platform/upstream/systemd.git
5 years agoMerge pull request #13735 from ssahani/ip-nexthop
Yu Watanabe [Mon, 14 Oct 2019 14:25:23 +0000 (23:25 +0900)]
Merge pull request #13735 from ssahani/ip-nexthop

network: introduce ip nexthop routing

5 years agoudev: introduce CONST key name
Jan Synacek [Mon, 7 Oct 2019 08:03:07 +0000 (10:03 +0200)]
udev: introduce CONST key name

Currently, there is no way to match against system-wide constants, such
as architecture or virtualization type, without forking helper binaries.
That potentially results in a huge number of spawned processes which
output always the same answer.

This patch introduces a special CONST keyword which takes a hard-coded
string as its key and returns a value assigned to that key. Currently
implemented are CONST{arch} and CONST{virt}, which can be used to match
against the system's architecture and virtualization type.

5 years agotest-network: add a test case for nexthop
Yu Watanabe [Mon, 14 Oct 2019 12:18:01 +0000 (21:18 +0900)]
test-network: add a test case for nexthop

5 years agonetwork: update comment as DHCP is deprecated now
Yu Watanabe [Mon, 14 Oct 2019 12:19:04 +0000 (21:19 +0900)]
network: update comment as DHCP is deprecated now

5 years agonetwork: introduce ip nexthop routing
Susant Sahani [Fri, 4 Oct 2019 19:40:51 +0000 (21:40 +0200)]
network: introduce ip nexthop routing

Used to manipulate entries in the kernel's nexthop tables.
Example:
```
[NextHop]
Id=3
Gateway=192.168.5.1
```

5 years agonetwork: ndisc: do not drop all prefixes when a prefix matches a blacklist
Yu Watanabe [Sun, 13 Oct 2019 17:00:47 +0000 (02:00 +0900)]
network: ndisc: do not drop all prefixes when a prefix matches a blacklist

Fixes #13767.

5 years agoMerge pull request #13761 from dtardon/program-name
Yu Watanabe [Mon, 14 Oct 2019 11:17:28 +0000 (20:17 +0900)]
Merge pull request #13761 from dtardon/program-name

udev: do not hardcode program name

5 years agoMerge pull request #13765 from yuwata/udev-memleak-13764
Yu Watanabe [Mon, 14 Oct 2019 11:16:58 +0000 (20:16 +0900)]
Merge pull request #13765 from yuwata/udev-memleak-13764

udev,systemctl: fix memleak caused by wrong cleanup function

5 years agosystemctl: fix memleak caused by wrong cleanup func
Yu Watanabe [Sat, 12 Oct 2019 15:54:34 +0000 (00:54 +0900)]
systemctl: fix memleak caused by wrong cleanup func

5 years agoudev: fix memleak caused by wrong cleanup function
Yu Watanabe [Sat, 12 Oct 2019 15:35:49 +0000 (00:35 +0900)]
udev: fix memleak caused by wrong cleanup function

Fixes #13764.

5 years agoudev: do not hardcode program name
David Tardon [Fri, 11 Oct 2019 12:41:58 +0000 (14:41 +0200)]
udev: do not hardcode program name

5 years agoudev/fido_id: fix program name in usage output
David Tardon [Fri, 11 Oct 2019 12:39:56 +0000 (14:39 +0200)]
udev/fido_id: fix program name in usage output

5 years agoMerge pull request #13749 from keszybz/pyparsing-2.4
Yu Watanabe [Thu, 10 Oct 2019 23:43:10 +0000 (08:43 +0900)]
Merge pull request #13749 from keszybz/pyparsing-2.4

Compatibility with pyparsing 2.4

5 years agoparse_hwdb: fix compatibility with pyparsing 2.4.*
Zbigniew Jędrzejewski-Szmek [Tue, 8 Oct 2019 12:44:35 +0000 (14:44 +0200)]
parse_hwdb: fix compatibility with pyparsing 2.4.*

pyparsing 2.3.1/2.4.0 had some changes to grouping of And matches, and as a
result we'd report 0 properties and 0 matches, and not really do any checks.

With this change we get identical behaviour for pyparsing 2.3.1, 2.4.0, 2.4.2:

$ hwdb/parse_hwdb.py
hwdb/60-evdev.hwdb: 72 match groups, 94 matches, 262 properties
hwdb/60-input-id.hwdb: 3 match groups, 3 matches, 4 properties
hwdb/60-keyboard.hwdb: 173 match groups, 256 matches, 872 properties
Keycode KBD_LCD_MENU1 unknown
Keycode KBD_LCD_MENU4 unknown
Keycode KBD_LCD_MENU2 unknown
Keycode KBD_LCD_MENU3 unknown
hwdb/60-sensor.hwdb: 101 match groups, 120 matches, 105 properties
hwdb/70-joystick.hwdb: 2 match groups, 3 matches, 2 properties
hwdb/70-mouse.hwdb: 104 match groups, 119 matches, 123 properties
hwdb/70-pointingstick.hwdb: 8 match groups, 30 matches, 11 properties
hwdb/70-touchpad.hwdb: 6 match groups, 9 matches, 6 properties

5 years agoparse_hwdb: process files in order
Zbigniew Jędrzejewski-Szmek [Tue, 8 Oct 2019 12:22:17 +0000 (14:22 +0200)]
parse_hwdb: process files in order

Also, make the pattern more general. There are some plans to add more files
there, let's make sure we don't miss them.

5 years agoparse_hwdb: bail with an error if no matches or groups are detected
Zbigniew Jędrzejewski-Szmek [Tue, 8 Oct 2019 12:21:26 +0000 (14:21 +0200)]
parse_hwdb: bail with an error if no matches or groups are detected

pyparsing sometimes changes behaviour and stops giving matches. This should
allow us to detect such scenario. With this change, parse_hwdb fails with
pyparsing 2.4 on F31.

5 years agoRename udev's hwdb/ to hwdb.d/
Zbigniew Jędrzejewski-Szmek [Tue, 8 Oct 2019 14:52:10 +0000 (16:52 +0200)]
Rename udev's hwdb/ to hwdb.d/

As in the parent commit, this makes the name consistent with the
rest of the source tree and the actuall installation path.

5 years agoRename udev's rules/ to rules.d/
Zbigniew Jędrzejewski-Szmek [Tue, 8 Oct 2019 14:43:18 +0000 (16:43 +0200)]
Rename udev's rules/ to rules.d/

This change is only about the source tree. We have tmpfiles.d/, modprobe.d/,
sysctl.d/, and sysusers.d/, but for historical reasons, rules/ didn't fit this
pattern. We also *install* it as rules.d/. Let's rename to be consistent.

5 years agotest: Pass personality test even when i686 userland runs on x86_64 kernel
Balint Reczey [Tue, 8 Oct 2019 14:41:24 +0000 (16:41 +0200)]
test: Pass personality test even when i686 userland runs on x86_64 kernel

5 years agoMerge pull request #13568 from ddstreet/ubuntu-ci-blacklists
Zbigniew Jędrzejewski-Szmek [Wed, 9 Oct 2019 10:04:42 +0000 (12:04 +0200)]
Merge pull request #13568 from ddstreet/ubuntu-ci-blacklists

test: add temporarily blacklisted tests

5 years agoMerge pull request #13727 from keszybz/pstore-greedy-realloc
Yu Watanabe [Wed, 9 Oct 2019 06:01:45 +0000 (15:01 +0900)]
Merge pull request #13727 from keszybz/pstore-greedy-realloc

Use greedy realloc in pstore

5 years agoMerge pull request #13753 from keszybz/change-man-ordering
Yu Watanabe [Wed, 9 Oct 2019 05:51:06 +0000 (14:51 +0900)]
Merge pull request #13753 from keszybz/change-man-ordering

Change section ordering to have commands above options

5 years agohwdb: Update Primebook C11B sensor entry to also work with older BIOS versions
Hans de Goede [Mon, 23 Sep 2019 09:00:50 +0000 (11:00 +0200)]
hwdb: Update Primebook C11B sensor entry to also work with older BIOS versions

Older Primebook C11B BIOS versions use "Primebook C11B" as product name
instead of "PRIMEBOOK C11B", update the Primebook C11B 60-sensor.hwdb entries
to match on both spellings.

5 years agoHighlight the synopsis and summary in --help
Zbigniew Jędrzejewski-Szmek [Tue, 8 Oct 2019 16:19:59 +0000 (18:19 +0200)]
Highlight the synopsis and summary in --help

This doesn't cover all the binaries, but I don't know how to script
this, and I run out of steam ;)

5 years agonetworkctl: add missing dots in --help
Zbigniew Jędrzejewski-Szmek [Tue, 8 Oct 2019 16:00:45 +0000 (18:00 +0200)]
networkctl: add missing dots in --help

5 years agoMove the Commands section above Options section
Zbigniew Jędrzejewski-Szmek [Tue, 8 Oct 2019 15:58:44 +0000 (17:58 +0200)]
Move the Commands section above Options section

For executables which take a verb, we should list the verbs first, and
then options which modify those verbs second. The general layout of
the man page is from general description to specific details, usually
Overview, Commands, Options, Return Value, Examples, References.

5 years agoMerge pull request #13746 from keszybz/tests-reduce-boilerplate
Zbigniew Jędrzejewski-Szmek [Tue, 8 Oct 2019 13:39:28 +0000 (15:39 +0200)]
Merge pull request #13746 from keszybz/tests-reduce-boilerplate

Reduce test boilerplate

5 years agotest/TEST-31-DEVICE-ENUMERATION: do not use -x to avoid grep loop
Zbigniew Jędrzejewski-Szmek [Tue, 8 Oct 2019 09:11:49 +0000 (11:11 +0200)]
test/TEST-31-DEVICE-ENUMERATION: do not use -x to avoid grep loop

https://github.com/systemd/systemd/pull/13746#issuecomment-539410752:
> [grep] now matches the grep command itself, as it's logged into journal as well, thanks to set -x.

Also, use journalctl --grep and -t to make things a bit quicker.

5 years agoMerge pull request #13632 from fbuihuu/ask-password-some-reworks
Zbigniew Jędrzejewski-Szmek [Tue, 8 Oct 2019 07:20:40 +0000 (09:20 +0200)]
Merge pull request #13632 from fbuihuu/ask-password-some-reworks

Ask password some reworks

5 years agotest: add function to reduce copied setup boilerplate
Zbigniew Jędrzejewski-Szmek [Tue, 8 Oct 2019 07:10:12 +0000 (09:10 +0200)]
test: add function to reduce copied setup boilerplate

Many tests were also masking systemd-machined.service. But machined
should only start when activated, so having it not masked shouldn't be
noticable. TEST-25-IMPORT needs it.

5 years agotest: drop redirection to tty in integration tests
Zbigniew Jędrzejewski-Szmek [Tue, 8 Oct 2019 06:45:12 +0000 (08:45 +0200)]
test: drop redirection to tty in integration tests

I *think* this was originally added to make it easier to see what was happening
in tests. Later we added the functionality to print the journal on failure, so
this redirection has stopped being useful.

In https://github.com/systemd/systemd/pull/13719#issuecomment-539292650
@filbranden shows that grep tries to write to stdout and fails. In general,
we should not assume that writing to the console it always possible. We have
special code to handle this in pid1 after all:

99    19:22:10.731965 fstat(1,  <unfinished ...>
99    19:22:10.731993 <... fstat resumed>{st_mode=S_IFCHR|0620, st_rdev=makedev(0x88, 0), ...}) = 0
99    19:22:10.732070 write(1, "ExecStartPost={ path=/bin/echo ; argv[]=/bin/echo ${4_four_ex} ; ignore_errors=no ; start_time=[Mon 2019-10-07 19:22:10 PDT] ; stop_time=[Mon 209-10-07 19:22:10 PDT] ; pid=97 ; code=exited ; status=0 }\n", 203) = -1 EIO (Input/output error)
99    19:22:10.732174 write(2, "grep: ", 6) = -1 EIO (Input/output error)
99    19:22:10.732226 write(2, "write error", 11) = -1 EIO (Input/output error)
99    19:22:10.732263 write(2, ": Input/output error", 20) = -1 EIO (Input/output error)
99    19:22:10.732298 write(2, "\n", 1 <unfinished ...>
99    19:22:10.732325 <... write resumed>) = -1 EIO (Input/output error)
99    19:22:10.732349 exit_group(2)     = ?
99    19:22:10.732424 +++ exited with 2 +++

Removing the redirection should make the tests less flakey.

Replaces #13719.

While at it, also drop NotifyAccess=all. I think it was added purposefully in
TEST-20-MAINPIDGAMES, and then cargo culted to newer tests.

5 years agotrivial: rename chromeos to chromiumos
Tim Teichmann [Sun, 6 Oct 2019 15:59:53 +0000 (17:59 +0200)]
trivial: rename chromeos to chromiumos

5 years agodocs: fix inadvertent change in uid range
Zbigniew Jędrzejewski-Szmek [Sun, 6 Oct 2019 17:05:57 +0000 (19:05 +0200)]
docs: fix inadvertent change in uid range

https://github.com/systemd/systemd/commit/a305eda35f18fbacc771cc1582b688d60890a9d2#r35378755

5 years agotrivial: update tools/chromeos/gen_autosuspend_rules.py
Mario Limonciello [Sat, 5 Oct 2019 01:57:46 +0000 (20:57 -0500)]
trivial: update tools/chromeos/gen_autosuspend_rules.py

Adds CNP PCH xHCI device PCIID to udev rules

5 years agoAdd missing license file and information for tools/chromeos/gen_autosuspend_rules...
Tim Teichmann [Sat, 5 Oct 2019 13:52:37 +0000 (15:52 +0200)]
Add missing license file and information for tools/chromeos/gen_autosuspend_rules.py (#13729)

The license file for the python script that was commited with b61d777abeecd8b6c76035e11899aae210633534 was missing. The license was copied from https://chromium.googlesource.com/chromiumos/platform2/+/master/LICENSE.

5 years agotty-ask-pwd-agent: move ask_password_plymouth() in ask-password-api.c
Franck Bui [Fri, 20 Sep 2019 13:13:48 +0000 (15:13 +0200)]
tty-ask-pwd-agent: move ask_password_plymouth() in ask-password-api.c

5 years agotty-ask-pwd-agent: small cleanup in process_one_password_file()
Franck Bui [Fri, 20 Sep 2019 13:07:31 +0000 (15:07 +0200)]
tty-ask-pwd-agent: small cleanup in process_one_password_file()

Split the part dealing which asks for password on tty in a dedicated function
making process_one_password_file() hopefully easier to read.

No functional changes.

5 years agotty-ask-pwd-agent: add a FIXME
Franck Bui [Thu, 19 Sep 2019 17:01:57 +0000 (19:01 +0200)]
tty-ask-pwd-agent: add a FIXME

5 years agotty-ask-pwd-agent: share the same init code for --query and --watch
Franck Bui [Thu, 19 Sep 2019 14:38:16 +0000 (16:38 +0200)]
tty-ask-pwd-agent: share the same init code for --query and --watch

Previously we would have skipped the init code which consists in setting the
signal handling up and the wall tty block thingie.

5 years agotty-ask-pwd-agent: treat SIGINT as a request to exit immediately
Franck Bui [Thu, 19 Sep 2019 13:24:15 +0000 (15:24 +0200)]
tty-ask-pwd-agent: treat SIGINT as a request to exit immediately

Unlike SIGTERM, SIGINT is now treated as a request to exit as soon as
possible. IOW, if SIGINT is received, the agent wont process all remaining
passwords before exiting.

This allows a more comprehensive behavior when C-c is pressed and when the
agent is spawned by systemctl.

Before that patch, pressing C-c killed systemctl but left the agent waiting
for a password since SIGINT was blocked. The result was pretty clumsy.

5 years agotty-ask-pwd-agent: give the possiblity to skip a password prompt
Franck Bui [Thu, 19 Sep 2019 13:18:18 +0000 (15:18 +0200)]
tty-ask-pwd-agent: give the possiblity to skip a password prompt

If multiple passwords are waiting the agent will prompt for each of them. Give
the possiblity to the user to skip some of them by pressing 'C-d'.

5 years agotty-ask-pwd-agent: minor simplification by using FOREACH_DIRENT instead of FOREACH_DI...
Franck Bui [Tue, 17 Sep 2019 10:30:31 +0000 (12:30 +0200)]
tty-ask-pwd-agent: minor simplification by using FOREACH_DIRENT instead of FOREACH_DIRENT_ALL

5 years agofs-util: introduce inotify_add_watch_and_warn() helper
Franck Bui [Tue, 17 Sep 2019 09:16:52 +0000 (11:16 +0200)]
fs-util: introduce inotify_add_watch_and_warn() helper

The default message for ENOSPC is very misleading: it says that the disk is
filled, but in fact the inotify watch limit is the problem.

So let's introduce and use a wrapper that simply calls inotify_add_watch(2) and
which fixes the error message up in case ENOSPC is returned.

5 years agopstore: rework memory handling for dmesg
Zbigniew Jędrzejewski-Szmek [Fri, 4 Oct 2019 14:17:27 +0000 (16:17 +0200)]
pstore: rework memory handling for dmesg

Semmle Security Reports report:
> The problem occurs on the way realloc is being used. When a size
> bigger than the chunk that wants to be reallocated is passed, realloc
> try to malloc a  bigger size, however in the case that malloc fails
> (for example, by forcing a big allocation)  realloc will return NULL.
>
> According to the man page:
> "The realloc() function returns a pointer to the newly allocated
> memory, which is suitably aligned for any built-in type and may be
> different from ptr,  or  NULL  if  the  request fails.   If size was
> equal to 0, either NULL or a pointer suitable to be passed to free()
> is returned.  If realloc() fails, the original block is left
> untouched; it is  not  freed or moved."
>
> The problem occurs when the memory ptr passed to the first argument of
> realloc is the same as the one used for the result, for example in
> this case:
>
> dmesg = realloc(dmesg, dmesg_size + strlen(pe->dirent.d_name) +
> strlen(":\n") + pe->content_size + 1);
>
> https://lgtm.com/projects/g/systemd/systemd/snapshot/f8bcb81955f9e93a4787627e28f43fffb2a84836/files/src/pstore/pstore.c?sort=name&dir=A
> SC&mode=heatmap#L300
>
> If the malloc inside that realloc fails, then the original memory
> chunk will never be free but since realloc will return NULL, the
> pointer to that memory chunk will be lost and a memory leak will
> occur.
>
> In case you are curious, this is the query we used to find this problem:
> https://lgtm.com/query/8650323308193591473/

Let's use a more standard pattern: allocate memory using greedy_realloc, and
instead of freeing it when we wrote out a chunk, let's just move the cursor
back to the beginning and reuse the memory we allocated previously.

If we fail to allocate the memory for dmesg contents, don't write the dmesg
entry, but let's still process the files to move them out of pstore.

5 years agopstore: allow specifying src and dst dirs are arguments
Zbigniew Jędrzejewski-Szmek [Fri, 4 Oct 2019 14:14:47 +0000 (16:14 +0200)]
pstore: allow specifying src and dst dirs are arguments

This makes it much easier to debug the program as a normal user, since we
don't need to set up fake input under /sys/fs/pstore/.

Also, let's make the debug output a bit nicer.

5 years agoata_id: Add check for fixed format sense codes (#13654)
Ryan Attard [Fri, 4 Oct 2019 12:52:49 +0000 (07:52 -0500)]
ata_id: Add check for fixed format sense codes (#13654)

Original revisions of the SAT (SCSI-ATA Translation) specification
required that all sense data be reported in Descriptor Format (72h).

Later revisions specifcally allow and account for sense data being
reported in Fixed Format (70h).

The current code checks for a Descriptor Format sense structure (0x72),
then looks specifically at the first byte of the first descriptor for the
ATA specific code 0x9, cross referencing it with the first byte which is
just a length field 0x0c (as a sanity check).

In the Fixed Format case(0x70), we can fall back to using the top-level
SCSI Sense data for the Additional Sense code (0x0) and then the
Additional Sense Code Qualifier (0x1d),

That identifies that the sense data is of the format associated with:
 `ATA PASS THROUGH INFORMATION AVAILABLE`.

This fallback mechanism retains support for SATLs compliant with ANSI
INCITS 431-2007, and enables support for Fixed Format Sense data
enabled by SATLs with later revisions.

Glad to do so. This patch allows ata_id to export attributes correctly. I believe that any drive can potentially return information in this format on any SATL using the libata-scsi (the Linux builtin SATL), but in this particular case, it appears it is the SATL itself. Attaching the disk to the AHCI controller changes the behavior impacted here. (Not entirely surprisingly, SATLs are are pretty inconsistent).

Test:
This case specifically is an LSI SATL. I'll illustrate that without the patch, ata_id does not return
any output for a valid SATA drive but after the patch does.

1. Verify the device is ATA, by looking at the vpd page specific to ATA drives

```
root@machine:~# sg_vpd -p ai /dev/sdn
ATA information VPD page:
  SAT Vendor identification: LSI
  SAT Product identification: LSI SATL
  SAT Product revision level: 0008
  Device signature indicates SATA transport
  ATA command IDENTIFY DEVICE response summary:
    model: HGST HUH728080ALE604
    serial number: ZZZZH3VX
    firmware revision: A4GNW7J0
```

2. Look at what udev thinks of the disk, it says ID_BUS=scsi
ATA information says ID_MODEL should be HGST_HUH728080ALE604
udev says it is HGST_HUH728080AL (Missing E604, 4 bytes), and no ATA attributes are
populated.

```
root@machine:~# udevadm info -q all /dev/sdn
P: /devices/pci0000:00/0000:00:03.0/0000:05:00.0/host2/port-2:0/expander-2:0/port-2:0:11/end_device-2:0:11/target2:0:11/2:0:11:0/block/sdn
N: sdn
S: disk/by-id/scsi-35000cca23be1dc3c
S: disk/by-id/wwn-0x5000cca23be1dc3c
S: disk/by-path/pci-0000:05:00.0-sas-exp0x500605b0000272bf-phy11-lun-0
E: DEVLINKS=/dev/disk/by-id/wwn-0x5000cca23be1dc3c /dev/disk/by-id/scsi-35000cca23be1dc3c /dev/disk/by-path/pci-0000:05:00.0-sas-exp0x500605b0000272bf-phy11-lun-0
E: DEVNAME=/dev/sdn
E: DEVPATH=/devices/pci0000:00/0000:00:03.0/0000:05:00.0/host2/port-2:0/expander-2:0/port-2:0:11/end_device-2:0:11/target2:0:11/2:0:11:0/block/sdn
E: DEVTYPE=disk
E: ID_BUS=scsi
E: ID_MODEL=HGST_HUH728080AL
E: ID_MODEL_ENC=HGST\x20HUH728080AL
E: ID_PATH=pci-0000:05:00.0-sas-exp0x500605b0000272bf-phy11-lun-0
E: ID_PATH_TAG=pci-0000_05_00_0-sas-exp0x500605b0000272bf-phy11-lun-0
E: ID_REVISION=W7J0
E: ID_SCSI=1
E: ID_SCSI_SERIAL=ZZZZH3VX
E: ID_SERIAL=35000cca23be1dc3c
E: ID_SERIAL_SHORT=5000cca23be1dc3c
E: ID_TYPE=disk
E: ID_VENDOR=ATA
E: ID_VENDOR_ENC=ATA\x20\x20\x20\x20\x20
E: ID_WWN=0x5000cca23be1dc3c
E: ID_WWN_WITH_EXTENSION=0x5000cca23be1dc3c
E: MAJOR=8
E: MINOR=208
E: SUBSYSTEM=block
E: TAGS=:systemd:
```

3. Run ata_id (unpatched) (Outputs nothing, RC=2)

```
root@machine:~# strace -e ioctl /lib/udev/ata_id /dev/sdn -x
ioctl(3, SG_IO, {'Q', BSG_PROTOCOL_SCSI, BSG_SUB_PROTOCOL_SCSI_CMD, request[6]=[12, 00, 00, 00, 24, 00], request_tag=0, request_attr=0, request_priority=0, request_extra=0, max_response_len=32, dout_iovec_count=0, dout_xfer_len=0, din_iovec_count=0, din_xfer_len=36, timeout=30000, flags=0, usr_ptr=0, spare_in=0, dout[0]=NULL}) = -1 EINVAL (Invalid argument)
ioctl(3, SG_IO, {'S', SG_DXFER_FROM_DEV, cmd[6]=[12, 00, 00, 00, 24, 00], mx_sb_len=32, iovec_count=0, dxfer_len=36, timeout=30000, flags=0, data[36]=[00, 00, 06, 12, 45, 00, 00, 02, 41, 54, 41, 20, 20, 20, 20, 20, 48, 47, 53, 54, 20, 48, 55, 48, 37, 32, 38, 30, 38, 30, 41, 4c, ...], status=00, masked_status=00, sb[0]=[], host_status=0, driver_status=0, resid=0, duration=1, info=0}) = 0
ioctl(3, SG_IO, {'Q', BSG_PROTOCOL_SCSI, BSG_SUB_PROTOCOL_SCSI_CMD, request[12]=[a1, 08, 2e, 00, 01, 00, 00, 00, 00, ec, 00, 00], request_tag=0, request_attr=0, request_priority=0, request_extra=0, max_response_len=32, dout_iovec_count=0, dout_xfer_len=0, din_iovec_count=0, din_xfer_len=512, timeout=30000, flags=0, usr_ptr=0, spare_in=0, dout[0]=NULL}) = -1 EINVAL (Invalid argument)
ioctl(3, SG_IO, {'S', SG_DXFER_FROM_DEV, cmd[12]=[a1, 08, 2e, 00, 01, 00, 00, 00, 00, ec, 00, 00], mx_sb_len=32, iovec_count=0, dxfer_len=512, timeout=30000, flags=0, data[0]=[], status=02, masked_status=01, sb[18]=[70, 00, 01, 00, 00, 00, 00, 0a, 00, 00, 00, 00, 00, 1d, 00, 00, 00, 00], host_status=0, driver_status=0x8, resid=512, duration=0, info=0x1}) = 0
ioctl(3, HDIO_GET_IDENTITY, 0x7ffe408f7590) = -1 EINVAL (Invalid argument)
+++ exited with 2 +++
```
Sense buffers visible with the strace:
`sb[18]=[70, 00, 01, 00, 00, 00, 00, 0a, 00, 00, 00, 00, 00, 1d, 00, 00, 00, 00]` is the important bit, see 70, 0a and 1d bytes

4. Run patched version: model is HGST_HUH728080ALE604 as expected, ATA attributes are
correctly populated.
```
root@machine:~# ./ata_id /dev/sdn -x
ID_ATA=1
ID_TYPE=disk
ID_BUS=ata
ID_MODEL=HGST_HUH728080ALE604
ID_MODEL_ENC=HGST\x20HUH728080ALE604\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
ID_REVISION=A4GNW7J0
ID_SERIAL=HGST_HUH728080ALE604_ZZZZH3VX
ID_SERIAL_SHORT=ZZZZH3VX
ID_ATA_WRITE_CACHE=1
ID_ATA_WRITE_CACHE_ENABLED=1
ID_ATA_FEATURE_SET_HPA=1
ID_ATA_FEATURE_SET_HPA_ENABLED=1
ID_ATA_FEATURE_SET_PM=1
ID_ATA_FEATURE_SET_PM_ENABLED=1
ID_ATA_FEATURE_SET_SECURITY=1
ID_ATA_FEATURE_SET_SECURITY_ENABLED=0
ID_ATA_FEATURE_SET_SECURITY_ERASE_UNIT_MIN=66522
ID_ATA_FEATURE_SET_SMART=1
ID_ATA_FEATURE_SET_SMART_ENABLED=1
ID_ATA_FEATURE_SET_PUIS=1
ID_ATA_FEATURE_SET_PUIS_ENABLED=0
ID_ATA_FEATURE_SET_APM=1
ID_ATA_FEATURE_SET_APM_ENABLED=1
ID_ATA_FEATURE_SET_APM_CURRENT_VALUE=254
ID_ATA_DOWNLOAD_MICROCODE=1
ID_ATA_SATA=1
ID_ATA_SATA_SIGNAL_RATE_GEN2=1
ID_ATA_SATA_SIGNAL_RATE_GEN1=1
ID_ATA_ROTATION_RATE_RPM=7200
ID_WWN=0x5000cca23be1dc3c
ID_WWN_WITH_EXTENSION=0x5000cca23be1dc3c
```

5. Drop it in place and verify: we see that ata_id does work.
```
root@hw1-b01left-2212a:~# udevadm test /block/sdn
<truncated>
GROUP 6 /lib/udev/rules.d/50-udev-default.rules:55
IMPORT 'ata_id --export /dev/sdn' /lib/udev/rules.d/60-persistent-storage.rules:33
starting 'ata_id --export /dev/sdn'
'ata_id --export /dev/sdn'(out) 'ID_ATA=1'
'ata_id --export /dev/sdn'(out) 'ID_TYPE=disk'
'ata_id --export /dev/sdn'(out) 'ID_BUS=ata'
'ata_id --export /dev/sdn'(out) 'ID_MODEL=HGST_HUH728080ALE604'
'ata_id --export /dev/sdn'(out) 'ID_MODEL_ENC=HGST\x20HUH728080ALE604\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20'
'ata_id --export /dev/sdn'(out) 'ID_REVISION=A4GNW7J0'
'ata_id --export /dev/sdn'(out) 'ID_SERIAL=HGST_HUH728080ALE604_ZZZZH3VX'
'ata_id --export /dev/sdn'(out) 'ID_SERIAL_SHORT=ZZZZH3VX'
'ata_id --export /dev/sdn'(out) 'ID_ATA_WRITE_CACHE=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_WRITE_CACHE_ENABLED=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_HPA=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_HPA_ENABLED=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_PM=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_PM_ENABLED=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_SECURITY=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_SECURITY_ENABLED=0'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_SECURITY_ERASE_UNIT_MIN=66522'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_SMART=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_SMART_ENABLED=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_PUIS=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_PUIS_ENABLED=0'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_APM=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_APM_ENABLED=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_FEATURE_SET_APM_CURRENT_VALUE=254'
'ata_id --export /dev/sdn'(out) 'ID_ATA_DOWNLOAD_MICROCODE=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_SATA=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_SATA_SIGNAL_RATE_GEN2=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_SATA_SIGNAL_RATE_GEN1=1'
'ata_id --export /dev/sdn'(out) 'ID_ATA_ROTATION_RATE_RPM=7200'
'ata_id --export /dev/sdn'(out) 'ID_WWN=0x5000cca23be1dc3c'
'ata_id --export /dev/sdn'(out) 'ID_WWN_WITH_EXTENSION=0x5000cca23be1dc3c'
Process 'ata_id --export /dev/sdn' succeeded.
LINK 'disk/by-id/ata-HGST_HUH728080ALE604_ZZZZH3VX' /lib/udev/rules.d/60-persistent-storage.rules:47
IMPORT builtin 'path_id' /lib/udev/rules.d/60-persistent-storage.rules:65
LINK 'disk/by-path/pci-0000:05:00.0-sas-exp0x500605b0000272bf-phy11-lun-0' /lib/udev/rules.d/60-persistent-storage.rules:66
IMPORT builtin 'blkid' /lib/udev/rules.d/60-persistent-storage.rules:81
probe /dev/sdn raid offset=0
LINK 'disk/by-id/wwn-0x5000cca23be1dc3c' /lib/udev/rules.d/60-persistent-storage.rules:88
RUN '/usr/lib/python-dsnet-appliance/hotplug disk udev-disk-add' /etc/udev/rules.d/99-appliance-hotplug.rules:1
update old name, '/dev/disk/by-id/scsi-35000cca23be1dc3c' no longer belonging to '/devices/pci0000:00/0000:00:03.0/0000:05:00.0/host2/port-2:0/expander-2:0/port-2:0:11/end_device-2:0:11/target2:0:11/2:0:11:0/block/sdn'
no reference left, remove '/dev/disk/by-id/scsi-35000cca23be1dc3c'
handling device node '/dev/sdn', devnum=b8:208, mode=0660, uid=0, gid=6
preserve permissions /dev/sdn, 060660, uid=0, gid=6
preserve already existing symlink '/dev/block/8:208' to '../sdn'
creating link '/dev/disk/by-id/ata-HGST_HUH728080ALE604_ZZZZH3VX' to '/dev/sdn'
creating symlink '/dev/disk/by-id/ata-HGST_HUH728080ALE604_ZZZZH3VX' to '../../sdn'
found 'b8:208' claiming '/run/udev/links/\x2fdisk\x2fby-id\x2fwwn-0x5000cca23be1dc3c'
creating link '/dev/disk/by-id/wwn-0x5000cca23be1dc3c' to '/dev/sdn'
preserve already existing symlink '/dev/disk/by-id/wwn-0x5000cca23be1dc3c' to '../../sdn'
found 'b8:208' claiming '/run/udev/links/\x2fdisk\x2fby-path\x2fpci-0000:05:00.0-sas-exp0x500605b0000272bf-phy11-lun-0'
creating link '/dev/disk/by-path/pci-0000:05:00.0-sas-exp0x500605b0000272bf-phy11-lun-0' to '/dev/sdn'
preserve already existing symlink '/dev/disk/by-path/pci-0000:05:00.0-sas-exp0x500605b0000272bf-phy11-lun-0' to '../../sdn'
created db file '/run/udev/data/b8:208' for '/devices/pci0000:00/0000:00:03.0/0000:05:00.0/host2/port-2:0/expander-2:0/port-2:0:11/end_device-2:0:11/target2:0:11/2:0:11:0/block/sdn'
ACTION=add
DEVLINKS=/dev/disk/by-path/pci-0000:05:00.0-sas-exp0x500605b0000272bf-phy11-lun-0 /dev/disk/by-id/ata-HGST_HUH728080ALE604_ZZZZH3VX /dev/disk/by-id/wwn-0x5000cca23be1dc3c
DEVNAME=/dev/sdn
DEVPATH=/devices/pci0000:00/0000:00:03.0/0000:05:00.0/host2/port-2:0/expander-2:0/port-2:0:11/end_device-2:0:11/target2:0:11/2:0:11:0/block/sdn
DEVTYPE=disk
ID_ATA=1
ID_ATA_DOWNLOAD_MICROCODE=1
ID_ATA_FEATURE_SET_APM=1
ID_ATA_FEATURE_SET_APM_CURRENT_VALUE=254
ID_ATA_FEATURE_SET_APM_ENABLED=1
ID_ATA_FEATURE_SET_HPA=1
ID_ATA_FEATURE_SET_HPA_ENABLED=1
ID_ATA_FEATURE_SET_PM=1
ID_ATA_FEATURE_SET_PM_ENABLED=1
ID_ATA_FEATURE_SET_PUIS=1
ID_ATA_FEATURE_SET_PUIS_ENABLED=0
ID_ATA_FEATURE_SET_SECURITY=1
ID_ATA_FEATURE_SET_SECURITY_ENABLED=0
ID_ATA_FEATURE_SET_SECURITY_ERASE_UNIT_MIN=66522
ID_ATA_FEATURE_SET_SMART=1
ID_ATA_FEATURE_SET_SMART_ENABLED=1
ID_ATA_ROTATION_RATE_RPM=7200
ID_ATA_SATA=1
ID_ATA_SATA_SIGNAL_RATE_GEN1=1
ID_ATA_SATA_SIGNAL_RATE_GEN2=1
ID_ATA_WRITE_CACHE=1
ID_ATA_WRITE_CACHE_ENABLED=1
ID_BUS=ata
ID_MODEL=HGST_HUH728080ALE604
ID_MODEL_ENC=HGST\x20HUH728080ALE604\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
ID_PATH=pci-0000:05:00.0-sas-exp0x500605b0000272bf-phy11-lun-0
ID_PATH_TAG=pci-0000_05_00_0-sas-exp0x500605b0000272bf-phy11-lun-0
ID_REVISION=A4GNW7J0
ID_SERIAL=HGST_HUH728080ALE604_ZZZZH3VX
ID_SERIAL_SHORT=ZZZZH3VX
ID_TYPE=disk
ID_WWN=0x5000cca23be1dc3c
ID_WWN_WITH_EXTENSION=0x5000cca23be1dc3c
MAJOR=8
MINOR=208
SUBSYSTEM=block
TAGS=:systemd:
USEC_INITIALIZED=6055690
run: '/usr/lib/python-dsnet-appliance/hotplug disk udev-disk-add'
Unload module index
Unloaded link configuration context.
```

6. Query just to double check: (ID_BUS=ata, model correct, etc).
```
root@machine:~# udevadm info /dev/sdn
P: /devices/pci0000:00/0000:00:03.0/0000:05:00.0/host2/port-2:0/expander-2:0/port-2:0:11/end_device-2:0:11/target2:0:11/2:0:11:0/block/sdn
N: sdn
S: disk/by-id/ata-HGST_HUH728080ALE604_ZZZZH3VX
S: disk/by-id/wwn-0x5000cca23be1dc3c
S: disk/by-path/pci-0000:05:00.0-sas-exp0x500605b0000272bf-phy11-lun-0
E: DEVLINKS=/dev/disk/by-id/wwn-0x5000cca23be1dc3c /dev/disk/by-path/pci-0000:05:00.0-sas-exp0x500605b0000272bf-phy11-lun-0 /dev/disk/by-id/ata-HGST_HUH728080ALE604_ZZZZH3VX
E: DEVNAME=/dev/sdn
E: DEVPATH=/devices/pci0000:00/0000:00:03.0/0000:05:00.0/host2/port-2:0/expander-2:0/port-2:0:11/end_device-2:0:11/target2:0:11/2:0:11:0/block/sdn
E: DEVTYPE=disk
E: ID_ATA=1
E: ID_ATA_DOWNLOAD_MICROCODE=1
E: ID_ATA_FEATURE_SET_APM=1
E: ID_ATA_FEATURE_SET_APM_CURRENT_VALUE=254
E: ID_ATA_FEATURE_SET_APM_ENABLED=1
E: ID_ATA_FEATURE_SET_HPA=1
E: ID_ATA_FEATURE_SET_HPA_ENABLED=1
E: ID_ATA_FEATURE_SET_PM=1
E: ID_ATA_FEATURE_SET_PM_ENABLED=1
E: ID_ATA_FEATURE_SET_PUIS=1
E: ID_ATA_FEATURE_SET_PUIS_ENABLED=0
E: ID_ATA_FEATURE_SET_SECURITY=1
E: ID_ATA_FEATURE_SET_SECURITY_ENABLED=0
E: ID_ATA_FEATURE_SET_SECURITY_ERASE_UNIT_MIN=66522
E: ID_ATA_FEATURE_SET_SMART=1
E: ID_ATA_FEATURE_SET_SMART_ENABLED=1
E: ID_ATA_ROTATION_RATE_RPM=7200
E: ID_ATA_SATA=1
E: ID_ATA_SATA_SIGNAL_RATE_GEN1=1
E: ID_ATA_SATA_SIGNAL_RATE_GEN2=1
E: ID_ATA_WRITE_CACHE=1
E: ID_ATA_WRITE_CACHE_ENABLED=1
E: ID_BUS=ata
E: ID_MODEL=HGST_HUH728080ALE604
E: ID_MODEL_ENC=HGST\x20HUH728080ALE604\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
E: ID_PATH=pci-0000:05:00.0-sas-exp0x500605b0000272bf-phy11-lun-0
E: ID_PATH_TAG=pci-0000_05_00_0-sas-exp0x500605b0000272bf-phy11-lun-0
E: ID_REVISION=A4GNW7J0
E: ID_SERIAL=HGST_HUH728080ALE604_ZZZZH3VX
E: ID_SERIAL_SHORT=ZZZZH3VX
E: ID_TYPE=disk
E: ID_WWN=0x5000cca23be1dc3c
E: ID_WWN_WITH_EXTENSION=0x5000cca23be1dc3c
E: MAJOR=8
E: MINOR=208
E: SUBSYSTEM=block
E: TAGS=:systemd:
E: USEC_INITIALIZED=6055690
```

If I install the same disk into a machine using an ATA driver, this behavior changes:
```
root@machine2:~# sg_vpd -p ai /dev/sdb
ATA information VPD page:
  SAT Vendor identification: linux
  SAT Product identification: libata
  SAT Product revision level: 3.00
  Device signature indicates SATA transport
  ATA command IDENTIFY DEVICE response summary:
    model: HGST HUH728080ALE604
    serial number: ZZZZH3VX
    firmware revision: A4GNW7J0
root@machine-2:~# /lib/udev/ata_id -x /dev/sdb
ID_ATA=1
ID_TYPE=disk
ID_BUS=ata
ID_MODEL=HGST_HUH728080ALE604
ID_MODEL_ENC=HGST\x20HUH728080ALE604\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20
ID_REVISION=A4GNW7J0
<truncated>
```

5 years agoMerge pull request #13709 from zachsmith/systemd-tmpfiles-allow-append-to-file
Zbigniew Jędrzejewski-Szmek [Fri, 4 Oct 2019 09:59:06 +0000 (11:59 +0200)]
Merge pull request #13709 from zachsmith/systemd-tmpfiles-allow-append-to-file

systemd-tmpfiles: allow appending content to file

5 years agotest-execute: Filter /dev/.lxc in exec-dynamicuser-statedir.service
Balint Reczey [Fri, 27 Sep 2019 17:56:05 +0000 (19:56 +0200)]
test-execute: Filter /dev/.lxc in exec-dynamicuser-statedir.service

It appears in nested LXC containers and broke the test in Ubuntu CI.

BugLink: https://bugs.launchpad.net/bugs/1845337
5 years agoadded working volume buttons for medion erazer...
crashfistfight [Thu, 3 Oct 2019 21:53:08 +0000 (23:53 +0200)]
added working volume buttons for medion erazer...

5 years agoman: document updated newline support
Mark Stosberg [Thu, 3 Oct 2019 20:26:42 +0000 (16:26 -0400)]
man: document updated newline support

Since v239 newlines have been allowed for PassEnvironment=
and EnvironmentFile=, due to #8471.

This PR documents the behavior change.

5 years agorules: Add automatic suspend udev rules
Mario Limonciello [Mon, 9 Sep 2019 21:49:35 +0000 (22:49 +0100)]
rules: Add automatic suspend udev rules

The ChromeOS ecosystem has a large amount of testing, both automated
and manual across devices including measurement of power regressions.

It's safe to assume that any of these devices will handle USB
auto-suspend appropriately.  Use the script from ChromeOS
https://chromium.googlesource.com/chromiumos/platform2/+/master/power_manager/udev/gen_autosuspend_rules.py
to generate udev rules at build time.

This script in systemd `tools/chromeos/gen_autosuspend_rules.py` should be kept
in sync with the ChromeOS version of the script.

Manually added autosuspend devices should be placed in the new
template `rules/61-autosuspend-manual.rules`

Suggested-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Mario Limonciello <mario.limonciello@dell.com>
5 years agosystemctl: Default suffixes for timer and socket
Kevin Kuehler [Sat, 14 Sep 2019 08:39:28 +0000 (01:39 -0700)]
systemctl: Default suffixes for timer and socket

* use .timer suffix by default for systemctl list-timers
* use .socket suffix by default for systemctl list-sockets

5 years agotty-ask-pwd-agent: rename watch_passwords() and show_passwords()
Franck Bui [Tue, 17 Sep 2019 09:03:04 +0000 (11:03 +0200)]
tty-ask-pwd-agent: rename watch_passwords() and show_passwords()

Those names were a bit confusing both functions process password files the
former relies one the later and waits for new files.

Also show_passwords() was not only used to list password files/requests but
also to query the user.

No functional changes.

5 years agosystemd-tmpfiles: allow appending content to file
Zach Smith [Fri, 4 Oct 2019 01:19:18 +0000 (18:19 -0700)]
systemd-tmpfiles: allow appending content to file

Adds support to append to files with w+ type.

 w /tmp/13291.out - - - - first line\n
 w+ /tmp/13291.out - - - - second line\n

5 years agosystemd-tmpfiles: rename force to append_or_force
Zach Smith [Fri, 4 Oct 2019 01:09:35 +0000 (18:09 -0700)]
systemd-tmpfiles: rename force to append_or_force

The force field of the Item struct is used to indicate
force creation or appending in different context. This
change renames the field to append_or_force to improve
readability.

5 years agoMerge pull request #13690 from cdown/cgroup_rework
Zbigniew Jędrzejewski-Szmek [Thu, 3 Oct 2019 20:09:56 +0000 (22:09 +0200)]
Merge pull request #13690 from cdown/cgroup_rework

cgroup: Add support to check systemd-internal cgroup limits against the kernel

5 years agonetworkd: split out repeated code to a helper function
Zbigniew Jędrzejewski-Szmek [Thu, 3 Oct 2019 13:46:44 +0000 (15:46 +0200)]
networkd: split out repeated code to a helper function

Follow-up for 156ddf8df7.

5 years agopid1: restore the original environment passed by the kernel when switching to a new...
Franck Bui [Tue, 1 Oct 2019 12:31:14 +0000 (14:31 +0200)]
pid1: restore the original environment passed by the kernel when switching to a new system manager

PID1 may modified the environment passed by the kernel when it starts
running. Commit 9d48671c62de133a2b9fe7c31e70c0ff8e68f2db unset $HOME for
example.

In case PID1 is going to switch to a new root and execute a new system manager
which is not systemd, we should restore the original environment as the new
manager might expect some variables to be set by default (more specifically
$HOME).

5 years agotest/README.testsuite: add section for Ubuntu CI blacklist files
Dan Streetman [Wed, 2 Oct 2019 08:16:01 +0000 (04:16 -0400)]
test/README.testsuite: add section for Ubuntu CI blacklist files

Add some docs explaining how blacklist individual test/TEST-*
tests in Ubuntu CI using per-test blacklist files.

5 years agotest: add temporarily blacklisted tests
Dan Streetman [Mon, 16 Sep 2019 16:34:55 +0000 (12:34 -0400)]
test: add temporarily blacklisted tests

This temporarily blacklists some tests when run under Ubuntu CI.

This is the upstream side of the Debian 'upstream' test MR:
https://salsa.debian.org/systemd-team/systemd/merge_requests/52

The tests blacklisted here should only be temporarily blacklisted
until they can be fixed; the intention is that these blacklist files
will be added and removed over time while debugging/fixing flaky
and/or regressed tests, without causing test failure noise for other
PRs.

5 years agoMerge pull request #13645 from danielstuart14/master
Zbigniew Jędrzejewski-Szmek [Thu, 3 Oct 2019 14:53:54 +0000 (16:53 +0200)]
Merge pull request #13645 from danielstuart14/master

Add chromebook orientation quirk

5 years agocgroup: analyze: Report memory configurations that deviate from systemd
Chris Down [Thu, 3 Oct 2019 12:21:29 +0000 (13:21 +0100)]
cgroup: analyze: Report memory configurations that deviate from systemd

This is the most basic consumer of the new systemd-vs-kernel checker,
both acting as a reasonable standalone exerciser of the code, and also
as a way for easy inspection of deviations from systemd internal state.

5 years agocgroup: analyze: Match standard dump format
Chris Down [Mon, 30 Sep 2019 15:09:18 +0000 (16:09 +0100)]
cgroup: analyze: Match standard dump format

We're the only ones left using = as the delimiter, which looks really
weird in `systemd-analyze dump`. Use `: ` like everyone else.

5 years agocgroup: Allow checking systemd-internal limits against the kernel
Chris Down [Mon, 30 Sep 2019 15:13:32 +0000 (16:13 +0100)]
cgroup: Allow checking systemd-internal limits against the kernel

We currently don't have any mitigations against another privileged user
on the system messing with the cgroup hierarchy, bringing the system out
of line with what we've set in systemd. We also don't have any real way
to surface this to the user (we do have logs, but you have to know to
look in the first place).

There are a few possible solutions:

1. Maintaining our own cgroup tree with the new fsopen API and having a
   read-only copy for everyone else. However, there are some
   complications on this front, and this may be infeasible in some
   environments. I'd rate this as a longer term effort that's tangential
   to this patch.
2. Actively checking for changes with {fa,i}notify and changing them
   back afterwards to match our configuration again. This is also
   possible, but it's also good to have a way to do passive monitoring
   of the situation without taking hard action. Also, currently daemons
   like senpai do actually need to modify the tree behind systemd's
   back (although hopefully this should be more integrated soon).

This patch implements another option, where one can, on demand, monitor
deviations in cgroup memory configuration from systemd's internal state.
Currently the only consumer is `systemd-analyze dump`, but the interface
is generic enough that it can also be exposed elsewhere later (for
example, over D-Bus).

Currently only memory limit style properties are supported, but later I
also plan to expand this out to other properties that systemd should
have ultimate control over.

5 years agoUpdate sd_journal_print.xml
Léonard Gérard [Wed, 2 Oct 2019 23:31:07 +0000 (17:31 -0600)]
Update sd_journal_print.xml

Fix the documentation part of the current limitation os sd_journal_print reported in #13706.

5 years agocgroup: fix typo in BPF firewall support warning message
Mike Kazantsev [Thu, 3 Oct 2019 13:11:41 +0000 (18:11 +0500)]
cgroup: fix typo in BPF firewall support warning message

5 years agomemory-util: Add PAGE_ALIGN_DOWN
Chris Down [Thu, 3 Oct 2019 13:41:06 +0000 (14:41 +0100)]
memory-util: Add PAGE_ALIGN_DOWN

For example, cgroup v2 rounds down to the previous page when returning
memory limits.

5 years agoMerge pull request #12818 from yuwata/network-issue-8726
Zbigniew Jędrzejewski-Szmek [Thu, 3 Oct 2019 13:21:35 +0000 (15:21 +0200)]
Merge pull request #12818 from yuwata/network-issue-8726

network: disable kernel creating prefix route when RouteTable= is set

5 years agoMerge pull request #13246 from keszybz/add-SystemdOptions-efi-variable
Zbigniew Jędrzejewski-Szmek [Thu, 3 Oct 2019 10:19:44 +0000 (12:19 +0200)]
Merge pull request #13246 from keszybz/add-SystemdOptions-efi-variable

Add efi variable to augment /proc/cmdline

5 years agofix build with compilers with default stack-protector enabled
Norbert Lange [Thu, 19 Sep 2019 15:49:20 +0000 (17:49 +0200)]
fix build with compilers with default stack-protector enabled

building systemd fails with a compiler that supports
-fstack-protector but does not enable it by default.
(will miss several __stack_chk_* symbols).

fix this by also adding the switch during linking.

Signed-off-by: Norbert Lange <nolange79@gmail.com>
5 years agonspawn: surrender controlling terminal to PID2 when using the PID1 stub
Nicolas Douma [Tue, 17 Sep 2019 03:07:00 +0000 (05:07 +0200)]
nspawn: surrender controlling terminal to PID2 when using the PID1 stub

5 years agoMerge pull request #13696 from keszybz/keep-dhcp-on-restart
Zbigniew Jędrzejewski-Szmek [Thu, 3 Oct 2019 09:25:12 +0000 (11:25 +0200)]
Merge pull request #13696 from keszybz/keep-dhcp-on-restart

Add a way to differentiate restart from stop and keep dhcp config on restart

5 years agopid1: fix DefaultTasksMax initialization
Franck Bui [Wed, 2 Oct 2019 09:58:16 +0000 (11:58 +0200)]
pid1: fix DefaultTasksMax initialization

Otherwise DefaultTasksMax is always set to "inifinity".

This was broken by fb39af4ce42.

5 years agohwdb: Add trackpoint rules for Lenovo Thinkpad 70, 80, 90
Torsten Hilbrich [Wed, 2 Oct 2019 09:38:07 +0000 (11:38 +0200)]
hwdb: Add trackpoint rules for Lenovo Thinkpad 70, 80, 90

Extend the existing rules to match the Thinkpad models for the
previous 3 generations. It will work if a Synaptic Trackpoint is
built into the notebook. It will not work for Elantech trackpoints.

Succcessfully tested with T470s and T490 model.

5 years agopo: update Polish translation
Piotr Drąg [Sat, 28 Sep 2019 13:17:59 +0000 (15:17 +0200)]
po: update Polish translation

5 years agosrc/core/automount: use DirectoryMode when calling mkdir -p
Dan Streetman [Sun, 29 Sep 2019 21:16:55 +0000 (17:16 -0400)]
src/core/automount: use DirectoryMode when calling mkdir -p

mkdir -p is called both when setting up the autofs mount, as well
as after being notified that the real mount unit should be called.
However the first mkdir -p is hardcoded with 0555, while the second
uses the value specified to DirectoryMode in the automount unit; the
second mkdir -p is only needed when called from coldplug, so under
normal operation the dirs are incorrectly created with mode 0555.

This replaces the hardcoded 0555 mode with the value of DirectoryMode.

Closes #13683.

5 years agoudevadm trigger: do not propagate EACCES and ENODEV
Yu Watanabe [Thu, 26 Sep 2019 12:33:59 +0000 (21:33 +0900)]
udevadm trigger: do not propagate EACCES and ENODEV

Inside container, writing file returns EACCESS. Moreover, some devices
return ENODEV rather than EACCES. So, let's also ignore these two
error causes.

Closes #13652.

5 years agosd-dhcp-client: do not crash if sd_dhcp_client_send_release() is called with no lease
Zbigniew Jędrzejewski-Szmek [Wed, 2 Oct 2019 08:29:41 +0000 (10:29 +0200)]
sd-dhcp-client: do not crash if sd_dhcp_client_send_release() is called with no lease

Again, a public function should not crash if called at an inopportune moment.

Also, make sure we don't call the function if we have no lease.

5 years agosd-dhcp-client: merge client_send_release() into sd_dhcp_client_send_release()
Zbigniew Jędrzejewski-Szmek [Wed, 2 Oct 2019 08:22:49 +0000 (10:22 +0200)]
sd-dhcp-client: merge client_send_release() into sd_dhcp_client_send_release()

The public function and the implementation were split into two for
no particular reason.

We would assert() on the internal state of the client. This should not be done
in a function that is directly called from a public function. (I.e., we should
not crash if the public function is called at the wrong time.)
assert() is changed to assert_return().

And before anyone asks: I put the assert_returns() *above* the internal
variables on purpose. This makes it easier to see that the assert_returns()
are about the state that is passed in, and if they are not satisfied, the
function returns immediately. The compiler doesn't care either way, so
the ordering that is clearest to the reader should be chosen.

5 years agonetworkd: change SendRelease default to true
Zbigniew Jędrzejewski-Szmek [Tue, 1 Oct 2019 15:25:31 +0000 (17:25 +0200)]
networkd: change SendRelease default to true

Now that we don't drop DHCP config on restart, this seems appropriate.

5 years agonetworkd: drop DHCPv4 config on stop, keep on restart, by default
Zbigniew Jędrzejewski-Szmek [Tue, 1 Oct 2019 15:12:31 +0000 (17:12 +0200)]
networkd: drop DHCPv4 config on stop, keep on restart, by default

This partially reverts 95355a281c06c5970b7355c38b066910c3be4958.

It seems that other parts of link_stop_clients() should be skipped
when restarting, but I don't know enough about those other clients to have
an opinion if it is better to stop&start them on restart or not.
Anyway, that can be done in later patches now that the support for restarts
is there.

Fixes #13625.

5 years agonetworkd: use SIGUSR2 to do a restart
Zbigniew Jędrzejewski-Szmek [Tue, 1 Oct 2019 14:23:19 +0000 (16:23 +0200)]
networkd: use SIGUSR2 to do a restart

The code supports SIGTERM and SIGINT to termiante the process. It would
be possible to reporpose one of those signals for the restart operation,
but I think it's better to use a completely different signal to avoid
misunderstandings.

5 years agocore: rework how logging level is calculated for kill operations
Zbigniew Jędrzejewski-Szmek [Tue, 1 Oct 2019 13:53:42 +0000 (15:53 +0200)]
core: rework how logging level is calculated for kill operations

Setting the log level based on the signal made sense when signals that
were used were fixed. Since we allow signals to be configured, it doesn't
make sense to log at notice level about e.g. a restart or stop operation
just because the signal used is different.

This avoids messages like:
  six.service: Killing process 210356 (sleep) with signal SIGINT.

5 years agoman: document the RestartKillSignal= setting
Zbigniew Jędrzejewski-Szmek [Wed, 2 Oct 2019 11:53:49 +0000 (13:53 +0200)]
man: document the RestartKillSignal= setting

5 years agocore: add support for RestartKillSignal= to override signal used for restart jobs
Zbigniew Jędrzejewski-Szmek [Tue, 1 Oct 2019 13:15:06 +0000 (15:15 +0200)]
core: add support for RestartKillSignal= to override signal used for restart jobs

v2:
- if RestartKillSignal= is not specified, fall back to KillSignal=. This is necessary
  to preserve backwards compatibility (and keep KillSignal= generally useful).

5 years agobasic: fix ASSERT_SIDE_EFFECT Coverity report in assert_se()
Frantisek Sumsal [Sat, 21 Sep 2019 15:48:50 +0000 (17:48 +0200)]
basic: fix ASSERT_SIDE_EFFECT Coverity report in assert_se()

5 years agoMerge pull request #13691 from mrc0mmand/coverity-fixes
Chris Down [Wed, 2 Oct 2019 09:42:53 +0000 (10:42 +0100)]
Merge pull request #13691 from mrc0mmand/coverity-fixes

Coverity fixes for unchecked return values

5 years agohwdb: Correct WWWW Pattern In Documentation Comment
Jonas Thelemann [Wed, 2 Oct 2019 00:42:58 +0000 (02:42 +0200)]
hwdb: Correct WWWW Pattern In Documentation Comment

5 years agonspawn: rename UNIFIED_CGROUP_HIERARCHY to SYSTEMD_NSPAWN_UNIFIED_HIERARCHY
Zbigniew Jędrzejewski-Szmek [Fri, 27 Sep 2019 12:17:41 +0000 (14:17 +0200)]
nspawn: rename UNIFIED_CGROUP_HIERARCHY to SYSTEMD_NSPAWN_UNIFIED_HIERARCHY

We should never have used an unprefixed environment variable name.
All other systemd-nspawn variables have the "SYSTEMD_NSPAWN_" prefix,
and all other systemd variables have the "SYSTEMD_" prefix.

The new variable name takes precedence, but we fall back to checking the
old one. If only the old one is found, a warning is emitted.

In addition, SYSTEMD_NSPAWN_UNIFIED_HIERARCHY="" is accepted as an override
to avoid looking for the old variable name.

We have a variable with the same name ($UNIFIED_CGROUP_HIERARCHY) in tests,
which governs both systemd-nspawn and qemu behaviour. It is not renamed.

5 years agonspawn: consistenly fail if parsing the environment fails
Zbigniew Jędrzejewski-Szmek [Fri, 27 Sep 2019 11:58:06 +0000 (13:58 +0200)]
nspawn: consistenly fail if parsing the environment fails

We would parse the environment twice (to re-apply settings after reading
config from disk), but we would not check the return code first time.
This means that for some settings we would ignore invalid values, while
for others, we'd fail at some point.

Let's just consistently fail. Those environment variables define important
aspects of behaviour, and it is better for the user if we ignore invalid
values. (Unknown settings are still ignored, so forward compatibility is
maintained.)

5 years agonspawn: default to unified hierarchy if --as-pid2 is used
Zbigniew Jędrzejewski-Szmek [Fri, 27 Sep 2019 12:51:53 +0000 (14:51 +0200)]
nspawn: default to unified hierarchy if --as-pid2 is used

See comment added in the patch.

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1756143.

5 years agonetwork: DHCPv6 client add support for prefix delegation hint
Susant Sahani [Wed, 25 Sep 2019 03:14:12 +0000 (05:14 +0200)]
network: DHCPv6 client add support for prefix delegation hint

Add support for prefix hint lenth and prefix hint address
```
Frame 43: 177 bytes on wire (1416 bits), 177 bytes captured (1416 bits) on interface 0
Ethernet II, Src: f6:c1:08:4d:45:f1 (f6:c1:08:4d:45:f1), Dst: IPv6mcast_01:00:02 (33:33:00:01:00:02)
Internet Protocol Version 6, Src: fe80::d250:c82:7f6e:28d6, Dst: ff02::1:2
User Datagram Protocol, Src Port: 546, Dst Port: 547
DHCPv6
    Message type: Solicit (1)
    Transaction ID: 0x5c7902
    Rapid Commit
    Identity Association for Non-temporary Address
    Fully Qualified Domain Name
    Identity Association for Prefix Delegation
        Option: Identity Association for Prefix Delegation (25)
        Length: 41
        Value: 1b97b1690000000000000000001a0019ffffffffffffffff…
        IAID: 1b97b169
        T1: 0
        T2: 0
        IA Prefix
            Option: IA Prefix (26)
            Length: 25
            Value: ffffffffffffffff3c000000000000000000000000000000…
            Preferred lifetime: infinity
            Valid lifetime: infinity
            Prefix length: 60
            Prefix address: ::
    Option Request
    Client Identifier
    Elapsed time
```

5 years agocore: add helper function to check job status
Zbigniew Jędrzejewski-Szmek [Tue, 1 Oct 2019 12:58:55 +0000 (14:58 +0200)]
core: add helper function to check job status

Since job.h includes unit.h, and unit.h includes job.h, imports need to
be adjusted to make sure unit.h is included first if the helper is used.

5 years agocore: remove unused prototypes
Zbigniew Jędrzejewski-Szmek [Tue, 1 Oct 2019 12:25:10 +0000 (14:25 +0200)]
core: remove unused prototypes

5 years agocore: minor formatting adjustment
Zbigniew Jędrzejewski-Szmek [Tue, 1 Oct 2019 12:13:35 +0000 (14:13 +0200)]
core: minor formatting adjustment

5 years agocryptsetup: bump minimum libcryptsetup version to v2.0.1
Jay Strict [Thu, 26 Sep 2019 13:54:29 +0000 (15:54 +0200)]
cryptsetup: bump minimum libcryptsetup version to v2.0.1

libcryptsetup v2.0.1 introduced new API calls, supporting 64 bit wide
integers for `keyfile_offset`. This change invokes the new function
call, gets rid of the warning that was added in #7689, and removes
redundant #ifdefery and constant definitions.
See https://gitlab.com/cryptsetup/cryptsetup/issues/359.

Fixes #7677.

5 years agoexecute: explicitly ignore fd_wait_for_event()'s return value
Frantisek Sumsal [Tue, 1 Oct 2019 08:25:36 +0000 (10:25 +0200)]
execute: explicitly ignore fd_wait_for_event()'s return value

Fixes CID#1402316

5 years agosd-event: explicitly ignore waitipid()'s return value
Frantisek Sumsal [Tue, 1 Oct 2019 08:14:10 +0000 (10:14 +0200)]
sd-event: explicitly ignore waitipid()'s return value

Fixes CID#1393252

5 years agoMerge pull request #13689 from cdown/default_memory_min
Chris Down [Tue, 1 Oct 2019 02:08:15 +0000 (03:08 +0100)]
Merge pull request #13689 from cdown/default_memory_min

cgroup: A bunch of protection-related fixes

5 years agocgroup: Mark memory protections as explicitly set in transient units
Chris Down [Mon, 30 Sep 2019 17:36:13 +0000 (18:36 +0100)]
cgroup: Mark memory protections as explicitly set in transient units

A later version of the DefaultMemory{Low,Min} patch changed these to
require explicitly setting memory_foo_set, but we only set that in
load-fragment, not dbus-cgroup.

Without these, we may fall back to either DefaultMemoryFoo or
CGROUP_LIMIT_MIN when we really shouldn't.