Re: [systemd-devel] [Patch 0/2] logind: make sure that closed sessions will be cleaned
On Thu, Jan 16, 2014 at 11:19:08AM +0100, Djalal Harouni wrote: On Thu, Jan 16, 2014 at 06:01:58AM +0100, Zbigniew Jędrzejewski-Szmek wrote: Indeed, in a container (without your patches), sessions remain in closing state. But with your patches, systemd --user instance is started and killed immediately during login. Not good either :) Ok, ouch! It seems that the systemd --user instance is killed without my patches! Systemd git will confirm it. Ok, after some thoughts and source code analysis, I came to the conclusion that in order to correctly clean session and user state files, we need: a) Improve session_check_gc() and user_check_gc() by using the session and user states. This implies b) b) Make sure that the state of the session and the user is always correctly set. I'll discuss some notes about a) and follow with patches that will try to honore b). I'm sending this to have some feedback before spending more time on it, ahh yes debugging this beast is hard! Please note that I did not take a look at seats logic, only sessions and users using getty and ssh logins. Please feel free to correct me! a) Improve session_check_gc() and user_check_gc() * user_check_gc() has an if (u-sessions) check! this should be updated to check if there are sessions that are not in the closing state. If *all* the sessions are in the closing state then check each session to see if there are still running processes in the background: screen,... If so then abort the user_check_gc() or depend on a per-session function that will perhaps do the kill-session-processes. * session_check_gc() should check if the session is in the closing state and if there are still running processes in the background, then decide to abort or force the killsession-processes But it should not do the following check: if (s-scope manager_unit_is_active(s-manager, s-scope)) Since the scope will always be around, the same was applied in the commit 63966da86 for user_check_gc(), do not check the user manager! b) Make sure that the state of the session and the user is always correctly set. Not to mention that some logind clients depend on it. So to make a) we must honor that b) is stable, and after an extensive source code analysis, it seems that the state of users and sessions is not always correct. I'll list some notes/bugs here: * It seems that in systemd v204 after a logout from a session where processes are still running like screen the state files will show: systemd 204 session state file: user state file: Active = 1State = active State = closing ACTIVE_SESSIONS = X Where for systemd git: session state file: user state file: Active = 0State = closing State = closing ACTIVE_SESSIONS = Not to mention that for systemd git, the session and user state files will show the same even if there are no background processes and they will not be cleaned (using getty or ssh logins) which is is the object of this thread! This is a bug, not fixed yet. * To track the state of sessions the fifo_fd should be used since the event manager will call session_dispatch_fifo() to remove it on eof. Using the session_is_active() *before* the fifo_fd check is not stable since it will return true before the fifo_fd was even created! and also before the session scope and user serivce are created, the session-seat-active will be set earlier before the fifo_fd creation and will be the last one to be unset after fifo_fd removal. And currently this affects src/login/logind-user.c:user_get_state() logic since it checks session_is_active() before calling session_get_state() which performs the fifo_fd check before the session_is_active() So user_get_state() and session_get_state() results might differ! This is a bug, not fixed yet, user_get_state() should count on session_get_state(). * It seems there are other problems with the session and user states, different variables are used to check the state and later these variables are updated at different places! The following patches will describe the problem and try to make the state more stable. The design was do not add extra flags to 'User' and 'Session' structs unless this is the only way. The logic is already there, and it needs a littel synchronization. Thanks! -- Djalal Harouni http://opendz.org ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH 1/3] logind: make the user and session states more stable
Currently the user and session states are not stable:
1) session state:
To get the session state the function session_get_state() is used.
Opening state:
At login the D-Bus CreateSession() method will call session_start()
which calls user_start() and session_start_scope() to queue the scope
job and set the session-scope_job
= session_get_state() == SESSION_OPENING (correct)
Then execution will continue from session_send_create_reply() which
is called by the D-Bus match_job_removed() signal. math_job_removed()
will check if this is the session scope and if this is the previously
queued scope job and if so it will clear the session-scope_job
= session_get_state() == SESSION_CLOSING (incorrect)
(session closing since fifo_fd == -1)
Then scope is created successfully, call session_send_create_reply()
which will wait for the session scope *and* the user service to be
successfully created.
/* user service is still pending */
if (s-scope_job || s-user-service_job))
return 0
= session_get_state() == SESSION_CLOSING (incorrect)
else
session_create_fifo()/* fifo_fd finally created */
= session_get_state() == SESSION_ACTIVE (correct)
2) user state:
To get the user state the function user_get_state() is used.
I'll add that the user_get_state() and session_get_state() do not
have the same logic when it comes to sessions, this will just add
ambiguity. user_get_state() calls session_is_active() before checking
session_get_state(), and session_is_active() will return true right
from the start since the logic is set during D-Bus CreateSession().
Opening state:
At login we have session_start() which calls user_start()
here we already:
= user_get_state() == USER_ACTIVE (incorrect)
(not fixed in this patch)
At user_start()
user_start_slice() queue the slice and set user-slice_job
user_start_service() queue the service and set user-service_job
= user_get_state() == USER_OPENING (correct)
Then execution will continue from session_send_create_reply() which
is called by the D-Bus match_job_removed() signal. math_job_removed()
will check if these are the user service and slice and if they are
the previously queued jobs, if so it will clear the:
user-service_job and user-slice_job
= user_get_state() == USER_ACTIVE (incorrect)
(incorrect since the fifo_fd has not been created)
Then service is created successfully, call session_send_create_reply()
which will wait for the session scope *and* the user service to be
successfully created. If so then session_send_create_reply()
will continue and call session_create_fifo()
= user_get_state() == USER_ACTIVE (correct)
(fifo_fd was created)
Fix:
To fix the session state and remove the two incorrect SESSION_CLOSING,
we do not clear up the session-scope_job when we detect that this is
the session scope, we setup a temporary variable scope_job that will
get the current value of session-scope_job and update it if
necessary.
Add a new opening variable to check if the session scope and user
service were successfully created.
Update the session_send_create_reply() function to receive the opening
variable as a third bool parameter and adapt its logic.
Then clear the session-scope_job when session_send_create_reply() is
finished, this ensures that the state will just go from:
SESSION_OPENING = SESSION_ACTIVE
The same goes for the user state, in order to remove the incorrect state
when the fifo_fd is not created but the state shows USER_ACTIVE, we do
not clear the user-service_job and user-slice_job right away, we
store the state in a temporary variable service_job and update it
later if we detect that this is the user service.
Add a new opening variable to check if the session scope and user
service were successfully created and pass it to
session_send_create_reply().
---
src/login/logind-dbus.c | 56 -
src/login/logind-session-dbus.c | 8 +++---
src/login/logind-session.h | 2 +-
3 files changed, 45 insertions(+), 21 deletions(-)
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 2c86b9f..0123a34 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -1937,54 +1937,76 @@ int match_job_removed(sd_bus *bus, sd_bus_message
*message, void *userdata, sd_b
session = hashmap_get(m-session_units, unit);
if (session) {
+bool opening, scope_job = !!session-scope_job;
-if (streq_ptr(path, session-scope_job)) {
-free(session-scope_job);
-session-scope_job = NULL;
-}
+/* Set to false if the session scope was created */
+if
[systemd-devel] [PATCH 2/3] logind: differentiate between session scope opening and closing
To get the state of the session, the session_get_state() is used.
This function will check if the session-scope_job is set then it will
automatically return SESSION_OPENING. This is buggy in the context of
session closing:
At logout or D-Bus TerminateSession() fifo_fd is removed:
= session_get_state() == SESSION_CLOSING (correct)
Then we have session_stop() which calls session_stop_scope(), this
will queue the scope job to be removed and set the session-scope_job
= session_get_state() == SESSION_OPENING (incorrect)
After the scope job is removed the state will be again correct
= session_get_state() == SESSION_CLOSING (correct)
To fix this and make sure that the state will always be SESSION_CLOSING
we add a flag that is used to differentiate between SESSION_OPENING and
SESSION_CLOSING when the 'session-scope_job' is set.
The 'scope_opening' flag will be set to true only during real
session opening in session_start_scope() which means that during session
closing it will be false.
And update session_get_state() to check if the 'scope_opening' is true
before returning the SESSION_OPENING, if it is not then SESSION_CLOSING
will be returned which is the correct behaviour.
---
src/login/logind-session-dbus.c | 3 +++
src/login/logind-session.c | 4 +++-
src/login/logind-session.h | 1 +
3 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/login/logind-session-dbus.c b/src/login/logind-session-dbus.c
index 72bef4c..51832d6 100644
--- a/src/login/logind-session-dbus.c
+++ b/src/login/logind-session-dbus.c
@@ -669,6 +669,9 @@ int session_send_create_reply(Session *s, sd_bus_error
*error, bool opening) {
if (fifo_fd 0)
return fifo_fd;
+/* Clean this up as soon as we have the fifo_fd */
+s-scope_opening = false;
+
/* Update the session state file before we notify the client
* about the result. */
session_save(s);
diff --git a/src/login/logind-session.c b/src/login/logind-session.c
index ff0a7a4..ba32146 100644
--- a/src/login/logind-session.c
+++ b/src/login/logind-session.c
@@ -491,6 +491,8 @@ static int session_start_scope(Session *s) {
free(s-scope_job);
s-scope_job = job;
+/* session scope is being created */
+s-scope_opening = true;
}
}
@@ -875,7 +877,7 @@ void session_add_to_gc_queue(Session *s) {
SessionState session_get_state(Session *s) {
assert(s);
-if (s-scope_job)
+if (s-scope_job s-scope_opening)
return SESSION_OPENING;
if (s-fifo_fd 0)
diff --git a/src/login/logind-session.h b/src/login/logind-session.h
index 0810def..8551cee 100644
--- a/src/login/logind-session.h
+++ b/src/login/logind-session.h
@@ -108,6 +108,7 @@ struct Session {
bool in_gc_queue:1;
bool started:1;
+bool scope_opening:1; /* session scope is being created */
sd_bus_message *create_message;
--
1.8.3.1
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH 3/3] logind: differentiate between user state opening and closing
To get the state of the user, the user_get_state() is used.
This function will check if the user-slice_job or the user-service_job
are set then it will automatically return USER_OPENING. This is buggy
in the context of user closing:
At logout or D-Bus TerminateUser() calls user_stop()
user_stop()
= session_stop() on sessions
= session_stop_scope() on sessions
= user_get_state() == USER_CLOSING or USER_ACTIVE or USER_ONLINE
(incorrect)
(depends on session closing execution and if we have finished the
session scope jobs or not, if all the scopes are being queued
then their session-scope_job will be set which means all
sessions are in the OPENING_STATE, so user state will be
USER_ONLINE).
The previous patch improves session_get_state() logic, and if
scopes are being queued then sessions are in SESSION_CLOSING state
which makes user_get_state() return USER_CLOSING.
At user_stop()
user_stop_slice() queues the slice and sets user-slice_job
user_stop_service() queue the service and sets user-service_job
= user_get_state() == USER_OPENING (incorrect)
After the slice and service jobs are removed the state will be again
correct.
= user_get_state() == USER_CLOSING (correct)
To fix this and make sure that the state will always be USER_CLOSING
we add a flag that is used to differentiate between USER_OPENING and
USER_CLOSING when 'slice_job' and 'service_job' are set.
The 'slice_opening' flag for 'user-slice_job' and 'service_opening'
for 'user-service_job' are set to true only during real user opening.
During user closing they are already in the false state.
Update user_get_state() to check if they are set if so this is
USER_OPENING, otherwise we are in the USER_CLOSING.
---
src/login/logind-dbus.c | 2 ++
src/login/logind-user.c | 5 -
src/login/logind-user.h | 2 ++
3 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 0123a34..a7452b1 100644
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -2000,11 +2000,13 @@ int match_job_removed(sd_bus *bus, sd_bus_message
*message, void *userdata, sd_b
/* Clean this up after session_send_create_reply() */
free(user-service_job);
user-service_job = NULL;
+user-service_opening = false;
}
if (streq_ptr(path, user-slice_job)) {
free(user-slice_job);
user-slice_job = NULL;
+user-slice_opening = false;
}
user_save(user);
diff --git a/src/login/logind-user.c b/src/login/logind-user.c
index 0e46560..200763d 100644
--- a/src/login/logind-user.c
+++ b/src/login/logind-user.c
@@ -352,6 +352,7 @@ static int user_start_slice(User *u) {
free(u-slice_job);
u-slice_job = job;
+u-slice_opening = true;
}
}
@@ -385,6 +386,7 @@ static int user_start_service(User *u) {
free(u-service_job);
u-service_job = job;
+u-service_opening = true;
}
}
@@ -637,7 +639,8 @@ UserState user_get_state(User *u) {
assert(u);
-if (u-slice_job || u-service_job)
+if ((u-slice_job u-slice_opening) ||
+(u-service_job u-service_opening))
return USER_OPENING;
LIST_FOREACH(sessions_by_user, i, u-sessions) {
diff --git a/src/login/logind-user.h b/src/login/logind-user.h
index 0062880..ac43361 100644
--- a/src/login/logind-user.h
+++ b/src/login/logind-user.h
@@ -61,6 +61,8 @@ struct User {
bool in_gc_queue:1;
bool started:1;
+bool service_opening:1; /* User service is being created */
+bool slice_opening:1; /* User slice is being created */
LIST_HEAD(Session, sessions);
LIST_FIELDS(User, gc_queue);
--
1.8.3.1
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] logind and sessions tracking questions -
'Twas brillig, and Djalal Harouni at 20/01/14 12:18 did gyre and gimble: Hi Coling, Coling please I've some questions regarding what you have posted, see below. I'm trying to debug another bug in logind logic: http://lists.freedesktop.org/archives/systemd-devel/2014-January/015968.html I've located some bugs, I've a PoC version working, will post it but first need to clear some points here to avoid breaking things. OK, this one is NOT active and is closing. This is likely an older session that has since been replaced after logging out and back in again but it keeps some binaries running (likely gpg-agent stuff at a first guess). Lets look: Here I assume you are using a new systemd version (Fedora 20)? or systemd from git? I'm on Mageia 4 RC, so systemd v208+patches (very similar set to Fedora 20) I noticed in old systemd v204, the Active flag would be set to yes when we logout and the session keeps some programs running like 'screen'! I guess this also applies to gpg-agent... The two bits here are actually orthoganal. e.g. the session does not *need* to be active to leave programs like screen running. The session can be closing (meaning the session leader has gone), but still leave programs running. Such programs might timeout after a delay (e.g. pulseaudio does this). Others might actually stick around longer or indefinitely. Yup, in this case, I have my ssh-agent, gpg-agent and PulseAudio services all loaded under the previous session. They didn't timeout and stop after my logout and as things are not setup to kill all processes, Please can you tell me about this last one kill all processes ? How we set this flag? from my source code analysis I didn't found it and the new man page of pam_systemd does not show it: http://www.freedesktop.org/software/systemd/man/pam_systemd.html See man logind.conf and KillUserProcesses= HTHs Col -- Colin Guthrie gmane(at)colin.guthr.ie http://colin.guthr.ie/ Day Job: Tribalogic Limited http://www.tribalogic.net/ Open Source: Mageia Contributor http://www.mageia.org/ PulseAudio Hacker http://www.pulseaudio.org/ Trac Hacker http://trac.edgewall.org/ ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] Debugging acl settings for /dev//snd/pcm* nodes
'Twas brillig, and Hans de Goede at 21/01/14 14:38 did gyre and gimble: Hi, On 01/20/2014 10:54 AM, Colin Guthrie wrote: 'Twas brillig, and Hans de Goede at 20/01/14 08:42 did gyre and gimble: Hi, For some reason after I've built the Xorg xserver from git, and then login through gdm (on an otherwise unmodified F-20 install), the acls on /dev/snd/pcm* (and likely others too) no longer get setup to give the user I've just logged in with access to them. Reverting to Xorg from the F-20 packages fixes this. I was wonder if someone could give a short step by step of all components involved in doing the acl management for devices which should be usable by console users now a days. As well as some hints for debugging this. Ultimately, the ACLs are applied to the active session to all device nodes which have the uaccess tag. e.g. on my machine: [colin@jimmy code (master)]$ udevadm info /dev/snd/pcmC0D0p P: /devices/pci:00/:00:1b.0/sound/card0/pcmC0D0p N: snd/pcmC0D0p E: DEVNAME=/dev/snd/pcmC0D0p E: DEVPATH=/devices/pci:00/:00:1b.0/sound/card0/pcmC0D0p E: MAJOR=116 E: MINOR=3 E: SUBSYSTEM=sound E: TAGS=:uaccess: E: USEC_INITIALIZED=62743 Notice the uaccess tag. Ultimately this is applied to the active session, so you have to look to loginctl: [colin@jimmy code (master)]$ loginctl SESSIONUID USER SEAT 1603 colinseat0 20603 colinseat0 I seem to have two sessions here. I'll look a the first one: [colin@jimmy code (master)]$ loginctl show-session 1 Id=1 Timestamp=Thu 2014-01-16 12:34:44 GMT TimestampMonotonic=41640698 VTNr=1 Display=:0 Remote=no Service=gdm-password Scope=session-1.scope Leader=3563 Audit=1 Type=x11 Class=user Active=no State=closing IdleHint=no IdleSinceHint=1389896019397017 IdleSinceHintMonotonic=20376502012 Name=colin OK, this one is NOT active and is closing. This is likely an older session that has since been replaced after logging out and back in again but it keeps some binaries running (likely gpg-agent stuff at a first guess). Lets look: [colin@jimmy code (master)]$ loginctl session-status 1 1 - colin (603) Since: Thu 2014-01-16 12:34:44 GMT; 3 days ago Leader: 3563 Seat: seat0; vc1 Display: :0 Service: gdm-password; type x11; class user State: closing Unit: session-1.scope ├─3647 ssh-agent ├─3672 gpg-agent --daemon ├─3889 /usr/bin/pulseaudio --start --log-target=syslog ├─3898 /usr/libexec/pulse/gconf-helper └─6871 gpg-agent --keep-display --daemon --write-env-file /root/.gnupg/gpg-agent-info Yup, in this case, I have my ssh-agent, gpg-agent and PulseAudio services all loaded under the previous session. They didn't timeout and stop after my logout and as things are not setup to kill all processes, the session stays around in it's closing state. This is, so far, not overly surprising even if the whole situation there is a little messy (having the closing session live on as a kind of expected thing). Anyway, looking at session 20: [colin@jimmy code (master)]$ loginctl show-session 20 Id=20 Timestamp=Thu 2014-01-16 18:15:14 GMT TimestampMonotonic=20471336546 VTNr=1 Display=:0 Remote=no Service=gdm-password Scope=session-20.scope Leader=17287 Audit=20 Type=x11 Class=user Active=yes State=active IdleHint=no IdleSinceHint=1390208956248075 IdleSinceHintMonotonic=138343463253 Name=colin It IS active, and thus my ACLs should be in place. To actually debug the process of the uaccess tag and the device chowining etc. you'd have to look more into logind itself and perhaps turn on systemd debugging to see what it says about it (that said, I'm not sure what debug it actually shows about this operation). Certainly if the above bits are all working OK, then you can start to probe further. If you don't have an active session then this is likely what's wrong. Note that logging in via a tty and using e.g. startx *can* lead to this situation unless the VT is reused for X11 which is not the default upstream behaviour AFAIK. Most downstreams patch this behaviour in in some way however, but worth pointing out just in case that's what's tripping you up. Thanks, very useful info. This seems to be caused by some of my own changes to Xorg. For those interested: It seems that the problem is that gdm starts Xorg without a controlling tty, and some of the patches I've to make Xorg run without root rights cause /dev/tty1 to no longer automatically become the controlling tty of Xorg when it opens it. And then loginctl show-session says: VTNr=0 Active=no And hence no acls on /dev/snd/pcm* (and others) The problem is that Xorg needs to become session leader to get a controlling tty assigned, but
Re: [systemd-devel] [Patch 0/2] logind: make sure that closed sessions will be cleaned
'Twas brillig, and Djalal Harouni at 22/01/14 09:24 did gyre and gimble: On Thu, Jan 16, 2014 at 11:19:08AM +0100, Djalal Harouni wrote: On Thu, Jan 16, 2014 at 06:01:58AM +0100, Zbigniew Jędrzejewski-Szmek wrote: Indeed, in a container (without your patches), sessions remain in closing state. But with your patches, systemd --user instance is started and killed immediately during login. Not good either :) Ok, ouch! It seems that the systemd --user instance is killed without my patches! Systemd git will confirm it. Ok, after some thoughts and source code analysis, I came to the conclusion that in order to correctly clean session and user state files, we need: a) Improve session_check_gc() and user_check_gc() by using the session and user states. This implies b) b) Make sure that the state of the session and the user is always correctly set. FWIW, I have some backported patches in Mageia that are not (yet) in the fedora package. As you mentioned Fedora earlier I figure that's what you are using: Namely a partial backport of cc377381 Patch is here: http://svnweb.mageia.org/packages/cauldron/systemd/current/SOURCES/0511-logind-Partial-backport-of-cc377381.patch?revision=566087view=markuppathrev=566087 It might be useful to apply to Fedora too. EDIT: Perhaps not, see below. I'll discuss some notes about a) and follow with patches that will try to honore b). I'm sending this to have some feedback before spending more time on it, ahh yes debugging this beast is hard! Please note that I did not take a look at seats logic, only sessions and users using getty and ssh logins. Please feel free to correct me! a) Improve session_check_gc() and user_check_gc() * user_check_gc() has an if (u-sessions) check! this should be updated to check if there are sessions that are not in the closing state. If *all* the sessions are in the closing state then check each session to see if there are still running processes in the background: screen,... If the session is closing, it has to, by definition, still have processes. If not, then the session wouldn't be closing, but actually fully closed and disappeared... That said, it's perhaps this check here that actually *prevents* this final state from being reached due to GC not being run! So this could fix the chicken+egg problem (I don't know the code, so can only really talk in generalities!) If so then abort the user_check_gc() or depend on a per-session function that will perhaps do the kill-session-processes. * session_check_gc() should check if the session is in the closing state and if there are still running processes in the background, then decide to abort or force the killsession-processes But it should not do the following check: if (s-scope manager_unit_is_active(s-manager, s-scope)) Since the scope will always be around, the same was applied in the commit 63966da86 for user_check_gc(), do not check the user manager! Interesting. It seems that 63966da86 suggests my patch above shouldn't be needed and in older code, the old if (u-slice_job || u-service_job) check should just be dropped. b) Make sure that the state of the session and the user is always correctly set. Not to mention that some logind clients depend on it. So to make a) we must honor that b) is stable, and after an extensive source code analysis, it seems that the state of users and sessions is not always correct. I'll list some notes/bugs here: * It seems that in systemd v204 after a logout from a session where processes are still running like screen the state files will show: systemd 204 session state file: user state file: Active = 1 State = active State = closing ACTIVE_SESSIONS = X Where for systemd git: session state file: user state file: Active = 0 State = closing State = closing ACTIVE_SESSIONS = Not to mention that for systemd git, the session and user state files will show the same even if there are no background processes and they will not be cleaned (using getty or ssh logins) which is is the object of this thread! This is a bug, not fixed yet. So basically the problem is that the gc is simply not triggered often enough to tidy up these old closing sessions with no processes left? * To track the state of sessions the fifo_fd should be used since the event manager will call session_dispatch_fifo() to remove it on eof. Using the session_is_active() *before* the fifo_fd check is not stable since it will return true before the fifo_fd was even created! and also before the session scope and user serivce are created, the session-seat-active will be set earlier before the fifo_fd creation and will be the last one to be unset after fifo_fd removal. And currently this affects
[systemd-devel] [PATCH] Makefile.am: add a phony target for cppcheck
From: Elia Pinto devzero2...@rpm5.org The cppcheck target was introduced by commit 16f4efb4150c65e3c61adaa8ea512489de49f532 build-sys: add cppcheck target. But it is preferable to use a make phony target for it, as this patch does. There are two general reasons to use a phony target: to avoid a conflict with a file of the same name, and to improve performance. In this case the first reason is obvious, and the second is that make skips the implicit rule search for phony targets, since it knows that phony targets do not name actual files that could be remade from other files (as described in the Gnu Make Manual). Signed-off-by: Elia Pinto devzero2...@rpm5.org --- Makefile.am |1 + 1 file changed, 1 insertion(+) diff --git a/Makefile.am b/Makefile.am index 935a195..9b982f5 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5070,6 +5070,7 @@ tests += \ test-libsystemd-login-sym \ test-libudev-sym +.PHONY: cppcheck cppcheck: cppcheck --enable=all -q $(top_srcdir) -- 1.7.10.4 ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH v2 6/8] add GOP mode setting and splash drawing support
On Sun, Jan 19, 2014 at 5:59 AM, Kay Sievers k...@vrfy.org wrote: On Fri, Jan 17, 2014 at 12:18 PM, Ylinen, Mikko mikko.yli...@intel.com wrote: Could we first try to optimize the BMP loader? Also, could you share your test image so I can have a look? We've simply used the web page logo [1] exported using Gimp: $ identify gummiboot-icon3.bmp gummiboot-icon3.bmp BMP 295x245 295x245+0+0 8-bit DirectClass 218KB 0.000u 0:00.000 Unfortunately that doesn't say much. What color-depth is it? Do you also use an alpha channel? Gimp automatically imports the alpha channel from the SVG background layer. With alpha, it is the slowest of the options we have, we have to calculate every byte by merging the original with the pict and store it back. This is the one in the gummiboot git tree: $ identify test/splash.bmp test/splash.bmp BMP 295x245 295x245+0+0 8-bit sRGB 289KB 0.000u 0:00.000 It's 32bit/pixel, with an alpha channel. It's a bit larger, your pict is 24 bit? I verified the numbers and used test/splash.bmp as the source image. Looks like test/splash.bmp only adds 10ms more compared with BGRX. My original BMP is 24bit, no alpha. As far as I can tell this is the same as test/splash.bmp but without alpha channel. -- Mikko ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH v2 6/8] add GOP mode setting and splash drawing support
Hi Mikko, On Wed, Jan 22, 2014 at 12:42 PM, Ylinen, Mikko mikko.yli...@intel.com wrote: On Sun, Jan 19, 2014 at 5:59 AM, Kay Sievers k...@vrfy.org wrote: On Fri, Jan 17, 2014 at 12:18 PM, Ylinen, Mikko mikko.yli...@intel.com wrote: Could we first try to optimize the BMP loader? Also, could you share your test image so I can have a look? We've simply used the web page logo [1] exported using Gimp: $ identify gummiboot-icon3.bmp gummiboot-icon3.bmp BMP 295x245 295x245+0+0 8-bit DirectClass 218KB 0.000u 0:00.000 Unfortunately that doesn't say much. What color-depth is it? Do you also use an alpha channel? Gimp automatically imports the alpha channel from the SVG background layer. With alpha, it is the slowest of the options we have, we have to calculate every byte by merging the original with the pict and store it back. This is the one in the gummiboot git tree: $ identify test/splash.bmp test/splash.bmp BMP 295x245 295x245+0+0 8-bit sRGB 289KB 0.000u 0:00.000 It's 32bit/pixel, with an alpha channel. It's a bit larger, your pict is 24 bit? I verified the numbers and used test/splash.bmp as the source image. Looks like test/splash.bmp only adds 10ms more compared with BGRX. My original BMP is 24bit, no alpha. As far as I can tell this is the same as test/splash.bmp but without alpha channel. Hm, so are you saying that the 24bit BMP adds 75ms, but the 32bit one only adds 15ms in your measurements (compared to no splash at all)? That would be very odd... (FWIW, I'm also seeing ~10-20ms for 32 bit BMP (which I thought was reasonable)). -t ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH v2 6/8] add GOP mode setting and splash drawing support
On Wed, Jan 22, 2014 at 12:42 PM, Ylinen, Mikko mikko.yli...@intel.com wrote: I verified the numbers and used test/splash.bmp as the source image. Looks like test/splash.bmp only adds 10ms more compared with BGRX. My original BMP is 24bit, no alpha. As far as I can tell this is the same as test/splash.bmp but without alpha channel. Oh, so if we detect that we do not need to blend, which is probably the most expensive part, we should be in the same area as the original, I guess. What are your relative numbers, do the 10ms matter or is it already good enough? Thanks, Kay ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH v2 6/8] add GOP mode setting and splash drawing support
On Wed, Jan 22, 2014 at 1:53 PM, Kay Sievers k...@vrfy.org wrote: On Wed, Jan 22, 2014 at 12:42 PM, Ylinen, Mikko mikko.yli...@intel.com wrote: I verified the numbers and used test/splash.bmp as the source image. Looks like test/splash.bmp only adds 10ms more compared with BGRX. My original BMP is 24bit, no alpha. As far as I can tell this is the same as test/splash.bmp but without alpha channel. Oh, so if we detect that we do not need to blend, which is probably the most expensive part, we should be in the same area as the original, I guess. What are your relative numbers, do the 10ms matter or is it already good enough? I think this is good enough. I still haven't played with build flags... -- Mikko ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] networkd: Loosing nic's driver set functionality
Hi Tom, Making RTM_GETLINK and RTM_SETLINK asynchronously is causing RTM_SETLINK to remove the nic's functionality. In my case, I am loosing IFF_MULTICAST after networkd sets the interface up. I am not sure if 5d4795f37229 can solve the problem but the only documentation I found was stating ifi_change is reserved so I didn't look in to it. I have converted GETLINK call to sync and made sure SETLINK uses the flags coming from GETLINK call. Attaching a patch for it. Please ignore it if you can solve the problem in another way. Thanks, Umut 0001-networkd-link_get-is-synchronous.patch Description: Binary data ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] networkd: Loosing nic's driver set functionality
Hi Umut, On Wed, Jan 22, 2014 at 7:03 PM, Umut Tezduyar u...@tezduyar.com wrote: Making RTM_GETLINK and RTM_SETLINK asynchronously is causing RTM_SETLINK to remove the nic's functionality. In my case, I am loosing IFF_MULTICAST after networkd sets the interface up. I am not sure if 5d4795f37229 can solve the problem but the only documentation I found was stating ifi_change is reserved so I didn't look in to it. That patch was supposed to have fixed the problem. Could you try to reproduce with current git? Cheers, Tom ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] networkd: Loosing nic's driver set functionality
On Wed, Jan 22, 2014 at 7:34 PM, Tom Gundersen t...@jklm.no wrote: Hi Umut, On Wed, Jan 22, 2014 at 7:03 PM, Umut Tezduyar u...@tezduyar.com wrote: Making RTM_GETLINK and RTM_SETLINK asynchronously is causing RTM_SETLINK to remove the nic's functionality. In my case, I am loosing IFF_MULTICAST after networkd sets the interface up. I am not sure if 5d4795f37229 can solve the problem but the only documentation I found was stating ifi_change is reserved so I didn't look in to it. By the way, despite what the documentation makes one believe, ifi_change works like this: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/net/core/rtnetlink.c#n648. Cheers, Tom ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] networkd: Loosing nic's driver set functionality
Hi Umut, Making RTM_GETLINK and RTM_SETLINK asynchronously is causing RTM_SETLINK to remove the nic's functionality. In my case, I am loosing IFF_MULTICAST after networkd sets the interface up. I am not sure if 5d4795f37229 can solve the problem but the only documentation I found was stating ifi_change is reserved so I didn't look in to it. I have converted GETLINK call to sync and made sure SETLINK uses the flags coming from GETLINK call. Attaching a patch for it. Please ignore it if you can solve the problem in another way. RTNL is not a synchronous interface. This is just paper over a hole approach. It is not stopping anybody from doing any modification behind your back while you think you wait for your GETLINK response. Regards Marcel ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] networkd: Loosing nic's driver set functionality
Hi Marcel, Tom, Thanks for the tips. Tom, I will try the git and let you know if it doesn't work but from the kernel code, it seems it should work fine. Thanks, Umut On Wed, Jan 22, 2014 at 8:08 PM, Marcel Holtmann mar...@holtmann.org wrote: Hi Umut, Making RTM_GETLINK and RTM_SETLINK asynchronously is causing RTM_SETLINK to remove the nic's functionality. In my case, I am loosing IFF_MULTICAST after networkd sets the interface up. I am not sure if 5d4795f37229 can solve the problem but the only documentation I found was stating ifi_change is reserved so I didn't look in to it. I have converted GETLINK call to sync and made sure SETLINK uses the flags coming from GETLINK call. Attaching a patch for it. Please ignore it if you can solve the problem in another way. RTNL is not a synchronous interface. This is just paper over a hole approach. It is not stopping anybody from doing any modification behind your back while you think you wait for your GETLINK response. Regards Marcel ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH 2/2] syscallfilter: port to libseccomp
---
Hi,
This patch ports the syscall filter to libseccomp. It can be disable with
--disable-seccomp and is enabled by default if libseccomp is present.
Maybe I should add a warning when parsing SyscallFilter in a .service
if seccomp has been disabled ?
Now the SyscallFilter property is a duplicate of the string in the .service
file instead of a uint array.
Ronny
Makefile.am| 30 ++---
README | 1 +
TODO | 1 -
configure.ac | 14
src/core/dbus-execute.c| 8 ++---
src/core/execute.c | 72 +--
src/core/execute.h | 8 -
src/core/load-fragment.c | 63 +-
src/shared/.gitignore | 4 ---
src/shared/linux/seccomp-bpf.h | 76 --
src/shared/linux/seccomp.h | 47 --
src/shared/syscall-list.c | 56 ---
src/shared/syscall-list.h | 41 ---
src/test/test-tables.c | 3 --
14 files changed, 75 insertions(+), 349 deletions(-)
delete mode 100644 src/shared/linux/seccomp-bpf.h
delete mode 100644 src/shared/linux/seccomp.h
delete mode 100644 src/shared/syscall-list.c
delete mode 100644 src/shared/syscall-list.h
diff --git a/Makefile.am b/Makefile.am
index 935a195..9a69fce 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -648,8 +648,6 @@ noinst_LTLIBRARIES += \
libsystemd_shared_la_SOURCES = \
src/shared/linux/auto_dev-ioctl.h \
src/shared/linux/fanotify.h \
- src/shared/linux/seccomp.h \
- src/shared/linux/seccomp-bpf.h \
src/shared/ioprio.h \
src/shared/missing.h \
src/shared/initreq.h \
@@ -757,8 +755,6 @@ libsystemd_shared_la_SOURCES = \
src/shared/net-util.h \
src/shared/errno-list.c \
src/shared/errno-list.h \
- src/shared/syscall-list.c \
- src/shared/syscall-list.h \
src/shared/audit.c \
src/shared/audit.h \
src/shared/xml.c \
@@ -766,9 +762,7 @@ libsystemd_shared_la_SOURCES = \
nodist_libsystemd_shared_la_SOURCES = \
src/shared/errno-from-name.h \
- src/shared/errno-to-name.h \
- src/shared/syscall-from-name.h \
- src/shared/syscall-to-name.h
+ src/shared/errno-to-name.h
#
--
noinst_LTLIBRARIES += \
@@ -993,6 +987,7 @@ libsystemd_core_la_CFLAGS = \
$(PAM_CFLAGS) \
$(AUDIT_CFLAGS) \
$(KMOD_CFLAGS) \
+ $(SECCOMP_CFLAGS) \
-pthread
libsystemd_core_la_LIBADD = \
@@ -1008,6 +1003,7 @@ libsystemd_core_la_LIBADD = \
$(PAM_LIBS) \
$(AUDIT_LIBS) \
$(CAP_LIBS) \
+ $(SECCOMP_LIBS) \
$(KMOD_LIBS)
src/core/load-fragment-gperf-nulstr.c: src/core/load-fragment-gperf.gperf
@@ -1021,33 +1017,13 @@ CLEANFILES += \
src/core/load-fragment-gperf.gperf \
src/core/load-fragment-gperf.c \
src/core/load-fragment-gperf-nulstr.c \
- src/shared/syscall-list.txt \
- src/shared/syscall-from-name.gperf \
src/shared/errno-list.txt \
src/shared/errno-from-name.gperf
BUILT_SOURCES += \
- src/shared/syscall-from-name.h \
- src/shared/syscall-to-name.h \
src/shared/errno-from-name.h \
src/shared/errno-to-name.h
-src/shared/syscall-list.txt:
- $(AM_V_at)$(MKDIR_P) $(dir $@)
- $(AM_V_GEN)$(CPP) $(CFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS) -dM -include
sys/syscall.h - /dev/null | $(AWK) '/^#define[ \t]+__NR_[^ ]+[ \t]+[0-9(]/ {
sub(/__NR_/, , $$2); if ($$2 !~ /SYSCALL_BASE/) print $$2; }' $@
-
-src/shared/syscall-from-name.gperf: src/shared/syscall-list.txt
- $(AM_V_at)$(MKDIR_P) $(dir $@)
- $(AM_V_GEN)$(AWK) 'BEGIN{ print struct syscall_name { const char*
name; int id; };; print %null-strings; print %%;} { printf %s,
__NR_%s\n, $$1, $$1 }' $ $@
-
-src/shared/syscall-from-name.h: src/shared/syscall-from-name.gperf
- $(AM_V_at)$(MKDIR_P) $(dir $@)
- $(AM_V_GPERF)$(GPERF) -L ANSI-C -t --ignore-case -N lookup_syscall -H
hash_syscall_name -p -C $ $@
-
-src/shared/syscall-to-name.h: src/shared/syscall-list.txt
- $(AM_V_at)$(MKDIR_P) $(dir $@)
- $(AM_V_GEN)$(AWK) 'BEGIN{ print static const char* const
syscall_names[] = { } { printf [SYSCALL_TO_INDEX(__NR_%s)] = \%s\,\n, $$1,
$$1 } END{print };}' $ $@
-
src/shared/errno-list.txt:
$(AM_V_at)$(MKDIR_P) $(dir $@)
$(AM_V_GEN)$(CPP) $(CFLAGS) $(AM_CPPFLAGS) $(CPPFLAGS) -dM -include
errno.h - /dev/null | $(AWK) '/^#define[ \t]+E[^ _]+[ \t]+[0-9]/ { print $$2;
}' $@
diff --git a/README b/README
index 0548e6a..d94fbb3 100644
--- a/README
+++ b/README
@@ -92,6 +92,7 @@ REQUIREMENTS:
glibc = 2.14
libcap
+libseccomp = 1.0.0 (optional)
libblkid = 2.20 (from
[systemd-devel] [PATCH 1/2] test: add basic seccomp tests
---
test/TEST-04-SECCOMP/Makefile | 1 +
test/TEST-04-SECCOMP/test-seccomp.sh| 11
test/TEST-04-SECCOMP/test.sh| 79 +
test/TEST-04-SECCOMP/will-fail.service | 6 +++
test/TEST-04-SECCOMP/will-not-fail.service | 6 +++
test/TEST-04-SECCOMP/will-not-fail2.service | 6 +++
6 files changed, 109 insertions(+)
create mode 12 test/TEST-04-SECCOMP/Makefile
create mode 100755 test/TEST-04-SECCOMP/test-seccomp.sh
create mode 100755 test/TEST-04-SECCOMP/test.sh
create mode 100644 test/TEST-04-SECCOMP/will-fail.service
create mode 100644 test/TEST-04-SECCOMP/will-not-fail.service
create mode 100644 test/TEST-04-SECCOMP/will-not-fail2.service
diff --git a/test/TEST-04-SECCOMP/Makefile b/test/TEST-04-SECCOMP/Makefile
new file mode 12
index 000..e9f93b1
--- /dev/null
+++ b/test/TEST-04-SECCOMP/Makefile
@@ -0,0 +1 @@
+../TEST-01-BASIC/Makefile
\ No newline at end of file
diff --git a/test/TEST-04-SECCOMP/test-seccomp.sh
b/test/TEST-04-SECCOMP/test-seccomp.sh
new file mode 100755
index 000..fef334e
--- /dev/null
+++ b/test/TEST-04-SECCOMP/test-seccomp.sh
@@ -0,0 +1,11 @@
+#!/bin/bash -x
+
+systemctl start will-fail.service
+systemctl start will-not-fail.service
+systemctl start will-not-fail2.service
+systemctl is-failed will-fail.service | grep failed || exit 1
+systemctl is-failed will-not-fail.service | grep failed exit 1
+systemctl is-failed will-not-fail2.service | grep failed exit 1
+
+touch /testok
+exit 0
diff --git a/test/TEST-04-SECCOMP/test.sh b/test/TEST-04-SECCOMP/test.sh
new file mode 100755
index 000..c29192e
--- /dev/null
+++ b/test/TEST-04-SECCOMP/test.sh
@@ -0,0 +1,79 @@
+#!/bin/bash
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+TEST_DESCRIPTION=seccomp tests
+
+. $TEST_BASE_DIR/test-functions
+
+check_result_qemu() {
+ret=1
+mkdir -p $TESTDIR/root
+mount ${LOOPDEV}p1 $TESTDIR/root
+[[ -e $TESTDIR/root/testok ]] ret=0
+[[ -f $TESTDIR/root/failed ]] cp -a $TESTDIR/root/failed $TESTDIR
+cp -a $TESTDIR/root/var/log/journal $TESTDIR
+umount $TESTDIR/root
+[[ -f $TESTDIR/failed ]] cat $TESTDIR/failed
+ls -l $TESTDIR/journal/*/*.journal
+test -s $TESTDIR/failed ret=$(($ret+1))
+return $ret
+}
+
+test_run() {
+if run_qemu; then
+check_result_qemu || return 1
+else
+dwarn can't run QEMU, skipping
+fi
+if check_nspawn; then
+run_nspawn
+check_result_nspawn || return 1
+else
+dwarn can't run systemd-nspawn, skipping
+fi
+return 0
+}
+
+test_setup() {
+create_empty_image
+mkdir -p $TESTDIR/root
+mount ${LOOPDEV}p1 $TESTDIR/root
+
+# Create what will eventually be our root filesystem onto an overlay
+(
+LOG_LEVEL=5
+eval $(udevadm info --export --query=env --name=${LOOPDEV}p2)
+
+setup_basic_environment
+
+# setup the testsuite service
+cat $initdir/etc/systemd/system/testsuite.service EOF
+[Unit]
+Description=Testsuite service
+After=multi-user.target
+
+[Service]
+ExecStart=/test-seccomp.sh
+Type=oneshot
+EOF
+
+# copy the units used by this test
+cp {will-fail,will-not-fail,will-not-fail2}.service \
+$initdir/etc/systemd/system
+cp test-seccomp.sh $initdir/
+
+setup_testsuite
+)
+setup_nspawn_root
+
+ddebug umount $TESTDIR/root
+umount $TESTDIR/root
+}
+
+test_cleanup() {
+umount $TESTDIR/root 2/dev/null
+[[ $LOOPDEV ]] losetup -d $LOOPDEV
+return 0
+}
+
+do_test $@
diff --git a/test/TEST-04-SECCOMP/will-fail.service
b/test/TEST-04-SECCOMP/will-fail.service
new file mode 100644
index 000..18e034e
--- /dev/null
+++ b/test/TEST-04-SECCOMP/will-fail.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Will fail
+
+[Service]
+ExecStart=/bin/echo This should not be seen
+SystemCallFilter=ioperm
diff --git a/test/TEST-04-SECCOMP/will-not-fail.service
b/test/TEST-04-SECCOMP/will-not-fail.service
new file mode 100644
index 000..c56797f
--- /dev/null
+++ b/test/TEST-04-SECCOMP/will-not-fail.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Will not fail
+
+[Service]
+ExecStart=/bin/echo Foo bar
+SystemCallFilter=~ioctl
diff --git a/test/TEST-04-SECCOMP/will-not-fail2.service
b/test/TEST-04-SECCOMP/will-not-fail2.service
new file mode 100644
index 000..2df05e3
--- /dev/null
+++ b/test/TEST-04-SECCOMP/will-not-fail2.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Reset SystemCallFilter
+
+[Service]
+ExecStart=/bin/echo Foo bar
+SystemCallFilter=
--
1.8.5.3
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
