This repository was archived by the owner on Nov 15, 2025. It is now read-only.
Sync v245-flatcar branch to v245.8
#4
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Entries in the completion lists are reordered to follow --help output: this makes it much easier to see what is missing. (cherry picked from commit 8f0a346) [zjs: drop "reboot-to-firmware"]
Closes systemd#15786. (cherry picked from commit 50254f5)
(cherry picked from commit c4473de)
Fixes systemd#15521. (cherry picked from commit 9f83091)
This might fix systemd#15859, a bug which I find very puzzling. (cherry picked from commit 75f6d5d)
(cherry picked from commit 132be2b)
Dropins may specify SourcePath= too, but we would do the stat only after loading the main fragment, before loading of the drop-ins. Fixes systemd#13634. (cherry picked from commit c9e0695)
(cherry picked from commit 5aca2e6)
To make Driver= in [Match] section work in containers. Note that ID_NET_DRIVER= property in udev database is set with the result of the ethtool. So, this should not change anything for non-container cases. Closes systemd#15678. (cherry picked from commit c643bda)
Based on an internal discussion whether emergency.target should remount disks ro, or maybe remount them rw, or do nothing. In some cases people want to boot ro, and always remounting rw would break that. In other cases, remounting disks ro after they have already been mounted rw is mostly pointless and might even not be possible. So let's just document that we don't change the state. Also: any→other, since emergency.service *is* pulled in. Also: just advertise "emergency" as the way to boot into the target. We are not going to remove this option, and it's way easier to type than "systemd.unit=emergency.target". (cherry picked from commit 927b9b8)
Since this has been changed in: systemd@6e2f789, the change should be synchronized. (cherry picked from commit 168561f)
…protocol provide an address Before this, to speed up the system boot with IPv4 only network, we need to specify `IPv6AcceptRA=no`, as it is enabled by default. Closes systemd#15469. (cherry picked from commit 3cd5924)
glibc 2.31 strips the AD flag, unless either the application specifies RES_TRUSTAD or the options in resolv.conf contain trust-ad. See https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=NEWS;hb=HEAD (cherry picked from commit a742f98)
On my laptop (Lenovo X1carbo 4th) I very occasionally see test-boot-timestamps fail with this tb: 262/494 test-boot-timestamps FAIL 0.7348453998565674 s (killed by signal 6 SIGABRT) 08:12:48 SYSTEMD_LANGUAGE_FALLBACK_MAP='/home/zbyszek/src/systemd/src/locale/language-fallback-map' SYSTEMD_KBD_MODEL_MAP='/home/zbyszek/src/systemd/src/locale/kbd-model-map' PATH='/home/zbyszek/src/systemd/build:/home/zbyszek/.local/bin:/usr/lib64/qt-3.3/bin:/usr/share/Modules/bin:/usr/condabin:/usr/lib64/ccache:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/home/zbyszek/bin:/var/lib/snapd/snap/bin' /home/zbyszek/src/systemd/build/test-boot-timestamps --- stderr --- Failed to read $container of PID 1, ignoring: Permission denied Found container virtualization none. Failed to get SystemdOptions EFI variable, ignoring: Interrupted system call Failed to read ACPI FPDT: Permission denied Failed to read LoaderTimeInitUSec: Interrupted system call Failed to read EFI loader data: Interrupted system call Assertion 'q >= 0' failed at src/test/test-boot-timestamps.c:84, function main(). Aborting. Normally it takes ~0.02s, but here there's a slowdown to 0.73 and things fail with EINTR. This happens only occasionally, and I haven't been able to capture a strace. It would be to ignore that case in test-boot-timestamps or always translate EINTR to -ENODATA. Nevertheless, I think it's better to retry, since this gives as more resilient behaviour and avoids a transient failure. See https://github.com/torvalds/linux/blob/master/fs/efivarfs/file.c#L75 and torvalds/linux@bef3efb. (cherry picked from commit 7229ec0)
…ions EFI var due to SecureBoot Fixes: systemd#14864 (cherry picked from commit 484f4e5)
Fixup for 484f4e5. Should fix systemd#15730. (cherry picked from commit a0fa268)
This should allow us to detect slowdowns caused by EFI variable read access a bit. (cherry picked from commit 698564d)
This is a safey net anyway, let's make it fully safe: if the data ends on an uneven byte, then we need to complete the UTF-16 codepoint first, before adding the final NUL byte pair. Hence let's suffix with three NULs, instead of just two. (cherry picked from commit c75e7da)
(cherry picked from commit d197c40)
(cherry picked from commit 8419064)
Quoting systemd#14828 (comment): > [kernel uses] msleep_interruptible() and that means when the process receives > any kind of signal masked or not this will abort with EINTR. systemd-logind > gets signals from the TTY layer all the time though. > Here's what might be happening: while logind reads the EFI stuff it gets a > series of signals from the TTY layer, which causes the read() to be aborted > with EINTR, which means logind will wait 50ms and retry. Which will be > aborted again, and so on, until quite some time passed. If we'd not wait for > the 50ms otoh we wouldn't wait so long, as then on each signal we'd > immediately retry again. (cherry picked from commit eee9b30)
Cache it early in startup of the system manager, right after `/run/systemd` is created, so that further access to it can be done without accessing the EFI filesystem at all. (cherry picked from commit 209b259)
(cherry picked from commit ce51632)
This allows disabling a few alternative ways to decode integers formatted as strings, for safety reasons. See: systemd#15991 (cherry picked from commit 707e93a)
Let's allow "-0" as alternative to "+0" and "0" when parsing integers, unless the new SAFE_ATO_REFUSE_PLUS_MINUS flag is specified. In cases where allowing the +/- syntax shall not be allowed SAFE_ATO_REFUSE_PLUS_MINUS is the right flag to use, but this also means that -0 as only negative integer that fits into an unsigned value should be acceptable if the flag is not specified. (cherry picked from commit c78eefc)
All other safe_atoXYZ_full() functions have the parameter optional, let's make it optoinal here, too. (cherry picked from commit aa85e4d)
Parsing is hard, hence let's use our own careful wrappers wherever possible. (cherry picked from commit c44702a)
Let's refuse "+" and "-" prefixed UIDs. Let's refuse whitespace-prefixed UIDS, Let's refuse zero-prefixed UIDs. Let's be safe than sorry. (cherry picked from commit f5979b6)
We already do this for socket and automount units, do it for path units too: if the triggered service keeps hitting the start limit, then fail the triggering unit too, so that we don#t busy loop forever. (Note that this leaves only timer units out in the cold for this kind of protection, but it shouldn't matter there, as they are naturally protected against busy loops: they are scheduled by time anyway). Fixes: systemd#16669 (cherry picked from commit 47ab8f7) (cherry picked from commit 689d2e0)
By settings AI_ADDRCONFIG in hints we cannot for example resolve "localhost" when the local machine only has a loopback interface. This seems like an unnecessary restriction, drop it. Inspired by https://bugzilla.redhat.com/show_bug.cgi?id=1839007. (cherry picked from commit d0e5db4) (cherry picked from commit 5e8bf33)
Different systems use different paths for it and users are confused when the man page has a path different than the one on the local system. https://bugzilla.redhat.com/show_bug.cgi?id=1876905 (cherry picked from commit c2ee27a) (cherry picked from commit 9353607)
…ary arch Let's suppress the secondary arch data, since we never ever want to mount it if we found the primary arch. Previously we only suppressed in the Verity case, but there's little reason to entertain the idea of a secondary arch in non-Verity environments either, we are not going to use them, and should not do decryption or anything like that. (cherry picked from commit 74cb2db) (cherry picked from commit 418cf0e)
When exiting, let's explicitly wait for our worker processes to finish first. That's useful if unmounting of /home/ is scheduled to happen right after homed is down, as we then can be sure that the home directories are properly unmounted and detached by the time homed is fully terminated (otherwise it might happen that our worker gets killed by the service manager, thus leaving the home directory and its backing devices up/left for auto-clean which might be async). Likely fixes systemd#16842 (cherry picked from commit 9796a9f) (cherry picked from commit e1df274)
…ck-device is not supported The directory backend needs a file system path, and not a raw block device. That's only supported for the LUKS2 backend. Let's make this clearer in the man page and also generate a better error message if attempted anyway. Fixes: systemd#17068 (cherry picked from commit f9d525a) (cherry picked from commit a2a8802)
I happen to have a machine where /boot is not a separate mountpoint, but rather just a directory under /. After upgrade to recent Fedora, I found out that grub2 can't find any new kernels. This happens because loadentry script generates kernel and initrd file paths relative to /boot, while grub2 expects path to be relative to the root of filesystem on which they are residing. This commit fixes this issue by using stat's %m to find the mount point of a partition holding the images, and using it as a prefix to be removed from ENTRY_DIR_ABS. Note that %m for stat requires coreutils 8.6, released in Oct 2010. Signed-off-by: Kir Kolyshkin <[email protected]> (cherry picked from commit 1cdbff1) (cherry picked from commit 2ee1c57)
systemd-stable v245.8
|
Maybe we can switch v245 ebuild file to the patch-file style as done for the v246 ebuild file? |
pothos
added a commit
to flatcar-archive/coreos-overlay
that referenced
this pull request
Nov 16, 2020
This pulls in kinvolk/systemd#4 from the new repository, thus it only works with the new manifest templates.
iaguis
pushed a commit
that referenced
this pull request
Nov 26, 2020
This lets the libc/xcrypt allocate as much storage area as it needs. Should fix systemd#16965: testsuite-46.sh[74]: ==74==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f3e972e1080 at pc 0x7f3e9be8deed bp 0x7ffce4f28530 sp 0x7ffce4f27ce0 testsuite-46.sh[74]: WRITE of size 131232 at 0x7f3e972e1080 thread T0 testsuite-46.sh[74]: #0 0x7f3e9be8deec (/usr/lib/clang/10.0.1/lib/linux/libclang_rt.asan-x86_64.so+0x9feec) testsuite-46.sh[74]: #1 0x559cd05a6412 in user_record_make_hashed_password /systemd-meson-build/../build/src/home/user-record-util.c:818:21 testsuite-46.sh[74]: #2 0x559cd058fb03 in create_home /systemd-meson-build/../build/src/home/homectl.c:1112:29 testsuite-46.sh[74]: #3 0x7f3e9b5b3058 in dispatch_verb /systemd-meson-build/../build/src/shared/verbs.c:103:24 testsuite-46.sh[74]: #4 0x559cd058c101 in run /systemd-meson-build/../build/src/home/homectl.c:3325:16 testsuite-46.sh[74]: #5 0x559cd058c00a in main /systemd-meson-build/../build/src/home/homectl.c:3328:1 testsuite-46.sh[74]: #6 0x7f3e9a88b151 in __libc_start_main (/usr/lib/libc.so.6+0x28151) testsuite-46.sh[74]: #7 0x559cd0583e7d in _start (/usr/bin/homectl+0x24e7d) testsuite-46.sh[74]: Address 0x7f3e972e1080 is located in stack of thread T0 at offset 32896 in frame testsuite-46.sh[74]: #0 0x559cd05a60df in user_record_make_hashed_password /systemd-meson-build/../build/src/home/user-record-util.c:789 testsuite-46.sh[74]: This frame has 6 object(s): testsuite-46.sh[74]: [32, 40) 'priv' (line 790) testsuite-46.sh[74]: [64, 72) 'np' (line 791) testsuite-46.sh[74]: [96, 104) 'salt' (line 809) testsuite-46.sh[74]: [128, 32896) 'cd' (line 810) testsuite-46.sh[74]: [33152, 33168) '.compoundliteral' <== Memory access at offset 32896 partially underflows this variable testsuite-46.sh[74]: [33184, 33192) 'new_array' (line 832) <== Memory access at offset 32896 partially underflows this variable testsuite-46.sh[74]: HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork testsuite-46.sh[74]: (longjmp and C++ exceptions *are* supported) testsuite-46.sh[74]: SUMMARY: AddressSanitizer: stack-buffer-overflow (/usr/lib/clang/10.0.1/lib/linux/libclang_rt.asan-x86_64.so+0x9feec) It seems 'struct crypt_data' is 32896 bytes, but libclang_rt wants more, at least 33168?
pothos
added a commit
to flatcar-archive/coreos-overlay
that referenced
this pull request
Dec 3, 2020
This pulls in kinvolk/systemd#4 from the new repository, thus it only works with the new manifest templates.
mauriciovasquezbernal
pushed a commit
that referenced
this pull request
May 18, 2021
C.f. 9793530. We'd crash when trying to access an already-deallocated object: Thread no. 1 (7 frames) #2 log_assert_failed_realm at ../src/basic/log.c:844 #3 event_inotify_data_drop at ../src/libsystemd/sd-event/sd-event.c:3035 #4 source_dispatch at ../src/libsystemd/sd-event/sd-event.c:3250 #5 sd_event_dispatch at ../src/libsystemd/sd-event/sd-event.c:3631 #6 sd_event_run at ../src/libsystemd/sd-event/sd-event.c:3689 #7 sd_event_loop at ../src/libsystemd/sd-event/sd-event.c:3711 systemd#8 run at ../src/home/homed.c:47 The source in question is an inotify source, and the messages are: systemd-homed[1340]: /home/ moved or renamed, recreating watch and rescanning. systemd-homed[1340]: Assertion '*_head == _item' failed at src/libsystemd/sd-event/sd-event.c:3035, function event_inotify_data_drop(). Aborting. on_home_inotify() got called, then manager_watch_home(), which unrefs the existing inotify_event_source. I assume that the source gets dispatched again because it was still in the pending queue. I can't reproduce the issue (timing?), but this should fix systemd#17824, https://bugzilla.redhat.com/show_bug.cgi?id=1899264.
mauriciovasquezbernal
pushed a commit
that referenced
this pull request
May 18, 2021
When trying to calculate the next firing of 'Sun *-*-* 01:00:00', we'd fall
into an infinite loop, because mktime() moves us "backwards":
Before this patch:
tm_within_bounds: good=0 2021-03-29 01:00:00 → 2021-03-29 00:00:00
tm_within_bounds: good=0 2021-03-29 01:00:00 → 2021-03-29 00:00:00
tm_within_bounds: good=0 2021-03-29 01:00:00 → 2021-03-29 00:00:00
...
We rely on mktime() normalizing the time. The man page does not say that it'll
move the time forward, but our algorithm relies on this. So let's catch this
case explicitly.
With this patch:
$ TZ=Europe/Dublin faketime 2021-03-21 build/systemd-analyze calendar --iterations=5 'Sun *-*-* 01:00:00'
Normalized form: Sun *-*-* 01:00:00
Next elapse: Sun 2021-03-21 01:00:00 GMT
(in UTC): Sun 2021-03-21 01:00:00 UTC
From now: 59min left
Iter. #2: Sun 2021-04-04 01:00:00 IST
(in UTC): Sun 2021-04-04 00:00:00 UTC
From now: 1 weeks 6 days left <---- note the 2 week jump here
Iter. #3: Sun 2021-04-11 01:00:00 IST
(in UTC): Sun 2021-04-11 00:00:00 UTC
From now: 2 weeks 6 days left
Iter. #4: Sun 2021-04-18 01:00:00 IST
(in UTC): Sun 2021-04-18 00:00:00 UTC
From now: 3 weeks 6 days left
Iter. #5: Sun 2021-04-25 01:00:00 IST
(in UTC): Sun 2021-04-25 00:00:00 UTC
From now: 1 months 4 days left
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1941335.
iaguis
pushed a commit
that referenced
this pull request
Sep 20, 2023
When exiting PID 1 we most likely don't have stdio/stdout open, so the final LSan check would not print any actionable information and would just crash PID 1 leading up to a kernel panic, which is a bit annoying. Let's instead attempt to open /dev/console, and if we succeed redirect LSan's report there. The result is a bit messy, as it's slightly interleaved with the kernel panic, but it's definitely better than not having the stack trace at all: [ OK ] Reached target final.target. [ OK ] Finished systemd-poweroff.service. [ OK ] Reached target poweroff.target. ================================================================= 3 1m 43.251782] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000100 [ 43.252838] CPU: 2 PID: 1 Comm: systemd Not tainted 6.4.12-200.fc38.x86_64 #1 ==[1==ERR O R :4 3Le.a2k53562] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-1.fc38 04/01/2014 [ 43.254683] Call Trace: [ 43.254911] <TASK> [ 43.255107] dump_stack_lvl+0x47/0x60 S[ a 43.n2555i05] panic+t0x192/0x350 izer[ :43.255966 ] do_exit+0x990/0xdb10 etec[ 43.256504] do_group_exit+0x31/0x80 [ 43.256889] __x64_sys_exit_group+0x18/0x20 [ 43.257288] do_syscall_64+0x60/0x90 o_user_mod leaks[ 43.257618] ? syscall_exit_t +0x2b/0x40 [ 43.258411] ? do_syscall_64+0x6c/0x90 1mDirect le[ 43.258755] ak of 21 byte(s)? exc_page_fault+0x7f/0x180 [ 43.259446] entry_SYSCALL_64_after_hwframe+0x72/0xdc [ 43.259901] RiIP: 0033:0x7f357nb8f3ad4 1 objec[ 43.260354] Ctode: 48 89 (f7 0f 05 c3 sf3 0f 1e fa b8 3b 00 00 00) 0f 05 c3 0f 1f 4 0 00 f3 0f 1e fa 50 58 b8 e7 00 00 00 48 83 ec 08 48 63 ff 0f 051 [ 43.262581] RSP: 002b:00007ffc25872440 EFLAGS: 00000202 ORIG_RAX: 00000000000000e7 a RBX: 00007f357be9b218 RCX: 00007f357b8f3ad4m:ffd [ 43.264512] RDX: 0000000000000001 RSI: 00007f357b933b63 RDI: 0000000000000001 [ 43.265355] RBP: 00007f357be9b218 R08: efffffffffffffff R09: 00007ffc258721ef [ 43.266191] R10: 000000000000003f R11: 0000000000000202 R12: 00000fe6ae9e0000 [ 43.266891] R13: 00007f3574f00000 R14: 0000000000000000 R15: 0000000000000007 [ 43.267517] </TASK> #0 0x7f357b8814a8 in strdup (/lib64/libasan.so.8+0x814a8) (BuildId: e5f0a0d511a659fbc47bf41072869139cb2db47f) #1 0x7f3578d43317 in cg_path_decode_unit ../src/basic/cgroup-util.c:1132 #2 0x7f3578d43936 in cg_path_get_unit ../src/basic/cgroup-util.c:1190 #3 0x7f3578d440f6 in cg_pid_get_unit ../src/basic/cgroup-util.c:1234 #4 0x7f35789263d7 in bus_log_caller ../src/shared/bus-util.c:734 #5 0x7f357a9cf10a in method_reload ../src/core/dbus-manager.c:1621 #6 0x7f3578f77497 in method_callbacks_run ../src/libsystemd/sd-bus/bus-objects.c:406 #7 0x7f3578f80dd8 in object_find_and_run ../src/libsystemd/sd-bus/bus-objects.c:1319 systemd#8 0x7f3578f82487 in bus_process_object ../src/libsystemd/sd-bus/bus-objects.c:1439 systemd#9 0x7f3578fe41f1 in process_message ../src/libsystemd/sd-bus/sd-bus.c:3007 systemd#10 0x7f3578fe477b in process_running ../src/libsystemd/sd-bus/sd-bus.c:3049 systemd#11 0x7f3578fe75d1 in bus_process_internal ../src/libsystemd/sd-bus/sd-bus.c:3269 systemd#12 0x7f3578fe776e in sd_bus_process ../src/libsystemd/sd-bus/sd-bus.c:3296 systemd#13 0x7f3578feaedc in io_callback ../src/libsystemd/sd-bus/sd-bus.c:3638 systemd#14 0x7f35791c2f68 in source_dispatch ../src/libsystemd/sd-event/sd-event.c:4187 systemd#15 0x7f35791cc6f9 in sd_event_dispatch ../src/libsystemd/sd-event/sd-event.c:4808 systemd#16 0x7f35791cd830 in sd_event_run ../src/libsystemd/sd-event/sd-event.c:4869 systemd#17 0x7f357abcd572 in manager_loop ../src/core/manager.c:3244 systemd#18 0x41db21 in invoke_main_loop ../src/core/main.c:1960 systemd#19 0x426615 in main ../src/core/main.c:3125 systemd#20 0x7f3577c49b49 in __libc_start_call_main (/lib64/libc.so.6+0x27b49) (BuildId: 245240a31888ad5c11bbc55b18e02d87388f59a9) systemd#21 0x7f3577c49c0a in __libc_start_main_alias_2 (/lib64/libc.so.6+0x27c0a) (BuildId: 245240a31888ad5c11bbc55b18e02d87388f59a9) systemd#22 0x408494 in _start (/usr/lib/systemd/systemd+0x408494) (BuildId: fe61e1b0f00b6a36aa34e707a98c15c52f6b960a) SUMMARY: AddressSanitizer: 21 byte(s) leaked in 1 allocation(s). [ 43.295912] Kernel Offset: 0x7000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 43.297036] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000100 ]--- Originally noticed in systemd#28579.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
@krnowak said in kinvolk-archives/systemd-legacy#15:
I feel I did something wrong, because of the 220 commits, while
git log --pretty=oneline v245.7..v245.8 | wc -lshows 112. Butgit diff v245.8..krnowak/v245-updateshows the expected changes. It would be nice to just have av245.8-flatcarbranch that is v245.8 + our patches on top…Closes flatcar/Flatcar#251