Commit 4d923233 authored by Thomas Haller's avatar Thomas Haller

systemd: update code from upstream (2018-02-14)

This is a direct dump from systemd git on 2018-02-14, git commit
cac26f0bc8c8b73796fd6da862b919b1e0a969bc.

======

SYSTEMD_DIR=../systemd
COMMIT=cac26f0bc8c8b73796fd6da862b919b1e0a969bc

(
  cd "$SYSTEMD_DIR"
  git checkout "$COMMIT"
  git reset --hard
  git clean -fdx
)

git ls-files :/src/systemd/src/ \
             :/shared/nm-utils/siphash24.c \
             :/shared/nm-utils/siphash24.h \
             :/shared/nm-utils/unaligned.h | \
  xargs -d '\n' rm -f

nm_copy_sd() {
    mkdir -p "./src/systemd/$(dirname "$1")"
    cp "$SYSTEMD_DIR/$1" "./src/systemd/$1"
}

nm_copy_sd_shared() {
    mkdir -p "./shared/nm-utils/"
    cp "$SYSTEMD_DIR/$1" "./shared/nm-utils/${1##*/}"
}

nm_copy_sd "src/basic/alloc-util.c"
nm_copy_sd "src/basic/alloc-util.h"
nm_copy_sd "src/basic/async.h"
nm_copy_sd "src/basic/escape.c"
nm_copy_sd "src/basic/escape.h"
nm_copy_sd "src/basic/ether-addr-util.c"
nm_copy_sd "src/basic/ether-addr-util.h"
nm_copy_sd "src/basic/extract-word.c"
nm_copy_sd "src/basic/extract-word.h"
nm_copy_sd "src/basic/fileio.c"
nm_copy_sd "src/basic/fileio.h"
nm_copy_sd "src/basic/fd-util.c"
nm_copy_sd "src/basic/fd-util.h"
nm_copy_sd "src/basic/fs-util.c"
nm_copy_sd "src/basic/fs-util.h"
nm_copy_sd "src/basic/hash-funcs.c"
nm_copy_sd "src/basic/hash-funcs.h"
nm_copy_sd "src/basic/hashmap.c"
nm_copy_sd "src/basic/hashmap.h"
nm_copy_sd "src/basic/hexdecoct.c"
nm_copy_sd "src/basic/hexdecoct.h"
nm_copy_sd "src/basic/hostname-util.c"
nm_copy_sd "src/basic/hostname-util.h"
nm_copy_sd "src/basic/in-addr-util.c"
nm_copy_sd "src/basic/in-addr-util.h"
nm_copy_sd "src/basic/io-util.c"
nm_copy_sd "src/basic/io-util.h"
nm_copy_sd "src/basic/list.h"
nm_copy_sd "src/basic/log.h"
nm_copy_sd "src/basic/macro.h"
nm_copy_sd "src/basic/mempool.h"
nm_copy_sd "src/basic/mempool.c"
nm_copy_sd "src/basic/parse-util.c"
nm_copy_sd "src/basic/parse-util.h"
nm_copy_sd "src/basic/path-util.c"
nm_copy_sd "src/basic/path-util.h"
nm_copy_sd "src/basic/prioq.h"
nm_copy_sd "src/basic/prioq.c"
nm_copy_sd "src/basic/process-util.h"
nm_copy_sd "src/basic/process-util.c"
nm_copy_sd "src/basic/random-util.c"
nm_copy_sd "src/basic/random-util.h"
nm_copy_sd "src/basic/refcnt.h"
nm_copy_sd "src/basic/set.h"
nm_copy_sd "src/basic/signal-util.h"
nm_copy_sd_shared "src/basic/siphash24.c"
nm_copy_sd_shared "src/basic/siphash24.h"
nm_copy_sd "src/basic/socket-util.c"
nm_copy_sd "src/basic/socket-util.h"
nm_copy_sd "src/basic/sparse-endian.h"
nm_copy_sd "src/basic/stdio-util.h"
nm_copy_sd "src/basic/string-table.c"
nm_copy_sd "src/basic/string-table.h"
nm_copy_sd "src/basic/string-util.c"
nm_copy_sd "src/basic/string-util.h"
nm_copy_sd "src/basic/strv.c"
nm_copy_sd "src/basic/strv.h"
nm_copy_sd "src/basic/time-util.c"
nm_copy_sd "src/basic/time-util.h"
nm_copy_sd "src/basic/umask-util.h"
nm_copy_sd_shared "src/basic/unaligned.h"
nm_copy_sd "src/basic/utf8.c"
nm_copy_sd "src/basic/utf8.h"
nm_copy_sd "src/basic/util.c"
nm_copy_sd "src/basic/util.h"
nm_copy_sd "src/libsystemd-network/arp-util.c"
nm_copy_sd "src/libsystemd-network/arp-util.h"
nm_copy_sd "src/libsystemd-network/dhcp6-internal.h"
nm_copy_sd "src/libsystemd-network/dhcp6-lease-internal.h"
nm_copy_sd "src/libsystemd-network/dhcp6-network.c"
nm_copy_sd "src/libsystemd-network/dhcp6-option.c"
nm_copy_sd "src/libsystemd-network/dhcp6-protocol.h"
nm_copy_sd "src/libsystemd-network/dhcp-identifier.c"
nm_copy_sd "src/libsystemd-network/dhcp-identifier.h"
nm_copy_sd "src/libsystemd-network/dhcp-internal.h"
nm_copy_sd "src/libsystemd-network/dhcp-lease-internal.h"
nm_copy_sd "src/libsystemd-network/dhcp-network.c"
nm_copy_sd "src/libsystemd-network/dhcp-option.c"
nm_copy_sd "src/libsystemd-network/dhcp-packet.c"
nm_copy_sd "src/libsystemd-network/dhcp-protocol.h"
nm_copy_sd "src/libsystemd-network/lldp-internal.h"
nm_copy_sd "src/libsystemd-network/lldp-neighbor.c"
nm_copy_sd "src/libsystemd-network/lldp-neighbor.h"
nm_copy_sd "src/libsystemd-network/lldp-network.c"
nm_copy_sd "src/libsystemd-network/lldp-network.h"
nm_copy_sd "src/libsystemd-network/network-internal.c"
nm_copy_sd "src/libsystemd-network/network-internal.h"
nm_copy_sd "src/libsystemd-network/sd-dhcp6-client.c"
nm_copy_sd "src/libsystemd-network/sd-dhcp6-lease.c"
nm_copy_sd "src/libsystemd-network/sd-dhcp-client.c"
nm_copy_sd "src/libsystemd-network/sd-dhcp-lease.c"
nm_copy_sd "src/libsystemd-network/sd-ipv4ll.c"
nm_copy_sd "src/libsystemd-network/sd-ipv4acd.c"
nm_copy_sd "src/libsystemd-network/sd-lldp.c"
nm_copy_sd "src/libsystemd/sd-event/sd-event.c"
nm_copy_sd "src/libsystemd/sd-id128/id128-util.c"
nm_copy_sd "src/libsystemd/sd-id128/id128-util.h"
nm_copy_sd "src/libsystemd/sd-id128/sd-id128.c"
nm_copy_sd "src/shared/dns-domain.c"
nm_copy_sd "src/shared/dns-domain.h"
nm_copy_sd "src/systemd/_sd-common.h"
nm_copy_sd "src/systemd/sd-dhcp6-client.h"
nm_copy_sd "src/systemd/sd-dhcp6-lease.h"
nm_copy_sd "src/systemd/sd-dhcp-client.h"
nm_copy_sd "src/systemd/sd-dhcp-lease.h"
nm_copy_sd "src/systemd/sd-event.h"
nm_copy_sd "src/systemd/sd-ndisc.h"
nm_copy_sd "src/systemd/sd-id128.h"
nm_copy_sd "src/systemd/sd-ipv4acd.h"
nm_copy_sd "src/systemd/sd-ipv4ll.h"
nm_copy_sd "src/systemd/sd-lldp.h"
parent c721d51d
......@@ -26,89 +26,77 @@
/* BE */
static inline uint16_t unaligned_read_be16(const void *_u) {
const uint8_t *u = _u;
const struct __attribute__((packed, may_alias)) { uint16_t x; } *u = _u;
return (((uint16_t) u[0]) << 8) |
((uint16_t) u[1]);
return be16toh(u->x);
}
static inline uint32_t unaligned_read_be32(const void *_u) {
const uint8_t *u = _u;
const struct __attribute__((packed, may_alias)) { uint32_t x; } *u = _u;
return (((uint32_t) unaligned_read_be16(u)) << 16) |
((uint32_t) unaligned_read_be16(u + 2));
return be32toh(u->x);
}
static inline uint64_t unaligned_read_be64(const void *_u) {
const uint8_t *u = _u;
const struct __attribute__((packed, may_alias)) { uint64_t x; } *u = _u;
return (((uint64_t) unaligned_read_be32(u)) << 32) |
((uint64_t) unaligned_read_be32(u + 4));
return be64toh(u->x);
}
static inline void unaligned_write_be16(void *_u, uint16_t a) {
uint8_t *u = _u;
struct __attribute__((packed, may_alias)) { uint16_t x; } *u = _u;
u[0] = (uint8_t) (a >> 8);
u[1] = (uint8_t) a;
u->x = be16toh(a);
}
static inline void unaligned_write_be32(void *_u, uint32_t a) {
uint8_t *u = _u;
struct __attribute__((packed, may_alias)) { uint32_t x; } *u = _u;
unaligned_write_be16(u, (uint16_t) (a >> 16));
unaligned_write_be16(u + 2, (uint16_t) a);
u->x = be32toh(a);
}
static inline void unaligned_write_be64(void *_u, uint64_t a) {
uint8_t *u = _u;
struct __attribute__((packed, may_alias)) { uint64_t x; } *u = _u;
unaligned_write_be32(u, (uint32_t) (a >> 32));
unaligned_write_be32(u + 4, (uint32_t) a);
u->x = be64toh(a);
}
/* LE */
static inline uint16_t unaligned_read_le16(const void *_u) {
const uint8_t *u = _u;
const struct __attribute__((packed, may_alias)) { uint16_t x; } *u = _u;
return (((uint16_t) u[1]) << 8) |
((uint16_t) u[0]);
return le16toh(u->x);
}
static inline uint32_t unaligned_read_le32(const void *_u) {
const uint8_t *u = _u;
const struct __attribute__((packed, may_alias)) { uint32_t x; } *u = _u;
return (((uint32_t) unaligned_read_le16(u + 2)) << 16) |
((uint32_t) unaligned_read_le16(u));
return le32toh(u->x);
}
static inline uint64_t unaligned_read_le64(const void *_u) {
const uint8_t *u = _u;
const struct __attribute__((packed, may_alias)) { uint64_t x; } *u = _u;
return (((uint64_t) unaligned_read_le32(u + 4)) << 32) |
((uint64_t) unaligned_read_le32(u));
return le64toh(u->x);
}
static inline void unaligned_write_le16(void *_u, uint16_t a) {
uint8_t *u = _u;
struct __attribute__((packed, may_alias)) { uint16_t x; } *u = _u;
u[0] = (uint8_t) a;
u[1] = (uint8_t) (a >> 8);
u->x = le16toh(a);
}
static inline void unaligned_write_le32(void *_u, uint32_t a) {
uint8_t *u = _u;
struct __attribute__((packed, may_alias)) { uint32_t x; } *u = _u;
unaligned_write_le16(u, (uint16_t) a);
unaligned_write_le16(u + 2, (uint16_t) (a >> 16));
u->x = le32toh(a);
}
static inline void unaligned_write_le64(void *_u, uint64_t a) {
uint8_t *u = _u;
struct __attribute__((packed, may_alias)) { uint64_t x; } *u = _u;
unaligned_write_le32(u, (uint32_t) a);
unaligned_write_le32(u + 4, (uint32_t) (a >> 32));
u->x = le64toh(a);
}
#if __BYTE_ORDER == __BIG_ENDIAN
......
......@@ -18,6 +18,7 @@
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
#include <errno.h>
#include <net/ethernet.h>
#include <stdio.h>
#include <sys/types.h>
......
......@@ -578,3 +578,40 @@ try_dev_shm_without_o_tmpfile:
return -EOPNOTSUPP;
}
int fd_move_above_stdio(int fd) {
int flags, copy;
PROTECT_ERRNO;
/* Moves the specified file descriptor if possible out of the range [0…2], i.e. the range of
* stdin/stdout/stderr. If it can't be moved outside of this range the original file descriptor is
* returned. This call is supposed to be used for long-lasting file descriptors we allocate in our code that
* might get loaded into foreign code, and where we want ensure our fds are unlikely used accidentally as
* stdin/stdout/stderr of unrelated code.
*
* Note that this doesn't fix any real bugs, it just makes it less likely that our code will be affected by
* buggy code from others that mindlessly invokes 'fprintf(stderr, …' or similar in places where stderr has
* been closed before.
*
* This function is written in a "best-effort" and "least-impact" style. This means whenever we encounter an
* error we simply return the original file descriptor, and we do not touch errno. */
if (fd < 0 || fd > 2)
return fd;
flags = fcntl(fd, F_GETFD, 0);
if (flags < 0)
return fd;
if (flags & FD_CLOEXEC)
copy = fcntl(fd, F_DUPFD_CLOEXEC, 3);
else
copy = fcntl(fd, F_DUPFD, 3);
if (copy < 0)
return fd;
assert(copy > 2);
(void) close(fd);
return copy;
}
......@@ -91,3 +91,5 @@ int acquire_data_fd(const void *data, size_t size, unsigned flags);
/* Hint: ENETUNREACH happens if we try to connect to "non-existing" special IP addresses, such as ::5 */
#define ERRNO_IS_DISCONNECT(r) \
IN_SET(r, ENOTCONN, ECONNRESET, ECONNREFUSED, ECONNABORTED, EPIPE, ENETUNREACH)
int fd_move_above_stdio(int fd);
......@@ -62,16 +62,28 @@ int write_string_stream_ts(
WriteStringFileFlags flags,
struct timespec *ts) {
bool needs_nl;
assert(f);
assert(line);
if (ferror(f))
return -EIO;
needs_nl = !(flags & WRITE_STRING_FILE_AVOID_NEWLINE) && !endswith(line, "\n");
if (needs_nl && (flags & WRITE_STRING_FILE_DISABLE_BUFFER)) {
/* If STDIO buffering was disabled, then let's append the newline character to the string itself, so
* that the write goes out in one go, instead of two */
line = strjoina(line, "\n");
needs_nl = false;
}
if (fputs(line, f) == EOF)
return -errno;
if (!(flags & WRITE_STRING_FILE_AVOID_NEWLINE) && !endswith(line, "\n"))
if (needs_nl)
if (fputc('\n', f) == EOF)
return -errno;
......@@ -914,14 +926,16 @@ int write_env_file(const char *fname, char **l) {
}
int executable_is_script(const char *path, char **interpreter) {
int r;
_cleanup_free_ char *line = NULL;
int len;
size_t len;
char *ans;
int r;
assert(path);
r = read_one_line_file(path, &line);
if (r == -ENOBUFS) /* First line overly long? if so, then it's not a script */
return 0;
if (r < 0)
return r;
......@@ -1211,8 +1225,7 @@ int tempfn_xxxxxx(const char *p, const char *extra, char **ret) {
if (!filename_is_valid(fn))
return -EINVAL;
if (!extra)
extra = "";
extra = strempty(extra);
t = new(char, strlen(p) + 2 + strlen(extra) + 6 + 1);
if (!t)
......@@ -1245,8 +1258,7 @@ int tempfn_random(const char *p, const char *extra, char **ret) {
if (!filename_is_valid(fn))
return -EINVAL;
if (!extra)
extra = "";
extra = strempty(extra);
t = new(char, strlen(p) + 2 + strlen(extra) + 16 + 1);
if (!t)
......@@ -1286,8 +1298,7 @@ int tempfn_random_child(const char *p, const char *extra, char **ret) {
return r;
}
if (!extra)
extra = "";
extra = strempty(extra);
t = new(char, strlen(p) + 3 + strlen(extra) + 16 + 1);
if (!t)
......
......@@ -39,6 +39,7 @@
#include "mkdir.h"
#include "parse-util.h"
#include "path-util.h"
#include "process-util.h"
#include "stat-util.h"
#include "stdio-util.h"
#include "string-util.h"
......@@ -224,49 +225,6 @@ int readlink_and_make_absolute(const char *p, char **r) {
return 0;
}
int readlink_and_canonicalize(const char *p, const char *root, char **ret) {
char *t, *s;
int r;
assert(p);
assert(ret);
r = readlink_and_make_absolute(p, &t);
if (r < 0)
return r;
r = chase_symlinks(t, root, 0, &s);
if (r < 0)
/* If we can't follow up, then let's return the original string, slightly cleaned up. */
*ret = path_kill_slashes(t);
else {
*ret = s;
free(t);
}
return 0;
}
int readlink_and_make_absolute_root(const char *root, const char *path, char **ret) {
_cleanup_free_ char *target = NULL, *t = NULL;
const char *full;
int r;
full = prefix_roota(root, path);
r = readlink_malloc(full, &target);
if (r < 0)
return r;
t = file_in_same_dir(path, target);
if (!t)
return -ENOMEM;
*ret = t;
t = NULL;
return 0;
}
int chmod_and_chown(const char *path, mode_t mode, uid_t uid, gid_t gid) {
assert(path);
......@@ -315,43 +273,60 @@ int fd_warn_permissions(const char *path, int fd) {
}
int touch_file(const char *path, bool parents, usec_t stamp, uid_t uid, gid_t gid, mode_t mode) {
_cleanup_close_ int fd;
int r;
char fdpath[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)];
_cleanup_close_ int fd = -1;
int r, ret = 0;
assert(path);
if (parents)
mkdir_parents(path, 0755);
fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY,
IN_SET(mode, 0, MODE_INVALID) ? 0644 : mode);
if (fd < 0)
return -errno;
/* Note that touch_file() does not follow symlinks: if invoked on an existing symlink, then it is the symlink
* itself which is updated, not its target
*
* Returns the first error we encounter, but tries to apply as much as possible. */
if (mode != MODE_INVALID) {
r = fchmod(fd, mode);
if (r < 0)
if (parents)
(void) mkdir_parents(path, 0755);
/* Initially, we try to open the node with O_PATH, so that we get a reference to the node. This is useful in
* case the path refers to an existing device or socket node, as we can open it successfully in all cases, and
* won't trigger any driver magic or so. */
fd = open(path, O_PATH|O_CLOEXEC|O_NOFOLLOW);
if (fd < 0) {
if (errno != ENOENT)
return -errno;
}
if (uid != UID_INVALID || gid != GID_INVALID) {
r = fchown(fd, uid, gid);
if (r < 0)
/* if the node doesn't exist yet, we create it, but with O_EXCL, so that we only create a regular file
* here, and nothing else */
fd = open(path, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, IN_SET(mode, 0, MODE_INVALID) ? 0644 : mode);
if (fd < 0)
return -errno;
}
/* Let's make a path from the fd, and operate on that. With this logic, we can adjust the access mode,
* ownership and time of the file node in all cases, even if the fd refers to an O_PATH object — which is
* something fchown(), fchmod(), futimensat() don't allow. */
xsprintf(fdpath, "/proc/self/fd/%i", fd);
if (mode != MODE_INVALID)
if (chmod(fdpath, mode) < 0)
ret = -errno;
if (uid_is_valid(uid) || gid_is_valid(gid))
if (chown(fdpath, uid, gid) < 0 && ret >= 0)
ret = -errno;
if (stamp != USEC_INFINITY) {
struct timespec ts[2];
timespec_store(&ts[0], stamp);
ts[1] = ts[0];
r = futimens(fd, ts);
r = utimensat(AT_FDCWD, fdpath, ts, 0);
} else
r = futimens(fd, NULL);
if (r < 0)
r = utimensat(AT_FDCWD, fdpath, NULL, 0);
if (r < 0 && ret >= 0)
return -errno;
return 0;
return ret;
}
int touch(const char *path) {
......@@ -593,16 +568,35 @@ int inotify_add_watch_fd(int fd, int what, uint32_t mask) {
return r;
}
static bool safe_transition(const struct stat *a, const struct stat *b) {
/* Returns true if the transition from a to b is safe, i.e. that we never transition from unprivileged to
* privileged files or directories. Why bother? So that unprivileged code can't symlink to privileged files
* making us believe we read something safe even though it isn't safe in the specific context we open it in. */
if (a->st_uid == 0) /* Transitioning from privileged to unprivileged is always fine */
return true;
return a->st_uid == b->st_uid; /* Otherwise we need to stay within the same UID */
}
int chase_symlinks(const char *path, const char *original_root, unsigned flags, char **ret) {
_cleanup_free_ char *buffer = NULL, *done = NULL, *root = NULL;
_cleanup_close_ int fd = -1;
unsigned max_follow = 32; /* how many symlinks to follow before giving up and returning ELOOP */
struct stat previous_stat;
bool exists = true;
char *todo;
int r;
assert(path);
/* Either the file may be missing, or we return an fd to the final object, but both make no sense */
if ((flags & (CHASE_NONEXISTENT|CHASE_OPEN)) == (CHASE_NONEXISTENT|CHASE_OPEN))
return -EINVAL;
if (isempty(path))
return -EINVAL;
/* This is a lot like canonicalize_file_name(), but takes an additional "root" parameter, that allows following
* symlinks relative to a root directory, instead of the root of the host.
*
......@@ -623,13 +617,23 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags,
* function what to do when encountering a symlink with an absolute path as directory: prefix it by the
* specified path. */
/* A root directory of "/" or "" is identical to none */
if (isempty(original_root) || path_equal(original_root, "/"))
original_root = NULL;
if (original_root) {
r = path_make_absolute_cwd(original_root, &root);
if (r < 0)
return r;
if (flags & CHASE_PREFIX_ROOT)
if (flags & CHASE_PREFIX_ROOT) {
/* We don't support relative paths in combination with a root directory */
if (!path_is_absolute(path))
return -EINVAL;
path = prefix_roota(root, path);
}
}
r = path_make_absolute_cwd(path, &buffer);
......@@ -640,6 +644,11 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags,
if (fd < 0)
return -errno;
if (flags & CHASE_SAFE) {
if (fstat(fd, &previous_stat) < 0)
return -errno;
}
todo = buffer;
for (;;) {
_cleanup_free_ char *first = NULL;
......@@ -678,7 +687,7 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags,
/* Two dots? Then chop off the last bit of what we already found out. */
if (path_equal(first, "/..")) {
_cleanup_free_ char *parent = NULL;
int fd_parent = -1;
_cleanup_close_ int fd_parent = -1;
/* If we already are at the top, then going up will not change anything. This is in-line with
* how the kernel handles this. */
......@@ -701,8 +710,19 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags,
if (fd_parent < 0)
return -errno;
if (flags & CHASE_SAFE) {
if (fstat(fd_parent, &st) < 0)
return -errno;
if (!safe_transition(&previous_stat, &st))
return -EPERM;
previous_stat = st;
}
safe_close(fd);
fd = fd_parent;
fd_parent = -1;
continue;
}
......@@ -735,6 +755,12 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags,
if (fstat(child, &st) < 0)
return -errno;
if ((flags & CHASE_SAFE) &&
!safe_transition(&previous_stat, &st))
return -EPERM;
previous_stat = st;
if ((flags & CHASE_NO_AUTOFS) &&
fd_is_fs_type(child, AUTOFS_SUPER_MAGIC) > 0)
return -EREMOTE;
......@@ -765,6 +791,16 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags,
if (fd < 0)
return -errno;
if (flags & CHASE_SAFE) {
if (fstat(fd, &st) < 0)
return -errno;
if (!safe_transition(&previous_stat, &st))
return -EPERM;
previous_stat = st;
}
free(done);
/* Note that we do not revalidate the root, we take it as is. */
......@@ -821,6 +857,19 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags,
done = NULL;
}
if (flags & CHASE_OPEN) {
int q;
/* Return the O_PATH fd we currently are looking to the caller. It can translate it to a proper fd by
* opening /proc/self/fd/xyz. */
assert(fd >= 0);
q = fd;
fd = -1;
return q;
}
return exists;
}
......@@ -838,3 +887,72 @@ int access_fd(int fd, int mode) {
return r;
}
int unlinkat_deallocate(int fd, const char *name, int flags) {
_cleanup_close_ int truncate_fd = -1;
struct stat st;
off_t l, bs;
/* Operates like unlinkat() but also deallocates the file contents if it is a regular file and there's no other
* link to it. This is useful to ensure that other processes that might have the file open for reading won't be
* able to keep the data pinned on disk forever. This call is particular useful whenever we execute clean-up
* jobs ("vacuuming"), where we want to make sure the data is really gone and the disk space released and
* returned to the free pool.
*
* Deallocation is preferably done by FALLOC_FL_PUNCH_HOLE|FALLOC_FL_KEEP_SIZE (👊) if supported, which means
* the file won't change size. That's a good thing since we shouldn't needlessly trigger SIGBUS in other
* programs that have mmap()ed the file. (The assumption here is that changing file contents to all zeroes
* underneath those programs is the better choice than simply triggering SIGBUS in them which truncation does.)
* However if hole punching is not implemented in the kernel or file system we'll fall back to normal file
* truncation (🔪), as our goal of deallocating the data space trumps our goal of being nice to readers (💐).
*
* Note that we attempt deallocation, but failure to succeed with that is not considered fatal, as long as the
* primary job – to delete the file – is accomplished. */
if ((flags & AT_REMOVEDIR) == 0) {
truncate_fd = openat(fd, name, O_WRONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW|O_NONBLOCK);
if (truncate_fd < 0) {
/* If this failed because the file doesn't exist propagate the error right-away. Also,
* AT_REMOVEDIR wasn't set, and we tried to open the file for writing, which means EISDIR is
* returned when this is a directory but we are not supposed to delete those, hence propagate
* the error right-away too. */
if (IN_SET(errno, ENOENT, EISDIR))
return -errno;
if (errno != ELOOP) /* don't complain if this is a symlink */
log_debug_errno(errno, "Failed to open file '%s' for deallocation, ignoring: %m", name);
}
}
if (unlinkat(fd, name, flags) < 0)
return -errno;
if (truncate_fd < 0) /* Don't have a file handle, can't do more ☹️ */
return 0;
if (fstat(truncate_fd, &st) < 0) {
log_debug_errno(errno, "Failed to stat file '%s' for deallocation, ignoring.", name);
return 0;
}