Commit Graph

2447 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
cd2a429ed7 tree-wide: use assert_se() for signal operations with constants
Continuation of a3ebe5eb62:
in other places we sometimes use assert_se(), and sometimes normal error
handling. sigfillset and sigaddset can only fail if mask is NULL (which cannot
happen if we are passing in a reference), or if the signal number is invalid
(which really shouldn't happen when we are using a constant like SIGCHLD. If
SIGCHLD is invalid, we have a bigger problem). So let's simplify things and
always use assert_se() in those cases.

In sigset_add_many() we could conceivably pass an invalid signal, so let's keep
normal error handling here. The caller can do assert_se() around the
sigprocmask_many() call if appropriate.

'>= 0' is used for consistency with the rest of the codebase.
2018-12-21 19:49:28 +01:00
Zbigniew Jędrzejewski-Szmek
9d6e839ed8 Merge pull request #11206 from cdown/cgroup_no_v1
cgroup: Imply systemd.unified_cgroup_hierarchy=1 on cgroup_no_v1=all
2018-12-21 19:48:51 +01:00
Zbigniew Jędrzejewski-Szmek
830464c3e4 tree-wide: make new/new0/malloc_multiply/reallocarray safe for size 0
All underlying glibc calls are free to return NULL if the size argument
is 0. We most often call those functions with a fixed argument, or at least
something which obviously cannot be zero, but it's too easy to forget.

E.g. coverity complains about "rows = new0(JsonVariant*, n_rows-1);" in
format-table.c There is an assert that n_rows > 0, so we could hit this
corner case here. Let's simplify callers and make those functions "safe".

CID #1397035.

The compiler is mostly able to optimize this away:
$ size build{,-opt}/src/shared/libsystemd-shared-239.so
(before)
   text	   data	    bss	    dec	    hex	filename
2643329	 580940	   3112	3227381	 313ef5	build/src/shared/libsystemd-shared-239.so     (-O0 -g)
2170013	 578588	   3089	2751690	 29fcca	build-opt/src/shared/libsystemd-shared-239.so (-03 -flto -g)
(after)
   text	   data	    bss	    dec	    hex	filename
2644017	 580940	   3112	3228069	 3141a5	build/src/shared/libsystemd-shared-239.so
2170765	 578588	   3057	2752410	 29ff9a	build-opt/src/shared/libsystemd-shared-239.so
2018-12-21 16:39:34 +01:00
Chris Down
5f086dc7db cgroup: Imply systemd.unified_cgroup_hierarchy=1 on cgroup_no_v1=all
cgroup_no_v1=all doesn't make a whole lot of sense with legacy hierarchy
(where we use v1 hierarchy for everything), or hybrid hierarchy (where
we still use v1 hierarchy for resource control).

Right now we have to tell people to add both cgroup_no_v1=all and
systemd.unified_cgroup_hierarchy=1 to get the desired behaviour,
however in reality it's hard to imagine any situation where someone
passes cgroup_no_v1=all but *doesn't* want to use the unified cgroup
hierarchy.

Make it so that cgroup_no_v1=all produces intuitive behaviour in systemd
by default, although it can still be disabled by passing
systemd.unified_cgroup_hierarchy=0 explicitly.
2018-12-21 13:29:27 +00:00
Lennart Poettering
614bf4131b Merge pull request #11223 from poettering/read-line-0x00-0xff
fileio: fix read_one_line() when reading bytes > 0x7F
2018-12-20 14:53:23 +01:00
Lennart Poettering
517b776042 fileio: fix read_one_line() when reading bytes > 0x7F
Fixes: #11218
2018-12-20 12:11:18 +01:00
Zbigniew Jędrzejewski-Szmek
082bb1c59b tmpfiles: fix crash with NULL in arg_root and other fixes and tests
The function to replacement paths into the configuration file list was borked.
Apart from the crash with empty root prefix, it would incorrectly handle the
case where root *was* set, and the replacement file was supposed to override
an existing file.

prefix_root is used instead of path_join because prefix_root removes duplicate
slashes (when --root=dir/ is used).

A test is added.

Fixes #11124.
2018-12-20 09:56:51 +01:00
Lennart Poettering
0d90bd9229 process-util: rework getenv_for_pid() to use read_nul_string() 2018-12-18 15:03:22 +01:00
Lennart Poettering
91a306b813 fileio: let's minimize 'count' inc/dec calls
instead of increasing it and immediately after decreasing it again,
let's just increase it a bit later.
2018-12-18 15:03:21 +01:00
Lennart Poettering
41f11239c0 fileio: replace read_nul_string() by read_line() with a special flag
read_line() is a lot more careful and optimized than read_nul_string()
but does mostly the same thing. let's replace the latter by the former,
just with a special flag that toggles between the slightly different EOL
rules if both.
2018-12-18 15:03:05 +01:00
Lennart Poettering
2a7797e964 process-util: make get_process_environ() safer
Let's add a size limit, and let's use safe_fgetc().
2018-12-18 15:03:05 +01:00
Lennart Poettering
03a7dbeae0 tree-wide: port some code over to safe_fgetc() 2018-12-18 15:03:00 +01:00
Lennart Poettering
285a9b2749 fileio: add new safe_fgetc() helper call
We have very similar code whenever we call fgetc() in place, let's
replae it by a common implementation.
2018-12-18 14:55:34 +01:00
Zbigniew Jędrzejewski-Szmek
70b400d9c2 hashmap: use ternary op to shorten code 2018-12-18 12:04:00 +01:00
Lennart Poettering
c380b84d8b hashmap: rework hashmap_clear() to be more defensive
Let's first remove an item from the hashmap and only then destroy it.
This makes sure that destructor functions can mdoify the hashtables in
their own codee and we won't be confused by that.
2018-12-18 11:28:10 +01:00
Lennart Poettering
2d78717b09 fileio: when reading a full file into memory, refuse inner NUL bytes
Just some extra care to avoid any ambiguities in what we read.
2018-12-17 09:14:23 +01:00
Filipe Brandenburger
dc6bf94d68 lldp: simplify compare_func, using ?: to chain comparisons
The ?: operator is very useful for chaining comparison functions
(strcmp, memcmp, CMP), since its behavior is to return the result
of the comparison function call if non-zero, or continue evaluating
the chain of comparison functions.

This simplifies the code in that using a temporary `r` variable
to store the function results is no longer necessary and the checks
for non-zero to return are no longer needed either, resulting in a
typical three-fold reduction to the number of lines in the code.

Introduce a new memcmp_nn() to compare two memory buffers in
lexicographic order, taking length in consideration.

Tested: $ ninja -C build/ test

All test cases pass. In particular, test_multiple_neighbors_sorted()
in test-lldp would catch regressions introduced by this commit.
2018-12-14 09:18:42 -08:00
Lennart Poettering
31fd02f009 fileio: fail early if we can't return the number of bytes we read anymore in an int
This is mostly paranoia, but let's better be safer than sorry. This of
course means there's always an implicit limit to how much we can read at
a time of 2G. But that should be ample.
2018-12-14 12:56:12 +01:00
Thomas Haller
1a35985264 in-addr-util: fix undefined result for in4_addr_netmask_to_prefixlen(<0.0.0.0>)
u32ctz() was undefined for zero due to __builtin_ctz() [1].
Explicitly check for zero to make the behavior defined.

Note that this issue only affected in4_addr_netmask_to_prefixlen()
which is the only caller.

It may seem slightly odd, to return 32 (bits) for utz(0). But that
is what in4_addr_netmask_to_prefixlen() needs, and it probably makes
the most sense here.

[1] https://gcc.gnu.org/onlinedocs/gcc/Other-Builtins.html

Fixes: ba91431154
2018-12-14 11:15:36 +01:00
Lennart Poettering
838894b0c6 fileio: make read_line() handle various line endings correctly
This adds support for windows line endings.

More importantly though with this change a newline followed by EOF is
considered a single line end.
2018-12-14 09:12:17 +01:00
Lennart Poettering
9a6f746fb6 locale-util: prefix special glyph enum values with SPECIAL_GLYPH_
This has been irritating me for quite a while: let's prefix these enum
values with a common prefix, like we do for almost all other enums.

No change in behaviour, just some renaming.
2018-12-14 08:22:54 +01:00
Chris Down
e92aaed30e tree-wide: Remove O_CLOEXEC from fdopen
fdopen doesn't accept "e", it's ignored. Let's not mislead people into
believing that it actually sets O_CLOEXEC.

From `man 3 fdopen`:

> e (since glibc 2.7):
> Open the file with the O_CLOEXEC flag. See open(2) for more information. This flag is ignored for fdopen()

As mentioned by @jlebon in #11131.
2018-12-12 20:47:40 +01:00
Lennart Poettering
8f3fd07ac0 Merge pull request #11105 from keszybz/path-parsing
Some tightening of our path parsing code
2018-12-10 15:50:08 +01:00
Lennart Poettering
2327f95499 Merge pull request #10984 from fbuihuu/tmpfiles-be-more-explicit-with-unsafe-transition
tmpfiles: be more explicit when an unsafe path transition is met
2018-12-10 12:31:56 +01:00
Lennart Poettering
ec68d13789 Merge pull request #10897 from keszybz/etc-fstab-parsing
Forbid dashes in hostnames and /etc/fstab parsing improvements
2018-12-10 12:31:30 +01:00
Zbigniew Jędrzejewski-Szmek
f8703ed7e5 basic/path-util: line-break PATH_FOREACH_PREFIX macros
Now I can see what they do :]
2018-12-10 11:57:26 +01:00
Zbigniew Jędrzejewski-Szmek
296acffe45 When parsing paths, reject anything above PATH_MAX
The check for length is done after path_simplify(), to be nice to paths which
are constructed using specifiers, and have duplicate slashes and stuff.
2018-12-10 11:57:26 +01:00
Zbigniew Jędrzejewski-Szmek
5fe7a0a7de basic/hostname-util: do truncation last when cleaning up
This allows more of the original name to be used if there are invalid
chars in the beginning.
2018-12-10 09:56:56 +01:00
Zbigniew Jędrzejewski-Szmek
d65652f1f2 Partially unify hostname_is_valid() and dns_name_is_valid()
This makes hostname_is_valid() apply the ldh checks too, rejecting more
hostnames.
2018-12-10 09:56:56 +01:00
Franck Bui
145b8d0f68 fs-util: make CHASE_WARN effective with CHASE_NO_AUTOFS
This has the side effect to upgrade the log level at which the log is emitted
from debug to warning.

This might be better since after all we didn't apply a tmpfiles.d/ rule and
that actually might end up being problematic eventually.
2018-12-10 09:22:28 +01:00
Franck Bui
b85ee2ec95 fs-util: rename safe_transition() into unsafe_transition()
We're always interested into finding unsafe transitions so let's make the
helper return true when it finds such transitions so we don't need to negate
its results.

No functional changes.
2018-12-10 09:19:14 +01:00
Franck Bui
36c97decbe fs-util: make chase_symlink() returns -ENOLINK when unsafe transitions are met
We previously returned -EPERM but it can be returned for various other reasons
too.

Let's use -ENOLINK instead as this value shouldn't be used currently. This
allows users of CHASE_SAFE to detect without any ambiguities when unsafe
transitions are encountered by chase_symlinks().

All current users of CHASE_SAFE that explicitly reacted on -EPERM have been
converted to react on -ENOLINK.
2018-12-10 09:18:27 +01:00
Lennart Poettering
be24321f3d mount-point: honour AT_SYMLINK_FOLLOW correctly
Fixes: #11092
2018-12-08 22:43:55 +01:00
Yu Watanabe
5b139f86a6 missing: re-add drm related entries
This effectively reverts dab28f0905.

Fixes #11075.
2018-12-07 12:46:55 +01:00
Yu Watanabe
925fb1e1ec missing: add ARPHRD_IP6GRE
This fixes TYPE field of networkctl's output for ip6gre devices.
2018-12-07 11:48:41 +09:00
Yu Watanabe
0b7d48f5f4 af-list,arphrd-list: also include relevant missing_*.h headers 2018-12-07 11:48:41 +09:00
Yu Watanabe
18bf324ab5 journal: use missing_audit.h to generate audit_type-list.txt 2018-12-07 11:48:37 +09:00
Yu Watanabe
54480d649f cap-list: use missing_capabilty.h to generate list of capabilities 2018-12-07 11:31:22 +09:00
Yu Watanabe
e1eb35db1e Merge pull request #11056 from poettering/resolved-ifindex
resolved: request incoming ifindex for DNS UDP packets, too
2018-12-06 19:29:42 +01:00
Zbigniew Jędrzejewski-Szmek
871fa294ff Merge pull request #10935 from poettering/rlimit-nofile-safe
Merged by hand to resolve a trivial conflict in TODO.
2018-12-06 17:19:21 +01:00
Yu Watanabe
f0a43eb821 Merge pull request #11063 from yuwata/update-missing-v3
missing: split missing.h into small pieces
2018-12-06 16:54:27 +01:00
Paweł Szewczyk
6dce3bb401 fd-util: Fix error handling in safe_fclose
Function fclose_nointr returns negative value on error.
2018-12-06 16:15:39 +01:00
Yu Watanabe
ef118d00eb util: drop missing.h from socket-util.h 2018-12-06 13:31:16 +01:00
Yu Watanabe
3c94e50486 util: drop missing.h from time-util.c 2018-12-06 13:31:16 +01:00
Yu Watanabe
503f480f8e missing: move fs or mount related definitions to missing_fs.h
This also fixes errnous definition MS_REC -> MS_SLAVE.
2018-12-06 13:30:43 +01:00
Yu Watanabe
311c1a5d0a missing: drop falloc related definitions
All these values are exposed earlier than linux-3.11.
Let's drop them.
2018-12-06 13:28:34 +01:00
Yu Watanabe
22332e339b missing: move sched.h related definitions to missing_sched.h 2018-12-06 13:28:28 +01:00
Yu Watanabe
dab28f0905 missing: drop old drm related definitions
These values are exposed earlier than linux-3.11.
Let's use drm/drm.h.
2018-12-06 13:27:47 +01:00
Yu Watanabe
957c622b86 missing: drop BPF_XOR as we have linux/bpf_common.h 2018-12-06 13:27:23 +01:00
Yu Watanabe
fec6661efd missing: drop DM_DEFERRED_REMOVE as we have dm-ioctl.h 2018-12-06 13:26:55 +01:00