platform/upstream/systemd.git
6 years agosysusers: also add support for NIS entries in /etc/shadow
Franck Bui [Tue, 20 Mar 2018 08:32:05 +0000 (09:32 +0100)]
sysusers: also add support for NIS entries in /etc/shadow

Commit 563dc6f8e2cda4114dd20f32655890ed378c3740 added support for
/etc/{passwd,group} only but since nsswitch.conf(5) appears to document the NIS
entries also for shadow, let's support this case too.

6 years agoMerge pull request #8399 from keszybz/systemctl-kexec
Yu Watanabe [Mon, 19 Mar 2018 09:35:41 +0000 (18:35 +0900)]
Merge pull request #8399 from keszybz/systemctl-kexec

Systemctl kexec buglet fixes

6 years agoMerge pull request #8408 from keszybz/ln-relative
Yu Watanabe [Mon, 19 Mar 2018 09:32:30 +0000 (18:32 +0900)]
Merge pull request #8408 from keszybz/ln-relative

bugs.fd.o bug archelogy

6 years agoshutdown: Don't limit unmount attempts prematurely (#8469)
Jan Janssen [Mon, 19 Mar 2018 09:27:49 +0000 (10:27 +0100)]
shutdown: Don't limit unmount attempts prematurely (#8469)

Once upon a time shutdown.c didn't have the logic to check whether any
unmount attempts succeeded or not. So instead it kept looping for
a fixed amount and hoped all was right. Nowadays, we do know if we
changed anything during a iteration and also stop looping then, but
we still limit ourselves to FINALIZE_ATTEMPTS.

But, theoretically, we could have such a complicated and nested
setup that would survive that limit, leaving stuff around we
might actually be able to unmount. And we could also end up in a
situation where the extra loop with raised unmount error level could
be skipped too.

So let's just drop the retries logic and rely fully on the changed
flag.

6 years agohwdb: fix accelerometer mount matrix for Asus TP300LD (#8327) (#8463)
futpib [Mon, 19 Mar 2018 09:25:07 +0000 (12:25 +0300)]
hwdb: fix accelerometer mount matrix for Asus TP300LD (#8327) (#8463)

6 years agomacros: use here-docs instead of echo (#8480)
Zbigniew Jędrzejewski-Szmek [Mon, 19 Mar 2018 08:07:44 +0000 (09:07 +0100)]
macros: use here-docs instead of echo (#8480)

It's common for sysusers files to contain quotes (in particular around the
comment/GECOS field), and using echo "..." is very likely to not work properly
in that case. Let's use <<EOF redirection. It's not bulletproof, but should
work in general.

6 years agoMerge pull request #8476 from EliaGeretto/n550jv-touchpad-fix
Yu Watanabe [Mon, 19 Mar 2018 08:06:42 +0000 (17:06 +0900)]
Merge pull request #8476 from EliaGeretto/n550jv-touchpad-fix

hwdb: correct touchpad resolution for Asus N550JV

6 years agohwdb: Correct touchpad resolution for Asus N550JV
Elia Geretto [Mon, 19 Mar 2018 07:02:40 +0000 (08:02 +0100)]
hwdb: Correct touchpad resolution for Asus N550JV

6 years agohwdb: Split touchpad rules for X550CC and S550C
Elia Geretto [Mon, 19 Mar 2018 07:00:28 +0000 (08:00 +0100)]
hwdb: Split touchpad rules for X550CC and S550C

6 years agoMerge pull request #8461 from keszybz/oss-fuzz-fixes
Evgeny Vereshchagin [Sun, 18 Mar 2018 21:06:44 +0000 (00:06 +0300)]
Merge pull request #8461 from keszybz/oss-fuzz-fixes

Oss fuzz fixes

6 years agocore/unit: delay creating a stack variable until after length has been checked
Zbigniew Jędrzejewski-Szmek [Sun, 18 Mar 2018 11:51:31 +0000 (12:51 +0100)]
core/unit: delay creating a stack variable until after length has been checked

path_is_normalized() will reject paths longer than 4095 bytes, so it's better
to not create a stack variable of unbounded size, but instead do the check first
and only then do that allocation.

Also use _cleanup_ to make things a bit shorter.

https://oss-fuzz.com/v2/issue/5424177403133952/7000

6 years agofuzz-unit-file: simply do not test ListenNetlink= at all
Zbigniew Jędrzejewski-Szmek [Sun, 18 Mar 2018 12:39:38 +0000 (13:39 +0100)]
fuzz-unit-file: simply do not test ListenNetlink= at all

msan doesn't understand sscanf with %ms, so it falsely reports unitialized
memory. Using sscanf with %ms is quite convenient in
socket_address_parse_netlink(), so let's just not run the fuzzer for
ListenNetlink= at all for now. If msan is fixed, we can remove this.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6884

6 years agotest-socket-util: add test for ListenNetlink with spaces
Zbigniew Jędrzejewski-Szmek [Sun, 18 Mar 2018 12:01:13 +0000 (13:01 +0100)]
test-socket-util: add test for ListenNetlink with spaces

6 years agobasic/cgroup-util: fix typo in debug message
Zbigniew Jędrzejewski-Szmek [Sat, 17 Mar 2018 13:32:40 +0000 (14:32 +0100)]
basic/cgroup-util: fix typo in debug message

6 years agosystemd-link: Remove UDP Fragmentation Offload support. (#8183)
Rosen Penev [Sun, 18 Mar 2018 13:28:14 +0000 (06:28 -0700)]
systemd-link: Remove UDP Fragmentation Offload support. (#8183)

Support was killed in kernel 4.15 as well as ethtool 4.13.

Justification was lack of use by drivers and too much of a maintenance burden.
https://www.spinics.net/lists/netdev/msg443815.html

Also moved config_parse_warn_compat to conf-parser.[ch] to fix compile errors.

6 years agoMerge pull request #8471 from filbranden/envnewline1
Yu Watanabe [Sun, 18 Mar 2018 11:29:55 +0000 (20:29 +0900)]
Merge pull request #8471 from filbranden/envnewline1

basic/env-util: Allow newlines in values of environment variables

6 years agoMerge pull request #8468 from fbuihuu/sysusers-support-nis
Yu Watanabe [Sun, 18 Mar 2018 10:57:18 +0000 (19:57 +0900)]
Merge pull request #8468 from fbuihuu/sysusers-support-nis

Sysusers support nis

Fixes #8467.

6 years agounits: Fix SuccessAction that belongs to [Unit] section not [Service] section (#8478)
Karol Augustin [Sun, 18 Mar 2018 10:40:07 +0000 (10:40 +0000)]
units: Fix SuccessAction that belongs to [Unit] section not [Service] section (#8478)

6 years agotest: add a sysusers test with NIS entries
Franck Bui [Thu, 15 Mar 2018 12:39:38 +0000 (13:39 +0100)]
test: add a sysusers test with NIS entries

6 years agoMerge pull request #8473 from keszybz/fix-dbus-reload
Yu Watanabe [Sat, 17 Mar 2018 10:45:38 +0000 (19:45 +0900)]
Merge pull request #8473 from keszybz/fix-dbus-reload

Fix dbus reload. Fixes #8414.

6 years agofuzz: add test case for oss-fuzz #6897 and a work-around
Zbigniew Jędrzejewski-Szmek [Fri, 16 Mar 2018 11:02:54 +0000 (12:02 +0100)]
fuzz: add test case for oss-fuzz #6897 and a work-around

The orignal reproducer from oss-fuzz depends on the hostname (via %H and %c).
The hostname needs a dash for msan to report this, so a simpler case from
@evverx with the dash hardcoded is also added.

The issue is a false positive from msan, which does not instruct stpncpy
(https://github.com/google/sanitizers/issues/926). Let's add a work-around
until this is fixed.

6 years agounit-file: do not allow bogus IOSchedulingClass values
Zbigniew Jędrzejewski-Szmek [Fri, 16 Mar 2018 10:15:58 +0000 (11:15 +0100)]
unit-file: do not allow bogus IOSchedulingClass values

We have only three bits of space, i.e. 8 possible classes. Immediately reject
anything outside of that range. Add the fuzzer test case and an additional
unit test.

oss-fuzz #6908.

6 years agocore/service: fix memleak of USBFunctionStrings and USBFunctionDescriptors
Zbigniew Jędrzejewski-Szmek [Thu, 15 Mar 2018 10:42:00 +0000 (11:42 +0100)]
core/service: fix memleak of USBFunctionStrings and USBFunctionDescriptors

oss-fuzz #6892.

6 years agoAdd .gitattributes for test/fuzz-regressions
Zbigniew Jędrzejewski-Szmek [Thu, 15 Mar 2018 10:21:00 +0000 (11:21 +0100)]
Add .gitattributes for test/fuzz-regressions

Those reproducers are essentially binary, hence let's ignore whitespace
in them.

6 years agobasic/calendarspec: set a limit on length of calendarspec component chains
Zbigniew Jędrzejewski-Szmek [Thu, 15 Mar 2018 09:12:48 +0000 (10:12 +0100)]
basic/calendarspec: set a limit on length of calendarspec component chains

We probably should allow very deep calls of our recursive functions. Let's add
a limit to avoid resource exhaustion. 240 is 10 per hour (if somebody is using
this for time based triggers...), so it should be more than enough for most use
cases, and is conveniently below the 250 stack limit in msan.

oss-fuzz #6917.

6 years agotest-execute: Introduce tests for environment values containing newlines
Filipe Brandenburger [Fri, 16 Mar 2018 23:30:42 +0000 (16:30 -0700)]
test-execute: Introduce tests for environment values containing newlines

Also fix one case where the presence of a newline was used to generate
an invalid environment assignment.

Tested: with mkosi, which builds the local tree and run ninja tests.

6 years agocore/manager: move some comments to a better place
Zbigniew Jędrzejewski-Szmek [Fri, 16 Mar 2018 19:46:39 +0000 (20:46 +0100)]
core/manager: move some comments to a better place

6 years agocore: when reloading, delay any actions on journal and dbus connections
Zbigniew Jędrzejewski-Szmek [Fri, 16 Mar 2018 22:01:05 +0000 (23:01 +0100)]
core: when reloading, delay any actions on journal and dbus connections

manager_recheck_journal() and manager_recheck_dbus() would be called to early
while we were deserialiazing units, before the systemd-journald.service and
dbus.service have been deserialized. In effect we'd disable logging to the
journald and close the bus connection. The first is not very noticable, it
mostly means that logs emitted during deserialization are lost. The second is
more noticeable, because manager_recheck_dbus() would call bus_done_api() and
bus_done_system() and close dbus connections. Logging and bus connection would
then be restored later after the respective units have been deserialized.

This is easily reproduced by calling:
  $ sudo gdbus call --system --dest org.freedesktop.systemd1 --object-path /org/freedesktop/systemd1 --method "org.freedesktop.systemd1.Manager.Reload"
which works fine before 8559b3b75cb, and then starts failing with:
  Error: GDBus.Error:org.freedesktop.DBus.Error.NoReply: Remote peer disconnected

None of this should happen, and we should delay changing state until after
deserialization is complete when reloading. manager_reload() already included
the calls to manager_recheck_journal() and manager_recheck_dbus(), so the
connection state will be updated after deserialization during reloading is done.

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1554578.

6 years agobasic/env-util: Allow newlines in values of environment variables
Filipe Brandenburger [Fri, 16 Mar 2018 20:41:54 +0000 (13:41 -0700)]
basic/env-util: Allow newlines in values of environment variables

They are allowed by the shell and the EnvironmentFile parsing passes
them through, so we should just accept them, same as we accept tabs.

6 years agohwdb: fix comment suggested `udevadm trigger` command (#8465)
futpib [Fri, 16 Mar 2018 14:25:14 +0000 (17:25 +0300)]
hwdb: fix comment suggested `udevadm trigger` command (#8465)

6 years agoudev: use startswith() instead of the combination of strneq() and strlen() (#8459)
Yu Watanabe [Fri, 16 Mar 2018 09:29:57 +0000 (18:29 +0900)]
udev: use startswith() instead of the combination of strneq() and strlen() (#8459)

6 years agosysusers: do not append entries after the NIS ones
Franck Bui [Thu, 15 Mar 2018 17:46:28 +0000 (18:46 +0100)]
sysusers: do not append entries after the NIS ones

The NIS-catchall entry switches from files to NIS lookup and never goes back,
so it must be the last entry in /etc/passwd (the other +/-{user,@netgroup}
entries don't have to be).

That's how the nss_compat mode for /etc/passwd (and /etc/group) traditionally
works.

It's age-old historic behaviour that the NIS entry must be the last one.  It
doesn't seem to be specified somewhere, but it worked like this since very
early SunOS when NIS was first included.

Fixes: #8467

6 years agoudev/net-id: Fix check for address to keep interface names stable (#8458)
Filipe Brandenburger [Thu, 15 Mar 2018 17:42:38 +0000 (10:42 -0700)]
udev/net-id: Fix check for address to keep interface names stable (#8458)

This was a bug inadvertently added by commit 73fc96c8ac0aa9.

The intent of the check is to "match slot address with device by
stripping the function" (as the comment above states it), for example
match network device PCI address 0000:05:00.0 (including a .0 for
function) to PCI slot address 0000:05:00, but changing that to a streq()
call prevented the match.

Change that to startswith(), which should both fix the bug and make the
intent of the check more clear and prevent unintentional bugs from being
introduced by future refactorings.

6 years agobasic/macros: rename noreturn into _noreturn_ (#8456)
Franck Bui [Thu, 15 Mar 2018 05:23:46 +0000 (06:23 +0100)]
basic/macros: rename noreturn into _noreturn_ (#8456)

"noreturn" is reserved and can be used in other header files we include:

  [   16s] In file included from /usr/include/gcrypt.h:30:0,
  [   16s]                  from ../src/journal/journal-file.h:26,
  [   16s]                  from ../src/journal/journal-vacuum.c:31:
  [   16s] /usr/include/gpg-error.h:1544:46: error: expected ‘,’ or ‘;’ before ‘)’ token
  [   16s]  void gpgrt_log_bug (const char *fmt, ...)    GPGRT_ATTR_NR_PRINTF(1,2);

Here we include grcrypt.h (which in turns include gpg-error.h) *after* we
"noreturn" was defined in macro.h.

6 years agotest-calendarspec: add the test case from oss-fuzz 6886
Zbigniew Jędrzejewski-Szmek [Tue, 13 Mar 2018 11:51:08 +0000 (12:51 +0100)]
test-calendarspec: add the test case from oss-fuzz 6886

Before the fix 55a30fd4e8 in this would crash in calendarspec_from_time_t().

6 years agoMerge pull request #8441 from keszybz/oss-fuzz-fixes
Evgeny Vereshchagin [Wed, 14 Mar 2018 18:25:56 +0000 (21:25 +0300)]
Merge pull request #8441 from keszybz/oss-fuzz-fixes

Fixes for bugs found by oss-fuzz

6 years agobasic/calendarspec: fix assert crash when year is too large in calendarspec_from_time_t()
Zbigniew Jędrzejewski-Szmek [Tue, 13 Mar 2018 11:51:08 +0000 (12:51 +0100)]
basic/calendarspec: fix assert crash when year is too large in calendarspec_from_time_t()

gmtime_r() will return NULL in that case, and we would crash.

I committed the reproducer case in fuzz-regressions/, even though we don't have
ubsan hooked up yet. Let's add it anyway in case it is useful in the future. We
actually crash anyway when compiled with asserts, so this can be easily
reproduced without ubsan.

oss-fuzz #6886.

6 years agoshared/conf-parser: fix crash when specifiers cannot be resolved in config_parse_devi...
Zbigniew Jędrzejewski-Szmek [Tue, 13 Mar 2018 11:25:06 +0000 (12:25 +0100)]
shared/conf-parser: fix crash when specifiers cannot be resolved in config_parse_device_allow()

oss-fuzz #6885.

6 years agoTODO: trim obsolete entries
Zbigniew Jędrzejewski-Szmek [Tue, 13 Mar 2018 11:22:59 +0000 (12:22 +0100)]
TODO: trim obsolete entries

set -e is now used in test/TEST-*/test.sh, BUILD_DIR may be specified,
and symlinks are created as of ba7f4ae6178309dc937e10cf7dce0eca9dafb8de.

6 years agofuzz: commit test case for oss-fuzz issue 6884
Zbigniew Jędrzejewski-Szmek [Wed, 14 Mar 2018 13:31:24 +0000 (14:31 +0100)]
fuzz: commit test case for oss-fuzz issue 6884

This seems to be a false positive in msan:
https://github.com/google/sanitizers/issues/767.

I don't see anything wrong with the code either, and valgrind does not see the
issue. Anyway, let's add the test case.

We don't have msan hooked up yet, but hopefully we'll in the future.

oss-fuzz #6884.

6 years agotest: run all fuzz regression tests with all sanitizers
Zbigniew Jędrzejewski-Szmek [Wed, 14 Mar 2018 13:27:04 +0000 (14:27 +0100)]
test: run all fuzz regression tests with all sanitizers

We currently have just one sanitizer for tests, asan, but we may add more in
the future. So let's keep the loop over the sanitizers in meson.build, but
just enable all regression cases under all sanitizers. If it fails under one
of them, it might fail under a different one.

In subsequent commits I'll add test cases which might not fail under asan,
but it's good to commit them for future use.

The test names are made more verbose:
256/257 fuzz-dns-packet:oss-fuzz-5465:address   OK       0.04 s
257/257 fuzz-dns-packet:issue-7888:address      OK       0.03 s

6 years agohwdb: add axis override for the Razer Blade Stealth (#8436)
Peter Hutterer [Tue, 13 Mar 2018 20:36:29 +0000 (06:36 +1000)]
hwdb: add axis override for the Razer Blade Stealth (#8436)

This touchpad has heavy jitter, set a fuzz of 8 to work around this.

From https://bugs.freedesktop.org/show_bug.cgi?id=105409

6 years agoMerge pull request #8429 from medhefgo/sd-shutdown
Zbigniew Jędrzejewski-Szmek [Tue, 13 Mar 2018 08:47:09 +0000 (09:47 +0100)]
Merge pull request #8429 from medhefgo/sd-shutdown

sd-shutdown improvements

6 years agozsh-completion: add calendar to systemd-analyze (#8438)
Doug Christman [Tue, 13 Mar 2018 08:41:07 +0000 (16:41 +0800)]
zsh-completion: add calendar to systemd-analyze (#8438)

6 years agoMerge pull request #8423 from keszybz/unit-file-fuzzer
Evgeny Vereshchagin [Mon, 12 Mar 2018 20:08:32 +0000 (23:08 +0300)]
Merge pull request #8423 from keszybz/unit-file-fuzzer

Unit file fuzzer

6 years agoshutdown: Reduce log level of unmounts
Jan Janssen [Mon, 12 Mar 2018 12:33:16 +0000 (13:33 +0100)]
shutdown: Reduce log level of unmounts

There is little point in logging about unmounting errors if the
exact mountpoint will be successfully unmounted in a later retry
due unmounts below it having been removed.

Additionally, don't log those errors if we are going to switch back
to a initrd, because that one is also likely to finalize the remaining
mountpoints. If not, it will log errors then.

6 years agoumount: Don't bother remounting api and ro filesystems read-only
Jan Janssen [Thu, 8 Mar 2018 17:51:13 +0000 (18:51 +0100)]
umount: Don't bother remounting api and ro filesystems read-only

6 years agoumount: Try unmounting even if remounting read-only failed
Jan Janssen [Thu, 8 Mar 2018 17:46:58 +0000 (18:46 +0100)]
umount: Try unmounting even if remounting read-only failed

In the case of some api filesystems remounting read-only fails
while unmounting succeeds.

6 years agoumount: Provide the same mount flags too when remounting read-only
Jan Janssen [Thu, 8 Mar 2018 17:37:21 +0000 (18:37 +0100)]
umount: Provide the same mount flags too when remounting read-only

This most likely amounts to no real benefits and is just here for
completeness sake.

6 years agoumount: Decide whether to remount read-only earlier
Jan Janssen [Thu, 8 Mar 2018 16:40:44 +0000 (17:40 +0100)]
umount: Decide whether to remount read-only earlier

6 years agoumount: Add more asserts and remove some unused arguments
Jan Janssen [Thu, 8 Mar 2018 16:22:58 +0000 (17:22 +0100)]
umount: Add more asserts and remove some unused arguments

6 years agoMerge pull request #8296 from poettering/resolvconf
Zbigniew Jędrzejewski-Szmek [Mon, 12 Mar 2018 16:27:39 +0000 (17:27 +0100)]
Merge pull request #8296 from poettering/resolvconf

resolvconf(8) compat interface

6 years agodhcp4: introduce new option 'duid-only' for ClientIdentifier= (#8350)
Yu Watanabe [Mon, 12 Mar 2018 16:18:07 +0000 (01:18 +0900)]
dhcp4: introduce new option 'duid-only' for ClientIdentifier= (#8350)

This makes users can configure DHCPv4 client with ClientIdentifier=duid-only.
If set so, then DHCP client sends only DUID as the client identifier.
This may not be RFC compliant, but some setups require this.

Closes #7828.

6 years agotools/oss-fuzz: add clang library dir using -L
Zbigniew Jędrzejewski-Szmek [Mon, 12 Mar 2018 14:59:10 +0000 (15:59 +0100)]
tools/oss-fuzz: add clang library dir using -L

I have no idea why clang doesn't do this on its own, and why clang
makes it so hard to query this path (-dumpversion returns something
unrelated...).

I know this is an ugly hack, but this is a very specialized script,
so it should be OK to make it a bit hacky.

Tested to work on Fedora (27) and Debian (unstable).

Fixes #8428.

6 years agoRename scripts/oss-fuzz.sh to tools/oss-fuzz.sh
Zbigniew Jędrzejewski-Szmek [Mon, 12 Mar 2018 14:40:37 +0000 (15:40 +0100)]
Rename scripts/oss-fuzz.sh to tools/oss-fuzz.sh

6 years agoRename scripts/coverity.sh to tools/coverity.sh
Zbigniew Jędrzejewski-Szmek [Mon, 12 Mar 2018 14:39:21 +0000 (15:39 +0100)]
Rename scripts/coverity.sh to tools/coverity.sh

There are only two files in tools/, I don't think we need a separate
directory for them.

6 years agoumount: Fix memory leak
Jan Janssen [Thu, 8 Mar 2018 15:44:17 +0000 (16:44 +0100)]
umount: Fix memory leak

6 years agoMerge pull request #8377 from sourcejedi/logind_restart_is_sorely_lacking_in_testing3
Zbigniew Jędrzejewski-Szmek [Sun, 11 Mar 2018 15:40:41 +0000 (16:40 +0100)]
Merge pull request #8377 from sourcejedi/logind_restart_is_sorely_lacking_in_testing3

login: don't remove all devices from PID1 when only one was removed

6 years agofuzz-dhcp-server: fix name of options file
Zbigniew Jędrzejewski-Szmek [Sun, 11 Mar 2018 11:44:05 +0000 (12:44 +0100)]
fuzz-dhcp-server: fix name of options file

6 years agofuzz-unit-file: add a dump of systemd.directives(7) as a corpus entry
Zbigniew Jędrzejewski-Szmek [Sun, 11 Mar 2018 11:36:19 +0000 (12:36 +0100)]
fuzz-unit-file: add a dump of systemd.directives(7) as a corpus entry

$ ( echo service; man systemd.directives|grep =|grep -v -e --|sed 's/ //g'
  ) >> test/fuzz-corpus/unit-file/directives.service

6 years agofuzz: allow logging to be configured, disable in fuzz-unit-file
Zbigniew Jędrzejewski-Szmek [Sun, 11 Mar 2018 08:22:28 +0000 (09:22 +0100)]
fuzz: allow logging to be configured, disable in fuzz-unit-file

fuzz-unit-file generated too much logs about invalid config lines. This just
slows things down and fills the logs. If necessary, it's better to rerun the
interesting cases with SYSTEMD_LOG_LEVEL=debug.

6 years agofuzz: skip bus error map in bus_error_name_to_errno()
Zbigniew Jędrzejewski-Szmek [Sat, 10 Mar 2018 16:41:41 +0000 (17:41 +0100)]
fuzz: skip bus error map in bus_error_name_to_errno()

Fuzzing with AddressSanitizer reports an error here:
==11==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7fe53f5497d8 at pc 0x7fe53ef055c9 bp 0x7ffd344e9380 sp 0x7ffd344e9378
READ of size 4 at 0x7fe53f5497d8 thread T0
SCARINESS: 27 (4-byte-read-global-buffer-overflow-far-from-bounds)
    #0 0x7fe53ef055c8 in bus_error_name_to_errno /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:118:24
    #1 0x7fe53ef0577b in bus_error_setfv /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:274:17
    #2 0x7fe53ef0595a in sd_bus_error_setf /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:284:21
    #3 0x561059 in manager_load_unit_prepare /work/build/../../src/systemd/src/core/manager.c
    #4 0x560680 in manager_load_unit /work/build/../../src/systemd/src/core/manager.c:1773:13
    #5 0x5d49a6 in unit_add_dependency_by_name /work/build/../../src/systemd/src/core/unit.c:2882:13
    #6 0x538996 in config_parse_unit_deps /work/build/../../src/systemd/src/core/load-fragment.c:152:21
    #7 0x6db771 in next_assignment /work/build/../../src/systemd/src/shared/conf-parser.c:155:32
    #8 0x6d697e in parse_line /work/build/../../src/systemd/src/shared/conf-parser.c:273:16
    #9 0x6d5c48 in config_parse /work/build/../../src/systemd/src/shared/conf-parser.c:390:21
    #10 0x535678 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/fuzz/fuzz-unit-file.c:41:16
    #11 0x73bd60 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/libfuzzer/FuzzerLoop.cpp:517:13
    #12 0x73a39f in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:442:3
    #13 0x73d9bc in fuzzer::Fuzzer::MutateAndTestOne() /src/libfuzzer/FuzzerLoop.cpp:650:19
    #14 0x73fa05 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:773:5
    #15 0x71f75d in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:754:6
    #16 0x71285c in main /src/libfuzzer/FuzzerMain.cpp:20:10
    #17 0x7fe53da0482f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #18 0x430e68 in _start (/out/fuzz-unit-file+0x430e68)

0x7fe53f5497d8 is located 8 bytes to the right of global variable 'bus_common_errors' defined in '../../src/systemd/src/libsystemd/sd-bus/bus-common-errors.c:28:51' (0x7fe53f549300) of size 1232
SUMMARY: AddressSanitizer: global-buffer-overflow /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-error.c:118:24 in bus_error_name_to_errno
Shadow bytes around the buggy address:
  0x0ffd27ea12a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffd27ea12b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffd27ea12c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffd27ea12d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffd27ea12e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ffd27ea12f0: 00 00 00 00 00 00 00 00 00 00 f9[f9]f9 f9 f9 f9
  0x0ffd27ea1300: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
  0x0ffd27ea1310: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
  0x0ffd27ea1320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffd27ea1330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ffd27ea1340: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==11==ABORTING

but I think it's a false positive because of our low-level magic in how this
area is constructed.

6 years agoAdd fuzzer for unit file parser
Zbigniew Jędrzejewski-Szmek [Fri, 9 Mar 2018 21:02:02 +0000 (22:02 +0100)]
Add fuzzer for unit file parser

6 years agoMake MANAGER_TEST_RUN_MINIMAL just allocate data structures
Zbigniew Jędrzejewski-Szmek [Sat, 10 Mar 2018 10:02:18 +0000 (11:02 +0100)]
Make MANAGER_TEST_RUN_MINIMAL just allocate data structures

When running tests like test-unit-name, there is not point in setting
up the cgroup and signals and interacting with the environment. Similarly
when running fuzz testing of the parser.

Add new MANAGER_TEST_RUN_BASIC which takes the role of MANAGER_TEST_RUN_MINIMAL,
and redefine MANAGER_TEST_RUN_MINIMAL to just create the basic data structures.

6 years agoIntroduce _cleanup_(unit_freep)
Zbigniew Jędrzejewski-Szmek [Fri, 9 Mar 2018 20:34:28 +0000 (21:34 +0100)]
Introduce _cleanup_(unit_freep)

6 years agoIntroduce _cleanup_(manager_freep)
Zbigniew Jędrzejewski-Szmek [Fri, 9 Mar 2018 20:55:55 +0000 (21:55 +0100)]
Introduce _cleanup_(manager_freep)

6 years agoman: add some basic documentation for sd-boot (#8379)
Zbigniew Jędrzejewski-Szmek [Sun, 11 Mar 2018 10:22:09 +0000 (11:22 +0100)]
man: add some basic documentation for sd-boot (#8379)

I'm sure this can be improved in various ways, but I think
it's a good start.

6 years agoshared/sleep-config: fix unitialized variable and use STR_IN_SET (#8416)
Zbigniew Jędrzejewski-Szmek [Sun, 11 Mar 2018 08:13:03 +0000 (09:13 +0100)]
shared/sleep-config: fix unitialized variable and use STR_IN_SET (#8416)

6 years agologin: effectively revert "open device if needed"
Alan Jenkins [Tue, 6 Mar 2018 12:28:54 +0000 (12:28 +0000)]
login: effectively revert "open device if needed"

This replaces commit 4d3900f1b7ccce03366f9a57d259d0735c1cfbcf.
The underlying cause of issue #8291 has been fixed, so there is no reason
to paper over it any more.

But it might still be useful not to crash in the face of bad restart data.
That can cause several restarts, or maybe at some point an infinite loop
of restarts.  Fail the start (or stop!) request, and write an error to the
system log.  Each time reflects a user request where we fail to resume the
display server's access (or revoke it), and it can be useful if the log
shows the most recent one.

6 years agologin: don't remove all devices from PID1 when only one was removed
Alan Jenkins [Tue, 6 Mar 2018 15:59:38 +0000 (15:59 +0000)]
login: don't remove all devices from PID1 when only one was removed

FDSTOREREMOVE=1 removes all fds with the specified name.  And we had named
the fds after the session.  Better fix that.

Closes #8344.

AFAICT there's no point providing compatibility code for this transition.
No-one would be restarting logind on a system with a GUI (where the
session devices are used), because doing so has been killing the GUI, and
even causing startup of the GUI to fail leading to a restart loop.

Upgrading logind on a running system with a GUI might start being possible
after this commit (and after also fixing the display server of your
choice).

6 years agoMerge pull request #8403 from evverx/test-mount-util
Zbigniew Jędrzejewski-Szmek [Sat, 10 Mar 2018 08:28:16 +0000 (09:28 +0100)]
Merge pull request #8403 from evverx/test-mount-util

 tests: skip the rest of test_mnt_id after getting any error

6 years agocore: ignore errors from cg_create_and_attach() in test mode (#8401)
Michal Sekletar [Fri, 9 Mar 2018 22:30:32 +0000 (23:30 +0100)]
core: ignore errors from cg_create_and_attach() in test mode (#8401)

Reproducer:

$ meson build && cd build
$ ninja
$ sudo useradd test
$ sudo su test
$ ./systemd --system --test
...
Failed to create /user.slice/user-1000.slice/session-6.scope/init.scope control group: Permission denied
Failed to allocate manager object: Permission denied

Above error message is caused by the fact that user test didn't have its
own session and we tried to set up init.scope already running as user
test in the directory owned by different user.

Let's try to setup cgroup hierarchy, but if that fails return error only
when not running in the test mode.

Fixes #8072

6 years agoMerge pull request #8412 from keszybz/meson-warning-fixes
Zbigniew Jędrzejewski-Szmek [Fri, 9 Mar 2018 19:12:37 +0000 (20:12 +0100)]
Merge pull request #8412 from keszybz/meson-warning-fixes

Meson warning fixes

6 years agoMerge pull request #8415 from Werkov/fix-man
Zbigniew Jędrzejewski-Szmek [Fri, 9 Mar 2018 19:11:41 +0000 (20:11 +0100)]
Merge pull request #8415 from Werkov/fix-man

Fix default values for KillUserProcesses and MemoryAccounting in documentation

6 years agoman: Correct value of default KillUserProcesses=
Michal Koutný [Fri, 9 Mar 2018 15:40:41 +0000 (16:40 +0100)]
man: Correct value of default KillUserProcesses=

6 years agoman: Unify values of boolean configuration values with sample config
Michal Koutný [Fri, 9 Mar 2018 17:27:13 +0000 (18:27 +0100)]
man: Unify values of boolean configuration values with sample config

6 years agotests: skip g_dbus_message_new_from_blob under asan
Evegeny Vereshchagin [Fri, 9 Mar 2018 14:51:45 +0000 (14:51 +0000)]
tests: skip g_dbus_message_new_from_blob under asan

Some versions of asan report the following false positive
when strict_string_checks=1 is passed:

=================================================================
==3297==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f64e4090286 bp 0x7ffe46acd9a0 sp 0x7ffe46acd118 T0)
==3297==The signal is caused by a READ memory access.
==3297==Hint: address points to the zero page.
    #0 0x7f64e4090285 in __strlen_sse2 (/lib64/libc.so.6+0xaa285)
    #1 0x7f64e5a51e46  (/lib64/libasan.so.4+0x41e46)
    #2 0x7f64e4e5e3a0  (/lib64/libglib-2.0.so.0+0x383a0)
    #3 0x7f64e4e5e536 in g_dgettext (/lib64/libglib-2.0.so.0+0x38536)
    #4 0x7f64e48fac5f  (/lib64/libgio-2.0.so.0+0xc1c5f)
    #5 0x7f64e4c03978 in g_type_class_ref (/lib64/libgobject-2.0.so.0+0x30978)
    #6 0x7f64e4be9567 in g_object_new_with_properties (/lib64/libgobject-2.0.so.0+0x16567)
    #7 0x7f64e4be9fd0 in g_object_new (/lib64/libgobject-2.0.so.0+0x16fd0)
    #8 0x7f64e48fd43e in g_dbus_message_new_from_blob (/lib64/libgio-2.0.so.0+0xc443e)
    #9 0x564a6aa0de52 in main ../src/libsystemd/sd-bus/test-bus-marshal.c:228
    #10 0x7f64e4007009 in __libc_start_main (/lib64/libc.so.6+0x21009)
    #11 0x564a6aa0a569 in _start (/home/vagrant/systemd/build/test-bus-marshal+0x5569)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib64/libc.so.6+0xaa285) in __strlen_sse2
==3297==ABORTING

It's an external library and errors in external libraries are generally not very
useful for looking for internal bugs.

It would be better not to change the code and use standard suppression
techinques decribed at
https://clang.llvm.org/docs/AddressSanitizer.html#suppressing-reports-in-external-libraries,
but, unfortunaley, none of them seems to be able to suppress fatal errors in asan intself.

6 years agotests: make / private after creating a mount namespace
Evegeny Vereshchagin [Fri, 9 Mar 2018 01:10:42 +0000 (01:10 +0000)]
tests: make / private after creating a mount namespace

so that the test never affects the root namespace.

6 years agotests: skip the rest of test_mnt_id after getting any error
Evegeny Vereshchagin [Fri, 9 Mar 2018 00:44:57 +0000 (00:44 +0000)]
tests: skip the rest of test_mnt_id after getting any error

This mainly gets around a kernel bug making it possible to
have non-existent paths in /proc/self/mountinfo, but it should also
prevent flaky failures that can happen if something changes immediately
after or during reading /proc/self/mountinfo.

Closes https://github.com/systemd/systemd/issues/8286.

6 years agomeson: libmount is required for oss-fuzz builds now too
Zbigniew Jędrzejewski-Szmek [Fri, 9 Mar 2018 13:58:47 +0000 (14:58 +0100)]
meson: libmount is required for oss-fuzz builds now too

See https://github.com/google/oss-fuzz/issues/1191.

6 years agomeson: avoid warning about comparison of bool and string
Zbigniew Jędrzejewski-Szmek [Fri, 9 Mar 2018 13:21:08 +0000 (14:21 +0100)]
meson: avoid warning about comparison of bool and string

meson.build:2907: WARNING: Trying to compare values of different types (bool, str) using ==.
The result of this is undefined and will become a hard error in a future Meson release.

6 years agomeson: use triple-quote delimition in one more place
Zbigniew Jędrzejewski-Szmek [Fri, 9 Mar 2018 13:15:39 +0000 (14:15 +0100)]
meson: use triple-quote delimition in one more place

6 years agocore/socket: support binary inside chroot when looking for SELinux label (#8405)
Filipe Brandenburger [Fri, 9 Mar 2018 11:20:56 +0000 (03:20 -0800)]
core/socket: support binary inside chroot when looking for SELinux label (#8405)

Otherwise having a .socket unit start a .service running a binary under
a chroot fails as the unit is unable to determine the SELinux label of
the binary.

6 years agocore/cgroup: accepts MemorySwapMax=0 (#8366)
Yu Watanabe [Fri, 9 Mar 2018 10:34:50 +0000 (19:34 +0900)]
core/cgroup: accepts MemorySwapMax=0 (#8366)

Also, this moves two macros from dbus-util.h to dbus-cgroup.c,
as they are only used in dbus-cgroup.c.

Fixes #8363.

6 years agohwdb: add axis overrides for HP Pavilion 15 (#8404)
Peter Hutterer [Fri, 9 Mar 2018 09:54:28 +0000 (19:54 +1000)]
hwdb: add axis overrides for HP Pavilion 15 (#8404)

https://bugzilla.redhat.com/show_bug.cgi?id=1551188

6 years agosystemctl: honour --dry-run also on logind calls
Zbigniew Jędrzejewski-Szmek [Thu, 8 Mar 2018 10:57:59 +0000 (11:57 +0100)]
systemctl: honour --dry-run also on logind calls

Fixes #7670.

6 years agosystemctl: if kexec fails with --force, continue to reboot normally
Zbigniew Jędrzejewski-Szmek [Thu, 8 Mar 2018 10:27:15 +0000 (11:27 +0100)]
systemctl: if kexec fails with --force, continue to reboot normally

When we are in late shutdown, and for whatever reason kexec fails, we should
proceed with a normal reboot. Network is down and sessions have been terminated
when we attempt to do the kexec, so rebooting normally is a better solution.

Logs from the case where the kexec kernel is not usable:
Mar 08 11:23:10 fuefi systemd[1]: Reached target Final Step.
Mar 08 11:23:10 fuefi systemd[1]: Starting Reboot via kexec...
Mar 08 11:23:10 fuefi systemctl[1480]: Cannot find the ESP partition mount point.
Mar 08 11:23:10 fuefi systemctl[1480]: Failed to load kexec kernel, continuing without.
Mar 08 11:23:10 fuefi systemd[1]: Shutting down.
... and then we proceed to do a normal reboot

Related to #7730.

6 years agosystemctl: if kexec is missing, do not try to kexec
Zbigniew Jędrzejewski-Szmek [Thu, 8 Mar 2018 10:00:26 +0000 (11:00 +0100)]
systemctl: if kexec is missing, do not try to kexec

6 years agosystemctl: propagate the error from kexec
Zbigniew Jędrzejewski-Szmek [Thu, 8 Mar 2018 09:57:44 +0000 (10:57 +0100)]
systemctl: propagate the error from kexec

6 years agosystemctl: raise level of log line about kernel loading
Zbigniew Jędrzejewski-Szmek [Thu, 8 Mar 2018 09:19:26 +0000 (10:19 +0100)]
systemctl: raise level of log line about kernel loading

It's pretty important after all. Also include the actual kexecuted command in
the log message, that's useful to debug if something goes wrong.

6 years agoman: beef up description of systemctl list-units
Zbigniew Jędrzejewski-Szmek [Fri, 9 Mar 2018 09:20:52 +0000 (10:20 +0100)]
man: beef up description of systemctl list-units

Fixes https://bugs.freedesktop.org/show_bug.cgi?id=88135.

6 years agopid1: make use of high rt signals on hppa with newer kernels
Zbigniew Jędrzejewski-Szmek [Fri, 9 Mar 2018 08:32:03 +0000 (09:32 +0100)]
pid1: make use of high rt signals on hppa with newer kernels

Back in 4dffec1459f50ac9f8f67ccfcb79836b4ed5a50e we stopped using SIGRTMIN+26
and higher on hppa because they were not available. Then they became available
in linux 3.18:

  https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1f25df2eff5b25f52c139d3ff31bc883eee9a0ab

Instead of hard-coding the list based on architecture, let's use a runtime
check like signal(7) says.

(A note about implementation: RTSIG_IF_AVAILABLE is defined to take the full
signal and not just an offset from SIGRTMIN so that it's still possible to
grep for SIGRTMIN\+.)

Add a simple "test" to print the signal values.

Fixes https://bugs.freedesktop.org/show_bug.cgi?id=84931.

6 years agomeson: add note about coreutils version with ln --relative
Zbigniew Jędrzejewski-Szmek [Fri, 9 Mar 2018 07:56:23 +0000 (08:56 +0100)]
meson: add note about coreutils version with ln --relative

https://bugs.freedesktop.org/show_bug.cgi?id=90799

6 years agoMerge pull request #8372 from keszybz/two-cleanups
Lennart Poettering [Thu, 8 Mar 2018 22:23:43 +0000 (23:23 +0100)]
Merge pull request #8372 from keszybz/two-cleanups

Two cleanups

6 years agologin: we only allow opening character devices
Alan Jenkins [Tue, 6 Mar 2018 16:16:00 +0000 (16:16 +0000)]
login: we only allow opening character devices

We already don't allow directly opening block devices attached to the seat.
They are handled by udisks instead.  Clarify the code used when restarting
logind.

6 years agologin: correct comment in session_device_free()
Alan Jenkins [Tue, 6 Mar 2018 20:16:10 +0000 (20:16 +0000)]
login: correct comment in session_device_free()

We're not removing the pushed fd "again"; this is the only place
logind removes it from PID1.  (And stopping the fd doesn't always
cause PID1 to remove the fd itself; it depends on the device type).

6 years agocore: do not free heap-allocated strings (#8391)
Yu Watanabe [Thu, 8 Mar 2018 13:21:54 +0000 (22:21 +0900)]
core: do not free heap-allocated strings (#8391)

Fixes #8387.

6 years agosd-bus: do not try to close already closed fd (#8392)
Yu Watanabe [Thu, 8 Mar 2018 13:19:35 +0000 (22:19 +0900)]
sd-bus: do not try to close already closed fd (#8392)

Fixes #8376, which is introduced by 2b33ab0957f453a06b58e4bee482f2c2d4e100c1.

6 years agoIntroduce suspend-to-hibernate (#8274)
Mario Limonciello [Thu, 8 Mar 2018 13:17:33 +0000 (21:17 +0800)]
Introduce suspend-to-hibernate (#8274)

Suspend to Hibernate is a new sleep method that invokes suspend
for a predefined period of time before automatically waking up
and hibernating the system.

It's similar to HybridSleep however there isn't a performance
impact on every suspend cycle.

It's intended to use with systems that may have a higher power
drain in their supported suspend states to prevent battery and
data loss over an extended suspend cycle.

Signed-off-by: Mario Limonciello <mario.limonciello@dell.com>
6 years agoshared/bootspec: look at the correct variable
Zbigniew Jędrzejewski-Szmek [Thu, 8 Mar 2018 09:06:00 +0000 (10:06 +0100)]
shared/bootspec: look at the correct variable

The result of this parsing isn't used for anything, so this didn't cause a
functional difference, but a spurious warning was emitted.