platform/upstream/systemd.git
6 years agoresolve: reject PrivateDNS=yes
Yu Watanabe [Wed, 13 Jun 2018 02:00:52 +0000 (11:00 +0900)]
resolve: reject PrivateDNS=yes

6 years agoresolve: make manager_get_private_dns_mode() always return valid setting
Yu Watanabe [Wed, 13 Jun 2018 01:56:02 +0000 (10:56 +0900)]
resolve: make manager_get_private_dns_mode() always return valid setting

6 years agoresolve: add missing bus property and method
Yu Watanabe [Wed, 13 Jun 2018 01:50:30 +0000 (10:50 +0900)]
resolve: add missing bus property and method

Follow-up for #8849.

6 years agoresolve: do not derive query timeout from RTT
Matthias-Christian Ott [Mon, 11 Jun 2018 18:07:36 +0000 (20:07 +0200)]
resolve: do not derive query timeout from RTT

DNS queries need timeout values to detect whether a DNS server is
unresponsive or, if the query is sent over UDP, whether a DNS message
was lost and has to be resent. The total time that it takes to answer a
query to arrive is t + RTT, where t is the maximum time that the DNS
server that is being queried needs to answer the query.

An authoritative server stores a copy of the zone that it serves in main
memory or secondary storage, so t is very small and therefore the time
that it takes to answer a query is almost entirely determined by the
RTT. Modern authoritative server software keeps its zones in main memory
and, for example, Knot DNS and NSD are able to answer in less than
100 µs [1]. So iterative resolvers continuously measure the RTT to
optimize their query timeouts and to resend queries more quickly if they
are lost.

systemd-resolved is a stub resolver: it forwards DNS queries to an
upstream resolver and waits for an answer. So the time that it takes for
systemd-resolved to answer a query is determined by the RTT and the time
that it takes the upstream resolver to answer the query.

It seems common for iterative resolver software to set a total timeout
for the query. Such total timeout subsumes the timeout of all queries
that the iterative has to make to answer a query. For example, BIND
seems to use a default timeout of 10 s.

At the moment systemd-resolved derives its query timeout entirely from
the RTT and does not consider the query timeout of the upstream
resolver. Therefore it often mistakenly degrades the feature set of its
upstream resolvers if it takes them longer than usual to answer a query.
It has been reported to be a considerable problem in practice, in
particular if DNSSEC=yes. So the query timeout systemd-resolved should
be derived from the timeout of the upstream resolved and the RTT to the
upstream resolver.

At the moment systemd-resolved measures the RTT as the time that it
takes the upstream resolver to answer a query. This clearly leads to
incorrect measurements. In order to correctly measure the RTT
systemd-resolved would have to measure RTT separately and continuously,
for example with a query with an empty question section or a query for
the SOA RR of the root zone so that the upstream resolver would be able
to answer to query without querying another server. However, this
requires significant changes to systemd-resolved. So it seems best to
postpone them until other issues have been addressed and to set the
resend timeout to a fixed value for now.

As mentioned, BIND seems to use a timeout of 10 s, so perhaps 12 s is a
reasonable value that also accounts for common RTT values. If we assume
that the we are going to retry, it could be less. So it should be enough
to set the resend timeout to DNS_TIMEOUT_MAX_USEC as
DNS_SERVER_FEATURE_RETRY_ATTEMPTS * DNS_TIMEOUT_MAX_USEC = 15 s.
However, this will not solve the incorrect feature set degradation and
should be seen as a temporary change until systemd-resolved does
probe the feature set of an upstream resolver independently from the
actual queries.

[1] https://www.knot-dns.cz/benchmark/

6 years agocore: when applying io/blkio per-device rules, don't remove them if they fail
Lennart Poettering [Tue, 12 Jun 2018 17:37:22 +0000 (19:37 +0200)]
core: when applying io/blkio per-device rules, don't remove them if they fail

These devices might show up later, hence leave the rules as they are.
Applying the limits should not alter configuration.

6 years agotree-wide: unify how we define bit mak enums
Lennart Poettering [Thu, 7 Jun 2018 14:03:43 +0000 (16:03 +0200)]
tree-wide: unify how we define bit mak enums

Let's always write "1 << 0", "1 << 1" and so on, except where we need
more than 31 flag bits, where we write "UINT64(1) << 0", and so on to force
64bit values.

6 years agoMerge pull request #8849 from irtimmer/feature/dns-over-tls
Lennart Poettering [Tue, 12 Jun 2018 18:45:39 +0000 (20:45 +0200)]
Merge pull request #8849 from irtimmer/feature/dns-over-tls

resolve: Support for DNS-over-TLS

6 years agoman: document DNS-over-TLS options
Iwan Timmer [Mon, 11 Jun 2018 19:33:57 +0000 (21:33 +0200)]
man: document DNS-over-TLS options

6 years agodoc: more spelling fixes
Michael Biebl [Tue, 12 Jun 2018 14:19:21 +0000 (16:19 +0200)]
doc: more spelling fixes

6 years agoMerge pull request #9270 from mbiebl/typo-fixes
Lennart Poettering [Tue, 12 Jun 2018 14:00:37 +0000 (16:00 +0200)]
Merge pull request #9270 from mbiebl/typo-fixes

NEWS: typo fixes

6 years agodoc: typo fixes, mostly duplicated words
Michael Biebl [Tue, 12 Jun 2018 13:49:37 +0000 (15:49 +0200)]
doc: typo fixes, mostly duplicated words

6 years agoNEWS: typo fixes
Michael Biebl [Tue, 12 Jun 2018 13:41:38 +0000 (15:41 +0200)]
NEWS: typo fixes

6 years agoMerge pull request #9268 from keszybz/news
Lennart Poettering [Tue, 12 Jun 2018 12:58:13 +0000 (14:58 +0200)]
Merge pull request #9268 from keszybz/news

NEWS followup and a small man addition

6 years agoNEWS: mention "bad-setting" load state and other small additions
Zbigniew Jędrzejewski-Szmek [Tue, 12 Jun 2018 12:06:47 +0000 (14:06 +0200)]
NEWS: mention "bad-setting" load state and other small additions

6 years agoNEWS, CODE_QUALITY: wording fixes
Zbigniew Jędrzejewski-Szmek [Tue, 12 Jun 2018 12:06:13 +0000 (14:06 +0200)]
NEWS, CODE_QUALITY: wording fixes

No additions, just moving stuff around and wording cleanups.

6 years agoman: mention that /var/lib/systemd/timesync/clock might have the compilation timestamp
Zbigniew Jędrzejewski-Szmek [Mon, 11 Jun 2018 15:04:08 +0000 (17:04 +0200)]
man: mention that /var/lib/systemd/timesync/clock might have the compilation timestamp

https://bugs.freedesktop.org/show_bug.cgi?id=90085

6 years agotree-wide: drop trailing whitespace
Lennart Poettering [Tue, 12 Jun 2018 10:03:28 +0000 (12:03 +0200)]
tree-wide: drop trailing whitespace

6 years agodoc: extend CODE_QUALITY.md with two more items
Lennart Poettering [Tue, 12 Jun 2018 10:03:13 +0000 (12:03 +0200)]
doc: extend CODE_QUALITY.md with two more items

6 years agoprepare an initial NEWS file for v239
Lennart Poettering [Tue, 12 Jun 2018 10:02:51 +0000 (12:02 +0200)]
prepare an initial NEWS file for v239

6 years agoMerge pull request #9255 from poettering/block-dev-fixes
Zbigniew Jędrzejewski-Szmek [Tue, 12 Jun 2018 10:53:37 +0000 (12:53 +0200)]
Merge pull request #9255 from poettering/block-dev-fixes

some block device handling fixes

6 years agoresolve: make PrivateDNS configurable per link
Iwan Timmer [Fri, 4 May 2018 15:31:16 +0000 (17:31 +0200)]
resolve: make PrivateDNS configurable per link

Like with DNSSec, make PrivateDNS configurable per link, so you can have trusted and untrusted links.

6 years agoresolved: support for DNS-over-TLS
Iwan Timmer [Fri, 27 Apr 2018 15:50:38 +0000 (17:50 +0200)]
resolved: support for DNS-over-TLS

Add support for DNS-over-TLS using GnuTLS. To reduce latency also TLS False Start and TLS session resumption is supported.

6 years agoresolved: TCP fast open connections
Iwan Timmer [Fri, 27 Apr 2018 11:20:31 +0000 (13:20 +0200)]
resolved: TCP fast open connections

Add suport for TCP fast open connection to reduce latency for successive DNS request over TCP

6 years agojournal: forward messages from /dev/log unmodified to syslog.socket
Michal Sekletar [Wed, 30 May 2018 14:27:22 +0000 (16:27 +0200)]
journal: forward messages from /dev/log unmodified to syslog.socket

6 years agoresolved: longlived TCP connections
Iwan Timmer [Sun, 22 Apr 2018 13:23:45 +0000 (15:23 +0200)]
resolved: longlived TCP connections

Keep DNS over TCP connection open until it's closed by the server or after a timeout.

6 years agopid1: do not reset subtree_control on already-existing units with delegation
Zbigniew Jędrzejewski-Szmek [Tue, 29 May 2018 10:19:09 +0000 (12:19 +0200)]
pid1: do not reset subtree_control on already-existing units with delegation

Fixes #8364.

Reproducer:
$ sudo systemd-run -t -p Delegate=yes bash
# mkdir /sys/fs/cgroup/system.slice/run-u6958.service/supervisor
# echo $$ > /sys/fs/cgroup/system.slice/run-u6958.service/supervisor/cgroup.procs
# echo +memory > /sys/fs/cgroup/system.slice/run-u6958.service/cgroup.subtree_control
# cat /sys/fs/cgroup/system.slice/run-u6958.service/cgroup.subtree_control
memory
# systemctl daemon-reload
# cat /sys/fs/cgroup/system.slice/run-u6958.service/cgroup.subtree_control
(empty)

With patch, the last command shows 'memory'.

6 years agotree-wide: use PATH_STARTSWITH_SET() at two more places
Lennart Poettering [Mon, 11 Jun 2018 10:32:37 +0000 (12:32 +0200)]
tree-wide: use PATH_STARTSWITH_SET() at two more places

6 years agocore: rework how we validate DeviceAllow= settings
Lennart Poettering [Mon, 11 Jun 2018 10:22:58 +0000 (12:22 +0200)]
core: rework how we validate DeviceAllow= settings

Let's make sure we don't validate "char-*" and "block-*" expressions as
paths.

6 years agocgroup: relax checks for block device cgroup settings
Lennart Poettering [Mon, 11 Jun 2018 10:19:01 +0000 (12:19 +0200)]
cgroup: relax checks for block device cgroup settings

This drops needless safety checks that ensure we only reference block
devices for blockio/io settings. The backing code was already able to
accept regular file system paths too, in which case the backing device
node of that file system would be used. Hence, let's drop the artificial
restrictions and open up this underlying functionality.

6 years agocgroup: beef up device lookup logic for block devices
Lennart Poettering [Mon, 11 Jun 2018 10:17:32 +0000 (12:17 +0200)]
cgroup: beef up device lookup logic for block devices

Let's chase block devices through btrfs and LUKS like we do elsewhere.

6 years agoblockdev: split out actual DM sysfs code of get_block_device_harder() into function...
Lennart Poettering [Mon, 11 Jun 2018 10:06:27 +0000 (12:06 +0200)]
blockdev: split out actual DM sysfs code of get_block_device_harder() into function of its own

That way we can use it in code that already acquired a dev_t from some
source.

6 years agoblockdev-util: let's initialize return parameter on success
Lennart Poettering [Mon, 11 Jun 2018 10:03:35 +0000 (12:03 +0200)]
blockdev-util: let's initialize return parameter on success

We document the rule that return values >= 0 of functions are supposed
to indicate success, and that in case of success all return parameters
should be initialized. Let's actually do so.

Just a tiny coding style fix-up.

6 years agomeson: also reject shifts that change the sign bit
Zbigniew Jędrzejewski-Szmek [Mon, 11 Jun 2018 11:17:43 +0000 (13:17 +0200)]
meson: also reject shifts that change the sign bit

../src/test/test-sizeof.c: In function ‘main’:
../src/test/test-sizeof.c:70:24: error: result of ‘1 << 31’ requires 33 bits to represent, but ‘int’ only has 32 bits [-Werror=shift-overflow=]
                 X = (1 << 31),
                        ^~
cc1: some warnings being treated as errors

Follow-up for b05ecb8cadd8c32d31b1aabcff4e507bd89b5465.

6 years agobasic/path-util: fix ordering in error message
Zbigniew Jędrzejewski-Szmek [Mon, 11 Jun 2018 12:37:36 +0000 (14:37 +0200)]
basic/path-util: fix ordering in error message

Jun 11 14:29:12 krowka systemd[1]: /etc/systemd/system/workingdir.service:6: = path is not normalizedWorkingDirectory: /../../etc
   ↓
Jun 11 14:32:12 krowka systemd[1]: /etc/systemd/system/workingdir.service:6: WorkingDirectory= path is not normalized: /../../etc

6 years agoMerge pull request #9157 from poettering/unit-config-load-error
Zbigniew Jędrzejewski-Szmek [Mon, 11 Jun 2018 12:37:10 +0000 (14:37 +0200)]
Merge pull request #9157 from poettering/unit-config-load-error

introduce a new "bad-setting" unit load state in order to improve "systemctl status" output when bad settings are used

6 years agoTable is easier to grasp
Bruno Vernay [Thu, 7 Jun 2018 15:38:10 +0000 (17:38 +0200)]
Table is easier to grasp

State goes in CONFIG for users

3rd review

6 years agoMerge pull request #9185 from marckleinebudde/can
Lennart Poettering [Mon, 11 Jun 2018 10:58:55 +0000 (12:58 +0200)]
Merge pull request #9185 from marckleinebudde/can

networkd: add support to configure CAN devices

6 years agoAdd counter for socket unit refuse events (#9217)
xginn8 [Mon, 11 Jun 2018 10:56:26 +0000 (06:56 -0400)]
Add counter for socket unit refuse events (#9217)

core: add counter for socket unit rejection events

6 years agocore: add a couple of more error cases that should result in "bad-setting"
Lennart Poettering [Fri, 1 Jun 2018 16:06:54 +0000 (18:06 +0200)]
core: add a couple of more error cases that should result in "bad-setting"

This changes a number of EINVAL cases to ENOEXEC, so that we enter
"bad-setting" state if they fail.

6 years agosystemctl: load_error is a string, don't compare it with 0
Lennart Poettering [Fri, 1 Jun 2018 15:55:50 +0000 (17:55 +0200)]
systemctl: load_error is a string, don't compare it with 0

Using isempty() is nicer anyway.

6 years agocore: introduce a new load state "bad-setting"
Lennart Poettering [Fri, 1 Jun 2018 15:46:01 +0000 (17:46 +0200)]
core: introduce a new load state "bad-setting"

Since bb28e68477a3a39796e4999a6cbc6ac6345a9159 parsing failures of
certain unit file settings will result in load failures of units. This
introduces a new load state "bad-setting" that is entered in precisely
this case.

With this addition error messages on bad settings should be a lot more
explicit, as we don't have to show some generic "errno" error in that
case, but can explicitly say that a bad setting is at fault.

Internally this unit load state is entered as soon as any configuration
loader call returns ENOEXEC. Hence: config parser calls should return
ENOEXEC now for such essential unit file settings. Turns out, they
generally already do.

Fixes: #9107

6 years agoman: don't mention "stub" and "merged" unit load states
Lennart Poettering [Fri, 1 Jun 2018 15:43:16 +0000 (17:43 +0200)]
man: don't mention "stub" and "merged" unit load states

These states should never be visible to the outside, as they are used
only internally while loading unit. Hence let's drop them from the
documentation.

6 years agocore: rework manager_load_startable_unit_or_warn() on top of unit_validate_load_state()
Lennart Poettering [Fri, 1 Jun 2018 15:37:20 +0000 (17:37 +0200)]
core: rework manager_load_startable_unit_or_warn() on top of unit_validate_load_state()

These functions do very similar work, let's unify common code.

6 years agocore: use bus_unit_validate_load_state() for generating LoadError unit bus property
Lennart Poettering [Fri, 1 Jun 2018 15:32:54 +0000 (17:32 +0200)]
core: use bus_unit_validate_load_state() for generating LoadError unit bus property

The load_error is only valid in some load_state cases, lets generate
prettier messages for other cases too, by reusing the
bus_unit_validate_load_state() call which does jus that.

Clients (such as systemctl) ignored LoadError unles LoadState was
"error" before. With this change they could even show LoadError in other
cases and it would show a useful name.

6 years agocore: rename (and modernize) bus_unit_check_load_state() → bus_unit_validate_load_state()
Lennart Poettering [Fri, 1 Jun 2018 15:30:43 +0000 (17:30 +0200)]
core: rename (and modernize) bus_unit_check_load_state() → bus_unit_validate_load_state()

Let's use a switch() statement, cover more cases with pretty messages.
Also let's rename it to "validate", as that's more specific that
"check", as it implies checking for a "valid"/"good" state, which is
what this function does.

6 years agoMerge pull request #9246 from keszybz/ellipsize-invalid-mem-ref
Lennart Poettering [Mon, 11 Jun 2018 10:52:38 +0000 (12:52 +0200)]
Merge pull request #9246 from keszybz/ellipsize-invalid-mem-ref

Fix invalid memory reference in ellipsize_mem()

6 years agoresolved: rework NSEC covering tests
Lennart Poettering [Fri, 8 Jun 2018 17:29:05 +0000 (19:29 +0200)]
resolved: rework NSEC covering tests

This makes two changes: first of all we will now explicitly check
whether a domain to test against an NSEC record is actually below the
signer's name. This is relevant for NSEC records that chain up the end
and the beginning of a zone: we shouldn't alow that NSEC record to match
against domains outside of the zone.

This also fixes how we handle NSEC checks for domains that are prefixes
of the NSEC RR domain itself, fixing #8164 which triggers this specific
case. The non-wildcard NSEC check is simplified for that, we can
directly make our between check, there's no need to find the "Next
Closer" first, as the between check should not be affected by additional
prefixes. For the wild card NSEC check we'll prepend the asterisk in
this case to the NSEC RR itself to make a correct check.

Fixes: #8164

6 years agobasic/format-table: remove parameter with constant value
Zbigniew Jędrzejewski-Szmek [Mon, 11 Jun 2018 07:57:05 +0000 (09:57 +0200)]
basic/format-table: remove parameter with constant value

6 years agobasic/ellipsize: do not assume the string is NUL-terminated when length is given
Zbigniew Jędrzejewski-Szmek [Sat, 9 Jun 2018 11:41:44 +0000 (13:41 +0200)]
basic/ellipsize: do not assume the string is NUL-terminated when length is given

oss-fuzz flags this as:

==1==WARNING: MemorySanitizer: use-of-uninitialized-value

0. 0x7fce77519ca5 in ascii_is_valid systemd/src/basic/utf8.c:252:9
1. 0x7fce774d203c in ellipsize_mem systemd/src/basic/string-util.c:544:13
2. 0x7fce7730a299 in print_multiline systemd/src/shared/logs-show.c:244:37
3. 0x7fce772ffdf3 in output_short systemd/src/shared/logs-show.c:495:25
4. 0x7fce772f5a27 in show_journal_entry systemd/src/shared/logs-show.c:1077:15
5. 0x7fce772f66ad in show_journal systemd/src/shared/logs-show.c:1164:29
6. 0x4a2fa0 in LLVMFuzzerTestOneInput systemd/src/fuzz/fuzz-journal-remote.c:64:21
...

I didn't reproduce the issue, but this looks like an obvious error: the length
is specified, so we shouldn't use the string with any functions for normal
C-strings.

6 years agomeson: add fuzz regressions to list
Zbigniew Jędrzejewski-Szmek [Mon, 11 Jun 2018 08:02:49 +0000 (10:02 +0200)]
meson: add fuzz regressions to list

Apparently I haven't been very good at remembering to do this.

6 years agoMerge pull request #9253 from yuwata/fix-timezone_is_valid
Zbigniew Jędrzejewski-Szmek [Mon, 11 Jun 2018 07:12:21 +0000 (09:12 +0200)]
Merge pull request #9253 from yuwata/fix-timezone_is_valid

util-lib: reject too long path for timedate_is_valid()

6 years agofuzz: add testcase for issue 8827
Yu Watanabe [Mon, 11 Jun 2018 03:39:59 +0000 (12:39 +0900)]
fuzz: add testcase for issue 8827

6 years agoutil-lib: reject too long path for timedate_is_valid()
Yu Watanabe [Mon, 11 Jun 2018 03:31:02 +0000 (12:31 +0900)]
util-lib: reject too long path for timedate_is_valid()

This should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8827.

6 years agomeson: do not allow bit-shift overflows
Zbigniew Jędrzejewski-Szmek [Sat, 9 Jun 2018 11:12:52 +0000 (13:12 +0200)]
meson: do not allow bit-shift overflows

The primary motivation is to catch enum values created through a shift that is
too big:

../src/test/test-sizeof.c:26:29: error: left shift count >= width of type [-Werror=shift-count-overflow]
         enum_with_shift = 1 << 32,
                             ^~
cc1: some warnings being treated as errors

The compiler will now reject those.

This is an alternative to #9224.

6 years agonetworkd-link: add support to configure CAN interfaces
Hiram van Paassen [Tue, 10 Apr 2018 15:26:20 +0000 (17:26 +0200)]
networkd-link: add support to configure CAN interfaces

This patch adds support for kind "can". Fixes: #4042.

6 years agonetworkd-link: link_up_can(): move function upwards
Marc Kleine-Budde [Wed, 30 May 2018 14:31:59 +0000 (16:31 +0200)]
networkd-link: link_up_can(): move function upwards

This patch is a preparation patch, to avoid forward declarations in the
next patch.

6 years agonetworkd-link: link_configure(); factor out link_configure_can() into separate function
Marc Kleine-Budde [Wed, 30 May 2018 09:47:23 +0000 (11:47 +0200)]
networkd-link: link_configure(); factor out link_configure_can() into separate function

6 years agoconf-parser: add config_parse_permille()
Marc Kleine-Budde [Tue, 5 Jun 2018 14:08:29 +0000 (16:08 +0200)]
conf-parser: add config_parse_permille()

6 years agoparse-util: add permille parser + tests
Marc Kleine-Budde [Tue, 5 Jun 2018 13:15:33 +0000 (15:15 +0200)]
parse-util: add permille parser + tests

6 years agobasic/utf8: add ascii_is_valid_n()
Zbigniew Jędrzejewski-Szmek [Sat, 9 Jun 2018 11:41:24 +0000 (13:41 +0200)]
basic/utf8: add ascii_is_valid_n()

6 years agoMerge pull request #9240 from poettering/ds-validate
Lennart Poettering [Fri, 8 Jun 2018 18:44:01 +0000 (20:44 +0200)]
Merge pull request #9240 from poettering/ds-validate

resolved: fix DNSKEY validation by DS RR

6 years agomymachines: fix getgrnam()
Ivan Shapovalov [Fri, 8 Jun 2018 12:09:44 +0000 (15:09 +0300)]
mymachines: fix getgrnam()

getgrnam() was returning input gid instead of the mapped one. Fix that.

6 years agonetworkd: tunnel ignore wrong conf rather than assert
Susant Sahani [Fri, 8 Jun 2018 12:32:21 +0000 (18:02 +0530)]
networkd: tunnel ignore wrong conf rather than assert

Closes #9234

6 years agoresolved: fix typo in macro name
Zbigniew Jędrzejewski-Szmek [Fri, 8 Jun 2018 14:05:18 +0000 (16:05 +0200)]
resolved: fix typo in macro name

6 years agoanalyze: use _cleanup_ for struct unit_times
Filipe Brandenburger [Wed, 6 Jun 2018 16:43:37 +0000 (09:43 -0700)]
analyze: use _cleanup_ for struct unit_times

This introduces a has_data boolean field in struct unit_files which can
be used to detect the end of the array.

Use a _cleanup_ for struct unit_files in acquire_time_data and its
callers. Code for acquire_time_data is also simplified by replacing
goto's with straight returns.

Tested: By running the commands below, also checking them under valgrind.
  - build/systemd-analyze blame
  - build/systemd-analyze critical-chain
  - build/systemd-analyze plot

Fixes: Coverity finding CID 996464.

6 years agoresolved: use Oxford comma at once place
Lennart Poettering [Fri, 8 Jun 2018 13:41:37 +0000 (15:41 +0200)]
resolved: use Oxford comma at once place

As suggested by @keszybz in https://github.com/systemd/systemd/pull/9235#pullrequestreview-127150950

6 years agotest: add www.dnssec-bogus.sg to list of domains to test in DNSSEC complex test
Lennart Poettering [Fri, 8 Jun 2018 13:38:56 +0000 (15:38 +0200)]
test: add dnssec-bogus.sg to list of domains to test in DNSSEC complex test

6 years agoresolved: fix DNSKEY validation against DS
Lennart Poettering [Fri, 8 Jun 2018 13:37:49 +0000 (15:37 +0200)]
resolved: fix DNSKEY validation against DS

Let's use the wireformat name, not the text version.

Fixes: #8901

6 years agoMerge pull request #9221 from poettering/bus-track-destroy
Zbigniew Jędrzejewski-Szmek [Fri, 8 Jun 2018 13:35:45 +0000 (15:35 +0200)]
Merge pull request #9221 from poettering/bus-track-destroy

add sd_bus_track and sd_event_source destroy callbacks too

6 years agoresolved: whenever a link starts/stops being relevant flush global DNS caches
Lennart Poettering [Fri, 8 Jun 2018 10:04:49 +0000 (12:04 +0200)]
resolved: whenever a link starts/stops being relevant flush global DNS caches

Let's add some protection for split horizon setups, where different
zones are visible on the same global DNS servers depending on where you
come from.

Fixes: #9196

6 years agoscsi_id: use _cleanup_free_ on buffer allocated by get_file_options
Filipe Brandenburger [Thu, 7 Jun 2018 21:32:07 +0000 (14:32 -0700)]
scsi_id: use _cleanup_free_ on buffer allocated by get_file_options

This simplifies the code a bit and hopefully fixes Coverity finding
CID 1382966. There was not actually a resource leak here (Coverity
seemed to be confused by thinking log_oom() could actually return 0),
but the fix doesn't hurt and should make this code more resilient to
future refactorings.

Tested: builds fine, manually called scsi_id, seems to work ok.

6 years agoresolved: document .local domain routing a bit more in detail
Lennart Poettering [Fri, 8 Jun 2018 09:36:11 +0000 (11:36 +0200)]
resolved: document .local domain routing a bit more in detail

Inspired by the discussions in #8851, even though the issue appears to
be entirely unrelated to the .local domain in the end.

6 years agoMerge pull request #9213 from poettering/copy-mount
Lennart Poettering [Fri, 8 Jun 2018 10:09:23 +0000 (12:09 +0200)]
Merge pull request #9213 from poettering/copy-mount

copy() mount detection fixes

6 years agolldp: check that lldp neighbor raw data size is in expected range
Filipe Brandenburger [Thu, 7 Jun 2018 20:46:32 +0000 (13:46 -0700)]
lldp: check that lldp neighbor raw data size is in expected range

This fixes an insecure use of tainted data as argument to functions that
allocate memory and read from files, which could be tricked into getting
networkctl to allocate a large amount of memory and fill it with file
data.

This was uncovered by Coverity. Fixes CID 1393254.

6 years agonetworkd: add missing _cleanup_ in prefix_new
Filipe Brandenburger [Thu, 7 Jun 2018 21:37:30 +0000 (14:37 -0700)]
networkd: add missing _cleanup_ in prefix_new

This should fix a leak of the allocated Prefix if sd_radv_prefix_new
fails for some reason.

The code was already initializing prefix to NULL and using TAKE_PTR to
return it, so only the _cleanup_ was missing.

Fixes Coverity finding CID 1382976.

6 years agoudev-builtin-usb_id: Check full range of size returned by read()
Filipe Brandenburger [Thu, 7 Jun 2018 21:11:51 +0000 (14:11 -0700)]
udev-builtin-usb_id: Check full range of size returned by read()

This shouldn't be necessary, since read() should never return a size
larger than the size of the buffer passed in, but Coverity doesn't seem
to understand that.

We could possibly fix this with a model file for Coverity, but given
changing the code is not that much of a biggie, let's just do that
instead.

Fixes CID 996458: Overflowed or truncated value (or a value computed
from an overflowed or truncated value) `pos` used as array index.

Tested: `ninja -C build/ test`, builds without warnings, test cases pass.

6 years agoudev: fix usage of udev_device_new_from_stat_rdev() in journalctl
Filipe Brandenburger [Thu, 7 Jun 2018 20:07:56 +0000 (13:07 -0700)]
udev: fix usage of udev_device_new_from_stat_rdev() in journalctl

The refactor in #9200 inadvertently dropped the variable assignment to
traverse the device and its hierarchy in add_matches_for_device().

This was uncovered by Coverity (CID #1393310).

Fix that by restoring the assignment.

Tested: `journalctl /dev/sda` now filters journalctl output again.

6 years agoMerge pull request #9218 from systemd/finalize-coverity
Zbigniew Jędrzejewski-Szmek [Thu, 7 Jun 2018 18:47:45 +0000 (20:47 +0200)]
Merge pull request #9218 from systemd/finalize-coverity

coverity.sh: check that coverity responds with 200

6 years agoREADME.md: embed the Travis CI badge
Evegeny Vereshchagin [Thu, 7 Jun 2018 17:53:43 +0000 (17:53 +0000)]
README.md: embed the Travis CI badge

It should make it easier to keep track of the status
of daily cron jobs uploading data to Coverity Scan.

6 years agotravis: stop sending notifications to the authors of randomly chosen commits
Evegeny Vereshchagin [Thu, 7 Jun 2018 17:51:01 +0000 (17:51 +0000)]
travis: stop sending notifications to the authors of randomly chosen commits

6 years agocoverity.sh: check that coverity responds with 200
Evegeny Vereshchagin [Tue, 5 Jun 2018 06:31:41 +0000 (06:31 +0000)]
coverity.sh: check that coverity responds with 200

This is mostly inspired by https://github.com/pmem/pmdk/commit/7b103fd2dd54b2e5974f71fb65c81ab3713c12c5

Closes https://github.com/systemd/systemd/issues/9186.

6 years agoupdate TODO
Lennart Poettering [Thu, 7 Jun 2018 16:20:04 +0000 (18:20 +0200)]
update TODO

6 years agoupdate TODO
Lennart Poettering [Thu, 7 Jun 2018 15:35:58 +0000 (17:35 +0200)]
update TODO

The three ancient entries marked "bugfixes" are already fixed (in two
cases), or are not really bugs (in the other case). Let's clean this up
a bit.

6 years agoMerge pull request #9200 from poettering/device-state-fix
Lennart Poettering [Thu, 7 Jun 2018 15:04:57 +0000 (17:04 +0200)]
Merge pull request #9200 from poettering/device-state-fix

core: rework device state serialization/enumeration

6 years agoMerge pull request #9165 from ssahani/networkd-netdevsim
Lennart Poettering [Thu, 7 Jun 2018 14:56:32 +0000 (16:56 +0200)]
Merge pull request #9165 from ssahani/networkd-netdevsim

networkd: introduce netdev "Netdevsim" Driver

6 years agoCODING_STYLE: allow c99-style mixed code and declarations
Zbigniew Jędrzejewski-Szmek [Thu, 7 Jun 2018 13:08:02 +0000 (15:08 +0200)]
CODING_STYLE: allow c99-style mixed code and declarations

We already allowed variables to be declared in the middle of a function
(whenever a new scope was opened), so this isn't such a big change. Sometimes
we would open a scope just to work around this prohibition.

But sometimes the code can be much clearer if the variable is declared
somewhere in the middle of a scope, in particular if the declaration is
combined with initialization or acquisition of some resources. So let's allow
this, but keep things in the old style, unless there's a good reason to move
the variable declaration to a different place.

6 years agoMerge pull request #9222 from poettering/code-quality-docs
Zbigniew Jędrzejewski-Szmek [Thu, 7 Jun 2018 14:30:56 +0000 (16:30 +0200)]
Merge pull request #9222 from poettering/code-quality-docs

let's document the code quality tools we have set up

6 years agoHACKING: link up CODE_QUALITY.md
Lennart Poettering [Thu, 7 Jun 2018 14:26:00 +0000 (16:26 +0200)]
HACKING: link up CODE_QUALITY.md

6 years agodoc: add a list of code quality tools we have set up
Lennart Poettering [Thu, 7 Jun 2018 13:07:23 +0000 (15:07 +0200)]
doc: add a list of code quality tools we have set up

Also, as a reminder all of these exist to myself.

6 years agotools: make various scripts find the top-levle git dir automatically
Lennart Poettering [Thu, 7 Jun 2018 13:07:14 +0000 (15:07 +0200)]
tools: make various scripts find the top-levle git dir automatically

6 years agoupdate TODO
Lennart Poettering [Mon, 4 Jun 2018 19:00:44 +0000 (21:00 +0200)]
update TODO

6 years agoswap: trivial log message improvements
Lennart Poettering [Tue, 5 Jun 2018 18:57:08 +0000 (20:57 +0200)]
swap: trivial log message improvements

6 years agocore: be a bit stricter when validating SYSTEMD_ALIAS udev props
Lennart Poettering [Tue, 5 Jun 2018 18:47:26 +0000 (20:47 +0200)]
core: be a bit stricter when validating SYSTEMD_ALIAS udev props

6 years agotree-wide: fix a number of log calls that use %m but have no errno set
Lennart Poettering [Tue, 5 Jun 2018 18:18:47 +0000 (20:18 +0200)]
tree-wide: fix a number of log calls that use %m but have no errno set

This is mostly fall-out from d1a1f0aaf0d2f08c60d1e0d32e646439d99f58dc,
however some cases are older bugs.

There might be more issues lurking, this was a simple grep for "%m"
across the tree, with all lines removed that mention "errno" at all.

6 years agocore: enumerate perpetual units in a separate per-unit-type method
Lennart Poettering [Tue, 5 Jun 2018 16:26:45 +0000 (18:26 +0200)]
core: enumerate perpetual units in a separate per-unit-type method

Previously the enumerate() callback defined for each unit type would do
two things:

1. It would create perpetual units (i.e. -.slice, system.slice, -.mount and
   init.scope)

2. It would enumerate units from /proc/self/mountinfo, /proc/swaps and
   the udev database

With this change these two parts are split into two seperate methods:
enumerate() now only does #2, while enumerate_perpetual() is responsible
for #1. Why make this change? Well, perpetual units should have a
slightly different effect that those found through enumeration: as
perpetual units should be up unconditionally, perpetually and thus never
change state, they should also not pull in deps by their state changing,
not even when the state is first set to active. Thus, their state is
generally initialized through the per-device coldplug() method in
similar  fashion to the deserialized state from a previous run would be
put into place. OTOH units found through regular enumeration should
result in state changes (and thus pull in deps due to state changes),
hence their state should be put in effect in the catchup() method
instead. Hence, given this difference, let's also separate the
functions, so that the rule is:

1. What is created in enumerate_perpetual() should be started in
   coldplug()

2. What is created in enumerate() should be started in catchup().

6 years agocore: tighten when we unset the sysfs path of device units
Lennart Poettering [Tue, 5 Jun 2018 16:09:27 +0000 (18:09 +0200)]
core: tighten when we unset the sysfs path of device units

Make sure that whenever we enter "dead" state we unset the sysfs path,
not just when we are changing to it due to "found" mask changes.

6 years agocore: rework how device units get set up
Lennart Poettering [Tue, 5 Jun 2018 15:28:32 +0000 (17:28 +0200)]
core: rework how device units get set up

This reworks how device units are "powered on".

This makes sure that any device changes that might have happened while
we were restarting/reloading will be noticed properly. For that we'll
now properly serialize/deserialize both the device unit state and the
device "found" flags, and restore these initially in the "coldplug"
phase of the manager deserialization. While enumerating the udev devices
during startup we'll put together a new "found" flags mask, which we'll
the switch to in the "catchup" phase of the manager deserialization,
which follows the "coldplug" phase.

Note that during the "coldplug" phase no unit state change events are
generated, which is different for the "catchall" phase which will do
that. Thus we correctly make sure that the deserialized state won't pull
in new deps, but any device's change while we were reloading would.

Fixes: #8832
Replaces: #8675

6 years agodevice: simplify device_found_to_string_many() a tiny bit
Lennart Poettering [Tue, 5 Jun 2018 15:22:11 +0000 (17:22 +0200)]
device: simplify device_found_to_string_many() a tiny bit

No need to maintain a NULL marker at the end of the table if we know the
size of the array anyway.

6 years agocore: add a new unit method "catchup()"
Lennart Poettering [Tue, 5 Jun 2018 14:53:22 +0000 (16:53 +0200)]
core: add a new unit method "catchup()"

This is very similar to the existing unit method coldplug() but is
called a bit later. The idea is that that coldplug() restores the unit
state from before any prior reload/restart, i.e. puts the deserialized
state in effect. The catchup() call is then called a bit later, to
catch up with the system state for which we missed notifications while
we were reloading. This is only really useful for mount, swap and device
mount points were we should be careful to generate all missing unit
state change events (i.e. call unit_notify() appropriately) for
everything that happened while we were reloading.

6 years agocore: use safe_fclose() where appropriate
Lennart Poettering [Mon, 4 Jun 2018 21:05:39 +0000 (23:05 +0200)]
core: use safe_fclose() where appropriate