summaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAge
* path-util: make path_make_relative() support path including dotsYu Watanabe2018-08-24
|
* path-util: introduce path_simplify()Yu Watanabe2018-08-24
| | | | | | | | The function is similar to path_kill_slashes() but also removes initial './', trailing '/.', and '/./' in the path. When the second argument of path_simplify() is false, then it behaves as the same as path_kill_slashes(). Hence, this also replaces path_kill_slashes() with path_simplify().
* time-util: fix build with gcc8 -Werror=format-truncation=Martin Jansa2018-08-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * it fails with gcc8 when -O1 or -Os is used (and -ftree-vrp which is added by -O2 and higher isn't used) ../git/src/basic/time-util.c: In function 'format_timespan': ../git/src/basic/time-util.c:508:46: error: '%0*llu' directive output between 1 and 2147483647 bytes may cause result to exceed 'INT_MAX' [-Werror=format-truncation=] "%s"USEC_FMT".%0*"PRI_USEC"%s", ^~~~ ../git/src/basic/time-util.c:508:60: note: format string is defined here "%s"USEC_FMT".%0*"PRI_USEC"%s", ../git/src/basic/time-util.c:508:46: note: directive argument in the range [0, 18446744073709551614] "%s"USEC_FMT".%0*"PRI_USEC"%s", ^~~~ ../git/src/basic/time-util.c:507:37: note: 'snprintf' output 4 or more bytes (assuming 2147483651) into a destination of size 4294967295 k = snprintf(p, l, ^~~~~~~~~~~~~~ "%s"USEC_FMT".%0*"PRI_USEC"%s", ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ p > buf ? " " : "", ~~~~~~~~~~~~~~~~~~~ a, ~~ j, ~~ b, ~~ table[i].suffix); ~~~~~~~~~~~~~~~~ cc1: some warnings being treated as errors [zj: change 'char' to 'signed char']
* basic: set errno in raw_clone() on sparcMike Gilbert2018-08-24
| | | | | | | | sparc sets the carry bit when a syscall fails. Use this information to set errno and return -1 as appropriate. The added test case calls raw_clone() with flags known to be invalid according to the clone(2) manpage.
* process-util: also filter non-printable characters in get_process_com()Lennart Poettering2018-08-24
| | | | | | | | | | | | We already do that in get_process_cmdline(), which is very similar in behaviour otherwise. Hence, let's be safe and also filter them in get_process_comm(). Let's try to retain as much information as we can though and escape rather than suppress unprintable characters. Let's not increase comm names beyond the kernel limit on such names however. Also see discussion about this here: https://marc.info/?l=linux-api&m=152649570404881&w=2
* string-util: tweak cellescape() a bitLennart Poettering2018-08-24
| | | | | | | | | | | | | For short buffer sizes cellescape() was a bit wasteful, as it might suffice to to drop a single character to find enough place for the full four byte ellipsis, if that one character was a four character escape. With this rework we'll guarantee to drop the minimum number of characters from the end to fit in the ellipsis. If the buffers we write to are large this doesn't matter much. However, if they are short (as they are when talking about the process comm field) then it starts to matter that we put as much information as we can in the space we get.
* escape: add an explanatory comment about buffer sizesLennart Poettering2018-08-24
|
* missing: define kernel internal limit TASK_COMM_LEN in userspace tooLennart Poettering2018-08-24
| | | | | We already use it at two places, and we are about to add one too. Arbitrary literally hardcoded limits suck.
* process-util: mention that wait_for_terminate_with_timeout() should be ↵Lennart Poettering2018-08-24
| | | | called with SIGCHLD blocked
* Use const char* for timestamp strings which we don't plan to modifyZbigniew Jędrzejewski-Szmek2018-08-24
| | | | Makes the intent a bit clearer.
* Always allow timestamps to be printedZbigniew Jędrzejewski-Szmek2018-08-24
| | | | | | | | | | If the timestamp is above 9999-12-30, (or 2038-something-something on 32 bit), use XXXX-XX-XX XX:XX:XX as the replacement. The problem with refusing to print timestamps is that our code accepts such timestamps, so we can't really just refuse to process them afterwards. Also, it makes journal files non-portable, because suddently we might completely refuse to print entries which are totally OK on a different machine.
* basic/random-util: do not use getrandom() under msanEvgeny Vereshchagin2018-08-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `fuzz-journal-remote` seems to be failing under `msan` as soon as it starts: $ sudo infra/helper.py run_fuzzer systemd fuzz-journal-remote Running: docker run --rm -i --privileged -e FUZZING_ENGINE=libfuzzer -v /home/vagrant/oss-fuzz/build/out/systemd:/out -t gcr.io/oss-fuzz-base/base-runner run_fuzzer fuzz-journal-remote Using seed corpus: fuzz-journal-remote_seed_corpus.zip /out/fuzz-journal-remote -rss_limit_mb=2048 -timeout=25 /tmp/fuzz-journal-remote_corpus -max_len=65536 < /dev/null INFO: Seed: 3380449479 INFO: Loaded 2 modules (36336 inline 8-bit counters): 36139 [0x7ff36ea31d39, 0x7ff36ea3aa64), 197 [0x9998c8, 0x99998d), INFO: Loaded 2 PC tables (36336 PCs): 36139 [0x7ff36ea3aa68,0x7ff36eac7d18), 197 [0x999990,0x99a5e0), INFO: 2 files found in /tmp/fuzz-journal-remote_corpus INFO: seed corpus: files: 2 min: 4657b max: 7790b total: 12447b rss: 97Mb Uninitialized bytes in __interceptor_pwrite64 at offset 24 inside [0x7fffdd4d7230, 240) ==15==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x7ff36e685e8a in journal_file_init_header /work/build/../../src/systemd/src/journal/journal-file.c:436:13 #1 0x7ff36e683a9d in journal_file_open /work/build/../../src/systemd/src/journal/journal-file.c:3333:21 #2 0x7ff36e68b8f6 in journal_file_open_reliably /work/build/../../src/systemd/src/journal/journal-file.c:3520:13 #3 0x4a3f35 in open_output /work/build/../../src/systemd/src/journal-remote/journal-remote.c:70:13 #4 0x4a34d0 in journal_remote_get_writer /work/build/../../src/systemd/src/journal-remote/journal-remote.c:136:21 #5 0x4a550f in get_source_for_fd /work/build/../../src/systemd/src/journal-remote/journal-remote.c:183:13 #6 0x4a46bd in journal_remote_add_source /work/build/../../src/systemd/src/journal-remote/journal-remote.c:235:13 #7 0x4a271c in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-journal-remote.c:36:9 #8 0x4f27cc in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:524:13 #9 0x4efa0b in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:448:3 #10 0x4f8e96 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:732:7 #11 0x4f9f73 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:752:3 #12 0x4bf329 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:756:6 #13 0x4ac391 in main /src/libfuzzer/FuzzerMain.cpp:20:10 #14 0x7ff36d14982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #15 0x41f9d8 in _start (/out/fuzz-journal-remote+0x41f9d8) Uninitialized value was stored to memory at #0 0x7ff36e61cd41 in sd_id128_randomize /work/build/../../src/systemd/src/libsystemd/sd-id128/sd-id128.c:288:16 #1 0x7ff36e685cec in journal_file_init_header /work/build/../../src/systemd/src/journal/journal-file.c:426:13 #2 0x7ff36e683a9d in journal_file_open /work/build/../../src/systemd/src/journal/journal-file.c:3333:21 #3 0x7ff36e68b8f6 in journal_file_open_reliably /work/build/../../src/systemd/src/journal/journal-file.c:3520:13 #4 0x4a3f35 in open_output /work/build/../../src/systemd/src/journal-remote/journal-remote.c:70:13 #5 0x4a34d0 in journal_remote_get_writer /work/build/../../src/systemd/src/journal-remote/journal-remote.c:136:21 #6 0x4a550f in get_source_for_fd /work/build/../../src/systemd/src/journal-remote/journal-remote.c:183:13 #7 0x4a46bd in journal_remote_add_source /work/build/../../src/systemd/src/journal-remote/journal-remote.c:235:13 #8 0x4a271c in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-journal-remote.c:36:9 #9 0x4f27cc in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:524:13 #10 0x4efa0b in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:448:3 #11 0x4f8e96 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:732:7 #12 0x4f9f73 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:752:3 #13 0x4bf329 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:756:6 #14 0x4ac391 in main /src/libfuzzer/FuzzerMain.cpp:20:10 #15 0x7ff36d14982f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) Uninitialized value was created by an allocation of 't' in the stack frame of function 'sd_id128_randomize' #0 0x7ff36e61cb00 in sd_id128_randomize /work/build/../../src/systemd/src/libsystemd/sd-id128/sd-id128.c:274 SUMMARY: MemorySanitizer: use-of-uninitialized-value /work/build/../../src/systemd/src/journal/journal-file.c:436:13 in journal_file_init_header Exiting MS: 0 ; base unit: 0000000000000000000000000000000000000000 artifact_prefix='./'; Test unit written to ./crash-847911777b3096783f4ee70a69ab6d28380c810b [vagrant@localhost oss-fuzz]$ sudo infra/helper.py check_build --sanitizer=memory systemd Running: docker run --rm -i --privileged -e FUZZING_ENGINE=libfuzzer -e SANITIZER=memory -v /home/vagrant/oss-fuzz/build/out/systemd:/out -t gcr.io/oss-fuzz-base/base-runner test_all INFO: performing bad build checks for /out/fuzz-dhcp-server. INFO: performing bad build checks for /out/fuzz-journal-remote. INFO: performing bad build checks for /out/fuzz-unit-file. INFO: performing bad build checks for /out/fuzz-dns-packet. 4 fuzzers total, 0 seem to be broken (0%). Check build passed. It's a false positive which is most likely caused by https://github.com/google/sanitizers/issues/852. I think it could be got around by avoiding `getrandom` when the code is compiled with `msan`
* basic/journal-importer: escape & ellipsize bad data in log entriesZbigniew Jędrzejewski-Szmek2018-08-24
| | | | | | | We shouldn't just log arbitrary stuff, in particular newlines and control chars Now: Unknown dunder line __CURSORFACILITY=6\nSYSLOG_IDENTIFIER=/USR/SBIN/CRON\nMES…, ignoring. Unknown dunder line __REALTIME_TIME[TAMP=1404101101501874\n__MONOTONIC_TIMEST…, ignoring.
* basic/string-util: add a convenience function to cescape mostly-ascii fieldsZbigniew Jędrzejewski-Szmek2018-08-24
| | | | | | | | | It's not supposed to be the most efficient, but instead fast and simple to use. I kept the logic in ellipsize_mem() to use unicode ellipsis even in non-unicode locales. I'm not quite convinced things should be this way, especially that with this patch it'd actually be simpler to always use "…" in unicode locale and "..." otherwise, but Lennart wanted it this way for some reason.
* basic/journal-importer: do not write non-unicode char to logZbigniew Jędrzejewski-Szmek2018-08-24
| | | | | The type of cescape_char() is changed to int to make it easier to use in "%.*s". We know the value is between 1 and 4, so size_t is overkill.
* sd-id128: return -ENOMEDIUM on null idZbigniew Jędrzejewski-Szmek2018-08-24
| | | | | | | | | We currently return -ENOMEDIUM when /etc/machine-id is empty, and -EINVAL when it is all zeros. But -EINVAL is also used for invalid args. The distinction between empty and all-zero is not very important, let's use the same return code. Also document -ENOENT and -ENOMEDIUM since they can be a bit surprising.
* tree-wide: make use of memory_startswith() at various placesLennart Poettering2018-08-24
|
* string-util: add new memory_startswith() helperLennart Poettering2018-08-24
| | | | | We have code like this at various placer, let's make things shorter and more readable with a helper for it.
* socket-util: rename parse_socket_address_bind_ipv6_only_or_bool() to ↵Yu Watanabe2018-08-24
| | | | | | | socket_address_bind_ipv6_only_or_bool_from_string() Hence, we can define config_parse_socket_bind() by using DEFINE_CONFIG_PARSE_ENUM() macro.
* conf-parser: introduce DEFINE_CONFIG_PARSE*() macrosYu Watanabe2018-08-24
| | | | | | | | This introduces several macros for defining config parsers. Also this fixes errno in DEFINE_CONFIG_PARSE_ENUM() and _ENUMV() and makes the log level lower when a duplicated item is specified to the settings parsed by the function defined by DEFINE_CONFIG_PARSE_ENUMV().
* smack: make mac_smack_fix() deal somewhat sensible with non-absolute pathsLennart Poettering2018-08-24
| | | | | | | | | | | This tries to improve the mac_smack_fix() logic a bit, by properly handling non-absolute paths. It's still pretty broken though, which is sad for security technology: non-normalized paths (for example "/usr/../dev/sda") will still not be treated correctly. I am not sure how to fix that properly though, and I don't understand SMACK well enough to do so. This fix hence just fixes to most obvious glaring issue.
* sd-bus: make add match method callback slot "floating"Lennart Poettering2018-08-24
| | | | | | | | | | | | | | | | When we allocate an asynchronous match object we will allocate an asynchronous bus call object to install the match server side. Previously the call slot would be created as regular slot, i.e. non-floating which meant installing the match even if it was itself floating would result in a non-floating slot to be created internally, which ultimately would mean the sd_bus object would be referenced by it, and thus never be freed. Let's fix that by making the match method callback floating in any case as we have no interest in leaving the bus allocated beyond the match slot. Fixes: #8551
* bus-slot: for bus slot objects with no explicit description use the match ↵Lennart Poettering2018-08-24
| | | | | | | string as description Let's make debugging a but easier with implicit descriptions for some match objects.
* sd-bus: add new sd_bus_slot_set_floating() callLennart Poettering2018-08-24
| | | | | | | | | | This new call allows explicit control of the "floating" state of a bus slot object. This is useful for creating a bus slot object first, retaining a reference to it, using it for making changes to the slot object (for example, set a description) and then handing it over to sd-bus for lifecycle management. It's also useful to fix #8551.
* tree-wide: fix typo in comments and NEWSYu Watanabe2018-08-24
|
* conf-parser: add a bit more whitespaceLennart Poettering2018-08-24
| | | | | | | | We usually seperate case statements within a switch from each other by empty lines. We also often add an empty line after multi-line function prototypes, let's do so here too Also, no trailing ; after }...
* meson: test out headers with more standard versionsZbigniew Jędrzejewski-Szmek2018-08-24
| | | | They all pass fine, but let's keep testing regularly.
* sd-bus: use _cleanup_ moreZbigniew Jędrzejewski-Szmek2018-08-24
|
* journalctl: add with-unit modeLuca Boccassi2018-08-24
| | | | | | | | | | When dealing with a large number of template instances, for example when launching daemons per VRF, it is hard for operators to correlate log lines to arguments. Add a new with-unit mode which, if available, prefixes unit and user unit names when displaying its log messages instead of the syslog identifier. It will also use the full timestamp with timezones, like the short-full mode.
* tree-wide: drop unused variablesYu Watanabe2018-08-24
| | | | Follow-ups for #8620.
* add new portable service frameworkLennart Poettering2018-08-24
| | | | | | | | | | | This adds a small service "systemd-portabled" and a matching client "portablectl", which implement the "portable service" concept. The daemon implements the actual operations, is PolicyKit-enabled and is activated on demand with exit-on-idle. Both the daemon and the client are an optional build artifact, enabled by default rhough.
* machined: move bus_reply_pair_array() into generic utilitiesLennart Poettering2018-08-24
| | | | This way, we can reuse it in portabled.
* conf-files: beef up conf-files.[ch] a bitLennart Poettering2018-08-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | This adds fozr new flags: - If CONF_FILES_DIRECTORY is specified conf_file_list() and friends will look for directories only. - Similar CONF_FILES_REGULAR means we'll look only for regular files. - If CONF_FILES_BASENAME is specified the resulting list will contain only the basenames of all discovered files or directories, not the full paths. - If CONF_FILES_FILTER_MASKED is specified the resulting list will have masked entries removed (i.e. those symlinked to /dev/null and suchlike) These four flags are useful for discovering portable service profile information. While we are at it, also improve a couple of other things: - More debug logging - use path_hash_ops instead of string_hash_ops when putting together the path lists
* fileio: make sure read_full_stream() works on memory-backed streamsLennart Poettering2018-08-24
|
* os-util: add helpers for finding /etc/os-releaseLennart Poettering2018-08-24
| | | | | Place this new helpers in a new source file os-util.[ch], and move the existing and related call path_is_os_tree() to it as well.
* fileio: add parse_env_filev() that is like parse_env_file() but takes a va_listLennart Poettering2018-08-24
|
* fileio: accept FILE* in addition to path in parse_env_file()Lennart Poettering2018-08-24
| | | | | | | Most our other parsing functions do this, let's do this here too, internally we accept that anyway. Also, the closely related load_env_file() and load_env_file_pairs() also do this, so let's be systematic.
* process-util: add a new FORK_MOUNTNS_SLAVE flag for safe_fork()Lennart Poettering2018-08-24
| | | | | | | | We already have a flag for creating a new mount namespace for the child. Let's add an extension to that: a new FORK_MOUNTNFS_SLAVE flag. When used in combination will mark all mounts in the child namespace as MS_SLAVE so that the child can freely mount or unmount stuff but it won't leak into the parent.
* fd-util: add new helper call fd_duplicate_data_fd()Lennart Poettering2018-08-24
| | | | | | | | | | | | This call creates an fd from another fd containing the same data. Specifically, repeated read() on the returned fd should return the same data as the original fd. This call is useful when we want to copy data out of disk images and suchlike, and want to be pass fds with the data around without having to keep the disk image continously mounted. The implementation tries to be somewhat smart and tries to prefer memfds/pipes over files in /tmp or /var/tmp based on the size of the data, but has appropropriate fallbacks in place.
* basic: fix raw_clone() on 32-bit sparcMike Gilbert2018-08-24
| | | | | | | The clone syscall uses the same semantics as on 64-bit. The trap number for syscall entry is different. Bug: https://bugs.gentoo.org/656368
* load-fragment: allow to specify RestrictNamespaces= multiple timesYu Watanabe2018-08-24
| | | | | If multiple RestrictNamespaces= settings are set, then merge the settings. This also drops supporting "~yes" and "~no".
* nsflsgs: drop namespace_flag_{from,to}_string()Yu Watanabe2018-08-24
| | | | | | This also drops namespace_flag_to_string_many_with_check(), and renames namespace_flag_{from,to}_string_many() to namespace_flags_{from,to}_string().
* nsflags: drop namespace_flag_to_string_many_with_check()Yu Watanabe2018-08-24
| | | | | We always ignore the unused bits. So, it is not necessary to check them.
* logind: let's change the type of the runtime directory size to uint64_tLennart Poettering2018-08-24
| | | | | | | Externally it's an uint64_t anyway, and internally we most just initialize it to physical_memory() which returns uint64_t, hence there's exactly zero value in using it as size_t internally. Hence, let's fix that, and use uint64_t everywhere.
* util: add debug logging to system_tasks_max()Lennart Poettering2018-08-24
| | | | | We should always do debug logging when we eat up error conditions. Let's do so here too.
* util: fix physical_memory() to work correctly on cgroupsv2Lennart Poettering2018-08-24
| | | | | | | Let's look into the right cgroupsv2 attribute. Also, while we are at it, add debug logging for all error conditions we eat up silently otherwise.
* nspawn: make sure our container PID 1 keeps logging to the original stderr ↵Lennart Poettering2018-08-24
| | | | | | | | | | | | | | | | | | as long as possible If we log to the pty that is configured as stdin/stdout/stderr of the container too early we risk filling it up in full before we start processing the pty from the parent process, resulting in deadlocks. Let's hence keep a copy of the original tty we were started on before setting up stdin/stdout/stderr, so that we can log to it, and keep using it as long as we can. Since the kernel's pty internal buffer is pretty small this actually triggered deadlocks when we debug logged at lot from nspawn's child processes, see: https://github.com/systemd/systemd/pull/9024#issuecomment-390403674 With this change we won't use the pty at all, only the actual payload we start will, and hence we won't deadlock on it, ever.
* timesync,shared: move logic requesting bus name to sharedYu Watanabe2018-08-24
| | | | | Preparation for setting DynamicUser= to other services which request bus names.
* tree-wide: remove some double newlines in headers, tooLennart Poettering2018-08-24
|
* conf-parser: make use of free_and_replace() at one more placeLennart Poettering2018-08-24
|