Age | Commit message (Collapse) | Author |
|
Absolute paths should be sufficient to prevent funny business,
and while path_is_safe() checks this, it also checks whether the path
contains . or .. components, which while odd, aren't a security risk.
|
|
CID 1315105: Resource leaks (RESOURCE_LEAK)
/src/libsystemd-network/sd-dhcp-server.c: 800 in
dhcp_server_handle_message()
*** CID 1315105: Resource leaks (RESOURCE_LEAK)
/src/libsystemd-network/sd-dhcp-server.c: 800 in
|
|
add O_NONBLOCK to terminal handling
|
|
|
|
That's just handle this as a normal error.
|
|
|
|
In case of non-CLOCAL lines (i.e. those with carrier detect configured)
we shouldnt wait for a carrier if all we try to do is reset the TTY.
Hence, whenever we open such a TTY pass O_NONBLOCK.
Note that we continue to open ttys we intend to write to without
O_ONBLOCK, we only add it in cases we invoke ioctl()s or other terminal
operations without reading or writing to the device.
Fixes #835.
|
|
tree-wide: convert bootchart and lldp code to use clock_boottime_or_m…
|
|
sd-event: make sure sd_event_now() cannot fail
|
|
We should avoid using CLOCK_BOOTTIME directly unless we actually can
sensible distuingish it from CLOCK_MONOTONIC. CLOCK_BOOTTIME is only
fully feature on very recent Linux kernels, hence we should stick to a
fallback logic, which is already available in the
clock_boottime_or_monotonic() call.
|
|
systemd-mailing-devs/1438566907-9544-1-git-send-email-wangkefeng.wang@huawei.com
logind: add standard gpio power button support
|
|
Previously, if the event loop never ran before sd_event_now() would
fail. With this change it will instead fall back to invoking now(). This
way, the function cannot fail anymore, except for programming error when
invoking it with wrong parameters.
This takes into account the fact that many callers did not handle the
error condition correctly, and if the callers did, then they kept simply
invoking now() as fall back on their own. Hence let's shorten the code
using this call, and make things more robust, and let's just fall back
to now() internally.
Whether now() is used or the cache timestamp may still be detected via
the return value of sd_event_now(). If > 0 is returned, then the fall
back to now() was used, if == 0 is returned, then the cached value was
returned.
This patch also simplifies many of the invocations of sd_event_now():
the manual fall back to now() can be removed. Also, in cases where the
call is invoked withing void functions we can now protect the invocation
via assert_se(), acknowledging the fact that the call cannot fail
anymore except for programming errors with the parameters.
This change is inspired by #841.
|
|
With the exponential backoff, we can perform more requests in the same amount of time,
so bump this a bit.
In case of large RTT this may be necessary in order not to regress, and in case
of large packet-loss it will make us more robust. The latter is particularly
relevant once we start probing for features (and hence may see packet-loss
until we settle on the right feature level).
|
|
Rather than fixing this to 5s for unicast DNS and 1s for LLMNR, start
at a tenth of those values and increase exponentially until the old
values are reached. For LLMNR the recommended timeout for IEEE802
networks (which basically means all of the ones we care about) is 100ms,
so that should be uncontroversial. For unicast DNS I have found no
recommended value. However, it seems vastly more likely that hitting a
500ms timeout is casued by a packet loss, rather than the RTT genuinely
being greater than 500ms, so taking this as a startnig value seems
reasonable to me.
In the common case this greatly reduces the latency due to normal packet
loss. Moreover, once we get support for probing for features, this means
that we can send more packets before degrading the feature level whilst
still allowing us to settle on the correct feature level in a reasonable
timeframe.
The timeouts are tracked per server (or per scope for the multicast
protocols), and once a server (or scope) receives a successfull package
the timeout is reset. We also track the largest RTT for the given
server/scope, and always start our timouts at twice the largest
observed RTT.
|
|
We cannot rely on CLOCK_BOOTTIME being supported by the kernel, so fallack
to CLOCK_MONOTONIC if the former is not supported.
|
|
networkd: fix neworkd crash
|
|
Many boards like hisilicon D02 board use standard gpio key to power down system.
A description of gpio-key in dts shown below,
gpio_keys {
compatible = "gpio-keys";
#address-cells = <1>;
#size-cells = <0>;
pwrbutton {
label = "Power Button";
gpios = <&porta 8 1>;
linux,code = <116>; // KEY_POWER, used by SC System Power Down
};
};
-bash-4.3# udevadm info -a /dev/input/event3
Udevadm info starts with the device specified by the devpath and then
walks up the chain of parent devices. It prints for every device
found, all possible attributes in the udev rules key format.
A rule to match, can be composed by the attributes of the device
and the attributes from one single parent device.
looking at device '/devices/platform/gpio_keys/input/input3/event3':
KERNEL=="event3"
SUBSYSTEM=="input"
DRIVER==""
looking at parent device '/devices/platform/gpio_keys/input/input3':
KERNELS=="input3"
SUBSYSTEMS=="input"
DRIVERS==""
ATTRS{name}=="gpio_keys"
ATTRS{phys}=="gpio-keys/input0"
ATTRS{uniq}==""
ATTRS{properties}=="0"
looking at parent device '/devices/platform/gpio_keys':
KERNELS=="gpio_keys"
SUBSYSTEMS=="platform"
DRIVERS=="gpio-keys"
ATTRS{keys}=="116"
ATTRS{switches}==""
ATTRS{driver_override}=="(null)"
ATTRS{disabled_keys}==""
ATTRS{disabled_switches}==""
looking at parent device '/devices/platform':
KERNELS=="platform"
SUBSYSTEMS==""
DRIVERS==""
|
|
Both strv_free() and mfree() return NULL pointer after free.
|
|
Recently mfree() was introduced to reduce work of tedious free + reset
pointers. Use it in bus_reset_queues() too.
|
|
The safe_close() already checks the fd and returns -1.
|
|
fix issue #827
hostname should be init to NULL.
|
|
busctl: make sure --address connects as bus-client
|
|
Add some more tests
|
|
tree-wide: introduce mfree()
|
|
There is really no reason to use `busctl` to connect to legacy private
bus endpoints. Fix this and make sure `busctl --address=unix:path=/foo`
works!
|
|
|
|
Add tests for safe_ato[iu]16() and some more unbase32hexmem() torture.
|
|
Test af-list and arphdr-list.
|
|
Pretty trivial helper which wraps free() but returns NULL, so we can
simplify this:
free(foobar);
foobar = NULL;
to this:
foobar = mfree(foobar);
|
|
busctl: Misc cleanups and a fix (v2)
|
|
Bitmap fixes v2
|
|
Using --size option triggers an assert failure below because
parse_size() requires the second argument, base, being either 1000 or
1024. As it's for a packet size, it'd be better using IEC binary
suffix (base 1024) IMHO.
$ busctl --size 2048
Assertion 'base == 1000 || base == 1024' failed at src/basic/util.c:2222,
function parse_size(). Aborting.
Aborted (core dumped)
|
|
The size option was to specify maximum captured patch length but was
missing its description in the command line help. Add it.
|
|
In member_compare_func(), it compares interface, type and name of
members. But as it can contain NULL pointer, it needs to check them
before calling strcmp(). So make it as a separate strcmp_ptr
function (named after streq_ptr) so that it can be used by others.
Also let streq_ptr() to use it in order to make the code simpler.
|
|
Given two bitmaps and the following code:
Bitmap *a = bitmap_new(), *b = bitmap_new();
bitmap_set(a, 1);
bitmap_clear(a);
bitmap_set(a, 0);
bitmap_set(b, 0);
These two bitmaps should now have the same bits set and they should be
equal but bitmap_equal() will return false in this case because while
bitmap_clear() resets the number of elements in the array it does not
clear the array and bitmap_set() expects the array to be cleared.
GREEDY_REALLOC0 looks at the allocated size and not the actual size so
it does not clear any memory.
Fix this by freeing the allocated memory and resetting the whole Bitmap
to an initial state in bitmap_clear().
This also adds test code for this issue.
|
|
Given two bitmaps and the following code:
Bitmap *a = bitmap_new(), *b = bitmap_new();
bitmap_set(a, 0);
bitmap_unset(a, 0);
These two bitmaps should now have the same bits set and they should be
equal but bitmap_equal() will return false in this case because the
bitmaps array in a is larger because of the bit which was previously
set.
Fix this by comparing only the bits which exists in both bitmaps and
then check that the rest of the bits (if any) is all zero.
This also adds test code for this issue.
|
|
There is no reason to prevent empty argument lists on
UpdateActivationEnvironment(). Make sure we don't fail, but still skip
the call to pid1.
|
|
bus-proxy: fix cookie namespacing
|
|
Make sure we release VT-positions when a session is closed. Otherwise,
lingering sessions will occupy VTs and prevent next logins from
succeeding.
Note that we already release session-devices when closing a session, so
there cannot be anyone using the VT anymore.
|
|
If we generate messages from within bus-proxyd, we really must make sure
that we do not clutter the cookie-namespace of our client. The client has
full control over it, so we cannot steal cookies from it. However, we can
re-use the cookie the client used for our request. As long as we only
send a single message, we're fine.
|
|
NSS plugins might create additional threads. Remove the limit, we cannot
really make any assumptions here.
|
|
bus-proxy: make NameAcquired/Lost directed (v2)
|
|
bus-proxy: make StartServiceByName synchronous
|
|
The StartServiceByName() call was provided by dbus-daemon to activate a
service without sending a message. On receiption, dbus-daemon schedules
an activation request (different modes are supported) and sends back the
reply once activation is done.
With kdbus, we marked StartServiceByName() as deprecated. There is no
real reason to start services explicitly. Instead, applications should
just *use* the service and rely on it being activated implicitly.
However, we provide compatibility with dbus-daemon and implement
StartServiceByName() on the proxy via a call to
org.freedesktop.DBus.Peer.Ping() on the destination. This will activate
the peer implicitly as part of the no-op Ping() method call (regardless
whether the peer actually implements that call).
Now, the problem is, StartServiceByName() was synchronous on dbus-daemon
but isn't on bus-proxy. Hence, on return, there is no guarantee that
ListNames includes the activated name. As this is required by some
applications, we need to make this synchronous.
This patch makes the proxy track the Ping() method call and send the
reply of StartServiceByName() only once Ping() returned. We do not look
at possible errors of Ping(), as there is no strict requirement for the
peer to implement org.freedesktop.DBus.Peer. Furthermore, any interesting
error should have already been caught by sd_bus_send() before.
Note:
This race was triggered by gdbus. The gdbus-proxy implementation
relies on a name to be available after StartServiceByName()
returns. This is highly fragile and should be dropped by gdbus.
Even if the call is synchronous, there is no reason whatsoever to
assume the service did not exit-on-idle before ListNames()
returns.
However, this race is much less likely than the startup race, so
we try to be compatible to dbus-daemon now.
|
|
NameAcquired and NameLost are directed signals. Never ever filter them on
dbus1. On dbus1, filters *exclusively* apply to broadcasts! Hence, we
must always forward directed signals unconditionally!
|
|
The NameAcquired and NameLost signals are _directed_ signals. Make sure
we properly set the destination correctly, and verify it in our
proxy-test.
|
|
Probably a typo, checking 'ret' instead of the return value 'p'. This
might cause the function to return failure, even though it succeeded.
Furthermore, it might leak resources.
|
|
|
|
Fix a memory leak introduced by 2fc09a9c. 's' is used twice in this
function, and if free_and_strdup() fails, the pointer is left untouched.
|
|
sd-bus: fix parsing of KDBUS_CMD_LIST
|