Hello community, here is the log from the commit of package systemd for openSUSE:Leap:15.2 checked in at 2020-02-21 23:49:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/systemd (Old) and /work/SRC/openSUSE:Leap:15.2/.systemd.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "systemd" Fri Feb 21 23:49:21 2020 rev:90 rq:775316 version:234 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/systemd/systemd-mini.changes 2020-01-15 16:05:04.199977917 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.systemd.new.26092/systemd-mini.changes 2020-02-21 23:49:24.236572710 +0100 @@ -1,0 +2,38 @@ +Fri Feb 7 16:42:43 UTC 2020 - Franck Bui <[email protected]> + +- Rebase on top of latest SLE15-SP1 + + Added 0001-polkit-on-async-pk-requests-re-validate-action-detai.patch + Added 0002-sd-bus-introduce-API-for-re-enqueuing-incoming-messa.patch + Added 0003-polkit-when-authorizing-via-PK-let-s-re-resolve-call.patch + + Dropped 0001-logind-never-elect-a-session-that-is-stopping-as-dis.patch + Dropped 0002-logind-consider-greeter-sessions-suitable-as-display.patch + + - Import commit 938b0a2f966d2606cbb20f4bcce7509995aaa7dc (imported from SLE15-SP1) + + 1d7de5e8c2 libblkid: open device in nonblock mode. (bsc#1084671) + 87d18b8209 udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) + 277ab600b0 bus_open leak sd_event_source when udevadm trigger。 (bsc#1161436 CVE-2019-20386) + 6558c318fc fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495 bsc#1159814) + 0c6fb31abb fileio: initialize errno to zero before we do fread() + 0baf4768d3 fileio: try to read one byte too much in read_full_stream() + 3226d763f7 logind: consider "greeter" sessions suitable as "display" sessions of a user (bsc#1158485) + 5aa70da60d logind: never elect a session that is stopping as display + +------------------------------------------------------------------- +Fri Feb 7 16:09:15 UTC 2020 - Franck Bui <[email protected]> + +- Fix for bsc#1160595 + + Add 0052-core-bump-mlock-ulimit-to-64Mb.patch + Add 0053-def-add-a-high-limit-for-RLIMIT_NOFILE.patch + Add 0054-main-introduce-a-define-HIGH_RLIMIT_MEMLOCK-similar-.patch + Add 0055-main-when-bumping-RLIMIT_MEMLOCK-save-the-previous-v.patch + +------------------------------------------------------------------- +Mon Feb 3 14:33:20 UTC 2020 - Franck Bui <[email protected]> + +- Use suse.pool.ntp.org server pool on SLE (jsc#SLE-7683) + +------------------------------------------------------------------- systemd.changes: same change Old: ---- 0001-logind-never-elect-a-session-that-is-stopping-as-dis.patch 0002-logind-consider-greeter-sessions-suitable-as-display.patch systemd-v234+suse.454.gbe5eeb6c7d.tar.xz New: ---- 0001-polkit-on-async-pk-requests-re-validate-action-detai.patch 0002-sd-bus-introduce-API-for-re-enqueuing-incoming-messa.patch 0003-polkit-when-authorizing-via-PK-let-s-re-resolve-call.patch 0052-core-bump-mlock-ulimit-to-64Mb.patch 0053-def-add-a-high-limit-for-RLIMIT_NOFILE.patch 0054-main-introduce-a-define-HIGH_RLIMIT_MEMLOCK-similar-.patch 0055-main-when-bumping-RLIMIT_MEMLOCK-save-the-previous-v.patch systemd-v234+suse.463.g938b0a2f96.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ systemd-mini.spec ++++++ --- /var/tmp/diff_new_pack.3qZ7If/_old 2020-02-21 23:49:25.964576144 +0100 +++ /var/tmp/diff_new_pack.3qZ7If/_new 2020-02-21 23:49:25.964576144 +0100 @@ -1,7 +1,7 @@ # # spec file for package systemd-mini # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ ##### WARNING: please do not edit this auto generated spec file. Use the systemd.spec! ##### %define mini -mini %define min_kernel_version 4.5 -%define suse_version +suse.454.gbe5eeb6c7d +%define suse_version +suse.463.g938b0a2f96 %bcond_with gnuefi %if 0%{?bootstrap} @@ -51,7 +51,7 @@ %bcond_with resolved Name: systemd-mini -Url: http://www.freedesktop.org/wiki/Software/systemd +URL: http://www.freedesktop.org/wiki/Software/systemd Version: 234 Release: 0 Summary: A System and Session Manager @@ -229,6 +229,10 @@ Patch148: 0049-core-rename-cgroup_queue-cgroup_realize_queue.patch Patch149: 0050-core-refactor-bpf-firewall-support-into-a-pseudo-con.patch Patch150: 0051-Move-warning-about-unsupported-BPF-firewall-right-be.patch +Patch151: 0052-core-bump-mlock-ulimit-to-64Mb.patch +Patch152: 0053-def-add-a-high-limit-for-RLIMIT_NOFILE.patch +Patch153: 0054-main-introduce-a-define-HIGH_RLIMIT_MEMLOCK-similar-.patch +Patch154: 0055-main-when-bumping-RLIMIT_MEMLOCK-save-the-previous-v.patch # A bunch of upstream commits that allow to configure user slices # using dash-truncated dropins. The new mechanism is used (since v239) @@ -251,12 +255,9 @@ # deprecated option and how to permanently migrate to the new setting. Patch210: 0011-logind-keep-backward-compatibility-with-UserTasksMax.patch -# Fixes specific to SLE15-SP2. They are temporary hosted in the -# package so they can be released more quickly. They could be safely -# dropped once SLE15-SP2 fork will be removed since they are also -# integrated in the git repo. -Patch500: 0001-logind-never-elect-a-session-that-is-stopping-as-dis.patch -Patch501: 0002-logind-consider-greeter-sessions-suitable-as-display.patch +Patch1000: 0001-polkit-on-async-pk-requests-re-validate-action-detai.patch +Patch1001: 0002-sd-bus-introduce-API-for-re-enqueuing-incoming-messa.patch +Patch1002: 0003-polkit-when-authorizing-via-PK-let-s-re-resolve-call.patch %description Systemd is a system and service manager, compatible with SysV and LSB @@ -327,7 +328,7 @@ Summary: A rule-based device node and kernel event manager License: GPL-2.0-only Group: System/Kernel -Url: http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev.html +URL: http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev.html Requires: system-group-hardware Requires(pre): /usr/bin/stat Requires(post): sed @@ -536,7 +537,11 @@ %autopatch -p1 %build -opensuse_ntp_servers=({0..3}.opensuse.pool.ntp.org) +%if 0%{?is_opensuse} +ntp_servers=({0..3}.opensuse.pool.ntp.org) +%else +ntp_servers=({0..3}.suse.pool.ntp.org) +%endif ./autogen.sh @@ -548,7 +553,7 @@ --with-dbussessionservicedir=%{_datadir}/dbus-1/services \ --with-dbussystemservicedir=%{_datadir}/dbus-1/system-services \ --with-certificate-root=%{_sysconfdir}/pki/systemd \ - --with-ntp-servers="${opensuse_ntp_servers[*]}" \ + --with-ntp-servers="${ntp_servers[*]}" \ %if 0%{?bootstrap} --disable-myhostname \ --disable-manpages \ ++++++ systemd.spec ++++++ --- /var/tmp/diff_new_pack.3qZ7If/_old 2020-02-21 23:49:26.000576215 +0100 +++ /var/tmp/diff_new_pack.3qZ7If/_new 2020-02-21 23:49:26.004576223 +0100 @@ -1,7 +1,7 @@ # # spec file for package systemd # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,7 +24,7 @@ %define bootstrap 0 %define mini %nil %define min_kernel_version 4.5 -%define suse_version +suse.454.gbe5eeb6c7d +%define suse_version +suse.463.g938b0a2f96 %bcond_with gnuefi %if 0%{?bootstrap} @@ -49,7 +49,7 @@ %bcond_with resolved Name: systemd -Url: http://www.freedesktop.org/wiki/Software/systemd +URL: http://www.freedesktop.org/wiki/Software/systemd Version: 234 Release: 0 Summary: A System and Session Manager @@ -227,6 +227,10 @@ Patch148: 0049-core-rename-cgroup_queue-cgroup_realize_queue.patch Patch149: 0050-core-refactor-bpf-firewall-support-into-a-pseudo-con.patch Patch150: 0051-Move-warning-about-unsupported-BPF-firewall-right-be.patch +Patch151: 0052-core-bump-mlock-ulimit-to-64Mb.patch +Patch152: 0053-def-add-a-high-limit-for-RLIMIT_NOFILE.patch +Patch153: 0054-main-introduce-a-define-HIGH_RLIMIT_MEMLOCK-similar-.patch +Patch154: 0055-main-when-bumping-RLIMIT_MEMLOCK-save-the-previous-v.patch # A bunch of upstream commits that allow to configure user slices # using dash-truncated dropins. The new mechanism is used (since v239) @@ -249,12 +253,9 @@ # deprecated option and how to permanently migrate to the new setting. Patch210: 0011-logind-keep-backward-compatibility-with-UserTasksMax.patch -# Fixes specific to SLE15-SP2. They are temporary hosted in the -# package so they can be released more quickly. They could be safely -# dropped once SLE15-SP2 fork will be removed since they are also -# integrated in the git repo. -Patch500: 0001-logind-never-elect-a-session-that-is-stopping-as-dis.patch -Patch501: 0002-logind-consider-greeter-sessions-suitable-as-display.patch +Patch1000: 0001-polkit-on-async-pk-requests-re-validate-action-detai.patch +Patch1001: 0002-sd-bus-introduce-API-for-re-enqueuing-incoming-messa.patch +Patch1002: 0003-polkit-when-authorizing-via-PK-let-s-re-resolve-call.patch %description Systemd is a system and service manager, compatible with SysV and LSB @@ -325,7 +326,7 @@ Summary: A rule-based device node and kernel event manager License: GPL-2.0-only Group: System/Kernel -Url: http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev.html +URL: http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev.html Requires: system-group-hardware Requires(pre): /usr/bin/stat Requires(post): sed @@ -534,7 +535,11 @@ %autopatch -p1 %build -opensuse_ntp_servers=({0..3}.opensuse.pool.ntp.org) +%if 0%{?is_opensuse} +ntp_servers=({0..3}.opensuse.pool.ntp.org) +%else +ntp_servers=({0..3}.suse.pool.ntp.org) +%endif ./autogen.sh @@ -546,7 +551,7 @@ --with-dbussessionservicedir=%{_datadir}/dbus-1/services \ --with-dbussystemservicedir=%{_datadir}/dbus-1/system-services \ --with-certificate-root=%{_sysconfdir}/pki/systemd \ - --with-ntp-servers="${opensuse_ntp_servers[*]}" \ + --with-ntp-servers="${ntp_servers[*]}" \ %if 0%{?bootstrap} --disable-myhostname \ --disable-manpages \ ++++++ 0001-polkit-on-async-pk-requests-re-validate-action-detai.patch ++++++ >From e5b27eea8901287ed752a3d074c6cc9c71bc1103 Mon Sep 17 00:00:00 2001 From: Lennart Poettering <[email protected]> Date: Wed, 22 Jan 2020 16:52:10 +0100 Subject: [PATCH 1/3] polkit: on async pk requests, re-validate action/details When we do an async pk request, let's store which action/details we used for the original request, and when we are called for the second time, let's compare. If the action/details changed, let's not allow the access to go through. [fbui: adjust context] --- src/shared/bus-util.c | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c index 207b5e66fc..770e15acba 100644 --- a/src/shared/bus-util.c +++ b/src/shared/bus-util.c @@ -334,6 +334,9 @@ int bus_test_polkit( #ifdef ENABLE_POLKIT typedef struct AsyncPolkitQuery { + char *action; + char **details; + sd_bus_message *request, *reply; sd_bus_message_handler_t callback; void *userdata; @@ -354,6 +357,9 @@ static void async_polkit_query_free(AsyncPolkitQuery *q) { sd_bus_message_unref(q->request); sd_bus_message_unref(q->reply); + free(q->action); + strv_free(q->details); + free(q); } @@ -418,11 +424,17 @@ int bus_verify_polkit_async( if (q) { int authorized, challenge; - /* This is the second invocation of this function, and - * there's already a response from polkit, let's - * process it */ + /* This is the second invocation of this function, and there's already a response from + * polkit, let's process it */ assert(q->reply); + /* If the operation we want to authenticate changed between the first and the second time, + * let's not use this authentication, it might be out of date as the object and context we + * operate on might have changed. */ + if (!streq(q->action, action) || + !strv_equal(q->details, (char**) details)) + return -ESTALE; + if (sd_bus_message_is_method_error(q->reply, NULL)) { const sd_bus_error *e; @@ -528,6 +540,18 @@ int bus_verify_polkit_async( q->callback = callback; q->userdata = userdata; + q->action = strdup(action); + if (!q->action) { + async_polkit_query_free(q); + return -ENOMEM; + } + + q->details = strv_copy((char**) details); + if (!q->details) { + async_polkit_query_free(q); + return -ENOMEM; + } + r = hashmap_put(*registry, call, q); if (r < 0) { async_polkit_query_free(q); -- 2.16.4 ++++++ 0002-sd-bus-introduce-API-for-re-enqueuing-incoming-messa.patch ++++++ >From 1c70ce389264ee8344841ea68454de2f47ce5bb6 Mon Sep 17 00:00:00 2001 From: Lennart Poettering <[email protected]> Date: Wed, 22 Jan 2020 17:05:17 +0100 Subject: [PATCH 2/3] sd-bus: introduce API for re-enqueuing incoming messages When authorizing via PolicyKit we want to process incoming method calls twice: once to process and figure out that we need PK authentication, and a second time after we aquired PK authentication to actually execute the operation. With this new call sd_bus_enqueue_for_read() we have a way to put an incoming message back into the read queue for this purpose. This might have other uses too, for example debugging. [fbui: don't make it public] [fbui: adjust context] [fbui: bus_message_ref_queued() and bus_resolve() are not available] [fbui: fix function name misspelling] --- src/libsystemd/sd-bus/sd-bus.c | 23 +++++++++++++++++++++++ src/systemd/sd-bus.h | 1 + 2 files changed, 24 insertions(+) diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c index fc13e78744..ecb13f6c5c 100644 --- a/src/libsystemd/sd-bus/sd-bus.c +++ b/src/libsystemd/sd-bus/sd-bus.c @@ -3915,3 +3915,26 @@ _public_ int sd_bus_get_exit_on_disconnect(sd_bus *bus) { return bus->exit_on_disconnect; } + +int sd_bus_enqueue_for_read(sd_bus *bus, sd_bus_message *m) { + int r; + + assert_return(bus, -EINVAL); + assert_return(m, -EINVAL); + assert_return(m->sealed, -EINVAL); + assert_return(!bus_pid_changed(bus), -ECHILD); + + if (!BUS_IS_OPEN(bus->state)) + return -ENOTCONN; + + /* Re-enqeue a message for reading. This is primarily useful for PolicyKit-style authentication, + * where we want accept a message, then determine we need to interactively authenticate the user, and + * when we have that process the message again. */ + + r = bus_rqueue_make_room(bus); + if (r < 0) + return r; + + bus->rqueue[bus->rqueue_size++] = sd_bus_message_ref(m); + return 0; +} diff --git a/src/systemd/sd-bus.h b/src/systemd/sd-bus.h index 2b6aeb7989..9123f5547c 100644 --- a/src/systemd/sd-bus.h +++ b/src/systemd/sd-bus.h @@ -180,6 +180,7 @@ int sd_bus_process(sd_bus *bus, sd_bus_message **r); int sd_bus_process_priority(sd_bus *bus, int64_t max_priority, sd_bus_message **r); int sd_bus_wait(sd_bus *bus, uint64_t timeout_usec); int sd_bus_flush(sd_bus *bus); +int sd_bus_enqueue_for_read(sd_bus *bus, sd_bus_message *m); sd_bus_slot* sd_bus_get_current_slot(sd_bus *bus); sd_bus_message* sd_bus_get_current_message(sd_bus *bus); -- 2.16.4 ++++++ 0003-polkit-when-authorizing-via-PK-let-s-re-resolve-call.patch ++++++ >From ab50bd435ba58549fe5dd5d52d32b9bd185324ee Mon Sep 17 00:00:00 2001 From: Lennart Poettering <[email protected]> Date: Wed, 22 Jan 2020 17:07:47 +0100 Subject: [PATCH 3/3] polkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it Previously, when doing an async PK query we'd store the original callback/userdata pair and call it again after the PK request is complete. This is problematic, since PK queries might be slow and in the meantime the userdata might be released and re-acquired. Let's avoid this by always traversing through the message handlers so that we always re-resolve the callback and userdata pair and thus can be sure it's up-to-date and properly valid. [fbui: adjust context] [fbui: sd_event_source_disable_unref() is not available] [fbui: fixes bsc#1162108] --- src/shared/bus-util.c | 78 ++++++++++++++++++++++++++++++++++----------------- 1 file changed, 52 insertions(+), 26 deletions(-) diff --git a/src/shared/bus-util.c b/src/shared/bus-util.c index 770e15acba..393d0742aa 100644 --- a/src/shared/bus-util.c +++ b/src/shared/bus-util.c @@ -338,14 +338,13 @@ typedef struct AsyncPolkitQuery { char **details; sd_bus_message *request, *reply; - sd_bus_message_handler_t callback; - void *userdata; sd_bus_slot *slot; + Hashmap *registry; + sd_event_source *defer_event_source; } AsyncPolkitQuery; static void async_polkit_query_free(AsyncPolkitQuery *q) { - if (!q) return; @@ -360,9 +359,23 @@ static void async_polkit_query_free(AsyncPolkitQuery *q) { free(q->action); strv_free(q->details); + sd_event_source_set_enabled(q->defer_event_source, SD_EVENT_OFF); + sd_event_source_unref(q->defer_event_source); free(q); } +static int async_polkit_defer(sd_event_source *s, void *userdata) { + AsyncPolkitQuery *q = userdata; + + assert(s); + + /* This is called as idle event source after we processed the async polkit reply, hopefully after the + * method call we re-enqueued has been properly processed. */ + + async_polkit_query_free(q); + return 0; +} + static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_error *error) { _cleanup_(sd_bus_error_free) sd_bus_error error_buffer = SD_BUS_ERROR_NULL; AsyncPolkitQuery *q = userdata; @@ -371,21 +384,46 @@ static int async_polkit_callback(sd_bus_message *reply, void *userdata, sd_bus_e assert(reply); assert(q); + assert(q->slot); q->slot = sd_bus_slot_unref(q->slot); + + assert(!q->reply); q->reply = sd_bus_message_ref(reply); + /* Now, let's dispatch the original message a second time be re-enqueing. This will then traverse the + * whole message processing again, and thus re-validating and re-retrieving the "userdata" field + * again. + * + * We install an idle event loop event to clean-up the PolicyKit request data when we are idle again, + * i.e. after the second time the message is processed is complete. */ + + assert(!q->defer_event_source); + r = sd_event_add_defer(sd_bus_get_event(sd_bus_message_get_bus(reply)), &q->defer_event_source, async_polkit_defer, q); + if (r < 0) + goto fail; + + r = sd_event_source_set_priority(q->defer_event_source, SD_EVENT_PRIORITY_IDLE); + if (r < 0) + goto fail; + + r = sd_event_source_set_enabled(q->defer_event_source, SD_EVENT_ONESHOT); + if (r < 0) + goto fail; + r = sd_bus_message_rewind(q->request, true); - if (r < 0) { - r = sd_bus_reply_method_errno(q->request, r, NULL); - goto finish; - } + if (r < 0) + goto fail; - r = q->callback(q->request, q->userdata, &error_buffer); - r = bus_maybe_reply_error(q->request, r, &error_buffer); + r = sd_bus_enqueue_for_read(sd_bus_message_get_bus(q->request), q->request); + if (r < 0) + goto fail; -finish: - async_polkit_query_free(q); + return 1; +fail: + log_debug_errno(r, "Processing asynchronous PolicyKit reply failed, ignoring: %m"); + (void) sd_bus_reply_method_errno(q->request, r, NULL); + async_polkit_query_free(q); return r; } @@ -404,11 +442,10 @@ int bus_verify_polkit_async( #ifdef ENABLE_POLKIT _cleanup_(sd_bus_message_unrefp) sd_bus_message *pk = NULL; AsyncPolkitQuery *q; - const char *sender, **k, **v; - sd_bus_message_handler_t callback; - void *userdata; + const char **k, **v; int c; #endif + const char *sender; int r; assert(call); @@ -472,20 +509,11 @@ int bus_verify_polkit_async( else if (r > 0) return 1; -#ifdef ENABLE_POLKIT - if (sd_bus_get_current_message(call->bus) != call) - return -EINVAL; - - callback = sd_bus_get_current_handler(call->bus); - if (!callback) - return -EINVAL; - - userdata = sd_bus_get_current_userdata(call->bus); - sender = sd_bus_message_get_sender(call); if (!sender) return -EBADMSG; +#ifdef ENABLE_POLKIT c = sd_bus_message_get_allow_interactive_authorization(call); if (c < 0) return c; @@ -537,8 +565,6 @@ int bus_verify_polkit_async( return -ENOMEM; q->request = sd_bus_message_ref(call); - q->callback = callback; - q->userdata = userdata; q->action = strdup(action); if (!q->action) { -- 2.16.4 ++++++ 0052-core-bump-mlock-ulimit-to-64Mb.patch ++++++ >From 604ce1dfbbc36818aec5ed1894380ca877e15b80 Mon Sep 17 00:00:00 2001 From: Roman Gushchin <[email protected]> Date: Thu, 23 Aug 2018 10:46:20 -0700 Subject: [PATCH 52/55] core: bump mlock ulimit to 64Mb Bpf programs are charged against memlock ulimit, and the default value can be too tight on machines with many cgroups and attached bpf programs. Let's bump it to 64Mb. (cherry picked from commit 91cfdd8d29b353dc1fd825673c9a23e00c92a341) --- src/core/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/main.c b/src/core/main.c index 36e53f07f6..9aea4c0777 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -1228,7 +1228,7 @@ static int bump_rlimit_memlock(struct rlimit *saved_rlimit) { if (getrlimit(RLIMIT_MEMLOCK, saved_rlimit) < 0) return log_warning_errno(errno, "Reading RLIMIT_MEMLOCK failed, ignoring: %m"); - r = setrlimit_closest(RLIMIT_MEMLOCK, &RLIMIT_MAKE_CONST(1024ULL*1024ULL*16ULL)); + r = setrlimit_closest(RLIMIT_MEMLOCK, &RLIMIT_MAKE_CONST(1024ULL*1024ULL*64ULL)); if (r < 0) return log_warning_errno(r, "Setting RLIMIT_MEMLOCK failed, ignoring: %m"); -- 2.16.4 ++++++ 0053-def-add-a-high-limit-for-RLIMIT_NOFILE.patch ++++++ >From 99e8da9831945078b40dd3e416ce2c2c26b23edf Mon Sep 17 00:00:00 2001 From: Lennart Poettering <[email protected]> Date: Mon, 1 Oct 2018 17:37:01 +0200 Subject: [PATCH 53/55] def: add a "high" limit for RLIMIT_NOFILE This simply adds a new constant we can use for bumping RLIMIT_NOFILE to a "high" value. It default to 256K for now, which is pretty high, but smaller than the kernel built-in limit of 1M. Previously, some tools that needed a higher RLIMIT_NOFILE bumped it to 16K. This new define goes substantially higher than this, following the discussion with the kernel folks. (cherry picked from commit d6e069f412edc02a0f2130fa47955d02e378d5f5) --- src/basic/def.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/basic/def.h b/src/basic/def.h index e2d91519ba..b66894aeb7 100644 --- a/src/basic/def.h +++ b/src/basic/def.h @@ -88,3 +88,5 @@ _CONF_PATHS_SPLIT_USR(n) #define LONG_LINE_MAX (1U*1024U*1024U) + +#define HIGH_RLIMIT_NOFILE (256*1024) -- 2.16.4 ++++++ 0054-main-introduce-a-define-HIGH_RLIMIT_MEMLOCK-similar-.patch ++++++ >From efd35cbf77b03a3480005f8295beb80eb5ddbf96 Mon Sep 17 00:00:00 2001 From: Lennart Poettering <[email protected]> Date: Thu, 11 Oct 2018 18:31:11 +0200 Subject: [PATCH 54/55] main: introduce a define HIGH_RLIMIT_MEMLOCK similar to HIGH_RLIMIT_NOFILE (cherry picked from commit c8884aceefc85245b9bdfb626e2daf27521259bd) --- src/basic/def.h | 1 + src/core/main.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/basic/def.h b/src/basic/def.h index b66894aeb7..e2fe8a145e 100644 --- a/src/basic/def.h +++ b/src/basic/def.h @@ -90,3 +90,4 @@ #define LONG_LINE_MAX (1U*1024U*1024U) #define HIGH_RLIMIT_NOFILE (256*1024) +#define HIGH_RLIMIT_MEMLOCK (1024ULL*1024ULL*64ULL) diff --git a/src/core/main.c b/src/core/main.c index 9aea4c0777..6c40e89c27 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -1228,7 +1228,7 @@ static int bump_rlimit_memlock(struct rlimit *saved_rlimit) { if (getrlimit(RLIMIT_MEMLOCK, saved_rlimit) < 0) return log_warning_errno(errno, "Reading RLIMIT_MEMLOCK failed, ignoring: %m"); - r = setrlimit_closest(RLIMIT_MEMLOCK, &RLIMIT_MAKE_CONST(1024ULL*1024ULL*64ULL)); + r = setrlimit_closest(RLIMIT_MEMLOCK, &RLIMIT_MAKE_CONST(HIGH_RLIMIT_MEMLOCK)); if (r < 0) return log_warning_errno(r, "Setting RLIMIT_MEMLOCK failed, ignoring: %m"); -- 2.16.4 ++++++ 0055-main-when-bumping-RLIMIT_MEMLOCK-save-the-previous-v.patch ++++++ >From 4390e702b57c0967e37e22f2fb6af174db4f291e Mon Sep 17 00:00:00 2001 From: Lennart Poettering <[email protected]> Date: Wed, 16 Jan 2019 14:47:09 +0100 Subject: [PATCH 55/55] main: when bumping RLIMIT_MEMLOCK, save the previous value to pass to children Let's make sure that the bumping of RLIMIT_MEMLOCK does not leak into our children. (cherry picked from commit c0d76959080e3ba6534bce1c7053c750668e8b55) [fbui: fixes bsc#1160595] --- src/core/main.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/core/main.c b/src/core/main.c index 6c40e89c27..e77d28894b 100644 --- a/src/core/main.c +++ b/src/core/main.c @@ -1228,6 +1228,17 @@ static int bump_rlimit_memlock(struct rlimit *saved_rlimit) { if (getrlimit(RLIMIT_MEMLOCK, saved_rlimit) < 0) return log_warning_errno(errno, "Reading RLIMIT_MEMLOCK failed, ignoring: %m"); + /* Pass the original value down to invoked processes */ + if (!arg_default_rlimit[RLIMIT_MEMLOCK]) { + struct rlimit *rl; + + rl = newdup(struct rlimit, saved_rlimit, 1); + if (!rl) + return log_oom(); + + arg_default_rlimit[RLIMIT_MEMLOCK] = rl; + } + r = setrlimit_closest(RLIMIT_MEMLOCK, &RLIMIT_MAKE_CONST(HIGH_RLIMIT_MEMLOCK)); if (r < 0) return log_warning_errno(r, "Setting RLIMIT_MEMLOCK failed, ignoring: %m"); -- 2.16.4 ++++++ systemd-v234+suse.454.gbe5eeb6c7d.tar.xz -> systemd-v234+suse.463.g938b0a2f96.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/systemd-v234+suse.454.gbe5eeb6c7d/src/basic/fileio.c new/systemd-v234+suse.463.g938b0a2f96/src/basic/fileio.c --- old/systemd-v234+suse.454.gbe5eeb6c7d/src/basic/fileio.c 2019-12-13 11:55:37.000000000 +0100 +++ new/systemd-v234+suse.463.g938b0a2f96/src/basic/fileio.c 2020-02-03 12:02:33.000000000 +0100 @@ -243,6 +243,113 @@ return 1; } +int read_full_virtual_file(const char *filename, char **ret_contents, size_t *ret_size) { + _cleanup_free_ char *buf = NULL; + _cleanup_close_ int fd = -1; + struct stat st; + size_t n, size; + int n_retries; + char *p; + + assert(ret_contents); + + /* Virtual filesystems such as sysfs or procfs use kernfs, and kernfs can work + * with two sorts of virtual files. One sort uses "seq_file", and the results of + * the first read are buffered for the second read. The other sort uses "raw" + * reads which always go direct to the device. In the latter case, the content of + * the virtual file must be retrieved with a single read otherwise a second read + * might get the new value instead of finding EOF immediately. That's the reason + * why the usage of fread(3) is prohibited in this case as it always performs a + * second call to read(2) looking for EOF. See issue 13585. */ + + fd = open(filename, O_RDONLY|O_CLOEXEC); + if (fd < 0) + return -errno; + + /* Start size for files in /proc which usually report a file size of 0. */ + size = LINE_MAX / 2; + + /* Limit the number of attempts to read the number of bytes returned by fstat(). */ + n_retries = 3; + + for (;;) { + if (n_retries <= 0) + return -EIO; + + if (fstat(fd, &st) < 0) + return -errno; + + if (!S_ISREG(st.st_mode)) + return -EBADF; + + /* Be prepared for files from /proc which generally report a file size of 0. */ + if (st.st_size > 0) { + size = st.st_size; + n_retries--; + } else + size = size * 2; + + if (size > READ_FULL_BYTES_MAX) + return -E2BIG; + + p = realloc(buf, size + 1); + if (!p) + return -ENOMEM; + buf = TAKE_PTR(p); + + for (;;) { + ssize_t k; + + /* Read one more byte so we can detect whether the content of the + * file has already changed or the guessed size for files from /proc + * wasn't large enough . */ + k = read(fd, buf, size + 1); + if (k >= 0) { + n = k; + break; + } + + if (errno != -EINTR) + return -errno; + } + + /* Consider a short read as EOF */ + if (n <= size) + break; + + /* Hmm... either we read too few bytes from /proc or less likely the content + * of the file might have been changed (and is now bigger) while we were + * processing, let's try again either with a bigger guessed size or the new + * file size. */ + + if (lseek(fd, 0, SEEK_SET) < 0) + return -errno; + } + + if (n < size) { + p = realloc(buf, n + 1); + if (!p) + return -ENOMEM; + buf = TAKE_PTR(p); + } + + if (!ret_size) { + /* Safety check: if the caller doesn't want to know the size of what we + * just read it will rely on the trailing NUL byte. But if there's an + * embedded NUL byte, then we should refuse operation as otherwise + * there'd be ambiguity about what we just read. */ + + if (memchr(buf, 0, n)) + return -EBADMSG; + } else + *ret_size = n; + + buf[n] = 0; + *ret_contents = TAKE_PTR(buf); + + return 0; +} + int read_full_stream(FILE *f, char **contents, size_t *size) { size_t n, l; _cleanup_free_ char *buf = NULL; @@ -262,11 +369,11 @@ if (st.st_size > READ_FULL_BYTES_MAX) return -E2BIG; - /* Start with the right file size, but be prepared for - * files from /proc which generally report a file size - * of 0 */ + /* Start with the right file size, but be prepared for files from /proc which generally report a file + * size of 0. Note that we increase the size to read here by one, so that the first read attempt + * already makes us notice the EOF. */ if (st.st_size > 0) - n = st.st_size; + n = st.st_size + 1; } l = 0; @@ -279,12 +386,13 @@ return -ENOMEM; buf = t; + errno = 0; k = fread(buf + l, 1, n - l, f); if (k > 0) l += k; if (ferror(f)) - return -errno; + return errno > 0 ? -errno : -EIO; if (feof(f)) break; @@ -942,7 +1050,7 @@ assert(pattern); assert(field); - r = read_full_file(filename, &status, NULL); + r = read_full_virtual_file(filename, &status, NULL); if (r < 0) return r; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/systemd-v234+suse.454.gbe5eeb6c7d/src/basic/fileio.h new/systemd-v234+suse.463.g938b0a2f96/src/basic/fileio.h --- old/systemd-v234+suse.454.gbe5eeb6c7d/src/basic/fileio.h 2019-12-13 11:55:37.000000000 +0100 +++ new/systemd-v234+suse.463.g938b0a2f96/src/basic/fileio.h 2020-02-03 12:02:33.000000000 +0100 @@ -48,6 +48,7 @@ int read_one_line_file(const char *fn, char **line); int read_full_file(const char *fn, char **contents, size_t *size); int read_full_stream(FILE *f, char **contents, size_t *size); +int read_full_virtual_file(const char *filename, char **ret_contents, size_t *ret_size); int verify_file(const char *fn, const char *blob, bool accept_extra_nl); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/systemd-v234+suse.454.gbe5eeb6c7d/src/libsystemd/sd-device/sd-device.c new/systemd-v234+suse.463.g938b0a2f96/src/libsystemd/sd-device/sd-device.c --- old/systemd-v234+suse.454.gbe5eeb6c7d/src/libsystemd/sd-device/sd-device.c 2019-12-13 11:55:37.000000000 +0100 +++ new/systemd-v234+suse.463.g938b0a2f96/src/libsystemd/sd-device/sd-device.c 2020-02-03 12:02:33.000000000 +0100 @@ -1824,7 +1824,7 @@ size_t size; /* read attribute value */ - r = read_full_file(path, &value, &size); + r = read_full_virtual_file(path, &value, &size); if (r < 0) return r; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/systemd-v234+suse.454.gbe5eeb6c7d/src/login/logind-button.c new/systemd-v234+suse.463.g938b0a2f96/src/login/logind-button.c --- old/systemd-v234+suse.454.gbe5eeb6c7d/src/login/logind-button.c 2019-12-13 11:55:37.000000000 +0100 +++ new/systemd-v234+suse.463.g938b0a2f96/src/login/logind-button.c 2020-02-03 12:02:33.000000000 +0100 @@ -360,7 +360,8 @@ } (void) button_set_mask(b); - + + b->io_event_source = sd_event_source_unref(b->io_event_source); r = sd_event_add_io(b->manager->event, &b->io_event_source, b->fd, EPOLLIN, button_dispatch, b); if (r < 0) { log_error_errno(r, "Failed to add button event: %m"); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/systemd-v234+suse.454.gbe5eeb6c7d/src/login/logind-user.c new/systemd-v234+suse.463.g938b0a2f96/src/login/logind-user.c --- old/systemd-v234+suse.454.gbe5eeb6c7d/src/login/logind-user.c 2019-12-13 11:55:37.000000000 +0100 +++ new/systemd-v234+suse.463.g938b0a2f96/src/login/logind-user.c 2020-02-03 12:02:33.000000000 +0100 @@ -754,11 +754,10 @@ } static bool elect_display_filter(Session *s) { - /* Return true if the session is a candidate for the user’s ‘primary - * session’ or ‘display’. */ + /* Return true if the session is a candidate for the user’s ‘primary session’ or ‘display’. */ assert(s); - return (s->class == SESSION_USER && !s->stopping); + return IN_SET(s->class, SESSION_USER, SESSION_GREETER) && s->started && !s->stopping; } static int elect_display_compare(Session *s1, Session *s2) { @@ -804,9 +803,8 @@ assert(u); - /* This elects a primary session for each user, which we call - * the "display". We try to keep the assignment stable, but we - * "upgrade" to better choices. */ + /* This elects a primary session for each user, which we call the "display". We try to keep the assignment + * stable, but we "upgrade" to better choices. */ log_debug("Electing new display for user %s", u->name); LIST_FOREACH(sessions_by_user, s, u->sessions) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/systemd-v234+suse.454.gbe5eeb6c7d/src/udev/cdrom_id/cdrom_id.c new/systemd-v234+suse.463.g938b0a2f96/src/udev/cdrom_id/cdrom_id.c --- old/systemd-v234+suse.454.gbe5eeb6c7d/src/udev/cdrom_id/cdrom_id.c 2019-12-13 11:55:37.000000000 +0100 +++ new/systemd-v234+suse.463.g938b0a2f96/src/udev/cdrom_id/cdrom_id.c 2020-02-03 12:02:33.000000000 +0100 @@ -100,29 +100,6 @@ #define ASC(errcode) (((errcode) >> 8) & 0xFF) #define ASCQ(errcode) ((errcode) & 0xFF) -static bool is_mounted(const char *device) -{ - struct stat statbuf; - FILE *fp; - int maj, min; - bool mounted = false; - - if (stat(device, &statbuf) < 0) - return false; - - fp = fopen("/proc/self/mountinfo", "re"); - if (fp == NULL) - return false; - while (fscanf(fp, "%*s %*s %i:%i %*[^\n]", &maj, &min) == 2) { - if (makedev(maj, min) == statbuf.st_rdev) { - mounted = true; - break; - } - } - fclose(fp); - return mounted; -} - static void info_scsi_cmd_err(struct udev *udev, const char *cmd, int err) { if (err == -1) { @@ -919,7 +896,7 @@ for (cnt = 20; cnt > 0; cnt--) { struct timespec duration; - fd = open(node, O_RDONLY|O_NONBLOCK|O_CLOEXEC|(is_mounted(node) ? 0 : O_EXCL)); + fd = open(node, O_RDONLY|O_NONBLOCK|O_CLOEXEC); if (fd >= 0 || errno != EBUSY) break; duration.tv_sec = 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/systemd-v234+suse.454.gbe5eeb6c7d/src/udev/udev-builtin-blkid.c new/systemd-v234+suse.463.g938b0a2f96/src/udev/udev-builtin-blkid.c --- old/systemd-v234+suse.454.gbe5eeb6c7d/src/udev/udev-builtin-blkid.c 2019-12-13 11:55:37.000000000 +0100 +++ new/systemd-v234+suse.463.g938b0a2f96/src/udev/udev-builtin-blkid.c 2020-02-03 12:02:33.000000000 +0100 @@ -269,7 +269,7 @@ if (noraid) blkid_probe_filter_superblocks_usage(pr, BLKID_FLTR_NOTIN, BLKID_USAGE_RAID); - fd = open(udev_device_get_devnode(dev), O_RDONLY|O_CLOEXEC); + fd = open(udev_device_get_devnode(dev), O_RDONLY|O_CLOEXEC|O_NONBLOCK); if (fd < 0) { err = log_debug_errno(errno, "Failure opening block device %s: %m", udev_device_get_devnode(dev)); goto out;
