/logind-session.h | 1 + + 3 files changed, 22 insertions(+) + +diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c +index 5edcf4e43f..dbac406035 100644 +--- a/src/login/logind-dbus.c ++++ b/src/login/logind-dbus.c +@@ -3169,6 +3169,9 @@ int match_job_removed(sd_bus_message *message, void *userdata, sd_bus_error *err + session->scope_job = mfree(session->scope_job); + (void) session_jobs_reply(session, unit, result); + ++ /* Scope job is done so leader should be gone as well. */ ++ session_invalidate_leader(session); ++ + session_save(session); + user_save(session->user); + } +diff --git a/src/login/logind-session.c b/src/login/logind-session.c +index 916202a65a..c143202d0b 100644 +--- a/src/login/logind-session.c ++++ b/src/login/logind-session.c +@@ -179,6 +179,23 @@ int session_set_leader(Session *s, pid_t pid) { + return 1; + } + ++int session_invalidate_leader(Session *s) { ++ assert(s); ++ ++ if (s->leader <= 0) ++ return 0; ++ ++ if (pid_is_alive(s->leader)) ++ return 0; ++ ++ (void) hashmap_remove_value(s->manager->sessions_by_leader, PID_TO_PTR(s->leader), s); ++ s->leader = 0; ++ ++ (void) session_save(s); ++ ++ return 1; ++} ++ + static void session_save_devices(Session *s, FILE *f) { + SessionDevice *sd; + Iterator i; +@@ -1096,6 +1113,7 @@ static int session_dispatch_fifo(sd_event_source *es, int fd, uint32_t revents, + /* EOF on the FIFO means the session died abnormally. */ + + session_remove_fifo(s); ++ session_invalidate_leader(s); + session_stop(s, false); + + return 1; +diff --git a/src/login/logind-session.h b/src/login/logind-session.h +index 6678441bb9..0557696761 100644 +--- a/src/login/logind-session.h ++++ b/src/login/logind-session.h +@@ -127,6 +127,7 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(Session *, session_free); + + void session_set_user(Session *s, User *u); + int session_set_leader(Session *s, pid_t pid); ++int session_invalidate_leader(Session *s); + bool session_may_gc(Session *s, bool drop_not_started); + void session_add_to_gc_queue(Session *s); + int session_activate(Session *s); diff --git a/10000-core-fix-a-null-reference-case-in-load_from_path.patch b/10000-core-fix-a-null-reference-case-in-load_from_path.patch deleted file mode 100644 index e15690c..0000000 --- a/10000-core-fix-a-null-reference-case-in-load_from_path.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 11e4aae398f9d26c7c4e54bfa6621f80a3ed2100 Mon Sep 17 00:00:00 2001 -From: Wen Yang -Date: Tue, 19 Apr 2022 11:04:47 +0800 -Subject: [PATCH] fix a null reference case in load_from_path() - ---- - src/core/load-fragment.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c -index c0b1fd4..f59a040 100644 ---- a/src/core/load-fragment.c -+++ b/src/core/load-fragment.c -@@ -4477,7 +4477,6 @@ static int load_from_path(Unit *u, const char *path) { - r = open_follow(&filename, &f, symlink_names, &id); - if (r >= 0) - break; -- filename = mfree(filename); - - /* ENOENT means that the file is missing or is a dangling symlink. - * ENOTDIR means that one of paths we expect to be is a directory -@@ -4486,7 +4485,8 @@ static int load_from_path(Unit *u, const char *path) { - */ - if (r == -EACCES) - log_debug_errno(r, "Cannot access \"%s\": %m", filename); -- else if (!IN_SET(r, -ENOENT, -ENOTDIR)) -+ filename = mfree(filename); -+ if (!IN_SET(r, -ENOENT, -ENOTDIR)) - return r; - - /* Empty the symlink names for the next run */ --- -2.27.0 - diff --git a/10001-sysctl-Don-t-pass-null-directive-argument-to-s.patch b/10001-sysctl-Don-t-pass-null-directive-argument-to-s.patch deleted file mode 100644 index ec09ee4..0000000 --- a/10001-sysctl-Don-t-pass-null-directive-argument-to-s.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 1b3f7805ed7c193e17cb5bad4f4f19c2f72f3d08 Mon Sep 17 00:00:00 2001 -From: Khem Raj -Date: Tue, 19 Apr 2022 11:16:42 +0800 -Subject: [PATCH] sysctl: Don't pass null directive argument to '%s' - ---- - src/sysctl/sysctl.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/sysctl/sysctl.c b/src/sysctl/sysctl.c -index 4c85d68..e756eff 100644 ---- a/src/sysctl/sysctl.c -+++ b/src/sysctl/sysctl.c -@@ -160,7 +160,7 @@ static int parse_file(OrderedHashmap *sysctl_options, const char *path, bool ign - - value = strchr(p, '='); - if (!value) { -- log_error("Line is not an assignment at '%s:%u': %s", path, c, value); -+ log_error("Line is not an assignment at '%s:%u': %s", path, c, p); - - if (r == 0) - r = -EINVAL; --- -2.27.0 - diff --git a/10002-exit-status-introduce-EXIT_EXCEPTION-mapping-to-255.patch b/10002-exit-status-introduce-EXIT_EXCEPTION-mapping-to-255.patch deleted file mode 100644 index 66539a0..0000000 --- a/10002-exit-status-introduce-EXIT_EXCEPTION-mapping-to-255.patch +++ /dev/null @@ -1,52 +0,0 @@ -From f7940c9cdf872d7504aca9637e9fd14328b2b726 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 19 Apr 2022 11:26:10 +0800 -Subject: [PATCH] exit-status: introduce EXIT_EXCEPTION mapping to 255 - ---- - src/basic/exit-status.c | 9 ++++++--- - src/basic/exit-status.h | 1 + - 2 files changed, 7 insertions(+), 3 deletions(-) - -diff --git a/src/basic/exit-status.c b/src/basic/exit-status.c -index 0a7a53b..8b67d44 100644 ---- a/src/basic/exit-status.c -+++ b/src/basic/exit-status.c -@@ -19,9 +19,9 @@ const char* exit_status_to_string(int status, ExitStatusLevel level) { - * 79…199 │ (Currently unmapped) - * 200…241 │ systemd's private error codes (might be extended to 254 in future development) - * 242…254 │ (Currently unmapped, but see above) -- * 255 │ (We should probably stay away from that one, it's frequently used by applications to indicate an -- * │ exit reason that cannot really be expressed in a single exit status value — such as a propagated -- * │ signal or such) -+ * 255 │ EXIT_EXCEPTION (We use this to propagate exit-by-signal events. It's frequently used by others apps (like bash) -+ * │ to indicate exit reason that cannot really be expressed in a single exit status value — such as a propagated -+ * │ signal or such, and we follow that logic here.) - */ - - switch (status) { /* We always cover the ISO C ones */ -@@ -158,6 +158,9 @@ const char* exit_status_to_string(int status, ExitStatusLevel level) { - - case EXIT_NUMA_POLICY: - return "NUMA_POLICY"; -+ -+ case EXIT_EXCEPTION: -+ return "EXCEPTION"; - } - } - -diff --git a/src/basic/exit-status.h b/src/basic/exit-status.h -index dc284aa..e923247 100644 ---- a/src/basic/exit-status.h -+++ b/src/basic/exit-status.h -@@ -70,6 +70,7 @@ enum { - EXIT_LOGS_DIRECTORY, /* 240 */ - EXIT_CONFIGURATION_DIRECTORY, - EXIT_NUMA_POLICY, -+ EXIT_EXCEPTION = 255, /* Whenever we want to propagate an abnormal/signal exit, in line with bash */ - }; - - typedef enum ExitStatusLevel { --- -2.27.0 - diff --git a/10003-main-don-t-freeze-PID-1-in-containers-exit-with-non-.patch b/10003-main-don-t-freeze-PID-1-in-containers-exit-with-non-.patch deleted file mode 100644 index 026fc66..0000000 --- a/10003-main-don-t-freeze-PID-1-in-containers-exit-with-non-.patch +++ /dev/null @@ -1,52 +0,0 @@ -From dffb92b5520a4b539f0466d4161fcaacc6ba5ba8 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 19 Apr 2022 11:34:27 +0800 -Subject: [PATCH] main: don't freeze PID 1 in containers, exit with - ---- - src/core/main.c | 14 ++++++++++---- - 1 file changed, 10 insertions(+), 4 deletions(-) - -diff --git a/src/core/main.c b/src/core/main.c -index d897155..0aec5d1 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -139,7 +139,13 @@ static NUMAPolicy arg_numa_policy; - static int parse_configuration(const struct rlimit *saved_rlimit_nofile, - const struct rlimit *saved_rlimit_memlock); - --_noreturn_ static void freeze_or_reboot(void) { -+_noreturn_ static void freeze_or_exit_or_reboot(void) { -+ /* If we are running in a contianer, let's prefer exiting, after all we can propagate an exit code to the -+ * container manager, and thus inform it that something went wrong. */ -+ if (detect_container() > 0) { -+ log_emergency("Exiting PID 1..."); -+ exit(EXIT_EXCEPTION); -+ } - - if (arg_crash_reboot) { - log_notice("Rebooting in 10s..."); -@@ -247,7 +253,7 @@ _noreturn_ static void crash(int sig) { - } - } - -- freeze_or_reboot(); -+ freeze_or_exit_or_reboot(); - } - - static void install_crash_handler(void) { -@@ -2664,9 +2670,9 @@ finish: - if (error_message) - manager_status_printf(NULL, STATUS_TYPE_EMERGENCY, - ANSI_HIGHLIGHT_RED "!!!!!!" ANSI_NORMAL, -- "%s, freezing.", error_message); -- freeze_or_reboot(); -+ "%s.", error_message); -+ freeze_or_exit_or_reboot(); - } - - reset_arguments(); - return retval; --- -2.27.0 - diff --git a/10004-Do-not-go-into-freeze-when-systemd-crashd.patch b/10004-Do-not-go-into-freeze-when-systemd-crashd.patch deleted file mode 100644 index 1cb12cc..0000000 --- a/10004-Do-not-go-into-freeze-when-systemd-crashd.patch +++ /dev/null @@ -1,103 +0,0 @@ -From 64072aab92ff6489a2e460a9bdd1cfefa587264b Mon Sep 17 00:00:00 2001 -From: Yuanhong Peng -Date: Tue, 19 Apr 2022 13:36:09 +0800 -Subject: [PATCH] Do not go into freeze when systemd crashd - ---- - src/core/main.c | 41 ++++++++++++++++++++++++++++++++++++++++- - 1 file changed, 40 insertions(+), 1 deletion(-) - -diff --git a/src/core/main.c b/src/core/main.c -index 0aec5d1..db91151 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -3,6 +3,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -10,6 +11,7 @@ - #include - #include - #include -+#include - #include - #if HAVE_SECCOMP - #include -@@ -135,10 +137,41 @@ static sd_id128_t arg_machine_id; - static EmergencyAction arg_cad_burst_action; - static CPUSet arg_cpu_affinity; - static NUMAPolicy arg_numa_policy; -+static bool reexec_jmp_can = false; -+static bool reexec_jmp_inited = false; -+static sigjmp_buf reexec_jmp_buf; - - static int parse_configuration(const struct rlimit *saved_rlimit_nofile, - const struct rlimit *saved_rlimit_memlock); - -+static void reexec_handler(int sig) { -+ reexec_jmp_can = true; -+} -+ -+_noreturn_ static void freeze_wait_upgrade(void) { -+ struct sigaction sa; -+ sigset_t ss; -+ -+ sigemptyset(&ss); -+ sigaddset(&ss, SIGTERM); -+ sigprocmask(SIG_UNBLOCK, &ss, NULL); -+ -+ sa.sa_handler = reexec_handler; -+ sa.sa_flags = SA_RESTART; -+ sigaction(SIGTERM, &sa, NULL); -+ -+ log_error("freeze_wait_upgrade: %d\n", reexec_jmp_inited); -+ reexec_jmp_can = false; -+ while(1) { -+ usleep(10000); -+ if (reexec_jmp_inited && reexec_jmp_can) { -+ log_error("goto manager_reexecute.\n"); -+ siglongjmp(reexec_jmp_buf, 1); -+ } -+ waitpid(-1, NULL, WNOHANG); -+ } -+} -+ - _noreturn_ static void freeze_or_exit_or_reboot(void) { - /* If we are running in a contianer, let's prefer exiting, after all we can propagate an exit code to the - * container manager, and thus inform it that something went wrong. */ -@@ -157,7 +190,8 @@ _noreturn_ static void freeze_or_exit_or_reboot(void) { - } - - log_emergency("Freezing execution."); -- freeze(); -+ freeze_wait_upgrade(); -+ - } - - _noreturn_ static void crash(int sig) { -@@ -1667,6 +1701,10 @@ static int invoke_main_loop( - assert(ret_switch_root_init); - assert(ret_error_message); - -+ reexec_jmp_inited = true; -+ if (sigsetjmp(reexec_jmp_buf, 1)) -+ goto manager_reexecute; -+ - for (;;) { - r = manager_loop(m); - if (r < 0) { -@@ -1709,6 +1747,7 @@ static int invoke_main_loop( - - case MANAGER_REEXECUTE: - -+manager_reexecute: - r = prepare_reexecute(m, &arg_serialization, ret_fds, false); - if (r < 0) { - *ret_error_message = "Failed to prepare for reexecution"; --- -2.27.0 - diff --git a/10005-mount-setup-change-the-system-mount-propagation-to-s.patch b/10005-mount-setup-change-the-system-mount-propagation-to-s.patch deleted file mode 100644 index fa95141..0000000 --- a/10005-mount-setup-change-the-system-mount-propagation-to-s.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 0c7f29561634f9374c0d9042304f4d4caa4242f0 Mon Sep 17 00:00:00 2001 -From: Wen Yang -Date: Tue, 19 Apr 2022 13:50:04 +0800 -Subject: [PATCH] mount-setup: change the system mount propagation to - ---- - src/core/main.c | 2 +- - src/core/mount-setup.c | 4 ++-- - src/core/mount-setup.h | 2 +- - 3 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/core/main.c b/src/core/main.c -index db91151..81dae1c 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -2519,7 +2519,7 @@ int main(int argc, char *argv[]) { - if (!skip_setup) - kmod_setup(); - -- r = mount_setup(loaded_policy); -+ r = mount_setup(loaded_policy, skip_setup); - if (r < 0) { - error_message = "Failed to mount API filesystems"; - goto finish; -diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c -index a659458..9f9f953 100644 ---- a/src/core/mount-setup.c -+++ b/src/core/mount-setup.c -@@ -400,7 +400,7 @@ static int relabel_cgroup_filesystems(void) { - } - #endif - --int mount_setup(bool loaded_policy) { -+int mount_setup(bool loaded_policy, bool leave_propagation) { - int r = 0; - - r = mount_points_setup(ELEMENTSOF(mount_table), loaded_policy); -@@ -444,7 +444,7 @@ int mount_setup(bool loaded_policy) { - * needed. Note that we set this only when we are invoked directly by the kernel. If we are invoked by a - * container manager we assume the container manager knows what it is doing (for example, because it set up - * some directories with different propagation modes). */ -- if (detect_container() <= 0) -+ if (detect_container() <= 0 && !leave_propagation) - if (mount(NULL, "/", NULL, MS_REC|MS_SHARED, NULL) < 0) - log_warning_errno(errno, "Failed to set up the root directory for shared mount propagation: %m"); - -diff --git a/src/core/mount-setup.h b/src/core/mount-setup.h -index 43cd890..7a011b2 100644 ---- a/src/core/mount-setup.h -+++ b/src/core/mount-setup.h -@@ -4,7 +4,7 @@ - #include - - int mount_setup_early(void); --int mount_setup(bool loaded_policy); -+int mount_setup(bool loaded_policy, bool leave_propagation); - - int mount_cgroup_controllers(char ***join_controllers); - --- -2.27.0 - diff --git a/10006-cgroup-util-make-definition-of-CGROUP_CONTROLLER_TO_.patch b/10006-cgroup-util-make-definition-of-CGROUP_CONTROLLER_TO_.patch deleted file mode 100644 index 9a5fa6e..0000000 --- a/10006-cgroup-util-make-definition-of-CGROUP_CONTROLLER_TO_.patch +++ /dev/null @@ -1,26 +0,0 @@ -From d449667a6a545a46647911838731e8e46a5a39ed Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 19 Apr 2022 13:56:39 +0800 -Subject: [PATCH] cgroup-util: make definition of CGROUP_CONTROLLER_TO_MASK() - unsigned - ---- - src/basic/cgroup-util.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h -index 1210b38..76659c3 100644 ---- a/src/basic/cgroup-util.h -+++ b/src/basic/cgroup-util.h -@@ -31,7 +31,7 @@ typedef enum CGroupController { - _CGROUP_CONTROLLER_INVALID = -1, - } CGroupController; - --#define CGROUP_CONTROLLER_TO_MASK(c) (1 << (c)) -+#define CGROUP_CONTROLLER_TO_MASK(c) (1U << (c)) - - /* A bit mask of well known cgroup controllers */ - typedef enum CGroupMask { --- -2.27.0 - diff --git a/10007-cgroup-update-only-siblings-that-got-realized-once.patch b/10007-cgroup-update-only-siblings-that-got-realized-once.patch deleted file mode 100644 index 068f21c..0000000 --- a/10007-cgroup-update-only-siblings-that-got-realized-once.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 841539281bed5187d2f773097eefb0bb3c5057ec Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 19 Apr 2022 14:03:12 +0800 -Subject: [PATCH] cgroup: update only siblings that got realized once - ---- - src/core/cgroup.c | 16 +++++++++++++++- - 1 file changed, 15 insertions(+), 1 deletion(-) - -diff --git a/src/core/cgroup.c b/src/core/cgroup.c -index f02cc31..e0e0a98 100644 ---- a/src/core/cgroup.c -+++ b/src/core/cgroup.c -@@ -1980,7 +1980,16 @@ static void unit_add_siblings_to_cgroup_realize_queue(Unit *u) { - Unit *slice; - - /* This adds the siblings of the specified unit and the siblings of all parent units to the cgroup -- * queue. (But neither the specified unit itself nor the parents.) */ -+ * queue. (But neither the specified unit itself nor the parents.) -+ * -+ * Propagation of realization "side-ways" (i.e. towards siblings) is in relevant on cgroup-v1 where -+ * scheduling become very weird if two units that own processes reside in the same slice, but one is -+ * realized in the "cpu" hierarchy and once is not (for example because one has CPUWeight= set and -+ * the other does not), because that means processes need to be scheduled against groups. Let's avoid -+ * this asymmetry by always ensuring that units below a slice that are realized at all are hence -+ * always realized in *all* their hierarchies, and it is sufficient for a unit's sibling to be -+ * realized for a unit to be realized too. */ -+ - - while ((slice = UNIT_DEREF(u->slice))) { - Iterator i; -@@ -1996,6 +2005,11 @@ static void unit_add_siblings_to_cgroup_realize_queue(Unit *u) { - if (UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(m))) - continue; - -+ /* We only enqueue siblings if they were realized once at least, in the main -+ * hierarchy. */ -+ if (!m->cgroup_realized) -+ continue; -+ - /* If the unit doesn't need any new controllers and has current ones realized, it - * doesn't need any changes. */ - if (unit_has_mask_realized(m, --- -2.27.0 - diff --git a/10008-core-add-a-config-item-to-support-setting-the-value-.patch b/10008-core-add-a-config-item-to-support-setting-the-value-.patch deleted file mode 100644 index 272d61b..0000000 --- a/10008-core-add-a-config-item-to-support-setting-the-value-.patch +++ /dev/null @@ -1,120 +0,0 @@ -From f21d63650318791f29f56dc26f23acb5b53620a6 Mon Sep 17 00:00:00 2001 -From:Yuanhong Peng -Date: Tue, 19 Apr 2022 14:13:49 +0800 -Subject: [PATCH] core: add a config item to support setting the value - ---- - src/core/main.c | 69 +++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 69 insertions(+) - -diff --git a/src/core/main.c b/src/core/main.c -index 81dae1c..0712423 100644 ---- a/src/core/main.c -+++ b/src/core/main.c -@@ -140,6 +140,7 @@ static NUMAPolicy arg_numa_policy; - static bool reexec_jmp_can = false; - static bool reexec_jmp_inited = false; - static sigjmp_buf reexec_jmp_buf; -+static bool arg_default_cpuset_clone_children = false; - - static int parse_configuration(const struct rlimit *saved_rlimit_nofile, - const struct rlimit *saved_rlimit_memlock); -@@ -527,6 +528,14 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat - return 0; - - parse_path_argument_and_warn(value, false, &arg_watchdog_device); -+ -+ } else if (proc_cmdline_key_streq(key, "systemd.cpuset_clone_children") && value) { -+ -+ r = parse_boolean(value); -+ if (r < 0) -+ log_warning("Failed to parse cpuset_clone_children switch %s. Ignoring.", value); -+ else -+ arg_default_cpuset_clone_children = r; - - } else if (streq(key, "quiet") && !value) { - -@@ -756,6 +765,7 @@ static int parse_config_file(void) { - { "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_default_tasks_accounting }, - { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_default_tasks_max }, - { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, 0, &arg_cad_burst_action }, -+ { "Manager", "DefaultCPUSetCloneChildren",config_parse_bool, 0, &arg_default_cpuset_clone_children }, - {} - }; - -@@ -1872,6 +1882,64 @@ static void log_execution_mode(bool *ret_first_boot) { - } - } - -+static bool is_use_triple_cgroup(void) { -+ const char * path ="/sys/fs/cgroup/cpuset"; -+ _cleanup_strv_free_ char **l = NULL; -+ char buf[128] = {0}; -+ int r; -+ -+ r = is_symlink(path); -+ if (r <= 0) -+ return false; -+ -+ r = readlink(path, buf, sizeof(buf)); -+ if (r < 0 || (unsigned int)r >= sizeof(buf)) -+ return false; -+ -+ buf[r] = '\0'; -+ l = strv_split(buf, ","); -+ if (!l) -+ return false; -+ -+ strv_sort(l); -+ if (strv_length(l) != 3) -+ return false; -+ -+ if (streq(l[0],"cpu") && streq(l[1], "cpuacct") && -+ streq(l[2], "cpuset")) { -+ log_debug(PACKAGE_STRING " use_triple_cgroup: %s", buf); -+ return true; -+ } -+ return false; -+} -+ -+static int ali_handle_cpuset_clone_children(void) -+{ -+ const char *file = "/sys/fs/cgroup/cpuset/cgroup.clone_children"; -+ _cleanup_free_ char *buf = NULL; -+ int r; -+ -+ r = read_one_line_file(file, &buf); -+ if (r < 0) { -+ log_warning_errno(r, "Cannot read %s: %m", file); -+ return r; -+ } -+ -+ if (streq(buf, "1") && arg_default_cpuset_clone_children) -+ return 0; -+ -+ if (streq(buf, "0") && (!arg_default_cpuset_clone_children)) -+ return 0; -+ -+ if (!is_use_triple_cgroup()) -+ return 0; -+ -+ r = write_string_file(file, one_zero(arg_default_cpuset_clone_children), 0); -+ log_info(PACKAGE_STRING " set %s to %s, ret=%d", file, one_zero(arg_default_cpuset_clone_children), r); -+ return r; -+} -+ -+ - static int initialize_runtime( - bool skip_setup, - struct rlimit *saved_rlimit_nofile, -@@ -1906,6 +1974,7 @@ static int initialize_runtime( - return r; - } - -+ ali_handle_cpuset_clone_children(); - status_welcome(); - hostname_setup(); - machine_id_setup(NULL, arg_machine_id, NULL); --- -2.27.0 - diff --git a/10009-systemd-anolis-support-loongarch64.patch b/10009-systemd-anolis-support-loongarch64.patch deleted file mode 100644 index b76c8e0..0000000 --- a/10009-systemd-anolis-support-loongarch64.patch +++ /dev/null @@ -1,56 +0,0 @@ -From c8b7c2b34bd451cd9d5904fc215ad14893008a03 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Tue, 19 Apr 2022 14:25:05 +0800 -Subject: [PATCH] support loongarch64 for systemd - ---- - src/basic/architecture.c | 3 +++ - src/basic/architecture.h | 4 ++++ - 2 files changed, 7 insertions(+) - -diff --git a/src/basic/architecture.c b/src/basic/architecture.c -index 85837b5..96bbf97 100644 ---- a/src/basic/architecture.c -+++ b/src/basic/architecture.c -@@ -118,6 +118,8 @@ int uname_architecture(void) { - #elif defined(__arc__) - { "arc", ARCHITECTURE_ARC }, - { "arceb", ARCHITECTURE_ARC_BE }, -+#elif defined(__loongarch64) -+ { "loongarch64", ARCHITECTURE_LOONGARCH64 }, - #else - #error "Please register your architecture here!" - #endif -@@ -173,6 +175,7 @@ static const char *const architecture_table[_ARCHITECTURE_MAX] = { - [ARCHITECTURE_RISCV64] = "riscv64", - [ARCHITECTURE_ARC] = "arc", - [ARCHITECTURE_ARC_BE] = "arc-be", -+ [ARCHITECTURE_LOONGARCH64] = "loongarch64", - }; - - DEFINE_STRING_TABLE_LOOKUP(architecture, int); -diff --git a/src/basic/architecture.h b/src/basic/architecture.h -index 443e890..22e9108 100644 ---- a/src/basic/architecture.h -+++ b/src/basic/architecture.h -@@ -44,6 +44,7 @@ enum { - ARCHITECTURE_RISCV64, - ARCHITECTURE_ARC, - ARCHITECTURE_ARC_BE, -+ ARCHITECTURE_LOONGARCH64, - _ARCHITECTURE_MAX, - _ARCHITECTURE_INVALID = -1 - }; -@@ -229,6 +230,9 @@ int uname_architecture(void); - # define native_architecture() ARCHITECTURE_ARC - # define LIB_ARCH_TUPLE "arc-linux" - # endif -+#elif defined(__loongarch64) -+# define native_architecture() ARCHITECTURE_LOONGARCH64 -+# define LIB_ARCH_TUPLE "loongarch64-linux-gnu" - #else - # error "Please register your architecture here!" - #endif --- -2.27.0 - diff --git a/10010-test-catalog-Fix-coredump-when-compiled-under-GCC10.patch b/10010-test-catalog-Fix-coredump-when-compiled-under-GCC10.patch deleted file mode 100644 index d4054b4..0000000 --- a/10010-test-catalog-Fix-coredump-when-compiled-under-GCC10.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 5209a26aa917aa54b09ee18394ad46ee601e77be Mon Sep 17 00:00:00 2001 -From: Yuanhong Peng -Date: Tue, 17 May 2022 21:34:34 +0800 -Subject: [PATCH] test-catalog: Fix coredump when compiled under GCC10 - -According to the documentation: -https://gcc.gnu.org/gcc-9/porting_to.html#complit: - -The `catalog_dirs` produced by STRV_MAKE(..) marco relies on -the extended lifetime feature which is fixed by GCC9. - -Signed-off-by: Yuanhong Peng ---- - src/journal/test-catalog.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/src/journal/test-catalog.c b/src/journal/test-catalog.c -index 0c4da29..2ce92af 100644 ---- a/src/journal/test-catalog.c -+++ b/src/journal/test-catalog.c -@@ -201,7 +201,8 @@ static void test_catalog_file_lang(void) { - - int main(int argc, char *argv[]) { - _cleanup_(unlink_tempfilep) char database[] = "/tmp/test-catalog.XXXXXX"; -- _cleanup_free_ char *text = NULL, *catalog_dir = NULL; -+ _cleanup_free_ char *text = NULL; -+ char *catalog_dir = CATALOG_DIR; - int r; - - setlocale(LC_ALL, "de_DE.UTF-8"); -@@ -214,10 +215,9 @@ int main(int argc, char *argv[]) { - * If it is not, e.g. installed by systemd-tests package, then use installed catalogs. */ - if (test_is_running_from_builddir(NULL)) { - assert_se(catalog_dir = path_join(NULL, ABS_BUILD_DIR, "catalog")); -- catalog_dirs = STRV_MAKE(catalog_dir); -- } else -- catalog_dirs = STRV_MAKE(CATALOG_DIR); -+ } - -+ catalog_dirs = STRV_MAKE(catalog_dir); - assert_se(access(catalog_dirs[0], F_OK) >= 0); - log_notice("Using catalog directory '%s'", catalog_dirs[0]); - -@@ -242,5 +242,9 @@ int main(int argc, char *argv[]) { - assert_se(catalog_get(database, SD_MESSAGE_COREDUMP, &text) >= 0); - printf(">>>%s<<<\n", text); - -+ /* Only in this case, catalog_dir is malloced */ -+ if (test_is_running_from_builddir(NULL)) -+ free(catalog_dir); -+ - return 0; - } --- -2.27.0 - diff --git a/10011-hwdb-add-Iluvatar-CoreX.patch b/10011-hwdb-add-Iluvatar-CoreX.patch deleted file mode 100644 index e08657c..0000000 --- a/10011-hwdb-add-Iluvatar-CoreX.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 28e47526dce925e6f32cf79825d38fd10e1f442a Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Tue, 26 Jul 2022 22:01:58 +0800 -Subject: [PATCH] hwdb: add Iluvatar CoreX - -Signed-off-by: rpm-build ---- - hwdb/20-pci-vendor-model.hwdb | 6 ++++++ - hwdb/pci.ids | 2 ++ - 2 files changed, 8 insertions(+) - -diff --git a/hwdb/20-pci-vendor-model.hwdb b/hwdb/20-pci-vendor-model.hwdb -index 0020046..78926f8 100644 ---- a/hwdb/20-pci-vendor-model.hwdb -+++ b/hwdb/20-pci-vendor-model.hwdb -@@ -71141,6 +71141,12 @@ pci:v00001EEC* - pci:v00001EFB* - ID_VENDOR_FROM_DATABASE=Flexxon Pte Ltd - -+pci:v00001E3E* -+ ID_VENDOR_FROM_DATABASE=Iluvatar CoreX -+ -+pci:v00001E3Ed00000001* -+ ID_MODEL_FROM_DATABASE=Iluvatar BI-V100 -+ - pci:v00001FC0* - ID_VENDOR_FROM_DATABASE=Ascom (Finland) Oy - -diff --git a/hwdb/pci.ids b/hwdb/pci.ids -index 40ee143..d6661c7 100644 ---- a/hwdb/pci.ids -+++ b/hwdb/pci.ids -@@ -21543,6 +21543,8 @@ - 0003 alst4x - 1dfc JSC NT-COM - 1181 TDM 8 Port E1/T1/J1 Adapter -+1e3e Iluvatar CoreX -+ 0001 Iluvatar BI-V100 - # nee Tumsan Oy - 1fc0 Ascom (Finland) Oy - 0300 E2200 Dual E1/Rawpipe Card --- -2.27.0 - diff --git a/10012-seccomp-add-loongarch-support.patch b/10012-seccomp-add-loongarch-support.patch deleted file mode 100644 index 6aba34f..0000000 --- a/10012-seccomp-add-loongarch-support.patch +++ /dev/null @@ -1,101 +0,0 @@ -From 4c7025f5198be3d055c0e5ad68d364a57e8a7dcc Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Thu, 22 Sep 2022 10:33:54 +0800 -Subject: [PATCH] seccomp: add loongarch support - ---- - src/shared/seccomp-util.c | 18 +++++++++++++----- - 1 file changed, 13 insertions(+), 5 deletions(-) - -diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c -index c57c409..1eec0be 100644 ---- a/src/shared/seccomp-util.c -+++ b/src/shared/seccomp-util.c -@@ -42,6 +42,8 @@ const uint32_t seccomp_local_archs[] = { - SCMP_ARCH_AARCH64, /* native */ - #elif defined(__arm__) - SCMP_ARCH_ARM, -+#elif defined(__loongarch__) -+ SCMP_ARCH_LOONGARCH64, - #elif defined(__mips__) && __BYTE_ORDER == __BIG_ENDIAN && _MIPS_SIM == _MIPS_SIM_ABI32 - SCMP_ARCH_MIPSEL, - SCMP_ARCH_MIPS, /* native */ -@@ -114,6 +116,8 @@ const char* seccomp_arch_to_string(uint32_t c) { - return "arm"; - case SCMP_ARCH_AARCH64: - return "arm64"; -+ case SCMP_ARCH_LOONGARCH64: -+ return "loongarch64"; - case SCMP_ARCH_MIPS: - return "mips"; - case SCMP_ARCH_MIPS64: -@@ -159,6 +163,8 @@ int seccomp_arch_from_string(const char *n, uint32_t *ret) { - *ret = SCMP_ARCH_ARM; - else if (streq(n, "arm64")) - *ret = SCMP_ARCH_AARCH64; -+ else if (streq(n, "loongarch64")) -+ *ret = SCMP_ARCH_LOONGARCH64; - else if (streq(n, "mips")) - *ret = SCMP_ARCH_MIPS; - else if (streq(n, "mips64")) -@@ -1206,7 +1212,7 @@ int seccomp_protect_sysctl(void) { - - log_debug("Operating on architecture: %s", seccomp_arch_to_string(arch)); - -- if (IN_SET(arch, SCMP_ARCH_X32, SCMP_ARCH_AARCH64)) -+ if (IN_SET(arch, SCMP_ARCH_X32, SCMP_ARCH_AARCH64, SCMP_ARCH_LOONGARCH64)) - /* No _sysctl syscall */ - continue; - -@@ -1251,6 +1257,7 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist) { - case SCMP_ARCH_X32: - case SCMP_ARCH_ARM: - case SCMP_ARCH_AARCH64: -+ case SCMP_ARCH_LOONGARCH64: - case SCMP_ARCH_MIPSEL64N32: - case SCMP_ARCH_MIPS64N32: - case SCMP_ARCH_MIPSEL64: -@@ -1496,7 +1503,7 @@ static int add_seccomp_syscall_filter(scmp_filter_ctx seccomp, - } - - /* For known architectures, check that syscalls are indeed defined or not. */ --#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) -+#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__loongarch__) - assert_cc(SCMP_SYS(shmget) > 0); - assert_cc(SCMP_SYS(shmat) > 0); - assert_cc(SCMP_SYS(shmdt) > 0); -@@ -1543,13 +1550,14 @@ int seccomp_memory_deny_write_execute(void) { - case SCMP_ARCH_X86_64: - case SCMP_ARCH_X32: - case SCMP_ARCH_AARCH64: -+ case SCMP_ARCH_LOONGARCH64: - filter_syscall = SCMP_SYS(mmap); /* amd64, x32, and arm64 have only mmap */ - shmat_syscall = SCMP_SYS(shmat); - break; - - /* Please add more definitions here, if you port systemd to other architectures! */ - --#if !defined(__i386__) && !defined(__x86_64__) && !defined(__powerpc__) && !defined(__powerpc64__) && !defined(__arm__) && !defined(__aarch64__) -+#if !defined(__i386__) && !defined(__x86_64__) && !defined(__powerpc__) && !defined(__powerpc64__) && !defined(__arm__) && !defined(__aarch64__) && !defined(__loongarch__) - #warning "Consider adding the right mmap() syscall definitions here!" - #endif - } -@@ -1573,13 +1581,13 @@ int seccomp_memory_deny_write_execute(void) { - if (r < 0) - continue; - } -- -+ if (!IN_SET(arch, SCMP_ARCH_LOONGARCH64)){ - r = add_seccomp_syscall_filter(seccomp, arch, SCMP_SYS(mprotect), - 1, - SCMP_A2(SCMP_CMP_MASKED_EQ, PROT_EXEC, PROT_EXEC)); - if (r < 0) - continue; -- -+ } - #ifdef __NR_pkey_mprotect - r = add_seccomp_syscall_filter(seccomp, arch, SCMP_SYS(pkey_mprotect), - 1, --- -2.27.0 - diff --git a/10015-link-libsystemd_static-for-sd_pid_get_owner_uid-in-.patch b/10015-link-libsystemd_static-for-sd_pid_get_owner_uid-in-.patch deleted file mode 100644 index dedceff..0000000 --- a/10015-link-libsystemd_static-for-sd_pid_get_owner_uid-in-.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 46759790075ab6e474cb7f8160aac4e30261ed3b Mon Sep 17 00:00:00 2001 -From: Liwei Ge -Date: Wed, 28 Jun 2023 16:00:39 +0800 -Subject: [PATCH] link libsystemd_static for sd_pid_get_owner_uid in pager.c - ---- - meson.build | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/meson.build b/meson.build -index 673800a..d986dd2 100644 ---- a/meson.build -+++ b/meson.build -@@ -1467,7 +1467,8 @@ test_dlopen = executable( - 'test-dlopen', - test_dlopen_c, - include_directories : includes, -- link_with : [libbasic], -+ link_with : [libsystemd_static, -+ libbasic], - dependencies : [libdl]) - - foreach tuple : [['myhostname', 'ENABLE_NSS_MYHOSTNAME'], --- -2.27.0 - diff --git a/10016-fileio-when-reading-a-full-file-into-memory-refuse-.patch b/10016-fileio-when-reading-a-full-file-into-memory-refuse-.patch deleted file mode 100644 index f2eeed5..0000000 --- a/10016-fileio-when-reading-a-full-file-into-memory-refuse-.patch +++ /dev/null @@ -1,120 +0,0 @@ -From 9f181efdd59bd3e9134cf94007953562ca8b57fa Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Sat, 15 Dec 2018 12:25:32 +0100 -Subject: [PATCH] fileio: when reading a full file into memory, refuse inner - NUL bytes - -Just some extra care to avoid any ambiguities in what we read. - -(cherry picked from commit beb90929913354eec50c3524086fe70d14f97e2f) - -Signed-off-by: Guorui Yu ---- - src/basic/fileio.c | 25 +++++++++++++++++++------ - src/test/test-unit-file.c | 10 +++++----- - 2 files changed, 24 insertions(+), 11 deletions(-) - -diff --git a/src/basic/fileio.c b/src/basic/fileio.c -index 733fb42463..9fef97ff0c 100644 ---- a/src/basic/fileio.c -+++ b/src/basic/fileio.c -@@ -383,16 +383,20 @@ int read_full_virtual_file(const char *filename, char **ret_contents, size_t *re - return 0; - } - --int read_full_stream(FILE *f, char **contents, size_t *size) { -+int read_full_stream( -+ FILE *f, -+ char **ret_contents, -+ size_t *ret_size) { -+ - _cleanup_free_ char *buf = NULL; - struct stat st; - size_t n, l; - int fd; - - assert(f); -- assert(contents); -+ assert(ret_contents); - -- n = LINE_MAX; -+ n = LINE_MAX; /* Start size */ - - fd = fileno(f); - if (fd >= 0) { /* If the FILE* object is backed by an fd (as opposed to memory or such, see fmemopen(), let's -@@ -448,11 +452,20 @@ int read_full_stream(FILE *f, char **contents, size_t *size) { - n = MIN(n * 2, READ_FULL_BYTES_MAX); - } - -+ if (!ret_size) { -+ /* Safety check: if the caller doesn't want to know the size of what we just read it will rely on the -+ * trailing NUL byte. But if there's an embedded NUL byte, then we should refuse operation as otherwise -+ * there'd be ambiguity about what we just read. */ -+ -+ if (memchr(buf, 0, l)) -+ return -EBADMSG; -+ } -+ - buf[l] = 0; -- *contents = TAKE_PTR(buf); -+ *ret_contents = TAKE_PTR(buf); - -- if (size) -- *size = l; -+ if (ret_size) -+ *ret_size = l; - - return 0; - } -diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c -index 09b0179fa1..e64a27dd39 100644 ---- a/src/test/test-unit-file.c -+++ b/src/test/test-unit-file.c -@@ -532,7 +532,7 @@ static void test_load_env_file_1(void) { - - fd = mkostemp_safe(name); - assert_se(fd >= 0); -- assert_se(write(fd, env_file_1, sizeof(env_file_1)) == sizeof(env_file_1)); -+ assert_se(write(fd, env_file_1, strlen(env_file_1)) == strlen(env_file_1)); - - r = load_env_file(NULL, name, NULL, &data); - assert_se(r == 0); -@@ -554,7 +554,7 @@ static void test_load_env_file_2(void) { - - fd = mkostemp_safe(name); - assert_se(fd >= 0); -- assert_se(write(fd, env_file_2, sizeof(env_file_2)) == sizeof(env_file_2)); -+ assert_se(write(fd, env_file_2, strlen(env_file_2)) == strlen(env_file_2)); - - r = load_env_file(NULL, name, NULL, &data); - assert_se(r == 0); -@@ -571,7 +571,7 @@ static void test_load_env_file_3(void) { - - fd = mkostemp_safe(name); - assert_se(fd >= 0); -- assert_se(write(fd, env_file_3, sizeof(env_file_3)) == sizeof(env_file_3)); -+ assert_se(write(fd, env_file_3, strlen(env_file_3)) == strlen(env_file_3)); - - r = load_env_file(NULL, name, NULL, &data); - assert_se(r == 0); -@@ -586,7 +586,7 @@ static void test_load_env_file_4(void) { - - fd = mkostemp_safe(name); - assert_se(fd >= 0); -- assert_se(write(fd, env_file_4, sizeof(env_file_4)) == sizeof(env_file_4)); -+ assert_se(write(fd, env_file_4, strlen(env_file_4)) == strlen(env_file_4)); - - r = load_env_file(NULL, name, NULL, &data); - assert_se(r == 0); -@@ -605,7 +605,7 @@ static void test_load_env_file_5(void) { - - fd = mkostemp_safe(name); - assert_se(fd >= 0); -- assert_se(write(fd, env_file_5, sizeof(env_file_5)) == sizeof(env_file_5)); -+ assert_se(write(fd, env_file_5, strlen(env_file_5)) == strlen(env_file_5)); - - r = load_env_file(NULL, name, NULL, &data); - assert_se(r == 0); --- -2.39.1 - diff --git a/10017-util-introduce-explicit_bzero_safe-for-explicit-mem.patch b/10017-util-introduce-explicit_bzero_safe-for-explicit-mem.patch deleted file mode 100644 index c0ec4be..0000000 --- a/10017-util-introduce-explicit_bzero_safe-for-explicit-mem.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 17037ec625fca9e9a473a33954d011065f0088e3 Mon Sep 17 00:00:00 2001 -From: Guorui Yu -Date: Fri, 23 Jun 2023 13:01:24 +0800 -Subject: [PATCH] util: introduce explicit_bzero_safe for explicit memset - -(cherry picked from commit f441ae81ef70e9bdfddbb9e0a276bbb8ca2151d4) - -Signed-off-by: Guorui Yu ---- - src/basic/util.c | 18 ++++++++++++++++++ - src/basic/util.h | 11 +++++++++++ - 2 files changed, 29 insertions(+) - -diff --git a/src/basic/util.c b/src/basic/util.c -index 548e3652cc..bdfaca4aed 100644 ---- a/src/basic/util.c -+++ b/src/basic/util.c -@@ -684,3 +684,21 @@ void disable_coredumps(void) { - if (r < 0) - log_debug_errno(r, "Failed to turn off coredumps, ignoring: %m"); - } -+ -+#if !HAVE_EXPLICIT_BZERO -+/* -+ * The pointer to memset() is volatile so that compiler must de-reference the pointer and can't assume that -+ * it points to any function in particular (such as memset(), which it then might further "optimize"). This -+ * approach is inspired by openssl's crypto/mem_clr.c. -+ */ -+typedef void *(*memset_t)(void *,int,size_t); -+ -+static volatile memset_t memset_func = memset; -+ -+void* explicit_bzero_safe(void *p, size_t l) { -+ if (l > 0) -+ memset_func(p, '\0', l); -+ -+ return p; -+} -+#endif -diff --git a/src/basic/util.h b/src/basic/util.h -index 195f02cf5f..ab3314f82e 100644 ---- a/src/basic/util.h -+++ b/src/basic/util.h -@@ -240,3 +240,14 @@ int version(void); - int str_verscmp(const char *s1, const char *s2); - - void disable_coredumps(void); -+ -+#if HAVE_EXPLICIT_BZERO -+static inline void* explicit_bzero_safe(void *p, size_t l) { -+ if (l > 0) -+ explicit_bzero(p, l); -+ -+ return p; -+} -+#else -+void *explicit_bzero_safe(void *p, size_t l); -+#endif --- -2.39.1 - diff --git a/10018-util-introduce-erase_and_free-helper.patch b/10018-util-introduce-erase_and_free-helper.patch deleted file mode 100644 index 43c42fc..0000000 --- a/10018-util-introduce-erase_and_free-helper.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 7c48fe64e3f1cdc61d9191d5e004d56d5244aa2c Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Thu, 8 Aug 2019 19:53:17 +0200 -Subject: [PATCH] util: introduce erase_and_free() helper - -(cherry picked from commit a20dda788d5a0f3b300e0d8bb34e45be335e2915) - -Signed-off-by: Guorui Yu ---- - src/basic/util.h | 18 ++++++++++++++++++ - 1 file changed, 18 insertions(+) - -diff --git a/src/basic/util.h b/src/basic/util.h -index ab3314f82e..4f4877b6b0 100644 ---- a/src/basic/util.h -+++ b/src/basic/util.h -@@ -5,6 +5,7 @@ - #include - #include - #include -+#include - #include - #include - #include -@@ -251,3 +252,20 @@ static inline void* explicit_bzero_safe(void *p, size_t l) { - #else - void *explicit_bzero_safe(void *p, size_t l); - #endif -+ -+static inline void* erase_and_free(void *p) { -+ size_t l; -+ -+ if (!p) -+ return NULL; -+ -+ l = malloc_usable_size(p); -+ explicit_bzero_safe(p, l); -+ free(p); -+ -+ return NULL; -+} -+ -+static inline void erase_and_freep(void *p) { -+ erase_and_free(*(void**) p); -+} --- -2.39.1 - diff --git a/10019-util-introduce-READ_FULL_FILE_SECURE-flag-for-readi.patch b/10019-util-introduce-READ_FULL_FILE_SECURE-flag-for-readi.patch deleted file mode 100644 index a37d579..0000000 --- a/10019-util-introduce-READ_FULL_FILE_SECURE-flag-for-readi.patch +++ /dev/null @@ -1,207 +0,0 @@ -From bc781489901fc6447cbd27b8d33f4f4439d6a5db Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 8 Apr 2019 02:22:40 +0900 -Subject: [PATCH] util: introduce READ_FULL_FILE_SECURE flag for reading secure - data - -(cherry picked from commit e0721f97b05c0a5f782233711ea95c1e02ccba44) - -[Guorui Yu: include util.h for explicit_bzero_safe] -Signed-off-by: Guorui Yu ---- - src/basic/fileio.c | 68 ++++++++++++++++++++++++++++++++-------------- - src/basic/fileio.h | 16 +++++++++-- - 2 files changed, 60 insertions(+), 24 deletions(-) - -diff --git a/src/basic/fileio.c b/src/basic/fileio.c -index 9fef97ff0c..cf7c92ebc7 100644 ---- a/src/basic/fileio.c -+++ b/src/basic/fileio.c -@@ -35,6 +35,7 @@ - #include "time-util.h" - #include "umask-util.h" - #include "utf8.h" -+#include "util.h" - - #define READ_FULL_BYTES_MAX (4U*1024U*1024U) - -@@ -383,26 +384,27 @@ int read_full_virtual_file(const char *filename, char **ret_contents, size_t *re - return 0; - } - --int read_full_stream( -+int read_full_stream_full( - FILE *f, -+ ReadFullFileFlags flags, - char **ret_contents, - size_t *ret_size) { - - _cleanup_free_ char *buf = NULL; - struct stat st; -- size_t n, l; -- int fd; -+ size_t n, n_next, l; -+ int fd, r; - - assert(f); - assert(ret_contents); - -- n = LINE_MAX; /* Start size */ -+ n_next = LINE_MAX; /* Start size */ - - fd = fileno(f); - if (fd >= 0) { /* If the FILE* object is backed by an fd (as opposed to memory or such, see fmemopen(), let's - * optimize our buffering) */ - -- if (fstat(fileno(f), &st) < 0) -+ if (fstat(fd, &st) < 0) - return -errno; - - if (S_ISREG(st.st_mode)) { -@@ -415,27 +417,41 @@ int read_full_stream( - * to read here by one, so that the first read attempt already - * makes us notice the EOF. */ - if (st.st_size > 0) -- n = st.st_size + 1; -+ n_next = st.st_size + 1; - } - } - -- l = 0; -+ n = l = 0; - for (;;) { - char *t; - size_t k; - -- t = realloc(buf, n + 1); -- if (!t) -- return -ENOMEM; -+ if (flags & READ_FULL_FILE_SECURE) { -+ t = malloc(n_next + 1); -+ if (!t) { -+ r = -ENOMEM; -+ goto finalize; -+ } -+ memcpy_safe(t, buf, n); -+ explicit_bzero_safe(buf, n); -+ } else { -+ t = realloc(buf, n_next + 1); -+ if (!t) -+ return -ENOMEM; -+ } - - buf = t; -+ n = n_next; -+ - errno = 0; - k = fread(buf + l, 1, n - l, f); - if (k > 0) - l += k; - -- if (ferror(f)) -- return errno > 0 ? -errno : -EIO; -+ if (ferror(f)) { -+ r = errno > 0 ? -errno : -EIO; -+ goto finalize; -+ } - - if (feof(f)) - break; -@@ -446,10 +462,12 @@ int read_full_stream( - assert(l == n); - - /* Safety check */ -- if (n >= READ_FULL_BYTES_MAX) -- return -E2BIG; -+ if (n >= READ_FULL_BYTES_MAX) { -+ r = -E2BIG; -+ goto finalize; -+ } - -- n = MIN(n * 2, READ_FULL_BYTES_MAX); -+ n_next = MIN(n * 2, READ_FULL_BYTES_MAX); - } - - if (!ret_size) { -@@ -457,8 +475,10 @@ int read_full_stream( - * trailing NUL byte. But if there's an embedded NUL byte, then we should refuse operation as otherwise - * there'd be ambiguity about what we just read. */ - -- if (memchr(buf, 0, l)) -- return -EBADMSG; -+ if (memchr(buf, 0, l)) { -+ r = -EBADMSG; -+ goto finalize; -+ } - } - - buf[l] = 0; -@@ -468,21 +488,27 @@ int read_full_stream( - *ret_size = l; - - return 0; -+ -+finalize: -+ if (flags & READ_FULL_FILE_SECURE) -+ explicit_bzero_safe(buf, n); -+ -+ return r; - } - --int read_full_file(const char *fn, char **contents, size_t *size) { -+int read_full_file_full(const char *filename, ReadFullFileFlags flags, char **contents, size_t *size) { - _cleanup_fclose_ FILE *f = NULL; - -- assert(fn); -+ assert(filename); - assert(contents); - -- f = fopen(fn, "re"); -+ f = fopen(filename, "re"); - if (!f) - return -errno; - - (void) __fsetlocking(f, FSETLOCKING_BYCALLER); - -- return read_full_stream(f, contents, size); -+ return read_full_stream_full(f, flags, contents, size); - } - - static int parse_env_file_internal( -diff --git a/src/basic/fileio.h b/src/basic/fileio.h -index c6ad375b8d..06649ef7e6 100644 ---- a/src/basic/fileio.h -+++ b/src/basic/fileio.h -@@ -24,6 +24,10 @@ typedef enum { - - } WriteStringFileFlags; - -+typedef enum { -+ READ_FULL_FILE_SECURE = 1 << 0, -+} ReadFullFileFlags; -+ - int write_string_stream_ts(FILE *f, const char *line, WriteStringFileFlags flags, struct timespec *ts); - static inline int write_string_stream(FILE *f, const char *line, WriteStringFileFlags flags) { - return write_string_stream_ts(f, line, flags, NULL); -@@ -35,9 +39,15 @@ static inline int write_string_file(const char *fn, const char *line, WriteStrin - - int write_string_filef(const char *fn, WriteStringFileFlags flags, const char *format, ...) _printf_(3, 4); - --int read_one_line_file(const char *fn, char **line); --int read_full_file(const char *fn, char **contents, size_t *size); --int read_full_stream(FILE *f, char **contents, size_t *size); -+int read_one_line_file(const char *filename, char **line); -+int read_full_file_full(const char *filename, ReadFullFileFlags flags, char **contents, size_t *size); -+static inline int read_full_file(const char *filename, char **contents, size_t *size) { -+ return read_full_file_full(filename, 0, contents, size); -+} -+int read_full_stream_full(FILE *f, ReadFullFileFlags flags, char **contents, size_t *size); -+static inline int read_full_stream(FILE *f, char **contents, size_t *size) { -+ return read_full_stream_full(f, 0, contents, size); -+} - int read_full_virtual_file(const char *filename, char **ret_contents, size_t *ret_size); - - int verify_file(const char *fn, const char *blob, bool accept_extra_nl); --- -2.39.1 - diff --git a/10020-fileio-introduce-warn_file_is_world_accessible.patch b/10020-fileio-introduce-warn_file_is_world_accessible.patch deleted file mode 100644 index 02f9518..0000000 --- a/10020-fileio-introduce-warn_file_is_world_accessible.patch +++ /dev/null @@ -1,67 +0,0 @@ -From e4c4f0bc712e43776c4f58712f47260711607098 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 8 Apr 2019 03:48:30 +0900 -Subject: [PATCH] fileio: introduce warn_file_is_world_accessible() - -(cherry picked from commit fc0895034d4811e8c6b263c0d902b31535613d76) - -Signed-off-by: Guorui Yu ---- - src/basic/fileio.c | 25 +++++++++++++++++++++++++ - src/basic/fileio.h | 3 +++ - 2 files changed, 28 insertions(+) - -diff --git a/src/basic/fileio.c b/src/basic/fileio.c -index cf7c92ebc7..2e74aac554 100644 ---- a/src/basic/fileio.c -+++ b/src/basic/fileio.c -@@ -1797,3 +1797,28 @@ int read_line(FILE *f, size_t limit, char **ret) { - - return (int) count; - } -+ -+int warn_file_is_world_accessible(const char *filename, struct stat *st, const char *unit, unsigned line) { -+ struct stat _st; -+ -+ if (!filename) -+ return 0; -+ -+ if (!st) { -+ if (stat(filename, &_st) < 0) -+ return -errno; -+ st = &_st; -+ } -+ -+ if ((st->st_mode & S_IRWXO) == 0) -+ return 0; -+ -+ if (unit) -+ log_syntax(unit, LOG_WARNING, filename, line, 0, -+ "%s has %04o mode that is too permissive, please adjust the access mode.", -+ filename, st->st_mode & 07777); -+ else -+ log_warning("%s has %04o mode that is too permissive, please adjust the access mode.", -+ filename, st->st_mode & 07777); -+ return 0; -+} -diff --git a/src/basic/fileio.h b/src/basic/fileio.h -index 06649ef7e6..2c9ce4355b 100644 ---- a/src/basic/fileio.h -+++ b/src/basic/fileio.h -@@ -5,6 +5,7 @@ - #include - #include - #include -+#include - #include - - #include "macro.h" -@@ -105,3 +106,5 @@ int read_nul_string(FILE *f, char **ret); - int mkdtemp_malloc(const char *template, char **ret); - - int read_line(FILE *f, size_t limit, char **ret); -+ -+int warn_file_is_world_accessible(const char *filename, struct stat *st, const char *unit, unsigned line); --- -2.39.1 - diff --git a/10021-fileio-read_full_file_full-also-warns-when-file-is-.patch b/10021-fileio-read_full_file_full-also-warns-when-file-is-.patch deleted file mode 100644 index af813a5..0000000 --- a/10021-fileio-read_full_file_full-also-warns-when-file-is-.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 0dbf69ccdfa7b1f99935c3932445fbfa16dbbe75 Mon Sep 17 00:00:00 2001 -From: Yu Watanabe -Date: Mon, 8 Apr 2019 14:15:10 +0900 -Subject: [PATCH] fileio: read_full_file_full() also warns when file is world - readable and secure flag is set - -(cherry picked from commit 65dcd394d8223bc6bc194f3fe5bd70fed9d9a4fe) - -Signed-off-by: Guorui Yu ---- - src/basic/fileio.c | 6 +++++- - src/basic/fileio.h | 4 ++-- - 2 files changed, 7 insertions(+), 3 deletions(-) - -diff --git a/src/basic/fileio.c b/src/basic/fileio.c -index 2e74aac554..3abeb0d7f4 100644 ---- a/src/basic/fileio.c -+++ b/src/basic/fileio.c -@@ -386,6 +386,7 @@ int read_full_virtual_file(const char *filename, char **ret_contents, size_t *re - - int read_full_stream_full( - FILE *f, -+ const char *filename, - ReadFullFileFlags flags, - char **ret_contents, - size_t *ret_size) { -@@ -418,6 +419,9 @@ int read_full_stream_full( - * makes us notice the EOF. */ - if (st.st_size > 0) - n_next = st.st_size + 1; -+ -+ if (flags & READ_FULL_FILE_SECURE) -+ (void) warn_file_is_world_accessible(filename, &st, NULL, 0); - } - } - -@@ -508,7 +512,7 @@ int read_full_file_full(const char *filename, ReadFullFileFlags flags, char **co - - (void) __fsetlocking(f, FSETLOCKING_BYCALLER); - -- return read_full_stream_full(f, flags, contents, size); -+ return read_full_stream_full(f, filename, flags, contents, size); - } - - static int parse_env_file_internal( -diff --git a/src/basic/fileio.h b/src/basic/fileio.h -index 2c9ce4355b..3e572dc0de 100644 ---- a/src/basic/fileio.h -+++ b/src/basic/fileio.h -@@ -45,9 +45,9 @@ int read_full_file_full(const char *filename, ReadFullFileFlags flags, char **co - static inline int read_full_file(const char *filename, char **contents, size_t *size) { - return read_full_file_full(filename, 0, contents, size); - } --int read_full_stream_full(FILE *f, ReadFullFileFlags flags, char **contents, size_t *size); -+int read_full_stream_full(FILE *f, const char *filename, ReadFullFileFlags flags, char **contents, size_t *size); - static inline int read_full_stream(FILE *f, char **contents, size_t *size) { -- return read_full_stream_full(f, 0, contents, size); -+ return read_full_stream_full(f, NULL, 0, contents, size); - } - int read_full_virtual_file(const char *filename, char **ret_contents, size_t *ret_size); - --- -2.39.1 - diff --git a/10022-basic-fileio-Fix-memory-leak-if-READ_FULL_FILE_SECU.patch b/10022-basic-fileio-Fix-memory-leak-if-READ_FULL_FILE_SECU.patch deleted file mode 100644 index e434089..0000000 --- a/10022-basic-fileio-Fix-memory-leak-if-READ_FULL_FILE_SECU.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 14e0760c251fd5fc51731f7b58079c73f5055d64 Mon Sep 17 00:00:00 2001 -From: Benjamin Robin -Date: Sun, 14 Apr 2019 17:21:27 +0200 -Subject: [PATCH] basic/fileio: Fix memory leak if READ_FULL_FILE_SECURE flag - is used - -The memory leak introduced in #12223 (15f8f02) - -(cherry picked from commit 315a51982af2d480de9f7539346f30425e37a01e) - -Signed-off-by: Guorui Yu ---- - src/basic/fileio.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/basic/fileio.c b/src/basic/fileio.c -index 3abeb0d7f4..bb804e3afa 100644 ---- a/src/basic/fileio.c -+++ b/src/basic/fileio.c -@@ -438,6 +438,7 @@ int read_full_stream_full( - } - memcpy_safe(t, buf, n); - explicit_bzero_safe(buf, n); -+ buf = mfree(buf); - } else { - t = realloc(buf, n_next + 1); - if (!t) --- -2.39.1 - diff --git a/10023-fileio-add-explicit-flag-for-generating-world-execu.patch b/10023-fileio-add-explicit-flag-for-generating-world-execu.patch deleted file mode 100644 index 1a93b5a..0000000 --- a/10023-fileio-add-explicit-flag-for-generating-world-execu.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 1e0dcd6fa1abea9c561f46556f7f7561b2a46e62 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 17 Jul 2020 11:53:22 +0200 -Subject: [PATCH] fileio: add explicit flag for generating world executable - warning when reading file - -(cherry picked from commit 684aa979f1c4ce5f75ccdc131f32fc0434999918) - -Signed-off-by: Guorui Yu ---- - src/basic/fileio.c | 2 +- - src/basic/fileio.h | 3 ++- - 2 files changed, 3 insertions(+), 2 deletions(-) - -diff --git a/src/basic/fileio.c b/src/basic/fileio.c -index bb804e3afa..833c55b030 100644 ---- a/src/basic/fileio.c -+++ b/src/basic/fileio.c -@@ -420,7 +420,7 @@ int read_full_stream_full( - if (st.st_size > 0) - n_next = st.st_size + 1; - -- if (flags & READ_FULL_FILE_SECURE) -+ if (flags & READ_FULL_FILE_WARN_WORLD_READABLE) - (void) warn_file_is_world_accessible(filename, &st, NULL, 0); - } - } -diff --git a/src/basic/fileio.h b/src/basic/fileio.h -index 3e572dc0de..be10ac77b6 100644 ---- a/src/basic/fileio.h -+++ b/src/basic/fileio.h -@@ -26,7 +26,8 @@ typedef enum { - } WriteStringFileFlags; - - typedef enum { -- READ_FULL_FILE_SECURE = 1 << 0, -+ READ_FULL_FILE_SECURE = 1 << 0, -+ READ_FULL_FILE_WARN_WORLD_READABLE = 1 << 3, - } ReadFullFileFlags; - - int write_string_stream_ts(FILE *f, const char *line, WriteStringFileFlags flags, struct timespec *ts); --- -2.39.1 - diff --git a/10024-fileio-add-dir_fd-parameter-to-read_full_file_full.patch b/10024-fileio-add-dir_fd-parameter-to-read_full_file_full.patch deleted file mode 100644 index f6dc153..0000000 --- a/10024-fileio-add-dir_fd-parameter-to-read_full_file_full.patch +++ /dev/null @@ -1,142 +0,0 @@ -From 3f4ca11498028756ebde239ae469c0f88e5d3ecc Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Tue, 8 Jan 2019 18:29:36 +0100 -Subject: [PATCH] fileio: add 'dir_fd' parameter to read_full_file_full() - -Let's introduce an "at" version of read_full_file(). - -(cherry picked from commit f6be4db4530b7cfea191227c141343a4fb10d4c6) - -Signed-off-by: Guorui Yu ---- - src/basic/fileio.c | 84 +++++++++++++++++++++++++++++++++++++++++++--- - src/basic/fileio.h | 5 +-- - 2 files changed, 83 insertions(+), 6 deletions(-) - -diff --git a/src/basic/fileio.c b/src/basic/fileio.c -index 833c55b030..d7da834a74 100644 ---- a/src/basic/fileio.c -+++ b/src/basic/fileio.c -@@ -501,15 +501,91 @@ finalize: - return r; - } - --int read_full_file_full(const char *filename, ReadFullFileFlags flags, char **contents, size_t *size) { -+static int mode_to_flags(const char *mode) { -+ const char *p; -+ int flags; -+ -+ if ((p = startswith(mode, "r+"))) -+ flags = O_RDWR; -+ else if ((p = startswith(mode, "r"))) -+ flags = O_RDONLY; -+ else if ((p = startswith(mode, "w+"))) -+ flags = O_RDWR|O_CREAT|O_TRUNC; -+ else if ((p = startswith(mode, "w"))) -+ flags = O_WRONLY|O_CREAT|O_TRUNC; -+ else if ((p = startswith(mode, "a+"))) -+ flags = O_RDWR|O_CREAT|O_APPEND; -+ else if ((p = startswith(mode, "a"))) -+ flags = O_WRONLY|O_CREAT|O_APPEND; -+ else -+ return -EINVAL; -+ -+ for (; *p != 0; p++) { -+ -+ switch (*p) { -+ -+ case 'e': -+ flags |= O_CLOEXEC; -+ break; -+ -+ case 'x': -+ flags |= O_EXCL; -+ break; -+ -+ case 'm': -+ /* ignore this here, fdopen() might care later though */ -+ break; -+ -+ case 'c': /* not sure what to do about this one */ -+ default: -+ return -EINVAL; -+ } -+ } -+ -+ return flags; -+} -+ -+static int xfopenat(int dir_fd, const char *path, const char *mode, int flags, FILE **ret) { -+ FILE *f; -+ -+ /* A combination of fopen() with openat() */ -+ -+ if (dir_fd == AT_FDCWD && flags == 0) { -+ f = fopen(path, mode); -+ if (!f) -+ return -errno; -+ } else { -+ int fd, mode_flags; -+ -+ mode_flags = mode_to_flags(mode); -+ if (mode_flags < 0) -+ return mode_flags; -+ -+ fd = openat(dir_fd, path, mode_flags | flags); -+ if (fd < 0) -+ return -errno; -+ -+ f = fdopen(fd, mode); -+ if (!f) { -+ safe_close(fd); -+ return -errno; -+ } -+ } -+ -+ *ret = f; -+ return 0; -+} -+ -+int read_full_file_full(int dir_fd, const char *filename, ReadFullFileFlags flags, char **contents, size_t *size) { - _cleanup_fclose_ FILE *f = NULL; -+ int r; - - assert(filename); - assert(contents); - -- f = fopen(filename, "re"); -- if (!f) -- return -errno; -+ r = xfopenat(dir_fd, filename, "re", 0, &f); -+ if (r < 0) -+ return r; - - (void) __fsetlocking(f, FSETLOCKING_BYCALLER); - -diff --git a/src/basic/fileio.h b/src/basic/fileio.h -index be10ac77b6..916ddc5e47 100644 ---- a/src/basic/fileio.h -+++ b/src/basic/fileio.h -@@ -6,6 +6,7 @@ - #include - #include - #include -+#include - #include - - #include "macro.h" -@@ -42,9 +43,9 @@ static inline int write_string_file(const char *fn, const char *line, WriteStrin - int write_string_filef(const char *fn, WriteStringFileFlags flags, const char *format, ...) _printf_(3, 4); - - int read_one_line_file(const char *filename, char **line); --int read_full_file_full(const char *filename, ReadFullFileFlags flags, char **contents, size_t *size); -+int read_full_file_full(int dir_fd, const char *filename, ReadFullFileFlags flags, char **contents, size_t *size); - static inline int read_full_file(const char *filename, char **contents, size_t *size) { -- return read_full_file_full(filename, 0, contents, size); -+ return read_full_file_full(AT_FDCWD, filename, 0, contents, size); - } - int read_full_stream_full(FILE *f, const char *filename, ReadFullFileFlags flags, char **contents, size_t *size); - static inline int read_full_stream(FILE *f, char **contents, size_t *size) { --- -2.39.1 - diff --git a/10025-fileio-add-support-for-read_full_file-on-AF_UNIX-st.patch b/10025-fileio-add-support-for-read_full_file-on-AF_UNIX-st.patch deleted file mode 100644 index bb392bc..0000000 --- a/10025-fileio-add-support-for-read_full_file-on-AF_UNIX-st.patch +++ /dev/null @@ -1,271 +0,0 @@ -From 054669a4cc4897792b6c209fd55ab1fc1d7b9bd5 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Fri, 17 Jul 2020 12:26:01 +0200 -Subject: [PATCH] fileio: add support for read_full_file() on AF_UNIX stream - sockets - -Optionally, teach read_full_file() the ability to connect to an AF_UNIX -socket if the specified path points to one. - -(cherry picked from commit 412b888ec803cdf96fb1d005bb245d20abdb8f2e) - -[Guorui Yu: Adds sockaddr_un_set_path function to socket-util.{c,h}] -Signed-off-by: Guorui Yu ---- - src/basic/fileio.c | 62 +++++++++++++++++++++++++++++++++++------ - src/basic/fileio.h | 1 + - src/basic/socket-util.c | 42 ++++++++++++++++++++++++++++ - src/basic/socket-util.h | 1 + - src/test/test-fileio.c | 50 +++++++++++++++++++++++++++++++++ - 5 files changed, 147 insertions(+), 9 deletions(-) - -diff --git a/src/basic/fileio.c b/src/basic/fileio.c -index d7da834a74..9cb0a2bd28 100644 ---- a/src/basic/fileio.c -+++ b/src/basic/fileio.c -@@ -27,6 +27,7 @@ - #include "missing.h" - #include "parse-util.h" - #include "path-util.h" -+#include "socket-util.h" - #include "process-util.h" - #include "random-util.h" - #include "stdio-util.h" -@@ -450,21 +451,18 @@ int read_full_stream_full( - - errno = 0; - k = fread(buf + l, 1, n - l, f); -- if (k > 0) -- l += k; -+ -+ assert(k <= n - l); -+ l += k; - - if (ferror(f)) { - r = errno > 0 ? -errno : -EIO; - goto finalize; - } -- - if (feof(f)) - break; - -- /* We aren't expecting fread() to return a short read outside -- * of (error && eof), assert buffer is full and enlarge buffer. -- */ -- assert(l == n); -+ assert(k > 0); /* we can't have read zero bytes because that would have been EOF */ - - /* Safety check */ - if (n >= READ_FULL_BYTES_MAX) { -@@ -584,8 +582,54 @@ int read_full_file_full(int dir_fd, const char *filename, ReadFullFileFlags flag - assert(contents); - - r = xfopenat(dir_fd, filename, "re", 0, &f); -- if (r < 0) -- return r; -+ if (r < 0) { -+ _cleanup_close_ int dfd = -1, sk = -1; -+ union sockaddr_union sa; -+ -+ /* ENXIO is what Linux returns if we open a node that is an AF_UNIX socket */ -+ if (r != -ENXIO) -+ return r; -+ -+ /* If this is enabled, let's try to connect to it */ -+ if (!FLAGS_SET(flags, READ_FULL_FILE_CONNECT_SOCKET)) -+ return -ENXIO; -+ -+ if (dir_fd == AT_FDCWD) -+ r = sockaddr_un_set_path(&sa.un, filename); -+ else { -+ char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)]; -+ -+ /* If we shall operate relative to some directory, then let's use O_PATH first to -+ * open the socket inode, and then connect to it via /proc/self/fd/. We have to do -+ * this since there's not connectat() that takes a directory fd as first arg. */ -+ -+ dfd = openat(dir_fd, filename, O_PATH|O_CLOEXEC); -+ if (dfd < 0) -+ return -errno; -+ -+ xsprintf(procfs_path, "/proc/self/fd/%i", dfd); -+ r = sockaddr_un_set_path(&sa.un, procfs_path); -+ } -+ if (r < 0) -+ return r; -+ -+ sk = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0); -+ if (sk < 0) -+ return -errno; -+ -+ if (connect(sk, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) -+ return errno == ENOTSOCK ? -ENXIO : -errno; /* propagate original error if this is -+ * not a socket after all */ -+ -+ if (shutdown(sk, SHUT_WR) < 0) -+ return -errno; -+ -+ f = fdopen(sk, "r"); -+ if (!f) -+ return -errno; -+ -+ TAKE_FD(sk); -+ } - - (void) __fsetlocking(f, FSETLOCKING_BYCALLER); - -diff --git a/src/basic/fileio.h b/src/basic/fileio.h -index 916ddc5e47..1a16e0fd13 100644 ---- a/src/basic/fileio.h -+++ b/src/basic/fileio.h -@@ -29,6 +29,7 @@ typedef enum { - typedef enum { - READ_FULL_FILE_SECURE = 1 << 0, - READ_FULL_FILE_WARN_WORLD_READABLE = 1 << 3, -+ READ_FULL_FILE_CONNECT_SOCKET = 1 << 4, - } ReadFullFileFlags; - - int write_string_stream_ts(FILE *f, const char *line, WriteStringFileFlags flags, struct timespec *ts); -diff --git a/src/basic/socket-util.c b/src/basic/socket-util.c -index 7f8066123b..427c8b89bb 100644 ---- a/src/basic/socket-util.c -+++ b/src/basic/socket-util.c -@@ -1253,6 +1253,48 @@ int socket_ioctl_fd(void) { - return fd; - } - -+int sockaddr_un_set_path(struct sockaddr_un *ret, const char *path) { -+ size_t l; -+ -+ assert(ret); -+ assert(path); -+ -+ /* Initialize ret->sun_path from the specified argument. This will interpret paths starting with '@' as -+ * abstract namespace sockets, and those starting with '/' as regular filesystem sockets. It won't accept -+ * anything else (i.e. no relative paths), to avoid ambiguities. Note that this function cannot be used to -+ * reference paths in the abstract namespace that include NUL bytes in the name. */ -+ -+ l = strlen(path); -+ if (l < 2) -+ return -EINVAL; -+ if (!IN_SET(path[0], '/', '@')) -+ return -EINVAL; -+ -+ /* Don't allow paths larger than the space in sockaddr_un. Note that we are a tiny bit more restrictive than -+ * the kernel is: we insist on NUL termination (both for abstract namespace and regular file system socket -+ * addresses!), which the kernel doesn't. We do this to reduce chance of incompatibility with other apps that -+ * do not expect non-NUL terminated file system path*/ -+ if (l+1 > sizeof(ret->sun_path)) -+ return -EINVAL; -+ -+ *ret = (struct sockaddr_un) { -+ .sun_family = AF_UNIX, -+ }; -+ -+ if (path[0] == '@') { -+ /* Abstract namespace socket */ -+ memcpy(ret->sun_path + 1, path + 1, l); /* copy *with* trailing NUL byte */ -+ return (int) (offsetof(struct sockaddr_un, sun_path) + l); /* 🔥 *don't* 🔥 include trailing NUL in size */ -+ -+ } else { -+ assert(path[0] == '/'); -+ -+ /* File system socket */ -+ memcpy(ret->sun_path, path, l + 1); /* copy *with* trailing NUL byte */ -+ return (int) (offsetof(struct sockaddr_un, sun_path) + l + 1); /* include trailing NUL in size */ -+ } -+} -+ - int socket_pass_pktinfo(int fd, bool b) { - int af; - socklen_t sl = sizeof(af); -diff --git a/src/basic/socket-util.h b/src/basic/socket-util.h -index 30baba6c03..36edc58caf 100644 ---- a/src/basic/socket-util.h -+++ b/src/basic/socket-util.h -@@ -186,6 +186,7 @@ struct cmsghdr* cmsg_find(struct msghdr *mh, int level, int type, socklen_t leng - }) - - int socket_ioctl_fd(void); -+int sockaddr_un_set_path(struct sockaddr_un *ret, const char *path); - - static inline int setsockopt_int(int fd, int level, int optname, int value) { - if (setsockopt(fd, level, optname, &value, sizeof(value)) < 0) -diff --git a/src/test/test-fileio.c b/src/test/test-fileio.c -index 14ba075144..82b7cb1242 100644 ---- a/src/test/test-fileio.c -+++ b/src/test/test-fileio.c -@@ -14,6 +14,8 @@ - #include "io-util.h" - #include "parse-util.h" - #include "process-util.h" -+#include "rm-rf.h" -+#include "socket-util.h" - #include "string-util.h" - #include "strv.h" - #include "util.h" -@@ -709,6 +711,53 @@ static void test_read_line3(void) { - assert_se(read_line(f, LINE_MAX, NULL) == 0); - } - -+static void test_read_full_file_socket(void) { -+ _cleanup_(rm_rf_physical_and_freep) char *z = NULL; -+ _cleanup_close_ int listener = -1; -+ _cleanup_free_ char *data = NULL; -+ union sockaddr_union sa; -+ const char *j; -+ size_t size; -+ pid_t pid; -+ int r; -+ -+ log_info("/* %s */", __func__); -+ -+ listener = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0); -+ assert_se(listener >= 0); -+ -+ assert_se(mkdtemp_malloc(NULL, &z) >= 0); -+ j = strjoina(z, "/socket"); -+ -+ assert_se(sockaddr_un_set_path(&sa.un, j) >= 0); -+ -+ assert_se(bind(listener, &sa.sa, SOCKADDR_UN_LEN(sa.un)) >= 0); -+ assert_se(listen(listener, 1) >= 0); -+ -+ r = safe_fork("(server)", FORK_DEATHSIG|FORK_LOG, &pid); -+ assert_se(r >= 0); -+ if (r == 0) { -+ _cleanup_close_ int rfd = -1; -+ /* child */ -+ -+ rfd = accept4(listener, NULL, 0, SOCK_CLOEXEC); -+ assert_se(rfd >= 0); -+ -+#define TEST_STR "This is a test\nreally." -+ -+ assert_se(write(rfd, TEST_STR, strlen(TEST_STR)) == strlen(TEST_STR)); -+ _exit(EXIT_SUCCESS); -+ } -+ -+ assert_se(read_full_file_full(AT_FDCWD, j, 0, &data, &size) == -ENXIO); -+ assert_se(read_full_file_full(AT_FDCWD, j, READ_FULL_FILE_CONNECT_SOCKET, &data, &size) >= 0); -+ assert_se(size == strlen(TEST_STR)); -+ assert_se(streq(data, TEST_STR)); -+ -+ assert_se(wait_for_terminate_and_check("(server)", pid, WAIT_LOG) >= 0); -+#undef TEST_STR -+} -+ - int main(int argc, char *argv[]) { - log_set_max_level(LOG_DEBUG); - log_parse_environment(); -@@ -733,6 +782,7 @@ int main(int argc, char *argv[]) { - test_read_line(); - test_read_line2(); - test_read_line3(); -+ test_read_full_file_socket(); - - return 0; - } --- -2.39.1 - diff --git a/10026-fileio-beef-up-READ_FULL_FILE_CONNECT_SOCKET-to-all.patch b/10026-fileio-beef-up-READ_FULL_FILE_CONNECT_SOCKET-to-all.patch deleted file mode 100644 index 2edc538..0000000 --- a/10026-fileio-beef-up-READ_FULL_FILE_CONNECT_SOCKET-to-all.patch +++ /dev/null @@ -1,181 +0,0 @@ -From 0717de25e6508b10ea034fa1b96675f18100ac01 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Mon, 2 Nov 2020 12:07:51 +0100 -Subject: [PATCH] fileio: beef up READ_FULL_FILE_CONNECT_SOCKET to allow - setting sender socket name - -This beefs up the READ_FULL_FILE_CONNECT_SOCKET logic of -read_full_file_full() a bit: when used a sender socket name may be -specified. If specified as NULL behaviour is as before: the client -socket name is picked by the kernel. But if specified as non-NULL the -client can pick a socket name to use when connecting. This is useful to -communicate a minimal amount of metainformation from client to server, -outside of the transport payload. - -Specifically, these beefs up the service credential logic to pass an -abstract AF_UNIX socket name as client socket name when connecting via -READ_FULL_FILE_CONNECT_SOCKET, that includes the requesting unit name -and the eventual credential name. This allows servers implementing the -trivial credential socket logic to distinguish clients: via a simple -getpeername() it can be determined which unit is requesting a -credential, and which credential specifically. - -Example: with this patch in place, in a unit file "waldo.service" a -configuration line like the following: - - LoadCredential=foo:/run/quux/creds.sock - -will result in a connection to the AF_UNIX socket /run/quux/creds.sock, -originating from an abstract namespace AF_UNIX socket: - - @$RANDOM/unit/waldo.service/foo - -(The $RANDOM is replaced by some randomized string. This is included in -the socket name order to avoid namespace squatting issues: the abstract -socket namespace is open to unprivileged users after all, and care needs -to be taken not to use guessable names) - -The services listening on the /run/quux/creds.sock socket may thus -easily retrieve the name of the unit the credential is requested for -plus the credential name, via a simpler getpeername(), discarding the -random preifx and the /unit/ string. - -This logic uses "/" as separator between the fields, since both unit -names and credential names appear in the file system, and thus are -designed to use "/" as outer separators. Given that it's a good safe -choice to use as separators here, too avoid any conflicts. - -This is a minimal patch only: the new logic is used only for the unit -file credential logic. For other places where we use -READ_FULL_FILE_CONNECT_SOCKET it is probably a good idea to use this -scheme too, but this should be done carefully in later patches, since -the socket names become API that way, and we should determine the right -amount of info to pass over. - -(cherry picked from commit 142e9756c98c69cdd5d03df4028700acb5739f72) - -Signed-off-by: Guorui Yu ---- - src/basic/fileio.c | 22 +++++++++++++++++++++- - src/basic/fileio.h | 4 ++-- - src/test/test-fileio.c | 19 ++++++++++++++++--- - 3 files changed, 39 insertions(+), 6 deletions(-) - -diff --git a/src/basic/fileio.c b/src/basic/fileio.c -index 9cb0a2bd28..35eaa3c1c7 100644 ---- a/src/basic/fileio.c -+++ b/src/basic/fileio.c -@@ -574,7 +574,13 @@ static int xfopenat(int dir_fd, const char *path, const char *mode, int flags, F - return 0; - } - --int read_full_file_full(int dir_fd, const char *filename, ReadFullFileFlags flags, char **contents, size_t *size) { -+int read_full_file_full( -+ int dir_fd, -+ const char *filename, -+ ReadFullFileFlags flags, -+ const char *bind_name, -+ char **contents, size_t *size) { -+ - _cleanup_fclose_ FILE *f = NULL; - int r; - -@@ -617,6 +623,20 @@ int read_full_file_full(int dir_fd, const char *filename, ReadFullFileFlags flag - if (sk < 0) - return -errno; - -+ if (bind_name) { -+ /* If the caller specified a socket name to bind to, do so before connecting. This is -+ * useful to communicate some minor, short meta-information token from the client to -+ * the server. */ -+ union sockaddr_union bsa; -+ -+ r = sockaddr_un_set_path(&bsa.un, bind_name); -+ if (r < 0) -+ return r; -+ -+ if (bind(sk, &bsa.sa, r) < 0) -+ return r; -+ } -+ - if (connect(sk, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) - return errno == ENOTSOCK ? -ENXIO : -errno; /* propagate original error if this is - * not a socket after all */ -diff --git a/src/basic/fileio.h b/src/basic/fileio.h -index 1a16e0fd13..82897e209c 100644 ---- a/src/basic/fileio.h -+++ b/src/basic/fileio.h -@@ -44,9 +44,9 @@ static inline int write_string_file(const char *fn, const char *line, WriteStrin - int write_string_filef(const char *fn, WriteStringFileFlags flags, const char *format, ...) _printf_(3, 4); - - int read_one_line_file(const char *filename, char **line); --int read_full_file_full(int dir_fd, const char *filename, ReadFullFileFlags flags, char **contents, size_t *size); -+int read_full_file_full(int dir_fd, const char *filename, ReadFullFileFlags flags, const char *bind_name, char **contents, size_t *size); - static inline int read_full_file(const char *filename, char **contents, size_t *size) { -- return read_full_file_full(AT_FDCWD, filename, 0, contents, size); -+ return read_full_file_full(AT_FDCWD, filename, 0, NULL, contents, size); - } - int read_full_stream_full(FILE *f, const char *filename, ReadFullFileFlags flags, char **contents, size_t *size); - static inline int read_full_stream(FILE *f, char **contents, size_t *size) { -diff --git a/src/test/test-fileio.c b/src/test/test-fileio.c -index 82b7cb1242..5ec70eec14 100644 ---- a/src/test/test-fileio.c -+++ b/src/test/test-fileio.c -@@ -14,6 +14,7 @@ - #include "io-util.h" - #include "parse-util.h" - #include "process-util.h" -+#include "random-util.h" - #include "rm-rf.h" - #include "socket-util.h" - #include "string-util.h" -@@ -714,7 +715,7 @@ static void test_read_line3(void) { - static void test_read_full_file_socket(void) { - _cleanup_(rm_rf_physical_and_freep) char *z = NULL; - _cleanup_close_ int listener = -1; -- _cleanup_free_ char *data = NULL; -+ _cleanup_free_ char *data = NULL, *clientname = NULL; - union sockaddr_union sa; - const char *j; - size_t size; -@@ -734,23 +735,35 @@ static void test_read_full_file_socket(void) { - assert_se(bind(listener, &sa.sa, SOCKADDR_UN_LEN(sa.un)) >= 0); - assert_se(listen(listener, 1) >= 0); - -+ /* Bind the *client* socket to some randomized name, to verify that this works correctly. */ -+ assert_se(asprintf(&clientname, "@%" PRIx64 "/test-bindname", random_u64()) >= 0); -+ - r = safe_fork("(server)", FORK_DEATHSIG|FORK_LOG, &pid); - assert_se(r >= 0); - if (r == 0) { -+ union sockaddr_union peer = {}; -+ socklen_t peerlen = sizeof(peer); - _cleanup_close_ int rfd = -1; - /* child */ - - rfd = accept4(listener, NULL, 0, SOCK_CLOEXEC); - assert_se(rfd >= 0); - -+ assert_se(getpeername(rfd, &peer.sa, &peerlen) >= 0); -+ -+ assert_se(peer.un.sun_family == AF_UNIX); -+ assert_se(peerlen > offsetof(struct sockaddr_un, sun_path)); -+ assert_se(peer.un.sun_path[0] == 0); -+ assert_se(streq(peer.un.sun_path + 1, clientname + 1)); -+ - #define TEST_STR "This is a test\nreally." - - assert_se(write(rfd, TEST_STR, strlen(TEST_STR)) == strlen(TEST_STR)); - _exit(EXIT_SUCCESS); - } - -- assert_se(read_full_file_full(AT_FDCWD, j, 0, &data, &size) == -ENXIO); -- assert_se(read_full_file_full(AT_FDCWD, j, READ_FULL_FILE_CONNECT_SOCKET, &data, &size) >= 0); -+ assert_se(read_full_file_full(AT_FDCWD, j, 0, NULL, &data, &size) == -ENXIO); -+ assert_se(read_full_file_full(AT_FDCWD, j, READ_FULL_FILE_CONNECT_SOCKET, clientname, &data, &size) >= 0); - assert_se(size == strlen(TEST_STR)); - assert_se(streq(data, TEST_STR)); - --- -2.39.1 - diff --git a/10027-fileio-teach-read_full_file_full-to-read-from-offse.patch b/10027-fileio-teach-read_full_file_full-to-read-from-offse.patch deleted file mode 100644 index 08e8f40..0000000 --- a/10027-fileio-teach-read_full_file_full-to-read-from-offse.patch +++ /dev/null @@ -1,246 +0,0 @@ -From 5be0e8a2c3e683c195fd872979d6e5741c80d13f Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 4 Nov 2020 20:25:06 +0100 -Subject: [PATCH] fileio: teach read_full_file_full() to read from offset/with - maximum size - -(cherry picked from commit 7399b3f8083b65db4cb9acb17e4b5c897ba7946d) - -Signed-off-by: Guorui Yu ---- - src/basic/fileio.c | 60 ++++++++++++++++++++++++++++++------------ - src/basic/fileio.h | 12 ++++----- - src/test/test-fileio.c | 49 ++++++++++++++++++++++++++++++++-- - 3 files changed, 96 insertions(+), 25 deletions(-) - -diff --git a/src/basic/fileio.c b/src/basic/fileio.c -index 35eaa3c1c7..c14f9797bd 100644 ---- a/src/basic/fileio.c -+++ b/src/basic/fileio.c -@@ -388,44 +388,58 @@ int read_full_virtual_file(const char *filename, char **ret_contents, size_t *re - int read_full_stream_full( - FILE *f, - const char *filename, -+ uint64_t offset, -+ size_t size, - ReadFullFileFlags flags, - char **ret_contents, - size_t *ret_size) { - - _cleanup_free_ char *buf = NULL; -- struct stat st; - size_t n, n_next, l; - int fd, r; - - assert(f); - assert(ret_contents); - -- n_next = LINE_MAX; /* Start size */ -+ if (offset != UINT64_MAX && offset > LONG_MAX) -+ return -ERANGE; -+ -+ n_next = size != SIZE_MAX ? size : LINE_MAX; /* Start size */ - - fd = fileno(f); -- if (fd >= 0) { /* If the FILE* object is backed by an fd (as opposed to memory or such, see fmemopen(), let's -- * optimize our buffering) */ -+ if (fd >= 0) { /* If the FILE* object is backed by an fd (as opposed to memory or such, see -+ * fmemopen()), let's optimize our buffering */ -+ struct stat st; - - if (fstat(fd, &st) < 0) - return -errno; - - if (S_ISREG(st.st_mode)) { -- -- /* Safety check */ -- if (st.st_size > READ_FULL_BYTES_MAX) -- return -E2BIG; -- -- /* Start with the right file size. Note that we increase the size -- * to read here by one, so that the first read attempt already -- * makes us notice the EOF. */ -- if (st.st_size > 0) -- n_next = st.st_size + 1; -+ if (size == SIZE_MAX) { -+ uint64_t rsize = -+ LESS_BY((uint64_t) st.st_size, offset == UINT64_MAX ? 0 : offset); -+ -+ /* Safety check */ -+ if (rsize > READ_FULL_BYTES_MAX) -+ return -E2BIG; -+ -+ /* Start with the right file size. Note that we increase the size to read -+ * here by one, so that the first read attempt already makes us notice the -+ * EOF. If the reported size of the file is zero, we avoid this logic -+ * however, since quite likely it might be a virtual file in procfs that all -+ * report a zero file size. */ -+ if (st.st_size > 0) -+ n_next = rsize + 1; -+ } - - if (flags & READ_FULL_FILE_WARN_WORLD_READABLE) - (void) warn_file_is_world_accessible(filename, &st, NULL, 0); - } - } - -+ if (offset != UINT64_MAX && fseek(f, offset, SEEK_SET) < 0) -+ return -errno; -+ - n = l = 0; - for (;;) { - char *t; -@@ -462,6 +476,11 @@ int read_full_stream_full( - if (feof(f)) - break; - -+ if (size != SIZE_MAX) { /* If we got asked to read some specific size, we already sized the buffer right, hence leave */ -+ assert(l == size); -+ break; -+ } -+ - assert(k > 0); /* we can't have read zero bytes because that would have been EOF */ - - /* Safety check */ -@@ -577,15 +596,18 @@ static int xfopenat(int dir_fd, const char *path, const char *mode, int flags, F - int read_full_file_full( - int dir_fd, - const char *filename, -+ uint64_t offset, -+ size_t size, - ReadFullFileFlags flags, - const char *bind_name, -- char **contents, size_t *size) { -+ char **ret_contents, -+ size_t *ret_size) { - - _cleanup_fclose_ FILE *f = NULL; - int r; - - assert(filename); -- assert(contents); -+ assert(ret_contents); - - r = xfopenat(dir_fd, filename, "re", 0, &f); - if (r < 0) { -@@ -600,6 +622,10 @@ int read_full_file_full( - if (!FLAGS_SET(flags, READ_FULL_FILE_CONNECT_SOCKET)) - return -ENXIO; - -+ /* Seeking is not supported on AF_UNIX sockets */ -+ if (offset != UINT64_MAX) -+ return -ESPIPE; -+ - if (dir_fd == AT_FDCWD) - r = sockaddr_un_set_path(&sa.un, filename); - else { -@@ -653,7 +679,7 @@ int read_full_file_full( - - (void) __fsetlocking(f, FSETLOCKING_BYCALLER); - -- return read_full_stream_full(f, filename, flags, contents, size); -+ return read_full_stream_full(f, filename, offset, size, flags, ret_contents, ret_size); - } - - static int parse_env_file_internal( -diff --git a/src/basic/fileio.h b/src/basic/fileio.h -index 82897e209c..03150ce776 100644 ---- a/src/basic/fileio.h -+++ b/src/basic/fileio.h -@@ -44,13 +44,13 @@ static inline int write_string_file(const char *fn, const char *line, WriteStrin - int write_string_filef(const char *fn, WriteStringFileFlags flags, const char *format, ...) _printf_(3, 4); - - int read_one_line_file(const char *filename, char **line); --int read_full_file_full(int dir_fd, const char *filename, ReadFullFileFlags flags, const char *bind_name, char **contents, size_t *size); --static inline int read_full_file(const char *filename, char **contents, size_t *size) { -- return read_full_file_full(AT_FDCWD, filename, 0, NULL, contents, size); -+int read_full_file_full(int dir_fd, const char *filename, uint64_t offset, size_t size, ReadFullFileFlags flags, const char *bind_name, char **ret_contents, size_t *ret_size); -+static inline int read_full_file(const char *filename, char **ret_contents, size_t *ret_size) { -+ return read_full_file_full(AT_FDCWD, filename, UINT64_MAX, SIZE_MAX, 0, NULL, ret_contents, ret_size); - } --int read_full_stream_full(FILE *f, const char *filename, ReadFullFileFlags flags, char **contents, size_t *size); --static inline int read_full_stream(FILE *f, char **contents, size_t *size) { -- return read_full_stream_full(f, NULL, 0, contents, size); -+int read_full_stream_full(FILE *f, const char *filename, uint64_t offset, size_t size, ReadFullFileFlags flags, char **ret_contents, size_t *ret_size); -+static inline int read_full_stream(FILE *f, char **ret_contents, size_t *ret_size) { -+ return read_full_stream_full(f, NULL, UINT64_MAX, SIZE_MAX, 0, ret_contents, ret_size); - } - int read_full_virtual_file(const char *filename, char **ret_contents, size_t *ret_size); - -diff --git a/src/test/test-fileio.c b/src/test/test-fileio.c -index 5ec70eec14..5d0006149b 100644 ---- a/src/test/test-fileio.c -+++ b/src/test/test-fileio.c -@@ -762,8 +762,8 @@ static void test_read_full_file_socket(void) { - _exit(EXIT_SUCCESS); - } - -- assert_se(read_full_file_full(AT_FDCWD, j, 0, NULL, &data, &size) == -ENXIO); -- assert_se(read_full_file_full(AT_FDCWD, j, READ_FULL_FILE_CONNECT_SOCKET, clientname, &data, &size) >= 0); -+ assert_se(read_full_file_full(AT_FDCWD, j, UINT64_MAX, SIZE_MAX, 0, NULL, &data, &size) == -ENXIO); -+ assert_se(read_full_file_full(AT_FDCWD, j, UINT64_MAX, SIZE_MAX, READ_FULL_FILE_CONNECT_SOCKET, clientname, &data, &size) >= 0); - assert_se(size == strlen(TEST_STR)); - assert_se(streq(data, TEST_STR)); - -@@ -771,6 +771,50 @@ static void test_read_full_file_socket(void) { - #undef TEST_STR - } - -+static void test_read_full_file_offset_size(void) { -+ _cleanup_fclose_ FILE *f = NULL; -+ _cleanup_(unlink_and_freep) char *fn = NULL; -+ _cleanup_free_ char *rbuf = NULL; -+ size_t rbuf_size; -+ uint8_t buf[4711]; -+ -+ random_bytes(buf, sizeof(buf)); -+ -+ assert_se(tempfn_random_child(NULL, NULL, &fn) >= 0); -+ assert_se(f = fopen(fn, "we")); -+ assert_se(fwrite(buf, 1, sizeof(buf), f) == sizeof(buf)); -+ assert_se(fflush_and_check(f) >= 0); -+ -+ assert_se(read_full_file_full(AT_FDCWD, fn, UINT64_MAX, SIZE_MAX, 0, NULL, &rbuf, &rbuf_size) >= 0); -+ assert_se(rbuf_size == sizeof(buf)); -+ assert_se(memcmp(buf, rbuf, rbuf_size) == 0); -+ rbuf = mfree(rbuf); -+ -+ assert_se(read_full_file_full(AT_FDCWD, fn, UINT64_MAX, 128, 0, NULL, &rbuf, &rbuf_size) >= 0); -+ assert_se(rbuf_size == 128); -+ assert_se(memcmp(buf, rbuf, rbuf_size) == 0); -+ rbuf = mfree(rbuf); -+ -+ assert_se(read_full_file_full(AT_FDCWD, fn, 1234, SIZE_MAX, 0, NULL, &rbuf, &rbuf_size) >= 0); -+ assert_se(rbuf_size == sizeof(buf) - 1234); -+ assert_se(memcmp(buf + 1234, rbuf, rbuf_size) == 0); -+ rbuf = mfree(rbuf); -+ -+ assert_se(read_full_file_full(AT_FDCWD, fn, 2345, 777, 0, NULL, &rbuf, &rbuf_size) >= 0); -+ assert_se(rbuf_size == 777); -+ assert_se(memcmp(buf + 2345, rbuf, rbuf_size) == 0); -+ rbuf = mfree(rbuf); -+ -+ assert_se(read_full_file_full(AT_FDCWD, fn, 4700, 20, 0, NULL, &rbuf, &rbuf_size) >= 0); -+ assert_se(rbuf_size == 11); -+ assert_se(memcmp(buf + 4700, rbuf, rbuf_size) == 0); -+ rbuf = mfree(rbuf); -+ -+ assert_se(read_full_file_full(AT_FDCWD, fn, 10000, 99, 0, NULL, &rbuf, &rbuf_size) >= 0); -+ assert_se(rbuf_size == 0); -+ rbuf = mfree(rbuf); -+} -+ - int main(int argc, char *argv[]) { - log_set_max_level(LOG_DEBUG); - log_parse_environment(); -@@ -796,6 +840,7 @@ int main(int argc, char *argv[]) { - test_read_line2(); - test_read_line3(); - test_read_full_file_socket(); -+ test_read_full_file_offset_size(); - - return 0; - } --- -2.39.1 - diff --git a/10028-cryptsetup-port-cryptsetup-s-main-key-file-logic-ov.patch b/10028-cryptsetup-port-cryptsetup-s-main-key-file-logic-ov.patch deleted file mode 100644 index bb66170..0000000 --- a/10028-cryptsetup-port-cryptsetup-s-main-key-file-logic-ov.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 8ef03861b75cf0a70511760c395cb4bd228c37b9 Mon Sep 17 00:00:00 2001 -From: Lennart Poettering -Date: Wed, 4 Nov 2020 17:24:53 +0100 -Subject: [PATCH] cryptsetup: port cryptsetup's main key file logic over to - read_full_file_full() -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Previously, we'd load the file with libcryptsetup's calls. Let's do that -in our own, so that we can make use of READ_FULL_FILE_CONNECT_SOCKET, -i.e. read in keys via AF_UNIX sockets, so that people can plug key -providers into our logic. - -This provides functionality similar to Debian's keyscript= crypttab -option (see → #3007), as it allows key scripts to be run as socket -activated services, that have stdout connected to the activated socket. -In contrast to traditional keyscript= support this logic runs stuff out -of process however, which is beneficial, since it allows sandboxing and -similar. - -(cherry picked from commit 165a476841ff1aa3aab3508771db9495ab073c7a) - -Signed-off-by: Guorui Yu ---- - src/cryptsetup/cryptsetup.c | 37 ++++++++++++++++++++++++++++++++----- - 1 file changed, 32 insertions(+), 5 deletions(-) - -diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c -index 11162eb722..9251e0eba8 100644 ---- a/src/cryptsetup/cryptsetup.c -+++ b/src/cryptsetup/cryptsetup.c -@@ -17,6 +17,7 @@ - #include "mount-util.h" - #include "parse-util.h" - #include "path-util.h" -+#include "random-util.h" - #include "string-util.h" - #include "strv.h" - #include "util.h" -@@ -480,6 +481,15 @@ static int attach_tcrypt( - return 0; - } - -+static char *make_bindname(const char *volume) { -+ char *s; -+ -+ if (asprintf(&s, "@%" PRIx64"/cryptsetup/%s", random_u64(), volume) < 0) -+ return NULL; -+ -+ return s; -+} -+ - static int attach_luks_or_plain(struct crypt_device *cd, - const char *name, - const char *key_file, -@@ -553,13 +563,30 @@ static int attach_luks_or_plain(struct crypt_device *cd, - crypt_get_device_name(cd)); - - if (key_file) { -- r = crypt_activate_by_keyfile_offset(cd, name, arg_key_slot, key_file, arg_keyfile_size, arg_keyfile_offset, flags); -- if (r == -EPERM) { -- log_error_errno(r, "Failed to activate with key file '%s'. (Key data incorrect?)", key_file); -+ _cleanup_(erase_and_freep) char *kfdata = NULL; -+ _cleanup_free_ char *bindname = NULL; -+ size_t kfsize; -+ -+ /* If we read the key via AF_UNIX, make this client recognizable */ -+ bindname = make_bindname(name); -+ if (!bindname) -+ return log_oom(); -+ -+ r = read_full_file_full( -+ AT_FDCWD, key_file, -+ arg_keyfile_offset == 0 ? UINT64_MAX : arg_keyfile_offset, -+ arg_keyfile_size == 0 ? SIZE_MAX : arg_keyfile_size, -+ READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE|READ_FULL_FILE_CONNECT_SOCKET, -+ bindname, -+ &kfdata, &kfsize); -+ if (r == -ENOENT) { -+ log_error_errno(r, "Failed to activate, key file '%s' missing.", key_file); - return -EAGAIN; /* Log actual error, but return EAGAIN */ - } -- if (r == -EINVAL) { -- log_error_errno(r, "Failed to activate with key file '%s'. (Key file missing?)", key_file); -+ -+ r = crypt_activate_by_passphrase(cd, name, arg_key_slot, kfdata, kfsize, flags); -+ if (r == -EPERM) { -+ log_error_errno(r, "Failed to activate with key file '%s'. (Key data incorrect?)", key_file); - return -EAGAIN; /* Log actual error, but return EAGAIN */ - } - if (r < 0) --- -2.39.1 - diff --git a/systemd.spec b/systemd.spec index 8368a4f..1786de7 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,4 +1,3 @@ -%define anolis_release .0.3 #global gitcommit 10e465b5321bd53c1fc59ffab27e724535c6bc0f %{?gitcommit:%global gitcommitshort %(c=%{gitcommit}; echo ${c:0:7})} @@ -14,7 +13,7 @@ Name: systemd Url: http://www.freedesktop.org/wiki/Software/systemd Version: 239 -Release: 74%{anolis_release}%{?dist} +Release: 74%{?dist}.3 # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: System and Service Manager @@ -955,36 +954,15 @@ Patch0901: 0901-man-document-the-new-_LINE_BREAK-type.patch Patch0902: 0902-journald-server-always-create-state-file-in-signal-h.patch Patch0903: 0903-journald-server-move-relinquish-code-into-function.patch Patch0904: 0904-journald-server-always-touch-state-file-in-signal-ha.patch -Patch0905: 0905-umount-check-LO_FLAGS_AUTOCLEAR-after-LOOP_CLR_FD-cl.patch -Patch10000: 10000-core-fix-a-null-reference-case-in-load_from_path.patch -Patch10001: 10001-sysctl-Don-t-pass-null-directive-argument-to-s.patch -Patch10002: 10002-exit-status-introduce-EXIT_EXCEPTION-mapping-to-255.patch -Patch10003: 10003-main-don-t-freeze-PID-1-in-containers-exit-with-non-.patch -Patch10004: 10004-Do-not-go-into-freeze-when-systemd-crashd.patch -Patch10005: 10005-mount-setup-change-the-system-mount-propagation-to-s.patch -Patch10006: 10006-cgroup-util-make-definition-of-CGROUP_CONTROLLER_TO_.patch -Patch10007: 10007-cgroup-update-only-siblings-that-got-realized-once.patch -Patch10008: 10008-core-add-a-config-item-to-support-setting-the-value-.patch -Patch10009: 10009-systemd-anolis-support-loongarch64.patch -Patch10010: 10010-test-catalog-Fix-coredump-when-compiled-under-GCC10.patch -Patch10011: 10011-hwdb-add-Iluvatar-CoreX.patch -Patch10012: 10012-seccomp-add-loongarch-support.patch -Patch10013: 10013-pager-set-LESSSECURE-whenver-we-invoke-a-pager.patch -Patch10014: 10014-pager-make-pager-secure-when-under-euid-is-changed.patch -Patch10015: 10015-link-libsystemd_static-for-sd_pid_get_owner_uid-in-.patch -Patch10016: 10016-fileio-when-reading-a-full-file-into-memory-refuse-.patch -Patch10017: 10017-util-introduce-explicit_bzero_safe-for-explicit-mem.patch -Patch10018: 10018-util-introduce-erase_and_free-helper.patch -Patch10019: 10019-util-introduce-READ_FULL_FILE_SECURE-flag-for-readi.patch -Patch10020: 10020-fileio-introduce-warn_file_is_world_accessible.patch -Patch10021: 10021-fileio-read_full_file_full-also-warns-when-file-is-.patch -Patch10022: 10022-basic-fileio-Fix-memory-leak-if-READ_FULL_FILE_SECU.patch -Patch10023: 10023-fileio-add-explicit-flag-for-generating-world-execu.patch -Patch10024: 10024-fileio-add-dir_fd-parameter-to-read_full_file_full.patch -Patch10025: 10025-fileio-add-support-for-read_full_file-on-AF_UNIX-st.patch -Patch10026: 10026-fileio-beef-up-READ_FULL_FILE_CONNECT_SOCKET-to-all.patch -Patch10027: 10027-fileio-teach-read_full_file_full-to-read-from-offse.patch -Patch10028: 10028-cryptsetup-port-cryptsetup-s-main-key-file-logic-ov.patch +Patch0905: 0905-pager-set-LESSSECURE-whenver-we-invoke-a-pager.patch +Patch0906: 0906-test-login-always-test-sd_pid_get_owner_uid-moderniz.patch +Patch0907: 0907-pager-make-pager-secure-when-under-euid-is-changed-o.patch +Patch0908: 0908-test-ignore-ENOMEDIUM-error-from-sd_pid_get_cgroup.patch +Patch0909: 0909-pstore-fix-crash-and-forward-dummy-arguments-instead.patch +Patch0910: 0910-ci-workflow-for-gathering-metadata-for-source-git-au.patch +Patch0911: 0911-ci-first-part-of-the-source-git-automation-commit-li.patch +Patch0912: 0912-login-add-a-missing-error-check-for-session_set_lead.patch +Patch0913: 0913-logind-reset-session-leader-if-we-know-for-a-fact-th.patch %ifarch %{ix86} x86_64 aarch64 %global have_gnu_efi 1 @@ -1615,40 +1593,20 @@ fi %files tests -f .file-list-tests %changelog -* Tue Aug 01 2023 Guorui Yu - 239-74.0.3 -- fileio: when reading a full file into memory, refuse inner NUL bytes -- util: introduce explicit_bzero_safe for explicit memset -- util: introduce erase_and_free() helper -- util: introduce READ_FULL_FILE_SECURE flag for reading secure data -- fileio: introduce warn_file_is_world_accessible() -- fileio: read_full_file_full() also warns when file is world readable and secure flag is set -- basic/fileio: Fix memory leak if READ_FULL_FILE_SECURE flag is used -- fileio: add explicit flag for generating world executable warning when reading file -- fileio: add 'dir_fd' parameter to read_full_file_full() -- fileio: add support for read_full_file() on AF_UNIX stream sockets -- fileio: beef up READ_FULL_FILE_CONNECT_SOCKET to allow setting sender socket name -- fileio: teach read_full_file_full() to read from offset/with maximum size -- cryptsetup: port cryptsetup's main key file logic over to read_full_file_full() - -* Wed Jun 28 2023 Liwei Ge - 239-74.0.2 -- Make pager secure (CVE-2023-26604) - -* Mon Jun 19 2023 Yuanhong Peng - 239-74.0.1 -- core: fix a null reference case in load_from_path() -- sysctl: Don't pass null directive argument to '%s' -- exit-status: introduce EXIT_EXCEPTION mapping to 255 -- main: don't freeze PID 1 in containers, exit with non-zero instead -- Do not go into freeze when systemd crashd -- mount-setup: change the system mount propagation to shared by default only at bootup -- cgroup-util: make definition of CGROUP_CONTROLLER_TO_MASK() unsigned -- cgroup: update only siblings that got realized once -- core: add a config item to support setting the value of cpuset.clone_children when systemd is starting -- support loongarch for systemd -- test-catalog: Fix coredump when compiled under GCC10 -- add Iluvatar CoreX pci id (Liwei Ge) -- seccomp: add loongarch64 support (Liwei Ge) -- seccomp: remove loongarch64 switch(Liwei Ge) -- umount: check LO_FLAGS_AUTOCLEAR after LOOP_CLR_FD claimed success(yuanhui) +* Thu Jul 20 2023 systemd maintenance team - 239-74.3 +- login: add a missing error check for session_set_leader() (#2223602) +- logind: reset session leader if we know for a fact that it is gone (#2223602) + +* Thu May 18 2023 systemd maintenance team - 239-74.2 +- pstore: fix crash and forward dummy arguments instead of NULL (#2190153) +- ci: workflow for gathering metadata for source-git automation (#2190153) +- ci: first part of the source-git automation - commit linter (#2190153) + +* Tue Apr 18 2023 systemd maintenance team - 239-74.1 +- pager: set $LESSSECURE whenver we invoke a pager (#2175623) +- test-login: always test sd_pid_get_owner_uid(), modernize (#2175623) +- pager: make pager secure when under euid is changed or explicitly requested (#2175623) +- test: ignore ENOMEDIUM error from sd_pid_get_cgroup() (#2175623) * Tue Mar 14 2023 systemd maintenance team - 239-74 - journald-server: always create state file in signal handler (#2174645) -- Gitee From ff3f343fa87979ab9028d31234334ff5de80f5a2 Mon Sep 17 00:00:00 2001 From: pangqing Date: Tue, 19 Apr 2022 15:08:32 +0800 Subject: [PATCH 2/8] Add optimized patches Signed-off-by: Yuanhong Peng --- ...ull-reference-case-in-load_from_path.patch | 34 +++++ ...-t-pass-null-directive-argument-to-s.patch | 25 ++++ ...roduce-EXIT_EXCEPTION-mapping-to-255.patch | 52 ++++++++ ...e-PID-1-in-containers-exit-with-non-.patch | 52 ++++++++ ...t-go-into-freeze-when-systemd-crashd.patch | 103 +++++++++++++++ ...ge-the-system-mount-propagation-to-s.patch | 62 +++++++++ ...-definition-of-CGROUP_CONTROLLER_TO_.patch | 26 ++++ ...only-siblings-that-got-realized-once.patch | 46 +++++++ ...g-item-to-support-setting-the-value-.patch | 120 ++++++++++++++++++ ...9-systemd-anolis-support-loongarch64.patch | 56 ++++++++ systemd.spec | 25 +++- 11 files changed, 600 insertions(+), 1 deletion(-) create mode 100644 10000-core-fix-a-null-reference-case-in-load_from_path.patch create mode 100644 10001-sysctl-Don-t-pass-null-directive-argument-to-s.patch create mode 100644 10002-exit-status-introduce-EXIT_EXCEPTION-mapping-to-255.patch create mode 100644 10003-main-don-t-freeze-PID-1-in-containers-exit-with-non-.patch create mode 100644 10004-Do-not-go-into-freeze-when-systemd-crashd.patch create mode 100644 10005-mount-setup-change-the-system-mount-propagation-to-s.patch create mode 100644 10006-cgroup-util-make-definition-of-CGROUP_CONTROLLER_TO_.patch create mode 100644 10007-cgroup-update-only-siblings-that-got-realized-once.patch create mode 100644 10008-core-add-a-config-item-to-support-setting-the-value-.patch create mode 100644 10009-systemd-anolis-support-loongarch64.patch diff --git a/10000-core-fix-a-null-reference-case-in-load_from_path.patch b/10000-core-fix-a-null-reference-case-in-load_from_path.patch new file mode 100644 index 0000000..e15690c --- /dev/null +++ b/10000-core-fix-a-null-reference-case-in-load_from_path.patch @@ -0,0 +1,34 @@ +From 11e4aae398f9d26c7c4e54bfa6621f80a3ed2100 Mon Sep 17 00:00:00 2001 +From: Wen Yang +Date: Tue, 19 Apr 2022 11:04:47 +0800 +Subject: [PATCH] fix a null reference case in load_from_path() + +--- + src/core/load-fragment.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c +index c0b1fd4..f59a040 100644 +--- a/src/core/load-fragment.c ++++ b/src/core/load-fragment.c +@@ -4477,7 +4477,6 @@ static int load_from_path(Unit *u, const char *path) { + r = open_follow(&filename, &f, symlink_names, &id); + if (r >= 0) + break; +- filename = mfree(filename); + + /* ENOENT means that the file is missing or is a dangling symlink. + * ENOTDIR means that one of paths we expect to be is a directory +@@ -4486,7 +4485,8 @@ static int load_from_path(Unit *u, const char *path) { + */ + if (r == -EACCES) + log_debug_errno(r, "Cannot access \"%s\": %m", filename); +- else if (!IN_SET(r, -ENOENT, -ENOTDIR)) ++ filename = mfree(filename); ++ if (!IN_SET(r, -ENOENT, -ENOTDIR)) + return r; + + /* Empty the symlink names for the next run */ +-- +2.27.0 + diff --git a/10001-sysctl-Don-t-pass-null-directive-argument-to-s.patch b/10001-sysctl-Don-t-pass-null-directive-argument-to-s.patch new file mode 100644 index 0000000..ec09ee4 --- /dev/null +++ b/10001-sysctl-Don-t-pass-null-directive-argument-to-s.patch @@ -0,0 +1,25 @@ +From 1b3f7805ed7c193e17cb5bad4f4f19c2f72f3d08 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Tue, 19 Apr 2022 11:16:42 +0800 +Subject: [PATCH] sysctl: Don't pass null directive argument to '%s' + +--- + src/sysctl/sysctl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/sysctl/sysctl.c b/src/sysctl/sysctl.c +index 4c85d68..e756eff 100644 +--- a/src/sysctl/sysctl.c ++++ b/src/sysctl/sysctl.c +@@ -160,7 +160,7 @@ static int parse_file(OrderedHashmap *sysctl_options, const char *path, bool ign + + value = strchr(p, '='); + if (!value) { +- log_error("Line is not an assignment at '%s:%u': %s", path, c, value); ++ log_error("Line is not an assignment at '%s:%u': %s", path, c, p); + + if (r == 0) + r = -EINVAL; +-- +2.27.0 + diff --git a/10002-exit-status-introduce-EXIT_EXCEPTION-mapping-to-255.patch b/10002-exit-status-introduce-EXIT_EXCEPTION-mapping-to-255.patch new file mode 100644 index 0000000..66539a0 --- /dev/null +++ b/10002-exit-status-introduce-EXIT_EXCEPTION-mapping-to-255.patch @@ -0,0 +1,52 @@ +From f7940c9cdf872d7504aca9637e9fd14328b2b726 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 19 Apr 2022 11:26:10 +0800 +Subject: [PATCH] exit-status: introduce EXIT_EXCEPTION mapping to 255 + +--- + src/basic/exit-status.c | 9 ++++++--- + src/basic/exit-status.h | 1 + + 2 files changed, 7 insertions(+), 3 deletions(-) + +diff --git a/src/basic/exit-status.c b/src/basic/exit-status.c +index 0a7a53b..8b67d44 100644 +--- a/src/basic/exit-status.c ++++ b/src/basic/exit-status.c +@@ -19,9 +19,9 @@ const char* exit_status_to_string(int status, ExitStatusLevel level) { + * 79…199 │ (Currently unmapped) + * 200…241 │ systemd's private error codes (might be extended to 254 in future development) + * 242…254 │ (Currently unmapped, but see above) +- * 255 │ (We should probably stay away from that one, it's frequently used by applications to indicate an +- * │ exit reason that cannot really be expressed in a single exit status value — such as a propagated +- * │ signal or such) ++ * 255 │ EXIT_EXCEPTION (We use this to propagate exit-by-signal events. It's frequently used by others apps (like bash) ++ * │ to indicate exit reason that cannot really be expressed in a single exit status value — such as a propagated ++ * │ signal or such, and we follow that logic here.) + */ + + switch (status) { /* We always cover the ISO C ones */ +@@ -158,6 +158,9 @@ const char* exit_status_to_string(int status, ExitStatusLevel level) { + + case EXIT_NUMA_POLICY: + return "NUMA_POLICY"; ++ ++ case EXIT_EXCEPTION: ++ return "EXCEPTION"; + } + } + +diff --git a/src/basic/exit-status.h b/src/basic/exit-status.h +index dc284aa..e923247 100644 +--- a/src/basic/exit-status.h ++++ b/src/basic/exit-status.h +@@ -70,6 +70,7 @@ enum { + EXIT_LOGS_DIRECTORY, /* 240 */ + EXIT_CONFIGURATION_DIRECTORY, + EXIT_NUMA_POLICY, ++ EXIT_EXCEPTION = 255, /* Whenever we want to propagate an abnormal/signal exit, in line with bash */ + }; + + typedef enum ExitStatusLevel { +-- +2.27.0 + diff --git a/10003-main-don-t-freeze-PID-1-in-containers-exit-with-non-.patch b/10003-main-don-t-freeze-PID-1-in-containers-exit-with-non-.patch new file mode 100644 index 0000000..026fc66 --- /dev/null +++ b/10003-main-don-t-freeze-PID-1-in-containers-exit-with-non-.patch @@ -0,0 +1,52 @@ +From dffb92b5520a4b539f0466d4161fcaacc6ba5ba8 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 19 Apr 2022 11:34:27 +0800 +Subject: [PATCH] main: don't freeze PID 1 in containers, exit with + +--- + src/core/main.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/src/core/main.c b/src/core/main.c +index d897155..0aec5d1 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -139,7 +139,13 @@ static NUMAPolicy arg_numa_policy; + static int parse_configuration(const struct rlimit *saved_rlimit_nofile, + const struct rlimit *saved_rlimit_memlock); + +-_noreturn_ static void freeze_or_reboot(void) { ++_noreturn_ static void freeze_or_exit_or_reboot(void) { ++ /* If we are running in a contianer, let's prefer exiting, after all we can propagate an exit code to the ++ * container manager, and thus inform it that something went wrong. */ ++ if (detect_container() > 0) { ++ log_emergency("Exiting PID 1..."); ++ exit(EXIT_EXCEPTION); ++ } + + if (arg_crash_reboot) { + log_notice("Rebooting in 10s..."); +@@ -247,7 +253,7 @@ _noreturn_ static void crash(int sig) { + } + } + +- freeze_or_reboot(); ++ freeze_or_exit_or_reboot(); + } + + static void install_crash_handler(void) { +@@ -2664,9 +2670,9 @@ finish: + if (error_message) + manager_status_printf(NULL, STATUS_TYPE_EMERGENCY, + ANSI_HIGHLIGHT_RED "!!!!!!" ANSI_NORMAL, +- "%s, freezing.", error_message); +- freeze_or_reboot(); ++ "%s.", error_message); ++ freeze_or_exit_or_reboot(); + } + + reset_arguments(); + return retval; +-- +2.27.0 + diff --git a/10004-Do-not-go-into-freeze-when-systemd-crashd.patch b/10004-Do-not-go-into-freeze-when-systemd-crashd.patch new file mode 100644 index 0000000..1cb12cc --- /dev/null +++ b/10004-Do-not-go-into-freeze-when-systemd-crashd.patch @@ -0,0 +1,103 @@ +From 64072aab92ff6489a2e460a9bdd1cfefa587264b Mon Sep 17 00:00:00 2001 +From: Yuanhong Peng +Date: Tue, 19 Apr 2022 13:36:09 +0800 +Subject: [PATCH] Do not go into freeze when systemd crashd + +--- + src/core/main.c | 41 ++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 40 insertions(+), 1 deletion(-) + +diff --git a/src/core/main.c b/src/core/main.c +index 0aec5d1..db91151 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -3,6 +3,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -10,6 +11,7 @@ + #include + #include + #include ++#include + #include + #if HAVE_SECCOMP + #include +@@ -135,10 +137,41 @@ static sd_id128_t arg_machine_id; + static EmergencyAction arg_cad_burst_action; + static CPUSet arg_cpu_affinity; + static NUMAPolicy arg_numa_policy; ++static bool reexec_jmp_can = false; ++static bool reexec_jmp_inited = false; ++static sigjmp_buf reexec_jmp_buf; + + static int parse_configuration(const struct rlimit *saved_rlimit_nofile, + const struct rlimit *saved_rlimit_memlock); + ++static void reexec_handler(int sig) { ++ reexec_jmp_can = true; ++} ++ ++_noreturn_ static void freeze_wait_upgrade(void) { ++ struct sigaction sa; ++ sigset_t ss; ++ ++ sigemptyset(&ss); ++ sigaddset(&ss, SIGTERM); ++ sigprocmask(SIG_UNBLOCK, &ss, NULL); ++ ++ sa.sa_handler = reexec_handler; ++ sa.sa_flags = SA_RESTART; ++ sigaction(SIGTERM, &sa, NULL); ++ ++ log_error("freeze_wait_upgrade: %d\n", reexec_jmp_inited); ++ reexec_jmp_can = false; ++ while(1) { ++ usleep(10000); ++ if (reexec_jmp_inited && reexec_jmp_can) { ++ log_error("goto manager_reexecute.\n"); ++ siglongjmp(reexec_jmp_buf, 1); ++ } ++ waitpid(-1, NULL, WNOHANG); ++ } ++} ++ + _noreturn_ static void freeze_or_exit_or_reboot(void) { + /* If we are running in a contianer, let's prefer exiting, after all we can propagate an exit code to the + * container manager, and thus inform it that something went wrong. */ +@@ -157,7 +190,8 @@ _noreturn_ static void freeze_or_exit_or_reboot(void) { + } + + log_emergency("Freezing execution."); +- freeze(); ++ freeze_wait_upgrade(); ++ + } + + _noreturn_ static void crash(int sig) { +@@ -1667,6 +1701,10 @@ static int invoke_main_loop( + assert(ret_switch_root_init); + assert(ret_error_message); + ++ reexec_jmp_inited = true; ++ if (sigsetjmp(reexec_jmp_buf, 1)) ++ goto manager_reexecute; ++ + for (;;) { + r = manager_loop(m); + if (r < 0) { +@@ -1709,6 +1747,7 @@ static int invoke_main_loop( + + case MANAGER_REEXECUTE: + ++manager_reexecute: + r = prepare_reexecute(m, &arg_serialization, ret_fds, false); + if (r < 0) { + *ret_error_message = "Failed to prepare for reexecution"; +-- +2.27.0 + diff --git a/10005-mount-setup-change-the-system-mount-propagation-to-s.patch b/10005-mount-setup-change-the-system-mount-propagation-to-s.patch new file mode 100644 index 0000000..fa95141 --- /dev/null +++ b/10005-mount-setup-change-the-system-mount-propagation-to-s.patch @@ -0,0 +1,62 @@ +From 0c7f29561634f9374c0d9042304f4d4caa4242f0 Mon Sep 17 00:00:00 2001 +From: Wen Yang +Date: Tue, 19 Apr 2022 13:50:04 +0800 +Subject: [PATCH] mount-setup: change the system mount propagation to + +--- + src/core/main.c | 2 +- + src/core/mount-setup.c | 4 ++-- + src/core/mount-setup.h | 2 +- + 3 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/core/main.c b/src/core/main.c +index db91151..81dae1c 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -2519,7 +2519,7 @@ int main(int argc, char *argv[]) { + if (!skip_setup) + kmod_setup(); + +- r = mount_setup(loaded_policy); ++ r = mount_setup(loaded_policy, skip_setup); + if (r < 0) { + error_message = "Failed to mount API filesystems"; + goto finish; +diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c +index a659458..9f9f953 100644 +--- a/src/core/mount-setup.c ++++ b/src/core/mount-setup.c +@@ -400,7 +400,7 @@ static int relabel_cgroup_filesystems(void) { + } + #endif + +-int mount_setup(bool loaded_policy) { ++int mount_setup(bool loaded_policy, bool leave_propagation) { + int r = 0; + + r = mount_points_setup(ELEMENTSOF(mount_table), loaded_policy); +@@ -444,7 +444,7 @@ int mount_setup(bool loaded_policy) { + * needed. Note that we set this only when we are invoked directly by the kernel. If we are invoked by a + * container manager we assume the container manager knows what it is doing (for example, because it set up + * some directories with different propagation modes). */ +- if (detect_container() <= 0) ++ if (detect_container() <= 0 && !leave_propagation) + if (mount(NULL, "/", NULL, MS_REC|MS_SHARED, NULL) < 0) + log_warning_errno(errno, "Failed to set up the root directory for shared mount propagation: %m"); + +diff --git a/src/core/mount-setup.h b/src/core/mount-setup.h +index 43cd890..7a011b2 100644 +--- a/src/core/mount-setup.h ++++ b/src/core/mount-setup.h +@@ -4,7 +4,7 @@ + #include + + int mount_setup_early(void); +-int mount_setup(bool loaded_policy); ++int mount_setup(bool loaded_policy, bool leave_propagation); + + int mount_cgroup_controllers(char ***join_controllers); + +-- +2.27.0 + diff --git a/10006-cgroup-util-make-definition-of-CGROUP_CONTROLLER_TO_.patch b/10006-cgroup-util-make-definition-of-CGROUP_CONTROLLER_TO_.patch new file mode 100644 index 0000000..9a5fa6e --- /dev/null +++ b/10006-cgroup-util-make-definition-of-CGROUP_CONTROLLER_TO_.patch @@ -0,0 +1,26 @@ +From d449667a6a545a46647911838731e8e46a5a39ed Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 19 Apr 2022 13:56:39 +0800 +Subject: [PATCH] cgroup-util: make definition of CGROUP_CONTROLLER_TO_MASK() + unsigned + +--- + src/basic/cgroup-util.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/basic/cgroup-util.h b/src/basic/cgroup-util.h +index 1210b38..76659c3 100644 +--- a/src/basic/cgroup-util.h ++++ b/src/basic/cgroup-util.h +@@ -31,7 +31,7 @@ typedef enum CGroupController { + _CGROUP_CONTROLLER_INVALID = -1, + } CGroupController; + +-#define CGROUP_CONTROLLER_TO_MASK(c) (1 << (c)) ++#define CGROUP_CONTROLLER_TO_MASK(c) (1U << (c)) + + /* A bit mask of well known cgroup controllers */ + typedef enum CGroupMask { +-- +2.27.0 + diff --git a/10007-cgroup-update-only-siblings-that-got-realized-once.patch b/10007-cgroup-update-only-siblings-that-got-realized-once.patch new file mode 100644 index 0000000..068f21c --- /dev/null +++ b/10007-cgroup-update-only-siblings-that-got-realized-once.patch @@ -0,0 +1,46 @@ +From 841539281bed5187d2f773097eefb0bb3c5057ec Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 19 Apr 2022 14:03:12 +0800 +Subject: [PATCH] cgroup: update only siblings that got realized once + +--- + src/core/cgroup.c | 16 +++++++++++++++- + 1 file changed, 15 insertions(+), 1 deletion(-) + +diff --git a/src/core/cgroup.c b/src/core/cgroup.c +index f02cc31..e0e0a98 100644 +--- a/src/core/cgroup.c ++++ b/src/core/cgroup.c +@@ -1980,7 +1980,16 @@ static void unit_add_siblings_to_cgroup_realize_queue(Unit *u) { + Unit *slice; + + /* This adds the siblings of the specified unit and the siblings of all parent units to the cgroup +- * queue. (But neither the specified unit itself nor the parents.) */ ++ * queue. (But neither the specified unit itself nor the parents.) ++ * ++ * Propagation of realization "side-ways" (i.e. towards siblings) is in relevant on cgroup-v1 where ++ * scheduling become very weird if two units that own processes reside in the same slice, but one is ++ * realized in the "cpu" hierarchy and once is not (for example because one has CPUWeight= set and ++ * the other does not), because that means processes need to be scheduled against groups. Let's avoid ++ * this asymmetry by always ensuring that units below a slice that are realized at all are hence ++ * always realized in *all* their hierarchies, and it is sufficient for a unit's sibling to be ++ * realized for a unit to be realized too. */ ++ + + while ((slice = UNIT_DEREF(u->slice))) { + Iterator i; +@@ -1996,6 +2005,11 @@ static void unit_add_siblings_to_cgroup_realize_queue(Unit *u) { + if (UNIT_IS_INACTIVE_OR_FAILED(unit_active_state(m))) + continue; + ++ /* We only enqueue siblings if they were realized once at least, in the main ++ * hierarchy. */ ++ if (!m->cgroup_realized) ++ continue; ++ + /* If the unit doesn't need any new controllers and has current ones realized, it + * doesn't need any changes. */ + if (unit_has_mask_realized(m, +-- +2.27.0 + diff --git a/10008-core-add-a-config-item-to-support-setting-the-value-.patch b/10008-core-add-a-config-item-to-support-setting-the-value-.patch new file mode 100644 index 0000000..272d61b --- /dev/null +++ b/10008-core-add-a-config-item-to-support-setting-the-value-.patch @@ -0,0 +1,120 @@ +From f21d63650318791f29f56dc26f23acb5b53620a6 Mon Sep 17 00:00:00 2001 +From:Yuanhong Peng +Date: Tue, 19 Apr 2022 14:13:49 +0800 +Subject: [PATCH] core: add a config item to support setting the value + +--- + src/core/main.c | 69 +++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 69 insertions(+) + +diff --git a/src/core/main.c b/src/core/main.c +index 81dae1c..0712423 100644 +--- a/src/core/main.c ++++ b/src/core/main.c +@@ -140,6 +140,7 @@ static NUMAPolicy arg_numa_policy; + static bool reexec_jmp_can = false; + static bool reexec_jmp_inited = false; + static sigjmp_buf reexec_jmp_buf; ++static bool arg_default_cpuset_clone_children = false; + + static int parse_configuration(const struct rlimit *saved_rlimit_nofile, + const struct rlimit *saved_rlimit_memlock); +@@ -527,6 +528,14 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat + return 0; + + parse_path_argument_and_warn(value, false, &arg_watchdog_device); ++ ++ } else if (proc_cmdline_key_streq(key, "systemd.cpuset_clone_children") && value) { ++ ++ r = parse_boolean(value); ++ if (r < 0) ++ log_warning("Failed to parse cpuset_clone_children switch %s. Ignoring.", value); ++ else ++ arg_default_cpuset_clone_children = r; + + } else if (streq(key, "quiet") && !value) { + +@@ -756,6 +765,7 @@ static int parse_config_file(void) { + { "Manager", "DefaultTasksAccounting", config_parse_bool, 0, &arg_default_tasks_accounting }, + { "Manager", "DefaultTasksMax", config_parse_tasks_max, 0, &arg_default_tasks_max }, + { "Manager", "CtrlAltDelBurstAction", config_parse_emergency_action, 0, &arg_cad_burst_action }, ++ { "Manager", "DefaultCPUSetCloneChildren",config_parse_bool, 0, &arg_default_cpuset_clone_children }, + {} + }; + +@@ -1872,6 +1882,64 @@ static void log_execution_mode(bool *ret_first_boot) { + } + } + ++static bool is_use_triple_cgroup(void) { ++ const char * path ="/sys/fs/cgroup/cpuset"; ++ _cleanup_strv_free_ char **l = NULL; ++ char buf[128] = {0}; ++ int r; ++ ++ r = is_symlink(path); ++ if (r <= 0) ++ return false; ++ ++ r = readlink(path, buf, sizeof(buf)); ++ if (r < 0 || (unsigned int)r >= sizeof(buf)) ++ return false; ++ ++ buf[r] = '\0'; ++ l = strv_split(buf, ","); ++ if (!l) ++ return false; ++ ++ strv_sort(l); ++ if (strv_length(l) != 3) ++ return false; ++ ++ if (streq(l[0],"cpu") && streq(l[1], "cpuacct") && ++ streq(l[2], "cpuset")) { ++ log_debug(PACKAGE_STRING " use_triple_cgroup: %s", buf); ++ return true; ++ } ++ return false; ++} ++ ++static int ali_handle_cpuset_clone_children(void) ++{ ++ const char *file = "/sys/fs/cgroup/cpuset/cgroup.clone_children"; ++ _cleanup_free_ char *buf = NULL; ++ int r; ++ ++ r = read_one_line_file(file, &buf); ++ if (r < 0) { ++ log_warning_errno(r, "Cannot read %s: %m", file); ++ return r; ++ } ++ ++ if (streq(buf, "1") && arg_default_cpuset_clone_children) ++ return 0; ++ ++ if (streq(buf, "0") && (!arg_default_cpuset_clone_children)) ++ return 0; ++ ++ if (!is_use_triple_cgroup()) ++ return 0; ++ ++ r = write_string_file(file, one_zero(arg_default_cpuset_clone_children), 0); ++ log_info(PACKAGE_STRING " set %s to %s, ret=%d", file, one_zero(arg_default_cpuset_clone_children), r); ++ return r; ++} ++ ++ + static int initialize_runtime( + bool skip_setup, + struct rlimit *saved_rlimit_nofile, +@@ -1906,6 +1974,7 @@ static int initialize_runtime( + return r; + } + ++ ali_handle_cpuset_clone_children(); + status_welcome(); + hostname_setup(); + machine_id_setup(NULL, arg_machine_id, NULL); +-- +2.27.0 + diff --git a/10009-systemd-anolis-support-loongarch64.patch b/10009-systemd-anolis-support-loongarch64.patch new file mode 100644 index 0000000..b76c8e0 --- /dev/null +++ b/10009-systemd-anolis-support-loongarch64.patch @@ -0,0 +1,56 @@ +From c8b7c2b34bd451cd9d5904fc215ad14893008a03 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Tue, 19 Apr 2022 14:25:05 +0800 +Subject: [PATCH] support loongarch64 for systemd + +--- + src/basic/architecture.c | 3 +++ + src/basic/architecture.h | 4 ++++ + 2 files changed, 7 insertions(+) + +diff --git a/src/basic/architecture.c b/src/basic/architecture.c +index 85837b5..96bbf97 100644 +--- a/src/basic/architecture.c ++++ b/src/basic/architecture.c +@@ -118,6 +118,8 @@ int uname_architecture(void) { + #elif defined(__arc__) + { "arc", ARCHITECTURE_ARC }, + { "arceb", ARCHITECTURE_ARC_BE }, ++#elif defined(__loongarch64) ++ { "loongarch64", ARCHITECTURE_LOONGARCH64 }, + #else + #error "Please register your architecture here!" + #endif +@@ -173,6 +175,7 @@ static const char *const architecture_table[_ARCHITECTURE_MAX] = { + [ARCHITECTURE_RISCV64] = "riscv64", + [ARCHITECTURE_ARC] = "arc", + [ARCHITECTURE_ARC_BE] = "arc-be", ++ [ARCHITECTURE_LOONGARCH64] = "loongarch64", + }; + + DEFINE_STRING_TABLE_LOOKUP(architecture, int); +diff --git a/src/basic/architecture.h b/src/basic/architecture.h +index 443e890..22e9108 100644 +--- a/src/basic/architecture.h ++++ b/src/basic/architecture.h +@@ -44,6 +44,7 @@ enum { + ARCHITECTURE_RISCV64, + ARCHITECTURE_ARC, + ARCHITECTURE_ARC_BE, ++ ARCHITECTURE_LOONGARCH64, + _ARCHITECTURE_MAX, + _ARCHITECTURE_INVALID = -1 + }; +@@ -229,6 +230,9 @@ int uname_architecture(void); + # define native_architecture() ARCHITECTURE_ARC + # define LIB_ARCH_TUPLE "arc-linux" + # endif ++#elif defined(__loongarch64) ++# define native_architecture() ARCHITECTURE_LOONGARCH64 ++# define LIB_ARCH_TUPLE "loongarch64-linux-gnu" + #else + # error "Please register your architecture here!" + #endif +-- +2.27.0 + diff --git a/systemd.spec b/systemd.spec index 1786de7..a47dced 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1,3 +1,4 @@ +%define anolis_release .0.2 #global gitcommit 10e465b5321bd53c1fc59ffab27e724535c6bc0f %{?gitcommit:%global gitcommitshort %(c=%{gitcommit}; echo ${c:0:7})} @@ -13,7 +14,7 @@ Name: systemd Url: http://www.freedesktop.org/wiki/Software/systemd Version: 239 -Release: 74%{?dist}.3 +Release: 74%{anolis_release}%{?dist}.3 # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: System and Service Manager @@ -963,6 +964,16 @@ Patch0910: 0910-ci-workflow-for-gathering-metadata-for-source-git-au.patch Patch0911: 0911-ci-first-part-of-the-source-git-automation-commit-li.patch Patch0912: 0912-login-add-a-missing-error-check-for-session_set_lead.patch Patch0913: 0913-logind-reset-session-leader-if-we-know-for-a-fact-th.patch +Patch10000: 10000-core-fix-a-null-reference-case-in-load_from_path.patch +Patch10001: 10001-sysctl-Don-t-pass-null-directive-argument-to-s.patch +Patch10002: 10002-exit-status-introduce-EXIT_EXCEPTION-mapping-to-255.patch +Patch10003: 10003-main-don-t-freeze-PID-1-in-containers-exit-with-non-.patch +Patch10004: 10004-Do-not-go-into-freeze-when-systemd-crashd.patch +Patch10005: 10005-mount-setup-change-the-system-mount-propagation-to-s.patch +Patch10006: 10006-cgroup-util-make-definition-of-CGROUP_CONTROLLER_TO_.patch +Patch10007: 10007-cgroup-update-only-siblings-that-got-realized-once.patch +Patch10008: 10008-core-add-a-config-item-to-support-setting-the-value-.patch +Patch10009: 10009-systemd-anolis-support-loongarch64.patch %ifarch %{ix86} x86_64 aarch64 %global have_gnu_efi 1 @@ -1593,6 +1604,18 @@ fi %files tests -f .file-list-tests %changelog +* Wed Sep 06 2023 Yuanhong Peng - 239-74.0.2.3 +- core: fix a null reference case in load_from_path() +- sysctl: Don't pass null directive argument to '%s' +- exit-status: introduce EXIT_EXCEPTION mapping to 255 +- main: don't freeze PID 1 in containers, exit with non-zero instead +- Do not go into freeze when systemd crashd +- mount-setup: change the system mount propagation to shared by default only at bootup +- cgroup-util: make definition of CGROUP_CONTROLLER_TO_MASK() unsigned +- cgroup: update only siblings that got realized once +- core: add a config item to support setting the value of cpuset.clone_children when systemd is starting +- support loongarch for systemd + * Thu Jul 20 2023 systemd maintenance team - 239-74.3 - login: add a missing error check for session_set_leader() (#2223602) - logind: reset session leader if we know for a fact that it is gone (#2223602) -- Gitee From ddd9e29d6d985ac2acc141715fbd8b3c9e73e384 Mon Sep 17 00:00:00 2001 From: Yuanhong Peng Date: Wed, 18 May 2022 10:24:07 +0800 Subject: [PATCH 3/8] test-catalog: Fix coredump when compiled under GCC10 Signed-off-by: Yuanhong Peng --- ...x-coredump-when-compiled-under-GCC10.patch | 56 +++++++++++++++++++ systemd.spec | 2 + 2 files changed, 58 insertions(+) create mode 100644 10010-test-catalog-Fix-coredump-when-compiled-under-GCC10.patch diff --git a/10010-test-catalog-Fix-coredump-when-compiled-under-GCC10.patch b/10010-test-catalog-Fix-coredump-when-compiled-under-GCC10.patch new file mode 100644 index 0000000..d4054b4 --- /dev/null +++ b/10010-test-catalog-Fix-coredump-when-compiled-under-GCC10.patch @@ -0,0 +1,56 @@ +From 5209a26aa917aa54b09ee18394ad46ee601e77be Mon Sep 17 00:00:00 2001 +From: Yuanhong Peng +Date: Tue, 17 May 2022 21:34:34 +0800 +Subject: [PATCH] test-catalog: Fix coredump when compiled under GCC10 + +According to the documentation: +https://gcc.gnu.org/gcc-9/porting_to.html#complit: + +The `catalog_dirs` produced by STRV_MAKE(..) marco relies on +the extended lifetime feature which is fixed by GCC9. + +Signed-off-by: Yuanhong Peng +--- + src/journal/test-catalog.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/src/journal/test-catalog.c b/src/journal/test-catalog.c +index 0c4da29..2ce92af 100644 +--- a/src/journal/test-catalog.c ++++ b/src/journal/test-catalog.c +@@ -201,7 +201,8 @@ static void test_catalog_file_lang(void) { + + int main(int argc, char *argv[]) { + _cleanup_(unlink_tempfilep) char database[] = "/tmp/test-catalog.XXXXXX"; +- _cleanup_free_ char *text = NULL, *catalog_dir = NULL; ++ _cleanup_free_ char *text = NULL; ++ char *catalog_dir = CATALOG_DIR; + int r; + + setlocale(LC_ALL, "de_DE.UTF-8"); +@@ -214,10 +215,9 @@ int main(int argc, char *argv[]) { + * If it is not, e.g. installed by systemd-tests package, then use installed catalogs. */ + if (test_is_running_from_builddir(NULL)) { + assert_se(catalog_dir = path_join(NULL, ABS_BUILD_DIR, "catalog")); +- catalog_dirs = STRV_MAKE(catalog_dir); +- } else +- catalog_dirs = STRV_MAKE(CATALOG_DIR); ++ } + ++ catalog_dirs = STRV_MAKE(catalog_dir); + assert_se(access(catalog_dirs[0], F_OK) >= 0); + log_notice("Using catalog directory '%s'", catalog_dirs[0]); + +@@ -242,5 +242,9 @@ int main(int argc, char *argv[]) { + assert_se(catalog_get(database, SD_MESSAGE_COREDUMP, &text) >= 0); + printf(">>>%s<<<\n", text); + ++ /* Only in this case, catalog_dir is malloced */ ++ if (test_is_running_from_builddir(NULL)) ++ free(catalog_dir); ++ + return 0; + } +-- +2.27.0 + diff --git a/systemd.spec b/systemd.spec index a47dced..8e862e4 100644 --- a/systemd.spec +++ b/systemd.spec @@ -974,6 +974,7 @@ Patch10006: 10006-cgroup-util-make-definition-of-CGROUP_CONTROLLER_TO_.patch Patch10007: 10007-cgroup-update-only-siblings-that-got-realized-once.patch Patch10008: 10008-core-add-a-config-item-to-support-setting-the-value-.patch Patch10009: 10009-systemd-anolis-support-loongarch64.patch +Patch10010: 10010-test-catalog-Fix-coredump-when-compiled-under-GCC10.patch %ifarch %{ix86} x86_64 aarch64 %global have_gnu_efi 1 @@ -1615,6 +1616,7 @@ fi - cgroup: update only siblings that got realized once - core: add a config item to support setting the value of cpuset.clone_children when systemd is starting - support loongarch for systemd +- test-catalog: Fix coredump when compiled under GCC10 * Thu Jul 20 2023 systemd maintenance team - 239-74.3 - login: add a missing error check for session_set_leader() (#2223602) -- Gitee From 6610dafb555e7fa12b16dd01cb83e0c9fb46b5db Mon Sep 17 00:00:00 2001 From: Liwei Ge Date: Tue, 26 Jul 2022 22:05:44 +0800 Subject: [PATCH 4/8] hwdb: add Iluvatar CoreX https://bugzilla.openanolis.cn/show_bug.cgi?id=1740 Signed-off-by: Liwei Ge --- 10011-hwdb-add-Iluvatar-CoreX.patch | 44 +++++++++++++++++++++++++++++ systemd.spec | 2 ++ 2 files changed, 46 insertions(+) create mode 100644 10011-hwdb-add-Iluvatar-CoreX.patch diff --git a/10011-hwdb-add-Iluvatar-CoreX.patch b/10011-hwdb-add-Iluvatar-CoreX.patch new file mode 100644 index 0000000..e08657c --- /dev/null +++ b/10011-hwdb-add-Iluvatar-CoreX.patch @@ -0,0 +1,44 @@ +From 28e47526dce925e6f32cf79825d38fd10e1f442a Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Tue, 26 Jul 2022 22:01:58 +0800 +Subject: [PATCH] hwdb: add Iluvatar CoreX + +Signed-off-by: rpm-build +--- + hwdb/20-pci-vendor-model.hwdb | 6 ++++++ + hwdb/pci.ids | 2 ++ + 2 files changed, 8 insertions(+) + +diff --git a/hwdb/20-pci-vendor-model.hwdb b/hwdb/20-pci-vendor-model.hwdb +index 0020046..78926f8 100644 +--- a/hwdb/20-pci-vendor-model.hwdb ++++ b/hwdb/20-pci-vendor-model.hwdb +@@ -71141,6 +71141,12 @@ pci:v00001EEC* + pci:v00001EFB* + ID_VENDOR_FROM_DATABASE=Flexxon Pte Ltd + ++pci:v00001E3E* ++ ID_VENDOR_FROM_DATABASE=Iluvatar CoreX ++ ++pci:v00001E3Ed00000001* ++ ID_MODEL_FROM_DATABASE=Iluvatar BI-V100 ++ + pci:v00001FC0* + ID_VENDOR_FROM_DATABASE=Ascom (Finland) Oy + +diff --git a/hwdb/pci.ids b/hwdb/pci.ids +index 40ee143..d6661c7 100644 +--- a/hwdb/pci.ids ++++ b/hwdb/pci.ids +@@ -21543,6 +21543,8 @@ + 0003 alst4x + 1dfc JSC NT-COM + 1181 TDM 8 Port E1/T1/J1 Adapter ++1e3e Iluvatar CoreX ++ 0001 Iluvatar BI-V100 + # nee Tumsan Oy + 1fc0 Ascom (Finland) Oy + 0300 E2200 Dual E1/Rawpipe Card +-- +2.27.0 + diff --git a/systemd.spec b/systemd.spec index 8e862e4..6be59a9 100644 --- a/systemd.spec +++ b/systemd.spec @@ -975,6 +975,7 @@ Patch10007: 10007-cgroup-update-only-siblings-that-got-realized-once.patch Patch10008: 10008-core-add-a-config-item-to-support-setting-the-value-.patch Patch10009: 10009-systemd-anolis-support-loongarch64.patch Patch10010: 10010-test-catalog-Fix-coredump-when-compiled-under-GCC10.patch +Patch10011: 10011-hwdb-add-Iluvatar-CoreX.patch %ifarch %{ix86} x86_64 aarch64 %global have_gnu_efi 1 @@ -1617,6 +1618,7 @@ fi - core: add a config item to support setting the value of cpuset.clone_children when systemd is starting - support loongarch for systemd - test-catalog: Fix coredump when compiled under GCC10 +- add Iluvatar CoreX pci id(Liwei Ge) * Thu Jul 20 2023 systemd maintenance team - 239-74.3 - login: add a missing error check for session_set_leader() (#2223602) -- Gitee From 27a05552980eddbdba7ee93fa9d31b6a6325f33c Mon Sep 17 00:00:00 2001 From: Liwei Ge Date: Thu, 22 Sep 2022 10:38:05 +0800 Subject: [PATCH 5/8] seccomp: add loongarch support --- 10012-seccomp-add-loongarch-support.patch | 79 +++++++++++++++++++++++ systemd.spec | 4 +- 2 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 10012-seccomp-add-loongarch-support.patch diff --git a/10012-seccomp-add-loongarch-support.patch b/10012-seccomp-add-loongarch-support.patch new file mode 100644 index 0000000..69b1b90 --- /dev/null +++ b/10012-seccomp-add-loongarch-support.patch @@ -0,0 +1,79 @@ +From 1894533699f7e01c80e896c5d022275777344492 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Thu, 22 Sep 2022 10:33:54 +0800 +Subject: [PATCH] seccomp: add loongarch support + +--- + src/shared/seccomp-util.c | 21 +++++++++++++++++++++ + 1 file changed, 21 insertions(+) + +diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c +index c57c409..63a875c 100644 +--- a/src/shared/seccomp-util.c ++++ b/src/shared/seccomp-util.c +@@ -42,6 +42,8 @@ const uint32_t seccomp_local_archs[] = { + SCMP_ARCH_AARCH64, /* native */ + #elif defined(__arm__) + SCMP_ARCH_ARM, ++#elif defined(__loongarch__) ++ SCMP_ARCH_LOONGARCH64, + #elif defined(__mips__) && __BYTE_ORDER == __BIG_ENDIAN && _MIPS_SIM == _MIPS_SIM_ABI32 + SCMP_ARCH_MIPSEL, + SCMP_ARCH_MIPS, /* native */ +@@ -136,6 +138,10 @@ const char* seccomp_arch_to_string(uint32_t c) { + return "s390"; + case SCMP_ARCH_S390X: + return "s390x"; ++#if defined(__loongarch__) ++ case SCMP_ARCH_LOONGARCH64: ++ return "loongarch64"; ++#endif + default: + return NULL; + } +@@ -181,6 +187,10 @@ int seccomp_arch_from_string(const char *n, uint32_t *ret) { + *ret = SCMP_ARCH_S390; + else if (streq(n, "s390x")) + *ret = SCMP_ARCH_S390X; ++#if defined(__loongarch__) ++ else if (streq(n, "loongarch64")) ++ *ret = SCMP_ARCH_LOONGARCH64; ++#endif + else + return -EINVAL; + +@@ -1209,6 +1219,11 @@ int seccomp_protect_sysctl(void) { + if (IN_SET(arch, SCMP_ARCH_X32, SCMP_ARCH_AARCH64)) + /* No _sysctl syscall */ + continue; ++#if defined(__loongarch__) ++ if (IN_SET(arch, SCMP_ARCH_LOONGARCH64)) ++ /* No _sysctl syscall */ ++ continue; ++#endif + + r = seccomp_init_for_arch(&seccomp, arch, SCMP_ACT_ALLOW); + if (r < 0) +@@ -1267,6 +1282,9 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist) { + case SCMP_ARCH_PPC: + case SCMP_ARCH_PPC64: + case SCMP_ARCH_PPC64LE: ++#if defined(__loongarch__) ++ case SCMP_ARCH_LOONGARCH64: ++#endif + default: + /* These we either know we don't support (i.e. are the ones that do use socketcall()), or we + * don't know */ +@@ -1543,6 +1561,9 @@ int seccomp_memory_deny_write_execute(void) { + case SCMP_ARCH_X86_64: + case SCMP_ARCH_X32: + case SCMP_ARCH_AARCH64: ++#if defined(__loongarch__) ++ case SCMP_ARCH_LOONGARCH64: ++#endif + filter_syscall = SCMP_SYS(mmap); /* amd64, x32, and arm64 have only mmap */ + shmat_syscall = SCMP_SYS(shmat); + break; +-- +2.27.0 + diff --git a/systemd.spec b/systemd.spec index 6be59a9..e8c1f27 100644 --- a/systemd.spec +++ b/systemd.spec @@ -976,6 +976,7 @@ Patch10008: 10008-core-add-a-config-item-to-support-setting-the-value-.patch Patch10009: 10009-systemd-anolis-support-loongarch64.patch Patch10010: 10010-test-catalog-Fix-coredump-when-compiled-under-GCC10.patch Patch10011: 10011-hwdb-add-Iluvatar-CoreX.patch +Patch10012: 10012-seccomp-add-loongarch-support.patch %ifarch %{ix86} x86_64 aarch64 %global have_gnu_efi 1 @@ -1618,7 +1619,8 @@ fi - core: add a config item to support setting the value of cpuset.clone_children when systemd is starting - support loongarch for systemd - test-catalog: Fix coredump when compiled under GCC10 -- add Iluvatar CoreX pci id(Liwei Ge) +- add Iluvatar CoreX pci id (Liwei Ge) +- seccomp: add loongarch64 support (Liwei Ge) * Thu Jul 20 2023 systemd maintenance team - 239-74.3 - login: add a missing error check for session_set_leader() (#2223602) -- Gitee From e809640281de78959c665175578546c701e33526 Mon Sep 17 00:00:00 2001 From: Liwei Ge Date: Tue, 6 Dec 2022 16:16:34 +0800 Subject: [PATCH 6/8] seccomp: remove loongarch condition since seccomp is fit into loongarch64 now these condition code cloud be removed --- 10012-seccomp-add-loongarch-support.patch | 106 +++++++++++++--------- systemd.spec | 1 + 2 files changed, 65 insertions(+), 42 deletions(-) diff --git a/10012-seccomp-add-loongarch-support.patch b/10012-seccomp-add-loongarch-support.patch index 69b1b90..6aba34f 100644 --- a/10012-seccomp-add-loongarch-support.patch +++ b/10012-seccomp-add-loongarch-support.patch @@ -1,14 +1,14 @@ -From 1894533699f7e01c80e896c5d022275777344492 Mon Sep 17 00:00:00 2001 +From 4c7025f5198be3d055c0e5ad68d364a57e8a7dcc Mon Sep 17 00:00:00 2001 From: rpm-build Date: Thu, 22 Sep 2022 10:33:54 +0800 Subject: [PATCH] seccomp: add loongarch support --- - src/shared/seccomp-util.c | 21 +++++++++++++++++++++ - 1 file changed, 21 insertions(+) + src/shared/seccomp-util.c | 18 +++++++++++++----- + 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/src/shared/seccomp-util.c b/src/shared/seccomp-util.c -index c57c409..63a875c 100644 +index c57c409..1eec0be 100644 --- a/src/shared/seccomp-util.c +++ b/src/shared/seccomp-util.c @@ -42,6 +42,8 @@ const uint32_t seccomp_local_archs[] = { @@ -20,60 +20,82 @@ index c57c409..63a875c 100644 #elif defined(__mips__) && __BYTE_ORDER == __BIG_ENDIAN && _MIPS_SIM == _MIPS_SIM_ABI32 SCMP_ARCH_MIPSEL, SCMP_ARCH_MIPS, /* native */ -@@ -136,6 +138,10 @@ const char* seccomp_arch_to_string(uint32_t c) { - return "s390"; - case SCMP_ARCH_S390X: - return "s390x"; -+#if defined(__loongarch__) +@@ -114,6 +116,8 @@ const char* seccomp_arch_to_string(uint32_t c) { + return "arm"; + case SCMP_ARCH_AARCH64: + return "arm64"; + case SCMP_ARCH_LOONGARCH64: + return "loongarch64"; -+#endif - default: - return NULL; - } -@@ -181,6 +187,10 @@ int seccomp_arch_from_string(const char *n, uint32_t *ret) { - *ret = SCMP_ARCH_S390; - else if (streq(n, "s390x")) - *ret = SCMP_ARCH_S390X; -+#if defined(__loongarch__) + case SCMP_ARCH_MIPS: + return "mips"; + case SCMP_ARCH_MIPS64: +@@ -159,6 +163,8 @@ int seccomp_arch_from_string(const char *n, uint32_t *ret) { + *ret = SCMP_ARCH_ARM; + else if (streq(n, "arm64")) + *ret = SCMP_ARCH_AARCH64; + else if (streq(n, "loongarch64")) + *ret = SCMP_ARCH_LOONGARCH64; -+#endif - else - return -EINVAL; + else if (streq(n, "mips")) + *ret = SCMP_ARCH_MIPS; + else if (streq(n, "mips64")) +@@ -1206,7 +1212,7 @@ int seccomp_protect_sysctl(void) { -@@ -1209,6 +1219,11 @@ int seccomp_protect_sysctl(void) { - if (IN_SET(arch, SCMP_ARCH_X32, SCMP_ARCH_AARCH64)) + log_debug("Operating on architecture: %s", seccomp_arch_to_string(arch)); + +- if (IN_SET(arch, SCMP_ARCH_X32, SCMP_ARCH_AARCH64)) ++ if (IN_SET(arch, SCMP_ARCH_X32, SCMP_ARCH_AARCH64, SCMP_ARCH_LOONGARCH64)) /* No _sysctl syscall */ continue; -+#if defined(__loongarch__) -+ if (IN_SET(arch, SCMP_ARCH_LOONGARCH64)) -+ /* No _sysctl syscall */ -+ continue; -+#endif - r = seccomp_init_for_arch(&seccomp, arch, SCMP_ACT_ALLOW); - if (r < 0) -@@ -1267,6 +1282,9 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist) { - case SCMP_ARCH_PPC: - case SCMP_ARCH_PPC64: - case SCMP_ARCH_PPC64LE: -+#if defined(__loongarch__) +@@ -1251,6 +1257,7 @@ int seccomp_restrict_address_families(Set *address_families, bool whitelist) { + case SCMP_ARCH_X32: + case SCMP_ARCH_ARM: + case SCMP_ARCH_AARCH64: + case SCMP_ARCH_LOONGARCH64: -+#endif - default: - /* These we either know we don't support (i.e. are the ones that do use socketcall()), or we - * don't know */ -@@ -1543,6 +1561,9 @@ int seccomp_memory_deny_write_execute(void) { + case SCMP_ARCH_MIPSEL64N32: + case SCMP_ARCH_MIPS64N32: + case SCMP_ARCH_MIPSEL64: +@@ -1496,7 +1503,7 @@ static int add_seccomp_syscall_filter(scmp_filter_ctx seccomp, + } + + /* For known architectures, check that syscalls are indeed defined or not. */ +-#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) ++#if defined(__x86_64__) || defined(__arm__) || defined(__aarch64__) || defined(__loongarch__) + assert_cc(SCMP_SYS(shmget) > 0); + assert_cc(SCMP_SYS(shmat) > 0); + assert_cc(SCMP_SYS(shmdt) > 0); +@@ -1543,13 +1550,14 @@ int seccomp_memory_deny_write_execute(void) { case SCMP_ARCH_X86_64: case SCMP_ARCH_X32: case SCMP_ARCH_AARCH64: -+#if defined(__loongarch__) + case SCMP_ARCH_LOONGARCH64: -+#endif filter_syscall = SCMP_SYS(mmap); /* amd64, x32, and arm64 have only mmap */ shmat_syscall = SCMP_SYS(shmat); break; + + /* Please add more definitions here, if you port systemd to other architectures! */ + +-#if !defined(__i386__) && !defined(__x86_64__) && !defined(__powerpc__) && !defined(__powerpc64__) && !defined(__arm__) && !defined(__aarch64__) ++#if !defined(__i386__) && !defined(__x86_64__) && !defined(__powerpc__) && !defined(__powerpc64__) && !defined(__arm__) && !defined(__aarch64__) && !defined(__loongarch__) + #warning "Consider adding the right mmap() syscall definitions here!" + #endif + } +@@ -1573,13 +1581,13 @@ int seccomp_memory_deny_write_execute(void) { + if (r < 0) + continue; + } +- ++ if (!IN_SET(arch, SCMP_ARCH_LOONGARCH64)){ + r = add_seccomp_syscall_filter(seccomp, arch, SCMP_SYS(mprotect), + 1, + SCMP_A2(SCMP_CMP_MASKED_EQ, PROT_EXEC, PROT_EXEC)); + if (r < 0) + continue; +- ++ } + #ifdef __NR_pkey_mprotect + r = add_seccomp_syscall_filter(seccomp, arch, SCMP_SYS(pkey_mprotect), + 1, -- 2.27.0 diff --git a/systemd.spec b/systemd.spec index e8c1f27..97b2c13 100644 --- a/systemd.spec +++ b/systemd.spec @@ -1621,6 +1621,7 @@ fi - test-catalog: Fix coredump when compiled under GCC10 - add Iluvatar CoreX pci id (Liwei Ge) - seccomp: add loongarch64 support (Liwei Ge) +- seccomp: remove loongarch64 switch(Liwei Ge) * Thu Jul 20 2023 systemd maintenance team - 239-74.3 - login: add a missing error check for session_set_leader() (#2223602) -- Gitee From 935ececeea1dede75332e5bddff967efd8db2e42 Mon Sep 17 00:00:00 2001 From: yuanhui Date: Mon, 6 Mar 2023 17:48:29 +0800 Subject: [PATCH 7/8] umount: check LO_FLAGS_AUTOCLEAR after LOOP_CLR_FD claimed success Signed-off-by: yuanhui --- ...FLAGS_AUTOCLEAR-after-LOOP_CLR_FD-cl.patch | 66 +++++++++++++++++++ systemd.spec | 2 + 2 files changed, 68 insertions(+) create mode 100644 0914-umount-check-LO_FLAGS_AUTOCLEAR-after-LOOP_CLR_FD-cl.patch diff --git a/0914-umount-check-LO_FLAGS_AUTOCLEAR-after-LOOP_CLR_FD-cl.patch b/0914-umount-check-LO_FLAGS_AUTOCLEAR-after-LOOP_CLR_FD-cl.patch new file mode 100644 index 0000000..c24ff51 --- /dev/null +++ b/0914-umount-check-LO_FLAGS_AUTOCLEAR-after-LOOP_CLR_FD-cl.patch @@ -0,0 +1,66 @@ +From b877c3b06f15a025748b9f09621ddf1bd00cacce Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 20 Dec 2019 17:58:03 +0100 +Subject: [PATCH] umount: check LO_FLAGS_AUTOCLEAR after LOOP_CLR_FD claimed + success + +Fixes: #14410 +Replaces: #14386 + +--- + systemd-239/src/core/umount.c | 29 ++++++++++++++++++++++------- + 1 file changed, 22 insertions(+), 7 deletions(-) + +diff --git a/src/core/umount.c b/src/core/umount.c +index 241fe6f..4400b3c 100644 +--- a/src/core/umount.c ++++ b/src/core/umount.c +@@ -334,23 +334,38 @@ static int dm_list_get(MountPoint **head) { + + static int delete_loopback(const char *device) { + _cleanup_close_ int fd = -1; +- int r; ++ struct loop_info64 info; + + assert(device); + + fd = open(device, O_RDONLY|O_CLOEXEC); + if (fd < 0) + return errno == ENOENT ? 0 : -errno; ++ ++ if (ioctl(fd, LOOP_CLR_FD, 0) < 0) { ++ if (errno == ENXIO) /* Nothing bound, didn't do anything */ ++ return 0; ++ ++ return -errno; ++ } + +- r = ioctl(fd, LOOP_CLR_FD, 0); +- if (r >= 0) ++ if (ioctl(fd, LOOP_GET_STATUS64, &info) < 0) { ++ /* If the LOOP_CLR_FD above succeeded we'll see ENXIO here. */ ++ if (errno == ENXIO) ++ log_debug("Successfully detached loopback device %s.", device); ++ else ++ log_debug_errno(errno, "Failed to invoke LOOP_GET_STATUS64 on loopback device %s, ignoring: %m", device); /* the LOOP_CLR_FD at least worked, let's hope for the best */ + return 1; ++ } + +- /* ENXIO: not bound, so no error */ +- if (errno == ENXIO) +- return 0; ++ /* Linux makes LOOP_CLR_FD succeed whenever LO_FLAGS_AUTOCLEAR is set without actually doing ++ * anything. Very confusing. Let's hence not claim we did anything in this case. */ ++ if (FLAGS_SET(info.lo_flags, LO_FLAGS_AUTOCLEAR)) ++ log_debug("Successfully called LOOP_CLR_FD on a loopback device %s with autoclear set, which is a NOP.", device); ++ else ++ log_debug("Weird, LOOP_CLR_FD succeeded but the device is still attached on %s.", device); + +- return -errno; ++ return -EBUSY; /* Nothing changed, the device is still attached, hence it apparently is still busy */; + } + + static int delete_dm(dev_t devnum) { +-- +2.31.1 + diff --git a/systemd.spec b/systemd.spec index 97b2c13..aaad51e 100644 --- a/systemd.spec +++ b/systemd.spec @@ -964,6 +964,7 @@ Patch0910: 0910-ci-workflow-for-gathering-metadata-for-source-git-au.patch Patch0911: 0911-ci-first-part-of-the-source-git-automation-commit-li.patch Patch0912: 0912-login-add-a-missing-error-check-for-session_set_lead.patch Patch0913: 0913-logind-reset-session-leader-if-we-know-for-a-fact-th.patch +Patch0914: 0914-umount-check-LO_FLAGS_AUTOCLEAR-after-LOOP_CLR_FD-cl.patch Patch10000: 10000-core-fix-a-null-reference-case-in-load_from_path.patch Patch10001: 10001-sysctl-Don-t-pass-null-directive-argument-to-s.patch Patch10002: 10002-exit-status-introduce-EXIT_EXCEPTION-mapping-to-255.patch @@ -1622,6 +1623,7 @@ fi - add Iluvatar CoreX pci id (Liwei Ge) - seccomp: add loongarch64 support (Liwei Ge) - seccomp: remove loongarch64 switch(Liwei Ge) +- umount: check LO_FLAGS_AUTOCLEAR after LOOP_CLR_FD claimed success(yuanhui) * Thu Jul 20 2023 systemd maintenance team - 239-74.3 - login: add a missing error check for session_set_leader() (#2223602) -- Gitee From 7ab75c47eadccae8803a56ec966f1eb12dea0da2 Mon Sep 17 00:00:00 2001 From: Guorui Yu Date: Wed, 2 Aug 2023 22:44:03 +0800 Subject: [PATCH 8/8] cryptsetup: if keyfile is specified as AF_UNIX socket in the fs, connect to it, and read key data from it Signed-off-by: Guorui Yu --- ...ding-a-full-file-into-memory-refuse-.patch | 120 ++++++++ ...explicit_bzero_safe-for-explicit-mem.patch | 61 ++++ ...util-introduce-erase_and_free-helper.patch | 48 ++++ ...READ_FULL_FILE_SECURE-flag-for-readi.patch | 207 +++++++++++++ ...roduce-warn_file_is_world_accessible.patch | 67 +++++ ...l_file_full-also-warns-when-file-is-.patch | 64 +++++ ...x-memory-leak-if-READ_FULL_FILE_SECU.patch | 30 ++ ...icit-flag-for-generating-world-execu.patch | 44 +++ ..._fd-parameter-to-read_full_file_full.patch | 142 +++++++++ ...ort-for-read_full_file-on-AF_UNIX-st.patch | 271 ++++++++++++++++++ ...READ_FULL_FILE_CONNECT_SOCKET-to-all.patch | 181 ++++++++++++ ...ad_full_file_full-to-read-from-offse.patch | 246 ++++++++++++++++ ...-cryptsetup-s-main-key-file-logic-ov.patch | 95 ++++++ systemd.spec | 26 ++ 14 files changed, 1602 insertions(+) create mode 100644 10013-fileio-when-reading-a-full-file-into-memory-refuse-.patch create mode 100644 10014-util-introduce-explicit_bzero_safe-for-explicit-mem.patch create mode 100644 10015-util-introduce-erase_and_free-helper.patch create mode 100644 10016-util-introduce-READ_FULL_FILE_SECURE-flag-for-readi.patch create mode 100644 10017-fileio-introduce-warn_file_is_world_accessible.patch create mode 100644 10018-fileio-read_full_file_full-also-warns-when-file-is-.patch create mode 100644 10019-basic-fileio-Fix-memory-leak-if-READ_FULL_FILE_SECU.patch create mode 100644 10020-fileio-add-explicit-flag-for-generating-world-execu.patch create mode 100644 10021-fileio-add-dir_fd-parameter-to-read_full_file_full.patch create mode 100644 10022-fileio-add-support-for-read_full_file-on-AF_UNIX-st.patch create mode 100644 10023-fileio-beef-up-READ_FULL_FILE_CONNECT_SOCKET-to-all.patch create mode 100644 10024-fileio-teach-read_full_file_full-to-read-from-offse.patch create mode 100644 10025-cryptsetup-port-cryptsetup-s-main-key-file-logic-ov.patch diff --git a/10013-fileio-when-reading-a-full-file-into-memory-refuse-.patch b/10013-fileio-when-reading-a-full-file-into-memory-refuse-.patch new file mode 100644 index 0000000..f2eeed5 --- /dev/null +++ b/10013-fileio-when-reading-a-full-file-into-memory-refuse-.patch @@ -0,0 +1,120 @@ +From 9f181efdd59bd3e9134cf94007953562ca8b57fa Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Sat, 15 Dec 2018 12:25:32 +0100 +Subject: [PATCH] fileio: when reading a full file into memory, refuse inner + NUL bytes + +Just some extra care to avoid any ambiguities in what we read. + +(cherry picked from commit beb90929913354eec50c3524086fe70d14f97e2f) + +Signed-off-by: Guorui Yu +--- + src/basic/fileio.c | 25 +++++++++++++++++++------ + src/test/test-unit-file.c | 10 +++++----- + 2 files changed, 24 insertions(+), 11 deletions(-) + +diff --git a/src/basic/fileio.c b/src/basic/fileio.c +index 733fb42463..9fef97ff0c 100644 +--- a/src/basic/fileio.c ++++ b/src/basic/fileio.c +@@ -383,16 +383,20 @@ int read_full_virtual_file(const char *filename, char **ret_contents, size_t *re + return 0; + } + +-int read_full_stream(FILE *f, char **contents, size_t *size) { ++int read_full_stream( ++ FILE *f, ++ char **ret_contents, ++ size_t *ret_size) { ++ + _cleanup_free_ char *buf = NULL; + struct stat st; + size_t n, l; + int fd; + + assert(f); +- assert(contents); ++ assert(ret_contents); + +- n = LINE_MAX; ++ n = LINE_MAX; /* Start size */ + + fd = fileno(f); + if (fd >= 0) { /* If the FILE* object is backed by an fd (as opposed to memory or such, see fmemopen(), let's +@@ -448,11 +452,20 @@ int read_full_stream(FILE *f, char **contents, size_t *size) { + n = MIN(n * 2, READ_FULL_BYTES_MAX); + } + ++ if (!ret_size) { ++ /* Safety check: if the caller doesn't want to know the size of what we just read it will rely on the ++ * trailing NUL byte. But if there's an embedded NUL byte, then we should refuse operation as otherwise ++ * there'd be ambiguity about what we just read. */ ++ ++ if (memchr(buf, 0, l)) ++ return -EBADMSG; ++ } ++ + buf[l] = 0; +- *contents = TAKE_PTR(buf); ++ *ret_contents = TAKE_PTR(buf); + +- if (size) +- *size = l; ++ if (ret_size) ++ *ret_size = l; + + return 0; + } +diff --git a/src/test/test-unit-file.c b/src/test/test-unit-file.c +index 09b0179fa1..e64a27dd39 100644 +--- a/src/test/test-unit-file.c ++++ b/src/test/test-unit-file.c +@@ -532,7 +532,7 @@ static void test_load_env_file_1(void) { + + fd = mkostemp_safe(name); + assert_se(fd >= 0); +- assert_se(write(fd, env_file_1, sizeof(env_file_1)) == sizeof(env_file_1)); ++ assert_se(write(fd, env_file_1, strlen(env_file_1)) == strlen(env_file_1)); + + r = load_env_file(NULL, name, NULL, &data); + assert_se(r == 0); +@@ -554,7 +554,7 @@ static void test_load_env_file_2(void) { + + fd = mkostemp_safe(name); + assert_se(fd >= 0); +- assert_se(write(fd, env_file_2, sizeof(env_file_2)) == sizeof(env_file_2)); ++ assert_se(write(fd, env_file_2, strlen(env_file_2)) == strlen(env_file_2)); + + r = load_env_file(NULL, name, NULL, &data); + assert_se(r == 0); +@@ -571,7 +571,7 @@ static void test_load_env_file_3(void) { + + fd = mkostemp_safe(name); + assert_se(fd >= 0); +- assert_se(write(fd, env_file_3, sizeof(env_file_3)) == sizeof(env_file_3)); ++ assert_se(write(fd, env_file_3, strlen(env_file_3)) == strlen(env_file_3)); + + r = load_env_file(NULL, name, NULL, &data); + assert_se(r == 0); +@@ -586,7 +586,7 @@ static void test_load_env_file_4(void) { + + fd = mkostemp_safe(name); + assert_se(fd >= 0); +- assert_se(write(fd, env_file_4, sizeof(env_file_4)) == sizeof(env_file_4)); ++ assert_se(write(fd, env_file_4, strlen(env_file_4)) == strlen(env_file_4)); + + r = load_env_file(NULL, name, NULL, &data); + assert_se(r == 0); +@@ -605,7 +605,7 @@ static void test_load_env_file_5(void) { + + fd = mkostemp_safe(name); + assert_se(fd >= 0); +- assert_se(write(fd, env_file_5, sizeof(env_file_5)) == sizeof(env_file_5)); ++ assert_se(write(fd, env_file_5, strlen(env_file_5)) == strlen(env_file_5)); + + r = load_env_file(NULL, name, NULL, &data); + assert_se(r == 0); +-- +2.39.1 + diff --git a/10014-util-introduce-explicit_bzero_safe-for-explicit-mem.patch b/10014-util-introduce-explicit_bzero_safe-for-explicit-mem.patch new file mode 100644 index 0000000..c0ec4be --- /dev/null +++ b/10014-util-introduce-explicit_bzero_safe-for-explicit-mem.patch @@ -0,0 +1,61 @@ +From 17037ec625fca9e9a473a33954d011065f0088e3 Mon Sep 17 00:00:00 2001 +From: Guorui Yu +Date: Fri, 23 Jun 2023 13:01:24 +0800 +Subject: [PATCH] util: introduce explicit_bzero_safe for explicit memset + +(cherry picked from commit f441ae81ef70e9bdfddbb9e0a276bbb8ca2151d4) + +Signed-off-by: Guorui Yu +--- + src/basic/util.c | 18 ++++++++++++++++++ + src/basic/util.h | 11 +++++++++++ + 2 files changed, 29 insertions(+) + +diff --git a/src/basic/util.c b/src/basic/util.c +index 548e3652cc..bdfaca4aed 100644 +--- a/src/basic/util.c ++++ b/src/basic/util.c +@@ -684,3 +684,21 @@ void disable_coredumps(void) { + if (r < 0) + log_debug_errno(r, "Failed to turn off coredumps, ignoring: %m"); + } ++ ++#if !HAVE_EXPLICIT_BZERO ++/* ++ * The pointer to memset() is volatile so that compiler must de-reference the pointer and can't assume that ++ * it points to any function in particular (such as memset(), which it then might further "optimize"). This ++ * approach is inspired by openssl's crypto/mem_clr.c. ++ */ ++typedef void *(*memset_t)(void *,int,size_t); ++ ++static volatile memset_t memset_func = memset; ++ ++void* explicit_bzero_safe(void *p, size_t l) { ++ if (l > 0) ++ memset_func(p, '\0', l); ++ ++ return p; ++} ++#endif +diff --git a/src/basic/util.h b/src/basic/util.h +index 195f02cf5f..ab3314f82e 100644 +--- a/src/basic/util.h ++++ b/src/basic/util.h +@@ -240,3 +240,14 @@ int version(void); + int str_verscmp(const char *s1, const char *s2); + + void disable_coredumps(void); ++ ++#if HAVE_EXPLICIT_BZERO ++static inline void* explicit_bzero_safe(void *p, size_t l) { ++ if (l > 0) ++ explicit_bzero(p, l); ++ ++ return p; ++} ++#else ++void *explicit_bzero_safe(void *p, size_t l); ++#endif +-- +2.39.1 + diff --git a/10015-util-introduce-erase_and_free-helper.patch b/10015-util-introduce-erase_and_free-helper.patch new file mode 100644 index 0000000..43c42fc --- /dev/null +++ b/10015-util-introduce-erase_and_free-helper.patch @@ -0,0 +1,48 @@ +From 7c48fe64e3f1cdc61d9191d5e004d56d5244aa2c Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Thu, 8 Aug 2019 19:53:17 +0200 +Subject: [PATCH] util: introduce erase_and_free() helper + +(cherry picked from commit a20dda788d5a0f3b300e0d8bb34e45be335e2915) + +Signed-off-by: Guorui Yu +--- + src/basic/util.h | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/src/basic/util.h b/src/basic/util.h +index ab3314f82e..4f4877b6b0 100644 +--- a/src/basic/util.h ++++ b/src/basic/util.h +@@ -5,6 +5,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -251,3 +252,20 @@ static inline void* explicit_bzero_safe(void *p, size_t l) { + #else + void *explicit_bzero_safe(void *p, size_t l); + #endif ++ ++static inline void* erase_and_free(void *p) { ++ size_t l; ++ ++ if (!p) ++ return NULL; ++ ++ l = malloc_usable_size(p); ++ explicit_bzero_safe(p, l); ++ free(p); ++ ++ return NULL; ++} ++ ++static inline void erase_and_freep(void *p) { ++ erase_and_free(*(void**) p); ++} +-- +2.39.1 + diff --git a/10016-util-introduce-READ_FULL_FILE_SECURE-flag-for-readi.patch b/10016-util-introduce-READ_FULL_FILE_SECURE-flag-for-readi.patch new file mode 100644 index 0000000..a37d579 --- /dev/null +++ b/10016-util-introduce-READ_FULL_FILE_SECURE-flag-for-readi.patch @@ -0,0 +1,207 @@ +From bc781489901fc6447cbd27b8d33f4f4439d6a5db Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 8 Apr 2019 02:22:40 +0900 +Subject: [PATCH] util: introduce READ_FULL_FILE_SECURE flag for reading secure + data + +(cherry picked from commit e0721f97b05c0a5f782233711ea95c1e02ccba44) + +[Guorui Yu: include util.h for explicit_bzero_safe] +Signed-off-by: Guorui Yu +--- + src/basic/fileio.c | 68 ++++++++++++++++++++++++++++++++-------------- + src/basic/fileio.h | 16 +++++++++-- + 2 files changed, 60 insertions(+), 24 deletions(-) + +diff --git a/src/basic/fileio.c b/src/basic/fileio.c +index 9fef97ff0c..cf7c92ebc7 100644 +--- a/src/basic/fileio.c ++++ b/src/basic/fileio.c +@@ -35,6 +35,7 @@ + #include "time-util.h" + #include "umask-util.h" + #include "utf8.h" ++#include "util.h" + + #define READ_FULL_BYTES_MAX (4U*1024U*1024U) + +@@ -383,26 +384,27 @@ int read_full_virtual_file(const char *filename, char **ret_contents, size_t *re + return 0; + } + +-int read_full_stream( ++int read_full_stream_full( + FILE *f, ++ ReadFullFileFlags flags, + char **ret_contents, + size_t *ret_size) { + + _cleanup_free_ char *buf = NULL; + struct stat st; +- size_t n, l; +- int fd; ++ size_t n, n_next, l; ++ int fd, r; + + assert(f); + assert(ret_contents); + +- n = LINE_MAX; /* Start size */ ++ n_next = LINE_MAX; /* Start size */ + + fd = fileno(f); + if (fd >= 0) { /* If the FILE* object is backed by an fd (as opposed to memory or such, see fmemopen(), let's + * optimize our buffering) */ + +- if (fstat(fileno(f), &st) < 0) ++ if (fstat(fd, &st) < 0) + return -errno; + + if (S_ISREG(st.st_mode)) { +@@ -415,27 +417,41 @@ int read_full_stream( + * to read here by one, so that the first read attempt already + * makes us notice the EOF. */ + if (st.st_size > 0) +- n = st.st_size + 1; ++ n_next = st.st_size + 1; + } + } + +- l = 0; ++ n = l = 0; + for (;;) { + char *t; + size_t k; + +- t = realloc(buf, n + 1); +- if (!t) +- return -ENOMEM; ++ if (flags & READ_FULL_FILE_SECURE) { ++ t = malloc(n_next + 1); ++ if (!t) { ++ r = -ENOMEM; ++ goto finalize; ++ } ++ memcpy_safe(t, buf, n); ++ explicit_bzero_safe(buf, n); ++ } else { ++ t = realloc(buf, n_next + 1); ++ if (!t) ++ return -ENOMEM; ++ } + + buf = t; ++ n = n_next; ++ + errno = 0; + k = fread(buf + l, 1, n - l, f); + if (k > 0) + l += k; + +- if (ferror(f)) +- return errno > 0 ? -errno : -EIO; ++ if (ferror(f)) { ++ r = errno > 0 ? -errno : -EIO; ++ goto finalize; ++ } + + if (feof(f)) + break; +@@ -446,10 +462,12 @@ int read_full_stream( + assert(l == n); + + /* Safety check */ +- if (n >= READ_FULL_BYTES_MAX) +- return -E2BIG; ++ if (n >= READ_FULL_BYTES_MAX) { ++ r = -E2BIG; ++ goto finalize; ++ } + +- n = MIN(n * 2, READ_FULL_BYTES_MAX); ++ n_next = MIN(n * 2, READ_FULL_BYTES_MAX); + } + + if (!ret_size) { +@@ -457,8 +475,10 @@ int read_full_stream( + * trailing NUL byte. But if there's an embedded NUL byte, then we should refuse operation as otherwise + * there'd be ambiguity about what we just read. */ + +- if (memchr(buf, 0, l)) +- return -EBADMSG; ++ if (memchr(buf, 0, l)) { ++ r = -EBADMSG; ++ goto finalize; ++ } + } + + buf[l] = 0; +@@ -468,21 +488,27 @@ int read_full_stream( + *ret_size = l; + + return 0; ++ ++finalize: ++ if (flags & READ_FULL_FILE_SECURE) ++ explicit_bzero_safe(buf, n); ++ ++ return r; + } + +-int read_full_file(const char *fn, char **contents, size_t *size) { ++int read_full_file_full(const char *filename, ReadFullFileFlags flags, char **contents, size_t *size) { + _cleanup_fclose_ FILE *f = NULL; + +- assert(fn); ++ assert(filename); + assert(contents); + +- f = fopen(fn, "re"); ++ f = fopen(filename, "re"); + if (!f) + return -errno; + + (void) __fsetlocking(f, FSETLOCKING_BYCALLER); + +- return read_full_stream(f, contents, size); ++ return read_full_stream_full(f, flags, contents, size); + } + + static int parse_env_file_internal( +diff --git a/src/basic/fileio.h b/src/basic/fileio.h +index c6ad375b8d..06649ef7e6 100644 +--- a/src/basic/fileio.h ++++ b/src/basic/fileio.h +@@ -24,6 +24,10 @@ typedef enum { + + } WriteStringFileFlags; + ++typedef enum { ++ READ_FULL_FILE_SECURE = 1 << 0, ++} ReadFullFileFlags; ++ + int write_string_stream_ts(FILE *f, const char *line, WriteStringFileFlags flags, struct timespec *ts); + static inline int write_string_stream(FILE *f, const char *line, WriteStringFileFlags flags) { + return write_string_stream_ts(f, line, flags, NULL); +@@ -35,9 +39,15 @@ static inline int write_string_file(const char *fn, const char *line, WriteStrin + + int write_string_filef(const char *fn, WriteStringFileFlags flags, const char *format, ...) _printf_(3, 4); + +-int read_one_line_file(const char *fn, char **line); +-int read_full_file(const char *fn, char **contents, size_t *size); +-int read_full_stream(FILE *f, char **contents, size_t *size); ++int read_one_line_file(const char *filename, char **line); ++int read_full_file_full(const char *filename, ReadFullFileFlags flags, char **contents, size_t *size); ++static inline int read_full_file(const char *filename, char **contents, size_t *size) { ++ return read_full_file_full(filename, 0, contents, size); ++} ++int read_full_stream_full(FILE *f, ReadFullFileFlags flags, char **contents, size_t *size); ++static inline int read_full_stream(FILE *f, char **contents, size_t *size) { ++ return read_full_stream_full(f, 0, contents, size); ++} + int read_full_virtual_file(const char *filename, char **ret_contents, size_t *ret_size); + + int verify_file(const char *fn, const char *blob, bool accept_extra_nl); +-- +2.39.1 + diff --git a/10017-fileio-introduce-warn_file_is_world_accessible.patch b/10017-fileio-introduce-warn_file_is_world_accessible.patch new file mode 100644 index 0000000..02f9518 --- /dev/null +++ b/10017-fileio-introduce-warn_file_is_world_accessible.patch @@ -0,0 +1,67 @@ +From e4c4f0bc712e43776c4f58712f47260711607098 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 8 Apr 2019 03:48:30 +0900 +Subject: [PATCH] fileio: introduce warn_file_is_world_accessible() + +(cherry picked from commit fc0895034d4811e8c6b263c0d902b31535613d76) + +Signed-off-by: Guorui Yu +--- + src/basic/fileio.c | 25 +++++++++++++++++++++++++ + src/basic/fileio.h | 3 +++ + 2 files changed, 28 insertions(+) + +diff --git a/src/basic/fileio.c b/src/basic/fileio.c +index cf7c92ebc7..2e74aac554 100644 +--- a/src/basic/fileio.c ++++ b/src/basic/fileio.c +@@ -1797,3 +1797,28 @@ int read_line(FILE *f, size_t limit, char **ret) { + + return (int) count; + } ++ ++int warn_file_is_world_accessible(const char *filename, struct stat *st, const char *unit, unsigned line) { ++ struct stat _st; ++ ++ if (!filename) ++ return 0; ++ ++ if (!st) { ++ if (stat(filename, &_st) < 0) ++ return -errno; ++ st = &_st; ++ } ++ ++ if ((st->st_mode & S_IRWXO) == 0) ++ return 0; ++ ++ if (unit) ++ log_syntax(unit, LOG_WARNING, filename, line, 0, ++ "%s has %04o mode that is too permissive, please adjust the access mode.", ++ filename, st->st_mode & 07777); ++ else ++ log_warning("%s has %04o mode that is too permissive, please adjust the access mode.", ++ filename, st->st_mode & 07777); ++ return 0; ++} +diff --git a/src/basic/fileio.h b/src/basic/fileio.h +index 06649ef7e6..2c9ce4355b 100644 +--- a/src/basic/fileio.h ++++ b/src/basic/fileio.h +@@ -5,6 +5,7 @@ + #include + #include + #include ++#include + #include + + #include "macro.h" +@@ -105,3 +106,5 @@ int read_nul_string(FILE *f, char **ret); + int mkdtemp_malloc(const char *template, char **ret); + + int read_line(FILE *f, size_t limit, char **ret); ++ ++int warn_file_is_world_accessible(const char *filename, struct stat *st, const char *unit, unsigned line); +-- +2.39.1 + diff --git a/10018-fileio-read_full_file_full-also-warns-when-file-is-.patch b/10018-fileio-read_full_file_full-also-warns-when-file-is-.patch new file mode 100644 index 0000000..af813a5 --- /dev/null +++ b/10018-fileio-read_full_file_full-also-warns-when-file-is-.patch @@ -0,0 +1,64 @@ +From 0dbf69ccdfa7b1f99935c3932445fbfa16dbbe75 Mon Sep 17 00:00:00 2001 +From: Yu Watanabe +Date: Mon, 8 Apr 2019 14:15:10 +0900 +Subject: [PATCH] fileio: read_full_file_full() also warns when file is world + readable and secure flag is set + +(cherry picked from commit 65dcd394d8223bc6bc194f3fe5bd70fed9d9a4fe) + +Signed-off-by: Guorui Yu +--- + src/basic/fileio.c | 6 +++++- + src/basic/fileio.h | 4 ++-- + 2 files changed, 7 insertions(+), 3 deletions(-) + +diff --git a/src/basic/fileio.c b/src/basic/fileio.c +index 2e74aac554..3abeb0d7f4 100644 +--- a/src/basic/fileio.c ++++ b/src/basic/fileio.c +@@ -386,6 +386,7 @@ int read_full_virtual_file(const char *filename, char **ret_contents, size_t *re + + int read_full_stream_full( + FILE *f, ++ const char *filename, + ReadFullFileFlags flags, + char **ret_contents, + size_t *ret_size) { +@@ -418,6 +419,9 @@ int read_full_stream_full( + * makes us notice the EOF. */ + if (st.st_size > 0) + n_next = st.st_size + 1; ++ ++ if (flags & READ_FULL_FILE_SECURE) ++ (void) warn_file_is_world_accessible(filename, &st, NULL, 0); + } + } + +@@ -508,7 +512,7 @@ int read_full_file_full(const char *filename, ReadFullFileFlags flags, char **co + + (void) __fsetlocking(f, FSETLOCKING_BYCALLER); + +- return read_full_stream_full(f, flags, contents, size); ++ return read_full_stream_full(f, filename, flags, contents, size); + } + + static int parse_env_file_internal( +diff --git a/src/basic/fileio.h b/src/basic/fileio.h +index 2c9ce4355b..3e572dc0de 100644 +--- a/src/basic/fileio.h ++++ b/src/basic/fileio.h +@@ -45,9 +45,9 @@ int read_full_file_full(const char *filename, ReadFullFileFlags flags, char **co + static inline int read_full_file(const char *filename, char **contents, size_t *size) { + return read_full_file_full(filename, 0, contents, size); + } +-int read_full_stream_full(FILE *f, ReadFullFileFlags flags, char **contents, size_t *size); ++int read_full_stream_full(FILE *f, const char *filename, ReadFullFileFlags flags, char **contents, size_t *size); + static inline int read_full_stream(FILE *f, char **contents, size_t *size) { +- return read_full_stream_full(f, 0, contents, size); ++ return read_full_stream_full(f, NULL, 0, contents, size); + } + int read_full_virtual_file(const char *filename, char **ret_contents, size_t *ret_size); + +-- +2.39.1 + diff --git a/10019-basic-fileio-Fix-memory-leak-if-READ_FULL_FILE_SECU.patch b/10019-basic-fileio-Fix-memory-leak-if-READ_FULL_FILE_SECU.patch new file mode 100644 index 0000000..e434089 --- /dev/null +++ b/10019-basic-fileio-Fix-memory-leak-if-READ_FULL_FILE_SECU.patch @@ -0,0 +1,30 @@ +From 14e0760c251fd5fc51731f7b58079c73f5055d64 Mon Sep 17 00:00:00 2001 +From: Benjamin Robin +Date: Sun, 14 Apr 2019 17:21:27 +0200 +Subject: [PATCH] basic/fileio: Fix memory leak if READ_FULL_FILE_SECURE flag + is used + +The memory leak introduced in #12223 (15f8f02) + +(cherry picked from commit 315a51982af2d480de9f7539346f30425e37a01e) + +Signed-off-by: Guorui Yu +--- + src/basic/fileio.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/basic/fileio.c b/src/basic/fileio.c +index 3abeb0d7f4..bb804e3afa 100644 +--- a/src/basic/fileio.c ++++ b/src/basic/fileio.c +@@ -438,6 +438,7 @@ int read_full_stream_full( + } + memcpy_safe(t, buf, n); + explicit_bzero_safe(buf, n); ++ buf = mfree(buf); + } else { + t = realloc(buf, n_next + 1); + if (!t) +-- +2.39.1 + diff --git a/10020-fileio-add-explicit-flag-for-generating-world-execu.patch b/10020-fileio-add-explicit-flag-for-generating-world-execu.patch new file mode 100644 index 0000000..1a93b5a --- /dev/null +++ b/10020-fileio-add-explicit-flag-for-generating-world-execu.patch @@ -0,0 +1,44 @@ +From 1e0dcd6fa1abea9c561f46556f7f7561b2a46e62 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 17 Jul 2020 11:53:22 +0200 +Subject: [PATCH] fileio: add explicit flag for generating world executable + warning when reading file + +(cherry picked from commit 684aa979f1c4ce5f75ccdc131f32fc0434999918) + +Signed-off-by: Guorui Yu +--- + src/basic/fileio.c | 2 +- + src/basic/fileio.h | 3 ++- + 2 files changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/basic/fileio.c b/src/basic/fileio.c +index bb804e3afa..833c55b030 100644 +--- a/src/basic/fileio.c ++++ b/src/basic/fileio.c +@@ -420,7 +420,7 @@ int read_full_stream_full( + if (st.st_size > 0) + n_next = st.st_size + 1; + +- if (flags & READ_FULL_FILE_SECURE) ++ if (flags & READ_FULL_FILE_WARN_WORLD_READABLE) + (void) warn_file_is_world_accessible(filename, &st, NULL, 0); + } + } +diff --git a/src/basic/fileio.h b/src/basic/fileio.h +index 3e572dc0de..be10ac77b6 100644 +--- a/src/basic/fileio.h ++++ b/src/basic/fileio.h +@@ -26,7 +26,8 @@ typedef enum { + } WriteStringFileFlags; + + typedef enum { +- READ_FULL_FILE_SECURE = 1 << 0, ++ READ_FULL_FILE_SECURE = 1 << 0, ++ READ_FULL_FILE_WARN_WORLD_READABLE = 1 << 3, + } ReadFullFileFlags; + + int write_string_stream_ts(FILE *f, const char *line, WriteStringFileFlags flags, struct timespec *ts); +-- +2.39.1 + diff --git a/10021-fileio-add-dir_fd-parameter-to-read_full_file_full.patch b/10021-fileio-add-dir_fd-parameter-to-read_full_file_full.patch new file mode 100644 index 0000000..f6dc153 --- /dev/null +++ b/10021-fileio-add-dir_fd-parameter-to-read_full_file_full.patch @@ -0,0 +1,142 @@ +From 3f4ca11498028756ebde239ae469c0f88e5d3ecc Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 8 Jan 2019 18:29:36 +0100 +Subject: [PATCH] fileio: add 'dir_fd' parameter to read_full_file_full() + +Let's introduce an "at" version of read_full_file(). + +(cherry picked from commit f6be4db4530b7cfea191227c141343a4fb10d4c6) + +Signed-off-by: Guorui Yu +--- + src/basic/fileio.c | 84 +++++++++++++++++++++++++++++++++++++++++++--- + src/basic/fileio.h | 5 +-- + 2 files changed, 83 insertions(+), 6 deletions(-) + +diff --git a/src/basic/fileio.c b/src/basic/fileio.c +index 833c55b030..d7da834a74 100644 +--- a/src/basic/fileio.c ++++ b/src/basic/fileio.c +@@ -501,15 +501,91 @@ finalize: + return r; + } + +-int read_full_file_full(const char *filename, ReadFullFileFlags flags, char **contents, size_t *size) { ++static int mode_to_flags(const char *mode) { ++ const char *p; ++ int flags; ++ ++ if ((p = startswith(mode, "r+"))) ++ flags = O_RDWR; ++ else if ((p = startswith(mode, "r"))) ++ flags = O_RDONLY; ++ else if ((p = startswith(mode, "w+"))) ++ flags = O_RDWR|O_CREAT|O_TRUNC; ++ else if ((p = startswith(mode, "w"))) ++ flags = O_WRONLY|O_CREAT|O_TRUNC; ++ else if ((p = startswith(mode, "a+"))) ++ flags = O_RDWR|O_CREAT|O_APPEND; ++ else if ((p = startswith(mode, "a"))) ++ flags = O_WRONLY|O_CREAT|O_APPEND; ++ else ++ return -EINVAL; ++ ++ for (; *p != 0; p++) { ++ ++ switch (*p) { ++ ++ case 'e': ++ flags |= O_CLOEXEC; ++ break; ++ ++ case 'x': ++ flags |= O_EXCL; ++ break; ++ ++ case 'm': ++ /* ignore this here, fdopen() might care later though */ ++ break; ++ ++ case 'c': /* not sure what to do about this one */ ++ default: ++ return -EINVAL; ++ } ++ } ++ ++ return flags; ++} ++ ++static int xfopenat(int dir_fd, const char *path, const char *mode, int flags, FILE **ret) { ++ FILE *f; ++ ++ /* A combination of fopen() with openat() */ ++ ++ if (dir_fd == AT_FDCWD && flags == 0) { ++ f = fopen(path, mode); ++ if (!f) ++ return -errno; ++ } else { ++ int fd, mode_flags; ++ ++ mode_flags = mode_to_flags(mode); ++ if (mode_flags < 0) ++ return mode_flags; ++ ++ fd = openat(dir_fd, path, mode_flags | flags); ++ if (fd < 0) ++ return -errno; ++ ++ f = fdopen(fd, mode); ++ if (!f) { ++ safe_close(fd); ++ return -errno; ++ } ++ } ++ ++ *ret = f; ++ return 0; ++} ++ ++int read_full_file_full(int dir_fd, const char *filename, ReadFullFileFlags flags, char **contents, size_t *size) { + _cleanup_fclose_ FILE *f = NULL; ++ int r; + + assert(filename); + assert(contents); + +- f = fopen(filename, "re"); +- if (!f) +- return -errno; ++ r = xfopenat(dir_fd, filename, "re", 0, &f); ++ if (r < 0) ++ return r; + + (void) __fsetlocking(f, FSETLOCKING_BYCALLER); + +diff --git a/src/basic/fileio.h b/src/basic/fileio.h +index be10ac77b6..916ddc5e47 100644 +--- a/src/basic/fileio.h ++++ b/src/basic/fileio.h +@@ -6,6 +6,7 @@ + #include + #include + #include ++#include + #include + + #include "macro.h" +@@ -42,9 +43,9 @@ static inline int write_string_file(const char *fn, const char *line, WriteStrin + int write_string_filef(const char *fn, WriteStringFileFlags flags, const char *format, ...) _printf_(3, 4); + + int read_one_line_file(const char *filename, char **line); +-int read_full_file_full(const char *filename, ReadFullFileFlags flags, char **contents, size_t *size); ++int read_full_file_full(int dir_fd, const char *filename, ReadFullFileFlags flags, char **contents, size_t *size); + static inline int read_full_file(const char *filename, char **contents, size_t *size) { +- return read_full_file_full(filename, 0, contents, size); ++ return read_full_file_full(AT_FDCWD, filename, 0, contents, size); + } + int read_full_stream_full(FILE *f, const char *filename, ReadFullFileFlags flags, char **contents, size_t *size); + static inline int read_full_stream(FILE *f, char **contents, size_t *size) { +-- +2.39.1 + diff --git a/10022-fileio-add-support-for-read_full_file-on-AF_UNIX-st.patch b/10022-fileio-add-support-for-read_full_file-on-AF_UNIX-st.patch new file mode 100644 index 0000000..bb392bc --- /dev/null +++ b/10022-fileio-add-support-for-read_full_file-on-AF_UNIX-st.patch @@ -0,0 +1,271 @@ +From 054669a4cc4897792b6c209fd55ab1fc1d7b9bd5 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Fri, 17 Jul 2020 12:26:01 +0200 +Subject: [PATCH] fileio: add support for read_full_file() on AF_UNIX stream + sockets + +Optionally, teach read_full_file() the ability to connect to an AF_UNIX +socket if the specified path points to one. + +(cherry picked from commit 412b888ec803cdf96fb1d005bb245d20abdb8f2e) + +[Guorui Yu: Adds sockaddr_un_set_path function to socket-util.{c,h}] +Signed-off-by: Guorui Yu +--- + src/basic/fileio.c | 62 +++++++++++++++++++++++++++++++++++------ + src/basic/fileio.h | 1 + + src/basic/socket-util.c | 42 ++++++++++++++++++++++++++++ + src/basic/socket-util.h | 1 + + src/test/test-fileio.c | 50 +++++++++++++++++++++++++++++++++ + 5 files changed, 147 insertions(+), 9 deletions(-) + +diff --git a/src/basic/fileio.c b/src/basic/fileio.c +index d7da834a74..9cb0a2bd28 100644 +--- a/src/basic/fileio.c ++++ b/src/basic/fileio.c +@@ -27,6 +27,7 @@ + #include "missing.h" + #include "parse-util.h" + #include "path-util.h" ++#include "socket-util.h" + #include "process-util.h" + #include "random-util.h" + #include "stdio-util.h" +@@ -450,21 +451,18 @@ int read_full_stream_full( + + errno = 0; + k = fread(buf + l, 1, n - l, f); +- if (k > 0) +- l += k; ++ ++ assert(k <= n - l); ++ l += k; + + if (ferror(f)) { + r = errno > 0 ? -errno : -EIO; + goto finalize; + } +- + if (feof(f)) + break; + +- /* We aren't expecting fread() to return a short read outside +- * of (error && eof), assert buffer is full and enlarge buffer. +- */ +- assert(l == n); ++ assert(k > 0); /* we can't have read zero bytes because that would have been EOF */ + + /* Safety check */ + if (n >= READ_FULL_BYTES_MAX) { +@@ -584,8 +582,54 @@ int read_full_file_full(int dir_fd, const char *filename, ReadFullFileFlags flag + assert(contents); + + r = xfopenat(dir_fd, filename, "re", 0, &f); +- if (r < 0) +- return r; ++ if (r < 0) { ++ _cleanup_close_ int dfd = -1, sk = -1; ++ union sockaddr_union sa; ++ ++ /* ENXIO is what Linux returns if we open a node that is an AF_UNIX socket */ ++ if (r != -ENXIO) ++ return r; ++ ++ /* If this is enabled, let's try to connect to it */ ++ if (!FLAGS_SET(flags, READ_FULL_FILE_CONNECT_SOCKET)) ++ return -ENXIO; ++ ++ if (dir_fd == AT_FDCWD) ++ r = sockaddr_un_set_path(&sa.un, filename); ++ else { ++ char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)]; ++ ++ /* If we shall operate relative to some directory, then let's use O_PATH first to ++ * open the socket inode, and then connect to it via /proc/self/fd/. We have to do ++ * this since there's not connectat() that takes a directory fd as first arg. */ ++ ++ dfd = openat(dir_fd, filename, O_PATH|O_CLOEXEC); ++ if (dfd < 0) ++ return -errno; ++ ++ xsprintf(procfs_path, "/proc/self/fd/%i", dfd); ++ r = sockaddr_un_set_path(&sa.un, procfs_path); ++ } ++ if (r < 0) ++ return r; ++ ++ sk = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0); ++ if (sk < 0) ++ return -errno; ++ ++ if (connect(sk, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) ++ return errno == ENOTSOCK ? -ENXIO : -errno; /* propagate original error if this is ++ * not a socket after all */ ++ ++ if (shutdown(sk, SHUT_WR) < 0) ++ return -errno; ++ ++ f = fdopen(sk, "r"); ++ if (!f) ++ return -errno; ++ ++ TAKE_FD(sk); ++ } + + (void) __fsetlocking(f, FSETLOCKING_BYCALLER); + +diff --git a/src/basic/fileio.h b/src/basic/fileio.h +index 916ddc5e47..1a16e0fd13 100644 +--- a/src/basic/fileio.h ++++ b/src/basic/fileio.h +@@ -29,6 +29,7 @@ typedef enum { + typedef enum { + READ_FULL_FILE_SECURE = 1 << 0, + READ_FULL_FILE_WARN_WORLD_READABLE = 1 << 3, ++ READ_FULL_FILE_CONNECT_SOCKET = 1 << 4, + } ReadFullFileFlags; + + int write_string_stream_ts(FILE *f, const char *line, WriteStringFileFlags flags, struct timespec *ts); +diff --git a/src/basic/socket-util.c b/src/basic/socket-util.c +index 7f8066123b..427c8b89bb 100644 +--- a/src/basic/socket-util.c ++++ b/src/basic/socket-util.c +@@ -1253,6 +1253,48 @@ int socket_ioctl_fd(void) { + return fd; + } + ++int sockaddr_un_set_path(struct sockaddr_un *ret, const char *path) { ++ size_t l; ++ ++ assert(ret); ++ assert(path); ++ ++ /* Initialize ret->sun_path from the specified argument. This will interpret paths starting with '@' as ++ * abstract namespace sockets, and those starting with '/' as regular filesystem sockets. It won't accept ++ * anything else (i.e. no relative paths), to avoid ambiguities. Note that this function cannot be used to ++ * reference paths in the abstract namespace that include NUL bytes in the name. */ ++ ++ l = strlen(path); ++ if (l < 2) ++ return -EINVAL; ++ if (!IN_SET(path[0], '/', '@')) ++ return -EINVAL; ++ ++ /* Don't allow paths larger than the space in sockaddr_un. Note that we are a tiny bit more restrictive than ++ * the kernel is: we insist on NUL termination (both for abstract namespace and regular file system socket ++ * addresses!), which the kernel doesn't. We do this to reduce chance of incompatibility with other apps that ++ * do not expect non-NUL terminated file system path*/ ++ if (l+1 > sizeof(ret->sun_path)) ++ return -EINVAL; ++ ++ *ret = (struct sockaddr_un) { ++ .sun_family = AF_UNIX, ++ }; ++ ++ if (path[0] == '@') { ++ /* Abstract namespace socket */ ++ memcpy(ret->sun_path + 1, path + 1, l); /* copy *with* trailing NUL byte */ ++ return (int) (offsetof(struct sockaddr_un, sun_path) + l); /* 🔥 *don't* 🔥 include trailing NUL in size */ ++ ++ } else { ++ assert(path[0] == '/'); ++ ++ /* File system socket */ ++ memcpy(ret->sun_path, path, l + 1); /* copy *with* trailing NUL byte */ ++ return (int) (offsetof(struct sockaddr_un, sun_path) + l + 1); /* include trailing NUL in size */ ++ } ++} ++ + int socket_pass_pktinfo(int fd, bool b) { + int af; + socklen_t sl = sizeof(af); +diff --git a/src/basic/socket-util.h b/src/basic/socket-util.h +index 30baba6c03..36edc58caf 100644 +--- a/src/basic/socket-util.h ++++ b/src/basic/socket-util.h +@@ -186,6 +186,7 @@ struct cmsghdr* cmsg_find(struct msghdr *mh, int level, int type, socklen_t leng + }) + + int socket_ioctl_fd(void); ++int sockaddr_un_set_path(struct sockaddr_un *ret, const char *path); + + static inline int setsockopt_int(int fd, int level, int optname, int value) { + if (setsockopt(fd, level, optname, &value, sizeof(value)) < 0) +diff --git a/src/test/test-fileio.c b/src/test/test-fileio.c +index 14ba075144..82b7cb1242 100644 +--- a/src/test/test-fileio.c ++++ b/src/test/test-fileio.c +@@ -14,6 +14,8 @@ + #include "io-util.h" + #include "parse-util.h" + #include "process-util.h" ++#include "rm-rf.h" ++#include "socket-util.h" + #include "string-util.h" + #include "strv.h" + #include "util.h" +@@ -709,6 +711,53 @@ static void test_read_line3(void) { + assert_se(read_line(f, LINE_MAX, NULL) == 0); + } + ++static void test_read_full_file_socket(void) { ++ _cleanup_(rm_rf_physical_and_freep) char *z = NULL; ++ _cleanup_close_ int listener = -1; ++ _cleanup_free_ char *data = NULL; ++ union sockaddr_union sa; ++ const char *j; ++ size_t size; ++ pid_t pid; ++ int r; ++ ++ log_info("/* %s */", __func__); ++ ++ listener = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0); ++ assert_se(listener >= 0); ++ ++ assert_se(mkdtemp_malloc(NULL, &z) >= 0); ++ j = strjoina(z, "/socket"); ++ ++ assert_se(sockaddr_un_set_path(&sa.un, j) >= 0); ++ ++ assert_se(bind(listener, &sa.sa, SOCKADDR_UN_LEN(sa.un)) >= 0); ++ assert_se(listen(listener, 1) >= 0); ++ ++ r = safe_fork("(server)", FORK_DEATHSIG|FORK_LOG, &pid); ++ assert_se(r >= 0); ++ if (r == 0) { ++ _cleanup_close_ int rfd = -1; ++ /* child */ ++ ++ rfd = accept4(listener, NULL, 0, SOCK_CLOEXEC); ++ assert_se(rfd >= 0); ++ ++#define TEST_STR "This is a test\nreally." ++ ++ assert_se(write(rfd, TEST_STR, strlen(TEST_STR)) == strlen(TEST_STR)); ++ _exit(EXIT_SUCCESS); ++ } ++ ++ assert_se(read_full_file_full(AT_FDCWD, j, 0, &data, &size) == -ENXIO); ++ assert_se(read_full_file_full(AT_FDCWD, j, READ_FULL_FILE_CONNECT_SOCKET, &data, &size) >= 0); ++ assert_se(size == strlen(TEST_STR)); ++ assert_se(streq(data, TEST_STR)); ++ ++ assert_se(wait_for_terminate_and_check("(server)", pid, WAIT_LOG) >= 0); ++#undef TEST_STR ++} ++ + int main(int argc, char *argv[]) { + log_set_max_level(LOG_DEBUG); + log_parse_environment(); +@@ -733,6 +782,7 @@ int main(int argc, char *argv[]) { + test_read_line(); + test_read_line2(); + test_read_line3(); ++ test_read_full_file_socket(); + + return 0; + } +-- +2.39.1 + diff --git a/10023-fileio-beef-up-READ_FULL_FILE_CONNECT_SOCKET-to-all.patch b/10023-fileio-beef-up-READ_FULL_FILE_CONNECT_SOCKET-to-all.patch new file mode 100644 index 0000000..2edc538 --- /dev/null +++ b/10023-fileio-beef-up-READ_FULL_FILE_CONNECT_SOCKET-to-all.patch @@ -0,0 +1,181 @@ +From 0717de25e6508b10ea034fa1b96675f18100ac01 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Mon, 2 Nov 2020 12:07:51 +0100 +Subject: [PATCH] fileio: beef up READ_FULL_FILE_CONNECT_SOCKET to allow + setting sender socket name + +This beefs up the READ_FULL_FILE_CONNECT_SOCKET logic of +read_full_file_full() a bit: when used a sender socket name may be +specified. If specified as NULL behaviour is as before: the client +socket name is picked by the kernel. But if specified as non-NULL the +client can pick a socket name to use when connecting. This is useful to +communicate a minimal amount of metainformation from client to server, +outside of the transport payload. + +Specifically, these beefs up the service credential logic to pass an +abstract AF_UNIX socket name as client socket name when connecting via +READ_FULL_FILE_CONNECT_SOCKET, that includes the requesting unit name +and the eventual credential name. This allows servers implementing the +trivial credential socket logic to distinguish clients: via a simple +getpeername() it can be determined which unit is requesting a +credential, and which credential specifically. + +Example: with this patch in place, in a unit file "waldo.service" a +configuration line like the following: + + LoadCredential=foo:/run/quux/creds.sock + +will result in a connection to the AF_UNIX socket /run/quux/creds.sock, +originating from an abstract namespace AF_UNIX socket: + + @$RANDOM/unit/waldo.service/foo + +(The $RANDOM is replaced by some randomized string. This is included in +the socket name order to avoid namespace squatting issues: the abstract +socket namespace is open to unprivileged users after all, and care needs +to be taken not to use guessable names) + +The services listening on the /run/quux/creds.sock socket may thus +easily retrieve the name of the unit the credential is requested for +plus the credential name, via a simpler getpeername(), discarding the +random preifx and the /unit/ string. + +This logic uses "/" as separator between the fields, since both unit +names and credential names appear in the file system, and thus are +designed to use "/" as outer separators. Given that it's a good safe +choice to use as separators here, too avoid any conflicts. + +This is a minimal patch only: the new logic is used only for the unit +file credential logic. For other places where we use +READ_FULL_FILE_CONNECT_SOCKET it is probably a good idea to use this +scheme too, but this should be done carefully in later patches, since +the socket names become API that way, and we should determine the right +amount of info to pass over. + +(cherry picked from commit 142e9756c98c69cdd5d03df4028700acb5739f72) + +Signed-off-by: Guorui Yu +--- + src/basic/fileio.c | 22 +++++++++++++++++++++- + src/basic/fileio.h | 4 ++-- + src/test/test-fileio.c | 19 ++++++++++++++++--- + 3 files changed, 39 insertions(+), 6 deletions(-) + +diff --git a/src/basic/fileio.c b/src/basic/fileio.c +index 9cb0a2bd28..35eaa3c1c7 100644 +--- a/src/basic/fileio.c ++++ b/src/basic/fileio.c +@@ -574,7 +574,13 @@ static int xfopenat(int dir_fd, const char *path, const char *mode, int flags, F + return 0; + } + +-int read_full_file_full(int dir_fd, const char *filename, ReadFullFileFlags flags, char **contents, size_t *size) { ++int read_full_file_full( ++ int dir_fd, ++ const char *filename, ++ ReadFullFileFlags flags, ++ const char *bind_name, ++ char **contents, size_t *size) { ++ + _cleanup_fclose_ FILE *f = NULL; + int r; + +@@ -617,6 +623,20 @@ int read_full_file_full(int dir_fd, const char *filename, ReadFullFileFlags flag + if (sk < 0) + return -errno; + ++ if (bind_name) { ++ /* If the caller specified a socket name to bind to, do so before connecting. This is ++ * useful to communicate some minor, short meta-information token from the client to ++ * the server. */ ++ union sockaddr_union bsa; ++ ++ r = sockaddr_un_set_path(&bsa.un, bind_name); ++ if (r < 0) ++ return r; ++ ++ if (bind(sk, &bsa.sa, r) < 0) ++ return r; ++ } ++ + if (connect(sk, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) + return errno == ENOTSOCK ? -ENXIO : -errno; /* propagate original error if this is + * not a socket after all */ +diff --git a/src/basic/fileio.h b/src/basic/fileio.h +index 1a16e0fd13..82897e209c 100644 +--- a/src/basic/fileio.h ++++ b/src/basic/fileio.h +@@ -44,9 +44,9 @@ static inline int write_string_file(const char *fn, const char *line, WriteStrin + int write_string_filef(const char *fn, WriteStringFileFlags flags, const char *format, ...) _printf_(3, 4); + + int read_one_line_file(const char *filename, char **line); +-int read_full_file_full(int dir_fd, const char *filename, ReadFullFileFlags flags, char **contents, size_t *size); ++int read_full_file_full(int dir_fd, const char *filename, ReadFullFileFlags flags, const char *bind_name, char **contents, size_t *size); + static inline int read_full_file(const char *filename, char **contents, size_t *size) { +- return read_full_file_full(AT_FDCWD, filename, 0, contents, size); ++ return read_full_file_full(AT_FDCWD, filename, 0, NULL, contents, size); + } + int read_full_stream_full(FILE *f, const char *filename, ReadFullFileFlags flags, char **contents, size_t *size); + static inline int read_full_stream(FILE *f, char **contents, size_t *size) { +diff --git a/src/test/test-fileio.c b/src/test/test-fileio.c +index 82b7cb1242..5ec70eec14 100644 +--- a/src/test/test-fileio.c ++++ b/src/test/test-fileio.c +@@ -14,6 +14,7 @@ + #include "io-util.h" + #include "parse-util.h" + #include "process-util.h" ++#include "random-util.h" + #include "rm-rf.h" + #include "socket-util.h" + #include "string-util.h" +@@ -714,7 +715,7 @@ static void test_read_line3(void) { + static void test_read_full_file_socket(void) { + _cleanup_(rm_rf_physical_and_freep) char *z = NULL; + _cleanup_close_ int listener = -1; +- _cleanup_free_ char *data = NULL; ++ _cleanup_free_ char *data = NULL, *clientname = NULL; + union sockaddr_union sa; + const char *j; + size_t size; +@@ -734,23 +735,35 @@ static void test_read_full_file_socket(void) { + assert_se(bind(listener, &sa.sa, SOCKADDR_UN_LEN(sa.un)) >= 0); + assert_se(listen(listener, 1) >= 0); + ++ /* Bind the *client* socket to some randomized name, to verify that this works correctly. */ ++ assert_se(asprintf(&clientname, "@%" PRIx64 "/test-bindname", random_u64()) >= 0); ++ + r = safe_fork("(server)", FORK_DEATHSIG|FORK_LOG, &pid); + assert_se(r >= 0); + if (r == 0) { ++ union sockaddr_union peer = {}; ++ socklen_t peerlen = sizeof(peer); + _cleanup_close_ int rfd = -1; + /* child */ + + rfd = accept4(listener, NULL, 0, SOCK_CLOEXEC); + assert_se(rfd >= 0); + ++ assert_se(getpeername(rfd, &peer.sa, &peerlen) >= 0); ++ ++ assert_se(peer.un.sun_family == AF_UNIX); ++ assert_se(peerlen > offsetof(struct sockaddr_un, sun_path)); ++ assert_se(peer.un.sun_path[0] == 0); ++ assert_se(streq(peer.un.sun_path + 1, clientname + 1)); ++ + #define TEST_STR "This is a test\nreally." + + assert_se(write(rfd, TEST_STR, strlen(TEST_STR)) == strlen(TEST_STR)); + _exit(EXIT_SUCCESS); + } + +- assert_se(read_full_file_full(AT_FDCWD, j, 0, &data, &size) == -ENXIO); +- assert_se(read_full_file_full(AT_FDCWD, j, READ_FULL_FILE_CONNECT_SOCKET, &data, &size) >= 0); ++ assert_se(read_full_file_full(AT_FDCWD, j, 0, NULL, &data, &size) == -ENXIO); ++ assert_se(read_full_file_full(AT_FDCWD, j, READ_FULL_FILE_CONNECT_SOCKET, clientname, &data, &size) >= 0); + assert_se(size == strlen(TEST_STR)); + assert_se(streq(data, TEST_STR)); + +-- +2.39.1 + diff --git a/10024-fileio-teach-read_full_file_full-to-read-from-offse.patch b/10024-fileio-teach-read_full_file_full-to-read-from-offse.patch new file mode 100644 index 0000000..08e8f40 --- /dev/null +++ b/10024-fileio-teach-read_full_file_full-to-read-from-offse.patch @@ -0,0 +1,246 @@ +From 5be0e8a2c3e683c195fd872979d6e5741c80d13f Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 4 Nov 2020 20:25:06 +0100 +Subject: [PATCH] fileio: teach read_full_file_full() to read from offset/with + maximum size + +(cherry picked from commit 7399b3f8083b65db4cb9acb17e4b5c897ba7946d) + +Signed-off-by: Guorui Yu +--- + src/basic/fileio.c | 60 ++++++++++++++++++++++++++++++------------ + src/basic/fileio.h | 12 ++++----- + src/test/test-fileio.c | 49 ++++++++++++++++++++++++++++++++-- + 3 files changed, 96 insertions(+), 25 deletions(-) + +diff --git a/src/basic/fileio.c b/src/basic/fileio.c +index 35eaa3c1c7..c14f9797bd 100644 +--- a/src/basic/fileio.c ++++ b/src/basic/fileio.c +@@ -388,44 +388,58 @@ int read_full_virtual_file(const char *filename, char **ret_contents, size_t *re + int read_full_stream_full( + FILE *f, + const char *filename, ++ uint64_t offset, ++ size_t size, + ReadFullFileFlags flags, + char **ret_contents, + size_t *ret_size) { + + _cleanup_free_ char *buf = NULL; +- struct stat st; + size_t n, n_next, l; + int fd, r; + + assert(f); + assert(ret_contents); + +- n_next = LINE_MAX; /* Start size */ ++ if (offset != UINT64_MAX && offset > LONG_MAX) ++ return -ERANGE; ++ ++ n_next = size != SIZE_MAX ? size : LINE_MAX; /* Start size */ + + fd = fileno(f); +- if (fd >= 0) { /* If the FILE* object is backed by an fd (as opposed to memory or such, see fmemopen(), let's +- * optimize our buffering) */ ++ if (fd >= 0) { /* If the FILE* object is backed by an fd (as opposed to memory or such, see ++ * fmemopen()), let's optimize our buffering */ ++ struct stat st; + + if (fstat(fd, &st) < 0) + return -errno; + + if (S_ISREG(st.st_mode)) { +- +- /* Safety check */ +- if (st.st_size > READ_FULL_BYTES_MAX) +- return -E2BIG; +- +- /* Start with the right file size. Note that we increase the size +- * to read here by one, so that the first read attempt already +- * makes us notice the EOF. */ +- if (st.st_size > 0) +- n_next = st.st_size + 1; ++ if (size == SIZE_MAX) { ++ uint64_t rsize = ++ LESS_BY((uint64_t) st.st_size, offset == UINT64_MAX ? 0 : offset); ++ ++ /* Safety check */ ++ if (rsize > READ_FULL_BYTES_MAX) ++ return -E2BIG; ++ ++ /* Start with the right file size. Note that we increase the size to read ++ * here by one, so that the first read attempt already makes us notice the ++ * EOF. If the reported size of the file is zero, we avoid this logic ++ * however, since quite likely it might be a virtual file in procfs that all ++ * report a zero file size. */ ++ if (st.st_size > 0) ++ n_next = rsize + 1; ++ } + + if (flags & READ_FULL_FILE_WARN_WORLD_READABLE) + (void) warn_file_is_world_accessible(filename, &st, NULL, 0); + } + } + ++ if (offset != UINT64_MAX && fseek(f, offset, SEEK_SET) < 0) ++ return -errno; ++ + n = l = 0; + for (;;) { + char *t; +@@ -462,6 +476,11 @@ int read_full_stream_full( + if (feof(f)) + break; + ++ if (size != SIZE_MAX) { /* If we got asked to read some specific size, we already sized the buffer right, hence leave */ ++ assert(l == size); ++ break; ++ } ++ + assert(k > 0); /* we can't have read zero bytes because that would have been EOF */ + + /* Safety check */ +@@ -577,15 +596,18 @@ static int xfopenat(int dir_fd, const char *path, const char *mode, int flags, F + int read_full_file_full( + int dir_fd, + const char *filename, ++ uint64_t offset, ++ size_t size, + ReadFullFileFlags flags, + const char *bind_name, +- char **contents, size_t *size) { ++ char **ret_contents, ++ size_t *ret_size) { + + _cleanup_fclose_ FILE *f = NULL; + int r; + + assert(filename); +- assert(contents); ++ assert(ret_contents); + + r = xfopenat(dir_fd, filename, "re", 0, &f); + if (r < 0) { +@@ -600,6 +622,10 @@ int read_full_file_full( + if (!FLAGS_SET(flags, READ_FULL_FILE_CONNECT_SOCKET)) + return -ENXIO; + ++ /* Seeking is not supported on AF_UNIX sockets */ ++ if (offset != UINT64_MAX) ++ return -ESPIPE; ++ + if (dir_fd == AT_FDCWD) + r = sockaddr_un_set_path(&sa.un, filename); + else { +@@ -653,7 +679,7 @@ int read_full_file_full( + + (void) __fsetlocking(f, FSETLOCKING_BYCALLER); + +- return read_full_stream_full(f, filename, flags, contents, size); ++ return read_full_stream_full(f, filename, offset, size, flags, ret_contents, ret_size); + } + + static int parse_env_file_internal( +diff --git a/src/basic/fileio.h b/src/basic/fileio.h +index 82897e209c..03150ce776 100644 +--- a/src/basic/fileio.h ++++ b/src/basic/fileio.h +@@ -44,13 +44,13 @@ static inline int write_string_file(const char *fn, const char *line, WriteStrin + int write_string_filef(const char *fn, WriteStringFileFlags flags, const char *format, ...) _printf_(3, 4); + + int read_one_line_file(const char *filename, char **line); +-int read_full_file_full(int dir_fd, const char *filename, ReadFullFileFlags flags, const char *bind_name, char **contents, size_t *size); +-static inline int read_full_file(const char *filename, char **contents, size_t *size) { +- return read_full_file_full(AT_FDCWD, filename, 0, NULL, contents, size); ++int read_full_file_full(int dir_fd, const char *filename, uint64_t offset, size_t size, ReadFullFileFlags flags, const char *bind_name, char **ret_contents, size_t *ret_size); ++static inline int read_full_file(const char *filename, char **ret_contents, size_t *ret_size) { ++ return read_full_file_full(AT_FDCWD, filename, UINT64_MAX, SIZE_MAX, 0, NULL, ret_contents, ret_size); + } +-int read_full_stream_full(FILE *f, const char *filename, ReadFullFileFlags flags, char **contents, size_t *size); +-static inline int read_full_stream(FILE *f, char **contents, size_t *size) { +- return read_full_stream_full(f, NULL, 0, contents, size); ++int read_full_stream_full(FILE *f, const char *filename, uint64_t offset, size_t size, ReadFullFileFlags flags, char **ret_contents, size_t *ret_size); ++static inline int read_full_stream(FILE *f, char **ret_contents, size_t *ret_size) { ++ return read_full_stream_full(f, NULL, UINT64_MAX, SIZE_MAX, 0, ret_contents, ret_size); + } + int read_full_virtual_file(const char *filename, char **ret_contents, size_t *ret_size); + +diff --git a/src/test/test-fileio.c b/src/test/test-fileio.c +index 5ec70eec14..5d0006149b 100644 +--- a/src/test/test-fileio.c ++++ b/src/test/test-fileio.c +@@ -762,8 +762,8 @@ static void test_read_full_file_socket(void) { + _exit(EXIT_SUCCESS); + } + +- assert_se(read_full_file_full(AT_FDCWD, j, 0, NULL, &data, &size) == -ENXIO); +- assert_se(read_full_file_full(AT_FDCWD, j, READ_FULL_FILE_CONNECT_SOCKET, clientname, &data, &size) >= 0); ++ assert_se(read_full_file_full(AT_FDCWD, j, UINT64_MAX, SIZE_MAX, 0, NULL, &data, &size) == -ENXIO); ++ assert_se(read_full_file_full(AT_FDCWD, j, UINT64_MAX, SIZE_MAX, READ_FULL_FILE_CONNECT_SOCKET, clientname, &data, &size) >= 0); + assert_se(size == strlen(TEST_STR)); + assert_se(streq(data, TEST_STR)); + +@@ -771,6 +771,50 @@ static void test_read_full_file_socket(void) { + #undef TEST_STR + } + ++static void test_read_full_file_offset_size(void) { ++ _cleanup_fclose_ FILE *f = NULL; ++ _cleanup_(unlink_and_freep) char *fn = NULL; ++ _cleanup_free_ char *rbuf = NULL; ++ size_t rbuf_size; ++ uint8_t buf[4711]; ++ ++ random_bytes(buf, sizeof(buf)); ++ ++ assert_se(tempfn_random_child(NULL, NULL, &fn) >= 0); ++ assert_se(f = fopen(fn, "we")); ++ assert_se(fwrite(buf, 1, sizeof(buf), f) == sizeof(buf)); ++ assert_se(fflush_and_check(f) >= 0); ++ ++ assert_se(read_full_file_full(AT_FDCWD, fn, UINT64_MAX, SIZE_MAX, 0, NULL, &rbuf, &rbuf_size) >= 0); ++ assert_se(rbuf_size == sizeof(buf)); ++ assert_se(memcmp(buf, rbuf, rbuf_size) == 0); ++ rbuf = mfree(rbuf); ++ ++ assert_se(read_full_file_full(AT_FDCWD, fn, UINT64_MAX, 128, 0, NULL, &rbuf, &rbuf_size) >= 0); ++ assert_se(rbuf_size == 128); ++ assert_se(memcmp(buf, rbuf, rbuf_size) == 0); ++ rbuf = mfree(rbuf); ++ ++ assert_se(read_full_file_full(AT_FDCWD, fn, 1234, SIZE_MAX, 0, NULL, &rbuf, &rbuf_size) >= 0); ++ assert_se(rbuf_size == sizeof(buf) - 1234); ++ assert_se(memcmp(buf + 1234, rbuf, rbuf_size) == 0); ++ rbuf = mfree(rbuf); ++ ++ assert_se(read_full_file_full(AT_FDCWD, fn, 2345, 777, 0, NULL, &rbuf, &rbuf_size) >= 0); ++ assert_se(rbuf_size == 777); ++ assert_se(memcmp(buf + 2345, rbuf, rbuf_size) == 0); ++ rbuf = mfree(rbuf); ++ ++ assert_se(read_full_file_full(AT_FDCWD, fn, 4700, 20, 0, NULL, &rbuf, &rbuf_size) >= 0); ++ assert_se(rbuf_size == 11); ++ assert_se(memcmp(buf + 4700, rbuf, rbuf_size) == 0); ++ rbuf = mfree(rbuf); ++ ++ assert_se(read_full_file_full(AT_FDCWD, fn, 10000, 99, 0, NULL, &rbuf, &rbuf_size) >= 0); ++ assert_se(rbuf_size == 0); ++ rbuf = mfree(rbuf); ++} ++ + int main(int argc, char *argv[]) { + log_set_max_level(LOG_DEBUG); + log_parse_environment(); +@@ -796,6 +840,7 @@ int main(int argc, char *argv[]) { + test_read_line2(); + test_read_line3(); + test_read_full_file_socket(); ++ test_read_full_file_offset_size(); + + return 0; + } +-- +2.39.1 + diff --git a/10025-cryptsetup-port-cryptsetup-s-main-key-file-logic-ov.patch b/10025-cryptsetup-port-cryptsetup-s-main-key-file-logic-ov.patch new file mode 100644 index 0000000..bb66170 --- /dev/null +++ b/10025-cryptsetup-port-cryptsetup-s-main-key-file-logic-ov.patch @@ -0,0 +1,95 @@ +From 8ef03861b75cf0a70511760c395cb4bd228c37b9 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Wed, 4 Nov 2020 17:24:53 +0100 +Subject: [PATCH] cryptsetup: port cryptsetup's main key file logic over to + read_full_file_full() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Previously, we'd load the file with libcryptsetup's calls. Let's do that +in our own, so that we can make use of READ_FULL_FILE_CONNECT_SOCKET, +i.e. read in keys via AF_UNIX sockets, so that people can plug key +providers into our logic. + +This provides functionality similar to Debian's keyscript= crypttab +option (see → #3007), as it allows key scripts to be run as socket +activated services, that have stdout connected to the activated socket. +In contrast to traditional keyscript= support this logic runs stuff out +of process however, which is beneficial, since it allows sandboxing and +similar. + +(cherry picked from commit 165a476841ff1aa3aab3508771db9495ab073c7a) + +Signed-off-by: Guorui Yu +--- + src/cryptsetup/cryptsetup.c | 37 ++++++++++++++++++++++++++++++++----- + 1 file changed, 32 insertions(+), 5 deletions(-) + +diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c +index 11162eb722..9251e0eba8 100644 +--- a/src/cryptsetup/cryptsetup.c ++++ b/src/cryptsetup/cryptsetup.c +@@ -17,6 +17,7 @@ + #include "mount-util.h" + #include "parse-util.h" + #include "path-util.h" ++#include "random-util.h" + #include "string-util.h" + #include "strv.h" + #include "util.h" +@@ -480,6 +481,15 @@ static int attach_tcrypt( + return 0; + } + ++static char *make_bindname(const char *volume) { ++ char *s; ++ ++ if (asprintf(&s, "@%" PRIx64"/cryptsetup/%s", random_u64(), volume) < 0) ++ return NULL; ++ ++ return s; ++} ++ + static int attach_luks_or_plain(struct crypt_device *cd, + const char *name, + const char *key_file, +@@ -553,13 +563,30 @@ static int attach_luks_or_plain(struct crypt_device *cd, + crypt_get_device_name(cd)); + + if (key_file) { +- r = crypt_activate_by_keyfile_offset(cd, name, arg_key_slot, key_file, arg_keyfile_size, arg_keyfile_offset, flags); +- if (r == -EPERM) { +- log_error_errno(r, "Failed to activate with key file '%s'. (Key data incorrect?)", key_file); ++ _cleanup_(erase_and_freep) char *kfdata = NULL; ++ _cleanup_free_ char *bindname = NULL; ++ size_t kfsize; ++ ++ /* If we read the key via AF_UNIX, make this client recognizable */ ++ bindname = make_bindname(name); ++ if (!bindname) ++ return log_oom(); ++ ++ r = read_full_file_full( ++ AT_FDCWD, key_file, ++ arg_keyfile_offset == 0 ? UINT64_MAX : arg_keyfile_offset, ++ arg_keyfile_size == 0 ? SIZE_MAX : arg_keyfile_size, ++ READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE|READ_FULL_FILE_CONNECT_SOCKET, ++ bindname, ++ &kfdata, &kfsize); ++ if (r == -ENOENT) { ++ log_error_errno(r, "Failed to activate, key file '%s' missing.", key_file); + return -EAGAIN; /* Log actual error, but return EAGAIN */ + } +- if (r == -EINVAL) { +- log_error_errno(r, "Failed to activate with key file '%s'. (Key file missing?)", key_file); ++ ++ r = crypt_activate_by_passphrase(cd, name, arg_key_slot, kfdata, kfsize, flags); ++ if (r == -EPERM) { ++ log_error_errno(r, "Failed to activate with key file '%s'. (Key data incorrect?)", key_file); + return -EAGAIN; /* Log actual error, but return EAGAIN */ + } + if (r < 0) +-- +2.39.1 + diff --git a/systemd.spec b/systemd.spec index aaad51e..313946d 100644 --- a/systemd.spec +++ b/systemd.spec @@ -978,6 +978,19 @@ Patch10009: 10009-systemd-anolis-support-loongarch64.patch Patch10010: 10010-test-catalog-Fix-coredump-when-compiled-under-GCC10.patch Patch10011: 10011-hwdb-add-Iluvatar-CoreX.patch Patch10012: 10012-seccomp-add-loongarch-support.patch +Patch10013: 10013-fileio-when-reading-a-full-file-into-memory-refuse-.patch +Patch10014: 10014-util-introduce-explicit_bzero_safe-for-explicit-mem.patch +Patch10015: 10015-util-introduce-erase_and_free-helper.patch +Patch10016: 10016-util-introduce-READ_FULL_FILE_SECURE-flag-for-readi.patch +Patch10017: 10017-fileio-introduce-warn_file_is_world_accessible.patch +Patch10018: 10018-fileio-read_full_file_full-also-warns-when-file-is-.patch +Patch10019: 10019-basic-fileio-Fix-memory-leak-if-READ_FULL_FILE_SECU.patch +Patch10020: 10020-fileio-add-explicit-flag-for-generating-world-execu.patch +Patch10021: 10021-fileio-add-dir_fd-parameter-to-read_full_file_full.patch +Patch10022: 10022-fileio-add-support-for-read_full_file-on-AF_UNIX-st.patch +Patch10023: 10023-fileio-beef-up-READ_FULL_FILE_CONNECT_SOCKET-to-all.patch +Patch10024: 10024-fileio-teach-read_full_file_full-to-read-from-offse.patch +Patch10025: 10025-cryptsetup-port-cryptsetup-s-main-key-file-logic-ov.patch %ifarch %{ix86} x86_64 aarch64 %global have_gnu_efi 1 @@ -1624,6 +1637,19 @@ fi - seccomp: add loongarch64 support (Liwei Ge) - seccomp: remove loongarch64 switch(Liwei Ge) - umount: check LO_FLAGS_AUTOCLEAR after LOOP_CLR_FD claimed success(yuanhui) +- fileio: when reading a full file into memory, refuse inner NUL bytes (Guorui Yu) +- util: introduce explicit_bzero_safe for explicit memset (Guorui Yu) +- util: introduce erase_and_free() helper (Guorui Yu) +- util: introduce READ_FULL_FILE_SECURE flag for reading secure data (Guorui Yu) +- fileio: introduce warn_file_is_world_accessible() (Guorui Yu) +- fileio: read_full_file_full() also warns when file is world readable and secure flag is set (Guorui Yu) +- basic/fileio: Fix memory leak if READ_FULL_FILE_SECURE flag is used (Guorui Yu) +- fileio: add explicit flag for generating world executable warning when reading file (Guorui Yu) +- fileio: add 'dir_fd' parameter to read_full_file_full() (Guorui Yu) +- fileio: add support for read_full_file() on AF_UNIX stream sockets (Guorui Yu) +- fileio: beef up READ_FULL_FILE_CONNECT_SOCKET to allow setting sender socket name (Guorui Yu) +- fileio: teach read_full_file_full() to read from offset/with maximum size (Guorui Yu) +- cryptsetup: port cryptsetup's main key file logic over to read_full_file_full() (Guorui Yu) * Thu Jul 20 2023 systemd maintenance team - 239-74.3 - login: add a missing error check for session_set_leader() (#2223602) -- Gitee