Commit Graph

1655 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
55a30fd4e8 basic/calendarspec: fix assert crash when year is too large in calendarspec_from_time_t()
gmtime_r() will return NULL in that case, and we would crash.

I committed the reproducer case in fuzz-regressions/, even though we don't have
ubsan hooked up yet. Let's add it anyway in case it is useful in the future. We
actually crash anyway when compiled with asserts, so this can be easily
reproduced without ubsan.

oss-fuzz #6886.
2018-03-14 16:50:09 +01:00
Lennart Poettering
586fb20fd1 Merge pull request #8372 from keszybz/two-cleanups
Two cleanups
2018-03-08 23:23:43 +01:00
Mario Limonciello
c58493c00a Introduce suspend-to-hibernate (#8274)
Suspend to Hibernate is a new sleep method that invokes suspend
for a predefined period of time before automatically waking up
and hibernating the system.

It's similar to HybridSleep however there isn't a performance
impact on every suspend cycle.

It's intended to use with systems that may have a higher power
drain in their supported suspend states to prevent battery and
data loss over an extended suspend cycle.

Signed-off-by: Mario Limonciello <mario.limonciello@dell.com>
2018-03-08 14:17:33 +01:00
Zbigniew Jędrzejewski-Szmek
f6a8265b9a core: drop unnecessary __useless_struct_to_allow_trailing_semicolon__
ISO C does not allow empty statements outside of functions, and gcc
will warn the trailing semicolons when compiling with -pedantic:

  warning: ISO C does not allow extra ‘;’ outside of a function [-Wpedantic]

But our code cannot compile with -pedantic anyway, at least because

  warning: ISO C does not support ‘__PRETTY_FUNCTION__’ predefined identifier [-Wpedantic]

Without -pedatnic, clang and even old gcc (3.4) generate no warnings about
those semicolons, so let's just drop __useless_struct_to_allow_trailing_semicolon__.
2018-03-06 10:41:41 +01:00
Zbigniew Jędrzejewski-Szmek
eef03d70c1 basic/cgroup-util: remove unused variable 2018-03-06 10:41:41 +01:00
Zbigniew Jędrzejewski-Szmek
b719b66b0a Merge pull request #8354 from keszybz/new-NEWS
NEWS for v238
2018-03-05 17:16:04 +01:00
Zbigniew Jędrzejewski-Szmek
46dcfbbdb6 basic/glob-util: do not use names with "_" prefix
Names starting with _ or __ are reserved by the standard, better to
avoid them.
2018-03-05 09:04:39 +01:00
Lennart Poettering
6cc7e918ff Merge pull request #8314 from poettering/rearrange-stdio
refactor how we rearrange fds for stdin/stdout/stderr
2018-03-02 15:42:03 +01:00
Lennart Poettering
650f401123 Merge pull request #8336 from poettering/coccinelle-reallocarray
reallocarray() coccinellization
2018-03-02 15:40:52 +01:00
Zbigniew Jędrzejewski-Szmek
3cca71c456 Merge pull request #8323 from xyproto/ok_color
Make the color of the status OK configurable at build-time
2018-03-02 13:00:07 +01:00
Lennart Poettering
62d74c78b5 coccinelle: add reallocarray() coccinelle script
Let's systematically make use of reallocarray() whereever we invoke
realloc() with a product of two values.
2018-03-02 12:39:07 +01:00
Lennart Poettering
96fcc89ab5 fd-util: drop stdio_unset_cloexec(), it's not used anymore 2018-03-02 11:42:10 +01:00
Lennart Poettering
2b33ab0957 tree-wide: port various places over to use new rearrange_stdio() 2018-03-02 11:42:10 +01:00
Lennart Poettering
8bb2db738e terminal-util: port some generic code over to rearrange_stdio() 2018-03-02 11:42:10 +01:00
Lennart Poettering
aa11e28bf2 fd-util: add new call rearrange_stdio()
Quite often we need to set up a number of fds as stdin/stdout/stderr of
a process we are about to start. Add a generic implementation for a
routine doing that that takes care to do so properly:

1. Can handle the case where stdin/stdout/stderr where previously
   closed, and the fds to set as stdin/stdout/stderr hence likely in the
   0..2 range.  handling this properly is nasty, since we need to first
   move the fds out of this range in order to later move them back in, to
   make things fully robust.

2. Can optionally open /dev/null in case for one or more of the fds, in
   a smart way, sharing the open file if possible between multiple of
   the fds.

3. Guarantees that O_CLOEXEC is not set on the three fds, even if the fds
   already were in the 0..2 range and hence possibly weren't moved.
2018-03-02 11:42:10 +01:00
Alexander F Rødseth
6d1d8f66e0 Organize the ANSI codes and add missing colors
For consistency.
2018-03-02 08:58:02 +01:00
Zbigniew Jędrzejewski-Szmek
671f0f8de0 Remove /sbin from paths if split-bin is false (#8324)
Follow-up for 157baa87e4.
2018-03-01 21:48:36 +01:00
Lennart Poettering
16a4f265e4 procfs-util: drop unnecessary zero initializations (#8321)
Follow-up for #8149.
2018-03-01 11:27:06 +01:00
Lennart Poettering
902c8502ad Merge pull request #8149 from poettering/fake-root-cgroup
Properly synthesize CPU+memory accounting data for the root cgroup
2018-03-01 11:10:24 +01:00
Zbigniew Jędrzejewski-Szmek
9177fa9f2b basic/cgroup-util: simplify cg_get_keyed_attribute(), add test
I didn't like the nested loop where we'd count what we have acquired already,
since we should always know that.
2018-03-01 09:34:33 +01:00
Lennart Poettering
5d71bac3b9 process-util: don't install atfork() handler more than once 2018-02-28 10:01:16 +01:00
Lennart Poettering
e7685a77b4 util: add new safe_close_above_stdio() wrapper
At various places we only want to close fds if they are not
stdin/stdout/stderr, i.e. fds 0, 1, 2. Let's add a unified helper call
for that, and port everything over.
2018-02-28 10:00:50 +01:00
Lennart Poettering
f09eb7688e doc: add a new doc/ directory, and move two markdown docs into them
I figure sooneror later we'll have more of these docs, hence let's give
them a clean place to be.

This leaves NEWS and README/README.md as well as the LICENSE texts in
the root directory of the project since that appears to be customary for
Free Software projects.
2018-02-27 19:59:09 +01:00
Zbigniew Jędrzejewski-Szmek
033c836647 missing_syscall: add pkey_mprotect for ppc (#8292)
Accurate for both ppc and ppc64 according to https://fedora.juszkiewicz.com.pl/syscalls.html.
2018-02-27 13:33:00 +01:00
Evgeny Vereshchagin
b8eded40be Merge pull request #8282 from poettering/khash-enokey
deal with borked ENOKEY on centos kernel's AF_ALG support
2018-02-27 12:34:41 +03:00
Lennart Poettering
84df74c6f0 Merge pull request #8284 from keszybz/gcc-warning-fixes
Gcc warning fixes
2018-02-26 21:20:13 +01:00
Zbigniew Jędrzejewski-Szmek
aa484f3561 tree-wide: use reallocarray instead of our home-grown realloc_multiply (#8279)
There isn't much difference, but in general we prefer to use the standard
functions. glibc provides reallocarray since version 2.26.

I moved explicit_bzero is configure test to the bottom, so that the two stdlib
functions are at the bottom.
2018-02-26 21:20:00 +01:00
Lennart Poettering
09b9348e82 khash: try to detect broken AF_ALG support in centos kernels
Fixes: #8278
2018-02-26 15:52:16 +01:00
Zbigniew Jędrzejewski-Szmek
e4de62591b basic/xattr-util: do not cast ssize_t to int
gcc warns about unitialized memory access because it notices that ssize_t which
is < 0 could be cast to positive int value. We know that this can't really
happen because only -1 can be returned, but OTOH, in principle a large
*positive* value cannot be cast properly. This is unlikely too, since xattrs
cannot be too large, but it seems cleaner to just use a size_t to return the
value and avoid the cast altoghter. This makes the code simpler and gcc is
happy too.

The following warning goes away:
[113/1502] Compiling C object 'src/basic/basic@sta/xattr-util.c.o'.
In file included from ../src/basic/alloc-util.h:28:0,
                 from ../src/basic/xattr-util.c:30:
../src/basic/xattr-util.c: In function ‘fd_getcrtime_at’:
../src/basic/macro.h:207:60: warning: ‘b’ may be used uninitialized in this function [-Wmaybe-uninitialized]
                 UNIQ_T(A,aq) < UNIQ_T(B,bq) ? UNIQ_T(A,aq) : UNIQ_T(B,bq); \
                                                            ^
../src/basic/xattr-util.c:155:19: note: ‘b’ was declared here
         usec_t a, b;
                   ^
2018-02-26 15:49:18 +01:00
Zbigniew Jędrzejewski-Szmek
3554ef5177 basic/exec-util: use _exit() to return from child 2018-02-26 15:47:12 +01:00
Zbigniew Jędrzejewski-Szmek
00d4b1e684 basic: shorten the code a bit in two places
gcc complains that len might be used unitialized, but afaict, this is not true.
2018-02-26 15:47:12 +01:00
Zbigniew Jędrzejewski-Szmek
ef2a48aa01 basic/virt: provide a nicer message is /proc/cpuinfo is not available
$ sudo systemd-run -p RootDirectory=/usr -E LD_LIBRARY_PATH=/lib/systemd/ -E SYSTEMD_LOG_LEVEL=debug /bin/systemd-detect-virt

Before
systemd-detect-virt[18498]: No virtualization found in DMI
systemd-detect-virt[18498]: No virtualization found in CPUID
systemd-detect-virt[18498]: Virtualization XEN not found, /proc/xen does not exist
systemd-detect-virt[18498]: This platform does not support /proc/device-tree
systemd-detect-virt[18498]: Failed to check for virtualization: No such file or directory

The first four lines are at debug level, so the user would only see that last
one usually, which is not very enlightening.

This now becomes:
systemd-detect-virt[21172]: No virtualization found in DMI
systemd-detect-virt[21172]: No virtualization found in CPUID
systemd-detect-virt[21172]: Virtualization XEN not found, /proc/xen does not exist
systemd-detect-virt[21172]: This platform does not support /proc/device-tree
systemd-detect-virt[21172]: /proc/cpuinfo not found, assuming no UML virtualization.
systemd-detect-virt[21172]: This platform does not support /proc/sysinfo
systemd-detect-virt[21172]: Found VM virtualization none
systemd-detect-virt[21172]: none

We do more checks, which is good too.
2018-02-23 20:04:29 +01:00
Zbigniew Jędrzejewski-Szmek
780747da75 basic/log: add an assert that does not recurse into logging functions
Then it can be used in the asserts in logging functions without causing
infinite recursion. The error is just printed to stderr, it should be
good enough for the common case.
2018-02-23 13:29:03 +01:00
Zbigniew Jędrzejewski-Szmek
73fc96c8ac udev/net-id: check all snprintf return values
gcc-8 throws an error if it knows snprintf might truncate output and the
return value is ignored:
../src/udev/udev-builtin-net_id.c: In function 'dev_pci_slot':
../src/udev/udev-builtin-net_id.c:297:47: error: '%s' directive output may be truncated writing up to 255 bytes into a region of size between 0 and 4095 [-Werror=format-truncation=]
                 snprintf(str, sizeof str, "%s/%s/address", slots, dent->d_name);
                                               ^~
../src/udev/udev-builtin-net_id.c:297:17: note: 'snprintf' output between 10 and 4360 bytes into a destination of size 4096
                 snprintf(str, sizeof str, "%s/%s/address", slots, dent->d_name);
                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: some warnings being treated as errors

Let's check all return values. This actually makes the code better, because there's
no point in trying to open a file when the name has been truncated, etc.
2018-02-23 11:15:42 +01:00
Zbigniew Jędrzejewski-Szmek
f8e6f4aaed basic/log: make sure header is printed correctly, add test
If log_do_header() was called with overly long parameters, it'd generate
improper output. Essentially, it'd be truncated at random point, in particular
missing a newline at the end, so it'd run with the next field, usually MESSAGE=.

log_do_header is called with parameters from compiled code (file name, lien
nubmer, etc), so in practice this was unlikely to ever be a problem, but it is
possible. In particular, if systemd was compiled from sources in some deeply
nested directory (which happens for example in mock and other build roots), the
filename could be very long.

As a safety measure, let's truncate all parameters to 256 bytes. So we have
5 fields which are 256 bytes (plus the field name prefix), and a few other
fields with fixed width. This must always fit in the 2048 byte buffer.
I don't think there's much gain in calculating the required length precisely,
since it's a lot of fields and a few bytes allocated on the stack don't matter.
2018-02-23 11:13:42 +01:00
Zbigniew Jędrzejewski-Szmek
4dd09c6a1f basic/log: fix confusion with parameters to log_dispatch_internal
log_dispatch_internal has only one caller where the extra_field/extra
params are not null: log_unit_full. When log_unit_full() was called,
when we got to log_dispatch_internal, our header would look like this:
PRIORITY=7
SYSLOG_FACILITY=3
CODE_FILE=../src/core/manager.c
CODE_LINE=2145
CODE_FUNC=manager_invoke_sigchld_event
USER_UNIT=gnome-terminal-server.service
65dffa7a3b984a6d9a46f0b8fb57710bUSER_INVOCATION_ID=
SYSLOG_IDENTIFIER=systemd

It took me a while to understand why I'm not seeing mangled messages in the
journal (after all, "" is a valid rvalue for log messages). The answer is that
journald rejects any field name which starts with a digit, and the MESSAGE_ID
that was used here starts with a digit. Hence, those lines would be silently
filtered out.
2018-02-23 11:13:24 +01:00
Zbigniew Jędrzejewski-Szmek
a3bf71378e basic/log: make log_object_internalv static
It makes the code easier to read, because it's obvious that the function
cannot be called from elsewhere.
2018-02-23 00:13:52 +01:00
Zbigniew Jędrzejewski-Szmek
4ad2b562ce basic/log: voidify snprintf statements
The buffers are fixed size, so the message may not fit, but we don't
particularly care.
2018-02-23 00:13:52 +01:00
Zbigniew Jędrzejewski-Szmek
f810b631cd Revert "Replace use of snprintf with xsprintf"
This reverts commit a7419dbc59.

_All_ changes in that commit were wrong.

Fixes #8211.
2018-02-23 00:13:52 +01:00
Patrick Uiterwijk
5547c12503 Fix format-truncation compile failure by typecasting USB IDs (#8250)
This patch adds safe_atoux16 for parsing an unsigned hexadecimal 16bit int, and
uses that for parsing USB device and vendor IDs.

This fixes a compile error with gcc-8 because while we know that USB IDs are 2 bytes,
the compiler does not know that.

../src/udev/udev-builtin-hwdb.c:80:38: error: '%04X' directive output may be
truncated writing between 4 and 8 bytes into a region of size between 2 and 6
[-Werror=format-truncation=]

Signed-off-by: Adam Williamson <awilliam@redhat.com>
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2018-02-22 19:41:30 +01:00
Zbigniew Jędrzejewski-Szmek
d156d1d2c9 Merge pull request #8251 from Shuangistan/pr_virt_qnx 2018-02-22 17:06:29 +01:00
Shuang Liu
1fdf07f56c virt: detect QNX hypervisor
Detect QNX hypervisor based on the CPUID.

Fixes: #7239
2018-02-22 15:29:34 +01:00
Zbigniew Jędrzejewski-Szmek
94be6463bd Merge pull request #8205 from poettering/bpf-multi
bpf/cgroup improvements
2018-02-22 14:52:48 +01:00
Lennart Poettering
6e11e7e67d nologin: extend the /run/nologin descriptions a bit (#8244)
This is an attempt to improve #8228 a bit, by extending the /run/nologin
a bit, but still keeping it somewhat brief.

On purpose I used the vague wording "unprivileged user" rather than
"non-root user" so that pam_nologin can be updated to disable its
behaviour for members of the "wheel" group one day, and our messages
would still make sense.

See #8228.
2018-02-22 14:21:30 +01:00
Lennart Poettering
c01dcddf80 reboot-util: unify reboot with parameter in a single implementation
So far, we had two implementations of reboot-with-parameter doing pretty
much the same. Let's unify that in a generic implementation used by
both.

This is particulary nice as it unifies all /run/systemd/reboot-param
handling in a single .c file.
2018-02-22 10:46:26 +01:00
Lennart Poettering
e3631d1c80 basic: split out update_reboot_parameter_and_warn() into its own .c/.h files
This is primarily preparation for a follow-up commit that adds a common
implementation of the other side of the reboot parameter file, i.e. the
code that reads the file and issues reboot() for it.
2018-02-22 10:46:12 +01:00
Lennart Poettering
c52a937b46 basic: add a common syscall wrapper around reboot()
This mimics the raw_clone() call we have in place already and
establishes a new syscall wrapper raw_reboot() that wraps the kernel's
reboot() system call in a bit more low-level fashion that glibc's
reboot() wrapper. The main difference is that the extra "arg" argument
is supported.

Ultimately this just replaces the syscall wrapper implementation we
currently have at three places in our codebase by a single one.

With this change this means that all our syscall() invocations are
neatly separated out in static inline system call wrappers in our header
functions.
2018-02-22 10:42:06 +01:00
Lennart Poettering
d06f3829cd missing: always use __NR_ as prefix for syscall numbers
Apparently, both __NR_ and SYS_ are useful, but we mostly use __NR_
hence use it for these two cases too, so that we settle on __NR_
exclusively.
2018-02-22 10:42:06 +01:00
Lennart Poettering
fd91e3ef49 missing: Fix statx syscall ifdeffery
Fix a copy/paste mistake.

Fixes: #8238
2018-02-22 10:42:06 +01:00
Lennart Poettering
e38b8a407a log: only open kmsg on fallback if we actually want to use it
Previously, we'd try to open kmsg on failure of the journal/syslog even
if no automatic fallback to kmsg was requested — and we wouldn't even
use the open connection afterwards...
2018-02-22 00:31:36 +01:00