9 files changed, 157 insertions, 54 deletions

diff --git a/src/basic/bitmap.c b/src/basic/bitmap.c
index 0747749d13..bf9d8d4d7c 100644
--- a/src/basic/bitmap.c
+++ b/src/basic/bitmap.c
@@ -24,7 +24,7 @@
 #include "bitmap.h"
 
 struct Bitmap {
-        long long unsigned *bitmaps;
+        uint64_t *bitmaps;
         size_t n_bitmaps;
         size_t bitmaps_allocated;
 };
@@ -37,9 +37,9 @@ struct Bitmap {
 /* This indicates that we reached the end of the bitmap */
 #define BITMAP_END ((unsigned) -1)
 
-#define BITMAP_NUM_TO_OFFSET(n)           ((n) / (sizeof(long long unsigned) * 8))
-#define BITMAP_NUM_TO_REM(n)              ((n) % (sizeof(long long unsigned) * 8))
-#define BITMAP_OFFSET_TO_NUM(offset, rem) ((offset) * sizeof(long long unsigned) * 8 + (rem))
+#define BITMAP_NUM_TO_OFFSET(n)           ((n) / (sizeof(uint64_t) * 8))
+#define BITMAP_NUM_TO_REM(n)              ((n) % (sizeof(uint64_t) * 8))
+#define BITMAP_OFFSET_TO_NUM(offset, rem) ((offset) * sizeof(uint64_t) * 8 + (rem))
 
 Bitmap *bitmap_new(void) {
         return new0(Bitmap, 1);
@@ -56,6 +56,8 @@ void bitmap_free(Bitmap *b) {
 int bitmap_ensure_allocated(Bitmap **b) {
         Bitmap *a;
 
+        assert(b);
+
         if (*b)
                 return 0;
 
@@ -69,7 +71,7 @@ int bitmap_ensure_allocated(Bitmap **b) {
 }
 
 int bitmap_set(Bitmap *b, unsigned n) {
-        long long unsigned bitmask;
+        uint64_t bitmask;
         unsigned offset;
 
         assert(b);
@@ -87,7 +89,7 @@ int bitmap_set(Bitmap *b, unsigned n) {
                 b->n_bitmaps = offset + 1;
         }
 
-        bitmask = 1ULL << BITMAP_NUM_TO_REM(n);
+        bitmask = UINT64_C(1) << BITMAP_NUM_TO_REM(n);
 
         b->bitmaps[offset] |= bitmask;
 
@@ -95,26 +97,27 @@ int bitmap_set(Bitmap *b, unsigned n) {
 }
 
 void bitmap_unset(Bitmap *b, unsigned n) {
-        long long unsigned bitmask;
+        uint64_t bitmask;
         unsigned offset;
 
-        assert(b);
+        if (!b)
+                return;
 
         offset = BITMAP_NUM_TO_OFFSET(n);
 
         if (offset >= b->n_bitmaps)
                 return;
 
-        bitmask = 1ULL << BITMAP_NUM_TO_REM(n);
+        bitmask = UINT64_C(1) << BITMAP_NUM_TO_REM(n);
 
         b->bitmaps[offset] &= ~bitmask;
 }
 
 bool bitmap_isset(Bitmap *b, unsigned n) {
-        long long unsigned bitmask;
+        uint64_t bitmask;
         unsigned offset;
 
-        if (!b || !b->bitmaps)
+        if (!b)
                 return false;
 
         offset = BITMAP_NUM_TO_OFFSET(n);
@@ -122,7 +125,7 @@ bool bitmap_isset(Bitmap *b, unsigned n) {
         if (offset >= b->n_bitmaps)
                 return false;
 
-        bitmask = 1ULL << BITMAP_NUM_TO_REM(n);
+        bitmask = UINT64_C(1) << BITMAP_NUM_TO_REM(n);
 
         return !!(b->bitmaps[offset] & bitmask);
 }
@@ -133,31 +136,31 @@ bool bitmap_isclear(Bitmap *b) {
         assert(b);
 
         for (i = 0; i < b->n_bitmaps; i++)
-                if (b->bitmaps[i])
+                if (b->bitmaps[i] != 0)
                         return false;
 
         return true;
 }
 
 void bitmap_clear(Bitmap *b) {
-        unsigned i;
-
         assert(b);
 
-        for (i = 0; i < b->n_bitmaps; i++)
-                b->bitmaps[i] = 0;
+        b->n_bitmaps = 0;
 }
 
 bool bitmap_iterate(Bitmap *b, Iterator *i, unsigned *n) {
-        long long unsigned bitmask;
+        uint64_t bitmask;
         unsigned offset, rem;
 
+        assert(i);
+        assert(n);
+
         if (!b || i->idx == BITMAP_END)
                 return false;
 
         offset = BITMAP_NUM_TO_OFFSET(i->idx);
         rem = BITMAP_NUM_TO_REM(i->idx);
-        bitmask = 1ULL << rem;
+        bitmask = UINT64_C(1) << rem;
 
         for (; offset < b->n_bitmaps; offset ++) {
                 if (b->bitmaps[offset]) {
@@ -181,7 +184,6 @@ bool bitmap_iterate(Bitmap *b, Iterator *i, unsigned *n) {
 }
 
 bool bitmap_equal(Bitmap *a, Bitmap *b) {
-        unsigned i;
 
         if (!a ^ !b)
                 return false;
@@ -192,9 +194,5 @@ bool bitmap_equal(Bitmap *a, Bitmap *b) {
         if (a->n_bitmaps != b->n_bitmaps)
                 return false;
 
-        for (i = 0; i < a->n_bitmaps; i++)
-                if (a->bitmaps[i] != b->bitmaps[i])
-                        return false;
-
-        return true;
+        return memcmp(a->bitmaps, b->bitmaps, sizeof(uint64_t) * a->n_bitmaps) == 0;
 }
diff --git a/src/basic/copy.c b/src/basic/copy.c
index 230e7e4d3f..e2d356d676 100644
--- a/src/basic/copy.c
+++ b/src/basic/copy.c
@@ -24,6 +24,7 @@
 
 #include "util.h"
 #include "btrfs-util.h"
+#include "strv.h"
 #include "copy.h"
 
 #define COPY_BUFFER_SIZE (16*1024)
@@ -262,10 +263,13 @@ static int fd_copy_directory(
                 (void) copy_xattr(dirfd(d), fdt);
         }
 
-        FOREACH_DIRENT(de, d, return -errno) {
+        FOREACH_DIRENT_ALL(de, d, return -errno) {
                 struct stat buf;
                 int q;
 
+                if (STR_IN_SET(de->d_name, ".", ".."))
+                        continue;
+
                 if (fstatat(dirfd(d), de->d_name, &buf, AT_SYMLINK_NOFOLLOW) < 0) {
                         r = -errno;
                         continue;
diff --git a/src/basic/exit-status.c b/src/basic/exit-status.c
index 5ab36825c0..fcff753ada 100644
--- a/src/basic/exit-status.c
+++ b/src/basic/exit-status.c
@@ -151,6 +151,9 @@ const char* exit_status_to_string(ExitStatus status, ExitStatusLevel level) {
 
                 case EXIT_BUS_ENDPOINT:
                         return "BUS_ENDPOINT";
+
+                case EXIT_SMACK_PROCESS_LABEL:
+                        return "SMACK_PROCESS_LABEL";
                 }
         }
 
diff --git a/src/basic/fileio.c b/src/basic/fileio.c
index d592bf5ac9..2216853777 100644
--- a/src/basic/fileio.c
+++ b/src/basic/fileio.c
@@ -786,7 +786,7 @@ int executable_is_script(const char *path, char **interpreter) {
  */
 int get_status_field(const char *filename, const char *pattern, char **field) {
         _cleanup_free_ char *status = NULL;
-        char *t;
+        char *t, *f;
         size_t len;
         int r;
 
@@ -820,9 +820,10 @@ int get_status_field(const char *filename, const char *pattern, char **field) {
 
         len = strcspn(t, WHITESPACE);
 
-        *field = strndup(t, len);
-        if (!*field)
+        f = strndup(t, len);
+        if (!f)
                 return -ENOMEM;
 
+        *field = f;
         return 0;
 }
diff --git a/src/basic/macro.h b/src/basic/macro.h
index 5fa17ed208..627d768b76 100644
--- a/src/basic/macro.h
+++ b/src/basic/macro.h
@@ -26,6 +26,7 @@
 #include <sys/types.h>
 #include <sys/uio.h>
 #include <inttypes.h>
+#include <stdbool.h>
 
 #define _printf_(a,b) __attribute__ ((format (printf, a, b)))
 #define _alloc_(...) __attribute__ ((alloc_size(__VA_ARGS__)))
@@ -406,12 +407,12 @@ do {                                                                    \
 
 #define IN_SET(x, y, ...)                                               \
         ({                                                              \
-                const typeof(y) _y = (y);                               \
-                const typeof(_y) _x = (x);                              \
+                static const typeof(y) _array[] = { (y), __VA_ARGS__ }; \
+                const typeof(y) _x = (x);                               \
                 unsigned _i;                                            \
                 bool _found = false;                                    \
-                for (_i = 0; _i < 1 + sizeof((const typeof(_x)[]) { __VA_ARGS__ })/sizeof(const typeof(_x)); _i++) \
-                        if (((const typeof(_x)[]) { _y, __VA_ARGS__ })[_i] == _x) { \
+                for (_i = 0; _i < ELEMENTSOF(_array); _i++)             \
+                        if (_array[_i] == _x) {                         \
                                 _found = true;                          \
                                 break;                                  \
                         }                                               \
@@ -461,6 +462,18 @@ do {                                                                    \
 #define GID_INVALID ((gid_t) -1)
 #define MODE_INVALID ((mode_t) -1)
 
+static inline bool UID_IS_INVALID(uid_t uid) {
+        /* We consider both the old 16bit -1 user and the newer 32bit
+         * -1 user invalid, since they are or used to be incompatible
+         * with syscalls such as setresuid() or chown(). */
+
+        return uid == (uid_t) ((uint32_t) -1) || uid == (uid_t) ((uint16_t) -1);
+}
+
+static inline bool GID_IS_INVALID(gid_t gid) {
+        return gid == (gid_t) ((uint32_t) -1) || gid == (gid_t) ((uint16_t) -1);
+}
+
 #define DEFINE_TRIVIAL_CLEANUP_FUNC(type, func)                 \
         static inline void func##p(type *p) {                   \
                 if (*p)                                         \
diff --git a/src/basic/missing.h b/src/basic/missing.h
index be7f6186fc..ed6cd80c75 100644
--- a/src/basic/missing.h
+++ b/src/basic/missing.h
@@ -772,7 +772,7 @@ static inline int setns(int fd, int nstype) {
 #define IFLA_VXLAN_MAX  (__IFLA_VXLAN_MAX - 1)
 #endif
 
-#if !HAVE_DECL_IFLA_IPTUN_6RD_RELAY_PREFIXLEN
+#if !HAVE_DECL_IFLA_IPTUN_ENCAP_DPORT
 #define IFLA_IPTUN_UNSPEC 0
 #define IFLA_IPTUN_LINK 1
 #define IFLA_IPTUN_LOCAL 2
@@ -788,11 +788,41 @@ static inline int setns(int fd, int nstype) {
 #define IFLA_IPTUN_6RD_RELAY_PREFIX 12
 #define IFLA_IPTUN_6RD_PREFIXLEN 13
 #define IFLA_IPTUN_6RD_RELAY_PREFIXLEN 14
-#define __IFLA_IPTUN_MAX 15
+#define IFLA_IPTUN_ENCAP_TYPE 15
+#define IFLA_IPTUN_ENCAP_FLAGS 16
+#define IFLA_IPTUN_ENCAP_SPORT 17
+#define IFLA_IPTUN_ENCAP_DPORT 18
+
+#define __IFLA_IPTUN_MAX 19
 
 #define IFLA_IPTUN_MAX  (__IFLA_IPTUN_MAX - 1)
 #endif
 
+#if !HAVE_DECL_IFLA_GRE_ENCAP_DPORT
+#define IFLA_GRE_UNSPEC 0
+#define IFLA_GRE_LINK 1
+#define IFLA_GRE_IFLAGS 2
+#define IFLA_GRE_OFLAGS 3
+#define IFLA_GRE_IKEY 4
+#define IFLA_GRE_OKEY 5
+#define IFLA_GRE_LOCAL 6
+#define IFLA_GRE_REMOTE 7
+#define IFLA_GRE_TTL 8
+#define IFLA_GRE_TOS 9
+#define IFLA_GRE_PMTUDISC 10
+#define IFLA_GRE_ENCAP_LIMIT 11
+#define IFLA_GRE_FLOWINFO 12
+#define IFLA_GRE_FLAGS 13
+#define IFLA_GRE_ENCAP_TYPE 14
+#define IFLA_GRE_ENCAP_FLAGS 15
+#define IFLA_GRE_ENCAP_SPORT 16
+#define IFLA_GRE_ENCAP_DPORT 17
+
+#define __IFLA_GRE_MAX 18
+
+#define IFLA_GRE_MAX  (__IFLA_GRE_MAX - 1)
+#endif
+
 #if !HAVE_DECL_IFLA_BRIDGE_VLAN_INFO
 #define IFLA_BRIDGE_FLAGS 0
 #define IFLA_BRIDGE_MODE 1
@@ -802,7 +832,7 @@ static inline int setns(int fd, int nstype) {
 #define IFLA_BRIDGE_MAX (__IFLA_BRIDGE_MAX - 1)
 #endif
 
-#if !HAVE_DECL_IFLA_BRPORT_UNICAST_FLOOD
+#if !HAVE_DECL_IFLA_BRPORT_LEARNING_SYNC
 #define IFLA_BRPORT_UNSPEC 0
 #define IFLA_BRPORT_STATE 1
 #define IFLA_BRPORT_PRIORITY 2
@@ -813,7 +843,9 @@ static inline int setns(int fd, int nstype) {
 #define IFLA_BRPORT_FAST_LEAVE 7
 #define IFLA_BRPORT_LEARNING 8
 #define IFLA_BRPORT_UNICAST_FLOOD 9
-#define __IFLA_BRPORT_MAX 10
+#define IFLA_BRPORT_PROXYARP 10
+#define IFLA_BRPORT_LEARNING_SYNC 11
+#define __IFLA_BRPORT_MAX 12
 
 #define IFLA_BRPORT_MAX (__IFLA_BRPORT_MAX - 1)
 #endif
diff --git a/src/basic/process-util.c b/src/basic/process-util.c
index 2c05f2fee4..61f188467f 100644
--- a/src/basic/process-util.c
+++ b/src/basic/process-util.c
@@ -43,7 +43,10 @@ int get_process_state(pid_t pid) {
         assert(pid >= 0);
 
         p = procfs_file_alloca(pid, "stat");
+
         r = read_one_line_file(p, &line);
+        if (r == -ENOENT)
+                return -ESRCH;
         if (r < 0)
                 return r;
 
@@ -87,8 +90,11 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char *
         p = procfs_file_alloca(pid, "cmdline");
 
         f = fopen(p, "re");
-        if (!f)
+        if (!f) {
+                if (errno == ENOENT)
+                        return -ESRCH;
                 return -errno;
+        }
 
         if (max_length == 0) {
                 size_t len = 0, allocated = 0;
@@ -182,8 +188,11 @@ int is_kernel_thread(pid_t pid) {
 
         p = procfs_file_alloca(pid, "cmdline");
         f = fopen(p, "re");
-        if (!f)
+        if (!f) {
+                if (errno == ENOENT)
+                        return -ESRCH;
                 return -errno;
+        }
 
         count = fread(&c, 1, 1, f);
         eof = feof(f);
@@ -199,13 +208,18 @@ int is_kernel_thread(pid_t pid) {
 
 int get_process_capeff(pid_t pid, char **capeff) {
         const char *p;
+        int r;
 
         assert(capeff);
         assert(pid >= 0);
 
         p = procfs_file_alloca(pid, "status");
 
-        return get_status_field(p, "\nCapEff:", capeff);
+        r = get_status_field(p, "\nCapEff:", capeff);
+        if (r == -ENOENT)
+                return -ESRCH;
+
+        return r;
 }
 
 static int get_process_link_contents(const char *proc_file, char **name) {
@@ -215,8 +229,10 @@ static int get_process_link_contents(const char *proc_file, char **name) {
         assert(name);
 
         r = readlink_malloc(proc_file, name);
+        if (r == -ENOENT)
+                return -ESRCH;
         if (r < 0)
-                return r == -ENOENT ? -ESRCH : r;
+                return r;
 
         return 0;
 }
@@ -253,8 +269,11 @@ static int get_process_id(pid_t pid, const char *field, uid_t *uid) {
 
         p = procfs_file_alloca(pid, "status");
         f = fopen(p, "re");
-        if (!f)
+        if (!f) {
+                if (errno == ENOENT)
+                        return -ESRCH;
                 return -errno;
+        }
 
         FOREACH_LINE(line, f, return -errno) {
                 char *l;
@@ -316,8 +335,11 @@ int get_process_environ(pid_t pid, char **env) {
         p = procfs_file_alloca(pid, "environ");
 
         f = fopen(p, "re");
-        if (!f)
+        if (!f) {
+                if (errno == ENOENT)
+                        return -ESRCH;
                 return -errno;
+        }
 
         while ((c = fgetc(f)) != EOF) {
                 if (!GREEDY_REALLOC(outcome, allocated, sz + 5))
@@ -329,10 +351,13 @@ int get_process_environ(pid_t pid, char **env) {
                         sz += cescape_char(c, outcome + sz);
         }
 
-        if (sz == 0)
-                return -ENOENT;
+        if (!outcome) {
+                outcome = strdup("");
+                if (!outcome)
+                        return -ENOMEM;
+        } else
+                outcome[sz] = '\0';
 
-        outcome[sz] = '\0';
         *env = outcome;
         outcome = NULL;
 
@@ -355,6 +380,8 @@ int get_parent_of_pid(pid_t pid, pid_t *_ppid) {
 
         p = procfs_file_alloca(pid, "stat");
         r = read_one_line_file(p, &line);
+        if (r == -ENOENT)
+                return -ESRCH;
         if (r < 0)
                 return r;
 
@@ -475,8 +502,11 @@ int getenv_for_pid(pid_t pid, const char *field, char **_value) {
         path = procfs_file_alloca(pid, "environ");
 
         f = fopen(path, "re");
-        if (!f)
+        if (!f) {
+                if (errno == ENOENT)
+                        return -ESRCH;
                 return -errno;
+        }
 
         l = strlen(field);
         r = 0;
@@ -535,7 +565,7 @@ bool pid_is_alive(pid_t pid) {
                 return false;
 
         r = get_process_state(pid);
-        if (r == -ENOENT || r == 'Z')
+        if (r == -ESRCH || r == 'Z')
                 return false;
 
         return true;
diff --git a/src/basic/util.c b/src/basic/util.c
index dc20fa9baf..7896be8788 100644
--- a/src/basic/util.c
+++ b/src/basic/util.c
@@ -5729,13 +5729,19 @@ int unquote_first_word(const char **p, char **ret, UnquoteFlags flags) {
                 case VALUE:
                         if (c == 0)
                                 goto finish;
-                        else if (c == '\'')
+                        else if (c == '\'') {
+                                if (!GREEDY_REALLOC(s, allocated, sz+1))
+                                        return -ENOMEM;
+
                                 state = SINGLE_QUOTE;
-                        else if (c == '\\')
+                        } else if (c == '\\')
                                 state = VALUE_ESCAPE;
-                        else if (c == '\"')
+                        else if (c == '\"') {
+                                if (!GREEDY_REALLOC(s, allocated, sz+1))
+                                        return -ENOMEM;
+
                                 state = DOUBLE_QUOTE;
-                        else if (strchr(WHITESPACE, c))
+                        } else if (strchr(WHITESPACE, c))
                                 state = SPACE;
                         else {
                                 if (!GREEDY_REALLOC(s, allocated, sz+2))
diff --git a/src/basic/virt.c b/src/basic/virt.c
index 1299a75ed5..a8d26716a1 100644
--- a/src/basic/virt.c
+++ b/src/basic/virt.c
@@ -188,7 +188,7 @@ int detect_vm(const char **id) {
         _cleanup_free_ char *domcap = NULL, *cpuinfo_contents = NULL;
         static thread_local int cached_found = -1;
         static thread_local const char *cached_id = NULL;
-        const char *_id = NULL;
+        const char *_id = NULL, *_id_cpuid = NULL;
         int r;
 
         if (_likely_(cached_found >= 0)) {
@@ -234,10 +234,26 @@ int detect_vm(const char **id) {
 
         /* this will set _id to "other" and return 0 for unknown hypervisors */
         r = detect_vm_cpuid(&_id);
-        if (r != 0)
+
+        /* finish when found a known hypervisor other than kvm */
+        if (r < 0 || (r > 0 && !streq(_id, "kvm")))
                 goto finish;
 
+        _id_cpuid = _id;
+
         r = detect_vm_dmi(&_id);
+
+        /* kvm with and without Virtualbox */
+        if (streq_ptr(_id_cpuid, "kvm")) {
+                if (r > 0 && streq(_id, "oracle"))
+                        goto finish;
+
+                _id = _id_cpuid;
+                r = 1;
+                goto finish;
+        }
+
+        /* information from dmi */
         if (r != 0)
                 goto finish;