probe_gpt_boot_disk_needs_loop() sets ID_PART_GPT_AUTO_ROOT_DISK_NEEDS_LOOP
for any whole disk that holds the boot ESP/XBOOTLDR but whose partition table
the kernel cannot parse. Until now the udev rule turned that into a
systemd-loop@.service for every block device.
That is too broad: device-mapper devices also report kernel partition
scanning as disabled, but their partitions are managed in userspace by kpartx
(see 66-kpartx.rules). Setting up a loop device on top of them re-exposes the
same partition table a second time and only causes trouble.
Restrict the rule to optical drives, the one class that genuinely needs a
kernel-side loop device (El Torito GPT sector size mismatch, or drives that do
not support partition scanning) and that has no userspace partition manager of
its own.
Co-developed-by: Claude Fable 5 <noreply@anthropic.com>
When a device carries a SYSTEMD_MACHINE_TAG udev property, tag it for
systemd and pull in systemd-machine-tag@<tag>.service, which adds the
given tag to the host's machine tags. In other words, attaching the
property to a device makes the host auto-tag itself with the specified
machine tag.
Previously, probe_gpt_sector_size_mismatch() would bail out early when
the GPT sector size matched the device sector size. However, some
devices (e.g. certain CD-ROM drives) do not support kernel partition
scanning even when sector sizes match. In that case, the kernel still
cannot parse the partition table, and we need to set up a loop device to
expose the partitions — just as we do for the sector size mismatch case.
Check blockdev_partscan_enabled() when sector sizes match, and only skip
the boot partition check if partition scanning is actually supported.
Also rename the function, udev property, and log messages to reflect the
broader scope:
- probe_gpt_sector_size_mismatch() -> probe_gpt_boot_disk_needs_loop()
- ID_PART_GPT_AUTO_ROOT_DISK_SECTOR_SIZE_MISMATCH -> ID_PART_GPT_AUTO_ROOT_DISK_NEEDS_LOOP
When the GPT partition table uses a different sector size than the
device's native block size (e.g. 512-byte GPT on a 2048-byte CD-ROM
booted via El Torito), the kernel cannot parse the partition table.
Probe the GPT sector size upfront and configure blkid with the correct
value so it always finds the partition table. If a sector size mismatch
is detected, trigger a loop device to re-expose the device with the
correct sector size and skip root partition discovery on the original
device — it will happen on the loop device instead.
Co-developed-by: Claude Opus 4.6 <noreply@anthropic.com>
For various usecases it is useful to read relevant data from the DMI
udev device, but this means we need a way to wait for it for this to be
probed to be race-free. Hence tag it with "systemd", so that
sys-devices-virtual-dmi-id.device can be used as synchronization point.
usb hubs tend to expose removable attribute as unknown. This makes some
problems like a hub for external usb ports in pogo pins is unknown and
also soldered hubs in laptops for keyboard+touchpad.
Let's set internal when the device removable attribute is fixed and
external when removable, but when it's unknown lets check the parent
ports (not the host devpath!=0) attribute to decide.
This makes us to missdetect pogo ping connected external usb hubs but
let us to correctly detect laptop internal keyboards and touchpads that
are wired through hubs instead directly.
This behaviour is more desirable, as actually there are a bunch of
laptops with this setup.
Fixes: a4381cae8b.
The kfd device is used for running compute workloads on AMD
GPUs. Users that are logged in should be able to run compute
so tag them like other DRM and ACCEL devices are.
Could ask to Bastien Nocera who originally commited the joysticks hwdb
integration
https://gitlab.freedesktop.org/libinput/libinput/-/merge_requests/1429#note_3338386
and stated that was for use in iio-sensor but later anything was done.
As the variable was never used replace it with the new variable actually
in the process to be use in libinput. Even more at least some of the
idea that was planed for ID_INPUT_JOYSTICK_INTEGRATION could be done in
libinput.
Actually ID_INPUT_JOYSTICK_INTEGRATION was never used anywhere, replace
it with ID_INTEGRATION.
Follow up: a4381cae8b.
Change the default udev rule for /dev/ptp* from 0660 to 0664,
allowing unprivileged users read-only access.
NIC telemetry and hardware logs often use device timestamps that must
be correlated with host time via read-only PTP ioctls (e.g.
cross-timestamp queries). Requiring privileged access makes these
workflows unnecessarily restrictive.
Older kernels lacked proper permission checks in some PTP ioctls.
Kernel commit b4e53b15c04e3852949003752f48f7a14ae39e86 ("ptp: Add PHC
file mode checks. Allow RO adjtime() without FMODE_WRITE.") introduces
the necessary file mode validation, ensuring that read access does not
permit clock modification or configuration changes, which still require
write permissions.
This commit has been backported to all actively maintained stable
kernel branches.
Related to #31034
ID_INTEGRATION is not being updated with hwdb entries, asign the new
value to it when hwdb has been imported.
We still need the 65-integration.rule assignment for devices that aren't
in hwdb.
While at it remove unneeded check in 70-touchpad.rules, as it was not
added for 70-joystick.rules with the statement if ID_INPUT_* is set and
ID_INPUT not, there is a bug elsewhere. And remove unneeded gotos in
both files.
Follow-up for a4381cae8b.
When systemd is compiled with group-render-mode=0660, only the active seat
gets access to the render devices through uaccess. Remote desktop sessions
like gnome-remote-desktop would be left with no hardware rendering, because
those sessions are not associated with a seat.
Tag the render nodes with "xaccess" so that access is also granted to remote
sessions created with XDG_SESSION_EXTRA_DEVICE_ACCESS=1
Grant access to devices tagged with "xaccess" on session start, if the session
was created with XDG_SESSION_EXTRA_DEVICE_ACCESS=1.
udev-builtin-uaccess is refactored to grant multiple users access to a device,
taking into account the device's seat and all the active EXTRA_DEVICE_ACCESS
sessions.
Update hwdb.d/meson.build and rules.d/meson.build to add the
82-net-auto-link-local.{hwdb,rules} files into the build. Commit
ec541c569b in 2023 added the files
but didn't add them to the build system.
Regular generated paths make it hard to identify individual GPIO
devices. This is a challenge when using multiple USB-to-GPIO adapters
like Diolan DLN2.
The unique symlinks from this rule can be used, e.g., with gpiod tools.
Virtual block devices are a bit weird: they have no parent device, and
thus cannot be related to the subsystem they belong to, except by
pattern matching their name. This is OK to do if one knows what to look
for. However for tools that do not want to carry a list of known
subsystems with their appropriate matching patters this sucks. Let's
introduce a new ID_BLOCK_SUBSYSTEM property we can set on block devices
that carries an explicit string for this. Do so for a small number of
key subsystems: DM, loopback and zram.
There are no real i2c mice but there are i2c `FooBar Mouse` devices that
are an artifact of how the HID kernel drivers split up event nodes.
These nodes will be seen for some i2c keyboards and touchpads, depending
on the HID report descriptor.
Let's not tag those as pointing sticks.
Closes#36677
Same approach as used in 70-mouse.rules, allow for a name-based match
optionally combined with bus/vid/pid (which the existing modalias rule
would already allow us anyway). Note that ID_BUS isn't assigned until
after this rule has run so we need to use the id/bustype attribute
directly.
Related to https://github.com/systemd/systemd/issues/36677
Similarly to the udev rules handling KVM and Hyper-V PTP devices, create
symlinks for the s390-specific STCKE and Physical clocks (supported
since Linux 6.13) to have some stable names that can be specified in
default configurations of PTP/NTP applications.
[1] says:
> Since 0.60.0 the name argument is optional and defaults to the basename of
> the first output
We specify >= 0.62 as the supported version, so drop the duplicate name in all cases
where it is the same as outputs[0], i.e. almost all cases.
[1] https://mesonbuild.com/Reference-manual_functions.html#custom_target
Loopback block devices are agressively reused, without being removed in
between. This means various inode attributes on their device nodes will
– so far – remain in effect between uses of the devices. Since there are
applications which change access mode/ownership of such devices after
attaching files to them, let's undo this again when we detect them to be
unused again.
Fixes: #37745
The commit cdcb1eeeb8 adds
ID_NET_NAME_INCLUDE_DOMAIN property support in net_id builtin.
The property is basically set through hwdb. However, previously hwdb was
imported after calling net_id builtin, hence when net_id is called, the
property was never set.
This makes hwdb is imported before calling net_id builtin, so that the
property is set when net_id is called if hwdb has an entry about that
for the interface.
Follow-up for cdcb1eeeb8.
Fixes#37758.
Add support for the hardware version. The version describes a distinct
version of compatibility hardware. The value is read from the file
/etc/machine-info or DMI as fallback.
The integration provides an unified interface to collect detail hardware
information. The /etc/machine-info entry enables embedded devices
without UEFI support to read the information from a custom store.
Add support for the hardware Stock-Keeping Unit (SKU). The SKU describes
a distinct type of hardware for sale, purchase or inventory management.
The value is read from the file /etc/machine-info or DMI as fallback.
The integration provides an unified interface to collect detail hardware
information. The /etc/machine-info entry enables embedded devices
without UEFI support to read the information from a custom store.
Currently, when we want to add unit tests for code that is compiled into
an executable, we either compile the code at least twice (once for the
executable, and once for each test that uses it) or we create a static
library which is then used by both the executable and all the tests.
Both of these options are not ideal, compiling source files more than
once slows down the build for no reason and creating the intermediate
static libraries takes a lot of boilerplate.
Instead, let's use the extract_objects() method that meson exposes on
build targets. This allows us to extract the objects corresponding to
specific source files and use them in other executables. Because we
define all executables upfront into a dictionary, we integrate this into
the dictionary approach by adding two new fields:
- 'extract' takes a list of files for which objects should be extracted.
The extracted objects are stored in a dict keyed by the executable name
from which they were extracted.
- 'objects' takes the name of an executable from which the extracted
objects should be added to the current executable.
One side effect of this approach is that we can't build test executables
anymore without building the main executable, so we stop building test
executables unless we're also building the main executable. This allows
us to switch to using subdir_done() in all of these subdirectories to skip
parsing them if the corresponding component is disabled.
These changes get me down from 2439 => 2403 ninja targets on a full rebuild
from scratch.
All other rules in 99-systemd.rules are pretty much concerned about
SYSTEMD_READY=1 and tagging devices the service manager shall track. But
the gpt-root symlink is different, and it makes sense independently of
the service manager. Hence give it a separate file.
This introduces indentation for inner sections skipped via GOTO=. The
rules parser supports that. In order to make this more readable, let's
maybe make use of this.
Strictly speaking we don't need to tag these devices, because tpm2-tss
already does so, but given we do this for /dev/tpmrm0, we should
probably do this comprehensively if we rely on this ourselves.
Fixes: #36653
In relevant factory reset situation the root disk itself is subject to
removal. This somewhat conflicts with automatic root disk discovery,
since the system first comes up with one candidate for the root disk,
which is then replaced by another.
Let's address this by determining at the moment of probing for the
gpt-root logic what the factory reset state currently is. This is then
used to maintain two distinct symlinks to the gpt auto root device: one
which is always available and one that is only available if factory
reset is off or complete.
The new symlinks is not used by anything yet. This will be added in a
later commit.
Expose /sys/class/dmi/id/chassis_asset_tag in varlink/dbus commonly used
by companies to track inventory such as laptops.
On desktops and other products the `chassis_asset_tag` can contain
rubbish similar to product_name/product_vendor.
Closes: #36442
Take some of the same rule structure from 60-persistent-input.rules, and
apply it to hidraw devices in 60-persistent-hidraw.rules.
Since one of the motivations for this is being able to easily reference
FIDO tokens, add a special case when ID_FIDO_TOKEN==1, and add 'fido'
to the symlink.
