| Age | Commit message (Collapse) | Author |
|---|
|
fork() is not async-signal-safe and calling it from the signal handler
could result in a deadlock when at_fork() handlers are called. Using
the raw clone() syscall sidesteps that problem.
The tricky part is that raise() does not work, since getpid() does not
work. Add raw_getpid() to get the real pid, and use kill() instead of
raise().
https://bugs.freedesktop.org/show_bug.cgi?id=86604
|
|
resulting name is actually valid
Also, rename filename_is_safe() to filename_is_valid(), since it
actually does a full validation for what the kernel will accept as file
name, it's not just a heuristic.
|
|
|
|
As kdbus no longer exports this, remove all traces from sd-bus too
|
|
On the contrary of env, the added function returns all characters
cescaped, because it improves reproducibility.
|
|
/proc/[pid]/cwd and /proc/[pid]/root are symliks to corresponding
directories
The added functions returns values of that symlinks.
|
|
|
|
|
|
The asserts used in the tests should never be allowed to be
optimized away
|
|
The alloca_align() helper is the alloca() equivalent of posix_memalign().
As there is no such function provided by glibc, we simply account for
additional memory and return a pointer offset into the allocated memory to
grant the alignment.
Furthermore, alloca0_align() is added, which simply clears the allocated
memory.
|
|
Properly free all temporary resources to make valgrind not complain about
lost records.
|
|
We must free FILE* after function return to not leak resources. Note that
this also closes our fd as fdopen() takes ownership of it.
Reported by Philippe De Swert (via coverity).
|
|
Similar to container_of(), we now use unique variable names for the bascic
math macros MAX, MIN, CLAMP, LESS_BY. Furthermore, unit tests are added to
verify they work as expected.
For a rationale, see:
commit fb835651aff79a1e7fc5795086c9b26e59a8e6ca
Author: David Herrmann <dh.herrmann@gmail.com>
Date: Fri Aug 22 14:41:37 2014 +0200
shared: make container_of() use unique variable names
|
|
If you stack container_of() macros, you will get warnings due to shadowing
variables of the parent context. To avoid this, use unique names for
variables.
Two new helpers are added:
UNIQ: This evaluates to a truly unique value never returned by any
evaluation of this macro. It's a shortcut for __COUNTER__.
UNIQ_T: Takes two arguments and concatenates them. It is a shortcut for
CONCATENATE, but meant to defined typed local variables.
As you usually want to use variables that you just defined, you need to
reference the same unique value at least two times. However, UNIQ returns
a new value on each evaluation, therefore, you have to pass the unique
values into the macro like this:
#define my_macro(a, b) __max_macro(UNIQ, UNIQ, (a), (b))
#define __my_macro(uniqa, uniqb, a, b) ({
typeof(a) UNIQ_T(A, uniqa) = (a);
typeof(b) UNIQ_T(B, uniqb) = (b);
MY_UNSAFE_MACRO(UNIQ_T(A, uniqa), UNIQ_T(B, uniqb));
})
This way, MY_UNSAFE_MACRO() can safely evaluate it's arguments multiple
times as they are local variables. But you can also stack invocations to
the macro my_macro() without clashing names.
This is the same as if you did:
#define my_macro(a, b) __max_macro(__COUNTER__, __COUNTER__, (a), (b))
#define __my_macro(prefixa, prefixb, a, b) ({
typeof(a) CONCATENATE(A, prefixa) = (a);
typeof(b) CONCATENATE(B, prefixb) = (b);
MY_UNSAFE_MACRO(CONCATENATE(A, prefixa), CONCATENATE(B, prefixb));
})
...but in my opinion, the first macro is easier to write and read.
This patch starts by converting container_of() to use this new helper.
Other macros may follow (like MIN, MAX, CLAMP, ...).
|
|
Otherwise it gets optimized out when CPPFLAGS='-DNDEBUG' is used.
Tested:
- make check TESTS='test-util' CPPFLAGS='-DNDEBUG'
|
|
The MAXSIZE() macro takes two types and returns the size of the larger
one. It is much simpler to use than MAX(sizeof(A), sizeof(B)) and also
avoids any compiler-extensions, unlike CONST_MAX() and MAX() (which are
needed to avoid evaluating arguments more than once). This was suggested
by Daniele Nicolodi <daniele@grinta.net>.
Also make resolved use this macro instead of CONST_MAX(). This enhances
readability quite a bit.
|
|
|
|
|
|
add tests for:
- is_symlink
- pid_is_unwaited
- pid_is_alive
- search_and_fopen
- search_and_fopen_nulstr
- glob_exists
- execute_directory
|
|
The CONST_MAX() macro is similar to MAX(), but verifies that both
arguments have the same type and are constant expressions. Furthermore,
the result of CONST_MAX() is again a constant-expression.
CONST_MAX() avoids any statement-expressions and other non-trivial
expression-types. This avoids rather arbitrary restrictions in both GCC
and LLVM, which both either fail with statement-expressions inside
type-declarations or statement-expressions inside static-const
initializations.
If anybody knows how to circumvent this, please feel free to unify
CONST_MAX() and MAX().
|
|
The "0,5" syntax was actually right. The real problem is, the test should
only run if the local system has the de_DE.UTF-8 locale. Therefore, skip
the tests if setlocale() fails. This is kinda ugly, as it is done
silently, but we cannot skip partial tests with the current
infrastructure. Should be fine this way.
|
|
One strtod() test is broken since:
commit 8e211000025940b770794abf5754de61b4add0af
Author: Thomas Hindoe Paaboel Andersen <phomes@gmail.com>
Date: Mon Aug 4 23:13:31 2014 +0200
test: use fabs on doubles
The commit was right, so no reason to revert it, but the test was broken
before and only worked by coincidence. Convert "0,5" to "0.5" so we don't
depend on locales for double conversion (or well, we depend on "C" which
seems reasonable).
|
|
This makes strappenda3 redundant, so we remove its usage and
definition. Add a few tests along the way for sanity.
|
|
|
|
$ systemd-analyze verify trailing-g.service
[./trailing-g.service:2] Trailing garbage, ignoring.
trailing-g.service lacks ExecStart setting. Refusing.
Error: org.freedesktop.systemd1.LoadFailed: Unit trailing-g.service failed to load: Invalid argument.
Failed to create trailing-g.service/start: Invalid argument
|
|
String which ended in an unfinished quote were accepted, potentially
with bad memory accesses.
Reject anything which ends in a unfished quote, or contains
non-whitespace characters right after the closing quote.
_FOREACH_WORD now returns the invalid character in *state. But this return
value is not checked anywhere yet.
Also, make 'word' and 'state' variables const pointers, and rename 'w'
to 'word' in various places. Things are easier to read if the same name
is used consistently.
mbiebl_> am I correct that something like this doesn't work
mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"'
mbiebl_> systemd seems to strip of the quotes
mbiebl_> systemctl status shows
mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint
mbiebl_> which is pretty weird
|
|
Require exact matches in all cases instead of treating strings
starting with 't' ('f') as true (false).
This is required for config_parse_protect_system to parse ProtectSystem=full
correctly: it uses parse_boolean and only tries a more specific parsing
function if that did not return a valid result. Thus "full" was treated as
"false" before.
|
|
|
|
Better safe than sorry.
|
|
add tests for:
- filename_is_safe
- ascii_strlower
- files_same
- is_valid_documentation_url
- file_in_same_dir
- endswith
- close_nointr
- unlink_noerrno
- readlink_and_make_absolute
- read_one_char
- ignore_signals
- strshorten
|
|
|
|
No functional change expected :)
|
|
Sounds easy, turns out to be horrible to implement: ALIGN_POWER2 returns
the next higher power of 2. clz(0) is undefined, same is true for
left-shift-overflows, yey, C rocks!
|
|
number of fixed strings
|
|
safe_close() automatically becomes a NOP when a negative fd is passed,
and returns -1 unconditionally. This makes it easy to write lines like
this:
fd = safe_close(fd);
Which will close an fd if it is open, and reset the fd variable
correctly.
By making use of this new scheme we can drop a > 200 lines of code that
was required to test for non-negative fds or to reset the closed fd
variable afterwards.
|
|
|
|
This is very useful when debugging sd-bus to look at messages.
|
|
first argument
|
|
Things like 3B4T, 4B50B, 400 100 (meaning 4*1024**4+3, 54, and 500,
respectively) are now disallowed. It is necessary to say 4T3B, 54B,
500 instead. I think this was confusing and error prone.
As a special form, 400B 100 is allowed, i.e. "B" suffix is treated
as different from "", although they mean the same thing.
|
|
It seems natural to be able to say SystemMaxUsage=1.5G.
https://bugzilla.redhat.com/show_bug.cgi?id=1047568
|
|
for sizes
According to Wikipedia it is customary to specify hardware metrics and
transfer speeds to the basis 1000 (SI decimal), while software metrics
and physical volatile memory (RAM) sizes to the basis 1024 (IEC binary).
So far we specified everything in IEC, let's fix that and be more
true to what's otherwise customary. Since we don't want to parse "Mi"
instead of "M" we document each time what the context used is.
|
|
If -flto is used then gcc will generate a lot more warnings than before,
among them a number of use-without-initialization warnings. Most of them
without are false positives, but let's make them go away, because it
doesn't really matter.
|
|
|
|
Current glibc implementation is safe. Kernel does this atomically,
and write is actually implemented through writev. So if write is
async-signal-safe, than writev pretty much must be too.
|
|
Let's unify our code here, and also always specifiy O_CLOEXEC.
|
|
signal(7) provides a list of functions which may be called from a
signal handler. Other functions, which only call those functions and
don't access global memory and are reentrant are also safe.
sd_j_sendv was mostly OK, but would call mkostemp and writev in a
fallback path, which are unsafe.
Being able to call sd_j_sendv in a async-signal-safe way is important
because it allows it be used in signal handlers.
Safety is achieved by replacing mkostemp with open(O_TMPFILE) and an
open-coded writev replacement which uses write. Unfortunately,
O_TMPFILE is only available on kernels >= 3.11. When O_TMPFILE is
unavailable, an open-coded mkostemp is used.
https://bugzilla.gnome.org/show_bug.cgi?id=722889
|
|
Introduce IN_SET() macro to nicely check whether a value a is one of a
few listed values.
This makes writing this:
if (a == 1 || a == 7 || a == 8 || a == 9)
nicer, by allowing this:
if (IN_SET(a, 1, 7, 8, 9))
This is particularly useful for state machine enums.
|
|
|
|
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=69887
Based-on-a-patch-by: Hans Petter Jansson <hpj@copyleft.no>
|
