Skip to content

GitLab

NetworkManager
NetworkManager
Commit c4048d4d authored by Thomas Haller's avatar Thomas Haller
Browse files
Options

systemd: merge branch systemd into master

parents 64708c34 14098cbc
Hide whitespace changes
Inline Side-by-side
Showing with 527 additions and 270 deletions
config.h.meson
View file @ c4048d4d
......@@ -25,6 +25,10 @@
/* Gettext package */
#mesondefine GETTEXT_PACKAGE
/* Define to 1 if you have the declaration of `reallocarray', and to 0 if
you don't. */
#mesondefine HAVE_DECL_REALLOCARRAY
/* Define to 1 if you have the declaration of `explicit_bzero', and to 0 if
you don't. */
#mesondefine HAVE_DECL_EXPLICIT_BZERO
......
configure.ac
View file @ c4048d4d
......@@ -75,6 +75,12 @@ AC_CHECK_DECLS([
#include <string.h>
]])
AC_CHECK_DECLS([
reallocarray],
[], [], [[
#include <malloc.h>
]])
AC_CHECK_HEADERS(sys/auxv.h)
AC_CHECK_DECLS([getrandom],
......
meson.build
View file @ c4048d4d
......@@ -97,22 +97,23 @@ endforeach
# headers
config_h.set10('HAVE_SYS_AUXV_H', cc.has_header('sys/auxv.h'))
use_sys_random = cc.has_function('getrandom', prefix: '#include<sys/random.h>')
use_sys_random = cc.has_function('getrandom', prefix: '#include <sys/random.h>')
config_h.set10('USE_SYS_RANDOM_H', use_sys_random)
config_h.set10('HAVE_GETRANDOM', use_sys_random or cc.has_function('getrandom', prefix: '#include<linux/random.h>'))
config_h.set10('HAVE_GETRANDOM', use_sys_random or cc.has_function('getrandom', prefix: '#include <linux/random.h>'))
# functions
# FIXME secure_getenv check is not useful?
config_h.set('HAVE_SECURE_GETENV', cc.has_function('secure_getenv'))
config_h.set('HAVE___SECURE_GETENV', cc.has_function('__secure_getenv'))
config_h.set10('HAVE_DECL_EXPLICIT_BZERO', cc.has_function('explicit_bzero', prefix: '#include<string.h>'))
config_h.set10('HAVE_DECL_REALLOCARRAY', cc.has_function('reallocarray', prefix: '#include <malloc.h>'))
config_h.set10('HAVE_DECL_EXPLICIT_BZERO', cc.has_function('explicit_bzero', prefix: '#include <string.h>'))
# types
config_h.set('SIZEOF_DEV_T', cc.sizeof('dev_t', prefix: '#include<sys/types.h>'))
config_h.set('SIZEOF_TIME_T', cc.sizeof('time_t', prefix: '#include<sys/types.h>'))
config_h.set('SIZEOF_PID_T', cc.sizeof('pid_t', prefix: '#include<sys/types.h>'))
config_h.set('SIZEOF_DEV_T', cc.sizeof('dev_t', prefix: '#include <sys/types.h>'))
config_h.set('SIZEOF_TIME_T', cc.sizeof('time_t', prefix: '#include <sys/types.h>'))
config_h.set('SIZEOF_PID_T', cc.sizeof('pid_t', prefix: '#include <sys/types.h>'))
if not cc.has_type('pid_t', prefix: '#include<sys/types.h>')
if not cc.has_type('pid_t', prefix: '#include <sys/types.h>')
config_h.set('pid_t', 'int')
endif
......
src/systemd/sd-adapt/nm-sd-adapt.h
View file @ c4048d4d
......@@ -26,12 +26,16 @@
#include <sys/resource.h>
#include <time.h>
#define noreturn G_GNUC_NORETURN
#ifndef CLOCK_BOOTTIME
#define CLOCK_BOOTTIME 7
#endif
#if defined(HAVE_DECL_REALLOCARRAY) && HAVE_DECL_REALLOCARRAY == 1
#define HAVE_REALLOCARRAY 1
#else
#define HAVE_REALLOCARRAY 0
#endif
#if defined(HAVE_DECL_EXPLICIT_BZERO) && HAVE_DECL_EXPLICIT_BZERO == 1
#define HAVE_EXPLICIT_BZERO 1
#else
......
src/systemd/src/basic/alloc-util.h
View file @ c4048d4d
......@@ -74,12 +74,14 @@ _malloc_ _alloc_(1, 2) static inline void *malloc_multiply(size_t size, size_t
return malloc(size * need);
}
_alloc_(2, 3) static inline void *realloc_multiply(void *p, size_t size, size_t need) {
#if !HAVE_REALLOCARRAY
_alloc_(2, 3) static inline void *reallocarray(void *p, size_t need, size_t size) {
if (size_multiply_overflow(size, need))
return NULL;
return realloc(p, size * need);
}
#endif
_alloc_(2, 3) static inline void *memdup_multiply(const void *p, size_t size, size_t need) {
if (size_multiply_overflow(size, need))
......@@ -128,3 +130,12 @@ void* greedy_realloc0(void **p, size_t *allocated, size_t need, size_t size);
_new_ = alloca_align(_size_, (align)); \
(void*)memset(_new_, 0, _size_); \
})
/* Takes inspiration from Rusts's Option::take() method: reads and returns a pointer, but at the same time resets it to
* NULL. See: https://doc.rust-lang.org/std/option/enum.Option.html#method.take */
#define TAKE_PTR(ptr) \
({ \
typeof(ptr) _ptr_ = (ptr); \
(ptr) = NULL; \
_ptr_; \
})
src/systemd/src/basic/extract-word.c
View file @ c4048d4d
......@@ -196,8 +196,7 @@ finish:
finish_force_next:
s[sz] = 0;
*ret = s;
s = NULL;
*ret = TAKE_PTR(s);
return 1;
}
......
src/systemd/src/basic/fd-util.c
View file @ c4048d4d
......@@ -194,12 +194,6 @@ int fd_cloexec(int fd, bool cloexec) {
}
#if 0 /* NM_IGNORED */
void stdio_unset_cloexec(void) {
(void) fd_cloexec(STDIN_FILENO, false);
(void) fd_cloexec(STDOUT_FILENO, false);
(void) fd_cloexec(STDERR_FILENO, false);
}
_pure_ static bool fd_in_set(int fd, const int fdset[], unsigned n_fdset) {
unsigned i;
......@@ -371,14 +365,21 @@ bool fdname_is_valid(const char *s) {
}
int fd_get_path(int fd, char **ret) {
char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)];
_cleanup_close_ int dir = -1;
char fdname[DECIMAL_STR_MAX(int)];
int r;
xsprintf(procfs_path, "/proc/self/fd/%i", fd);
dir = open("/proc/self/fd/", O_CLOEXEC | O_DIRECTORY | O_PATH);
if (dir < 0)
/* /proc is not available or not set up properly, we're most likely
* in some chroot environment. */
return errno == ENOENT ? -EOPNOTSUPP : -errno;
r = readlink_malloc(procfs_path, ret);
xsprintf(fdname, "%i", fd);
if (r == -ENOENT) /* If the file doesn't exist the fd is invalid */
r = readlinkat_malloc(dir, fdname, ret);
if (r == -ENOENT)
/* If the file doesn't exist the fd is invalid */
return -EBADF;
return r;
......@@ -431,7 +432,6 @@ int move_fd(int from, int to, int cloexec) {
int acquire_data_fd(const void *data, size_t size, unsigned flags) {
char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)];
_cleanup_close_pair_ int pipefds[2] = { -1, -1 };
char pattern[] = "/dev/shm/data-fd-XXXXXX";
_cleanup_close_ int fd = -1;
......@@ -488,10 +488,7 @@ int acquire_data_fd(const void *data, size_t size, unsigned flags) {
if (r < 0)
return r;
r = fd;
fd = -1;
return r;
return TAKE_FD(fd);
}
try_pipe:
......@@ -528,10 +525,7 @@ try_pipe:
(void) fd_nonblock(pipefds[0], false);
r = pipefds[0];
pipefds[0] = -1;
return r;
return TAKE_FD(pipefds[0]);
}
try_dev_shm:
......@@ -547,12 +541,7 @@ try_dev_shm:
return -EIO;
/* Let's reopen the thing, in order to get an O_RDONLY fd for the original O_RDWR one */
xsprintf(procfs_path, "/proc/self/fd/%i", fd);
r = open(procfs_path, O_RDONLY|O_CLOEXEC);
if (r < 0)
return -errno;
return r;
return fd_reopen(fd, O_RDONLY|O_CLOEXEC);
}
try_dev_shm_without_o_tmpfile:
......@@ -621,3 +610,139 @@ int fd_move_above_stdio(int fd) {
(void) close(fd);
return copy;
}
#if 0 /* NM_IGNORED */
int rearrange_stdio(int original_input_fd, int original_output_fd, int original_error_fd) {
int fd[3] = { /* Put together an array of fds we work on */
original_input_fd,
original_output_fd,
original_error_fd
};
int r, i,
null_fd = -1, /* if we open /dev/null, we store the fd to it here */
copy_fd[3] = { -1, -1, -1 }; /* This contains all fds we duplicate here temporarily, and hence need to close at the end */
bool null_readable, null_writable;
/* Sets up stdin, stdout, stderr with the three file descriptors passed in. If any of the descriptors is
* specified as -1 it will be connected with /dev/null instead. If any of the file descriptors is passed as
* itself (e.g. stdin as STDIN_FILENO) it is left unmodified, but the O_CLOEXEC bit is turned off should it be
* on.
*
* Note that if any of the passed file descriptors are > 2 they will be closed — both on success and on
* failure! Thus, callers should assume that when this function returns the input fds are invalidated.
*
* Note that when this function fails stdin/stdout/stderr might remain half set up!
*
* O_CLOEXEC is turned off for all three file descriptors (which is how it should be for
* stdin/stdout/stderr). */
null_readable = original_input_fd < 0;
null_writable = original_output_fd < 0 || original_error_fd < 0;
/* First step, open /dev/null once, if we need it */
if (null_readable || null_writable) {
/* Let's open this with O_CLOEXEC first, and convert it to non-O_CLOEXEC when we move the fd to the final position. */
null_fd = open("/dev/null", (null_readable && null_writable ? O_RDWR :
null_readable ? O_RDONLY : O_WRONLY) | O_CLOEXEC);
if (null_fd < 0) {
r = -errno;
goto finish;
}
/* If this fd is in the 0…2 range, let's move it out of it */
if (null_fd < 3) {
int copy;
copy = fcntl(null_fd, F_DUPFD_CLOEXEC, 3); /* Duplicate this with O_CLOEXEC set */
if (copy < 0) {
r = -errno;
goto finish;
}
safe_close(null_fd);
null_fd = copy;
}
}
/* Let's assemble fd[] with the fds to install in place of stdin/stdout/stderr */
for (i = 0; i < 3; i++) {
if (fd[i] < 0)
fd[i] = null_fd; /* A negative parameter means: connect this one to /dev/null */
else if (fd[i] != i && fd[i] < 3) {
/* This fd is in the 0…2 territory, but not at its intended place, move it out of there, so that we can work there. */
copy_fd[i] = fcntl(fd[i], F_DUPFD_CLOEXEC, 3); /* Duplicate this with O_CLOEXEC set */
if (copy_fd[i] < 0) {
r = -errno;
goto finish;
}
fd[i] = copy_fd[i];
}
}
/* At this point we now have the fds to use in fd[], and they are all above the stdio range, so that we
* have freedom to move them around. If the fds already were at the right places then the specific fds are
* -1. Let's now move them to the right places. This is the point of no return. */
for (i = 0; i < 3; i++) {
if (fd[i] == i) {
/* fd is already in place, but let's make sure O_CLOEXEC is off */
r = fd_cloexec(i, false);
if (r < 0)
goto finish;
} else {
assert(fd[i] > 2);
if (dup2(fd[i], i) < 0) { /* Turns off O_CLOEXEC on the new fd. */
r = -errno;
goto finish;
}
}
}
r = 0;
finish:
/* Close the original fds, but only if they were outside of the stdio range. Also, properly check for the same
* fd passed in multiple times. */
safe_close_above_stdio(original_input_fd);
if (original_output_fd != original_input_fd)
safe_close_above_stdio(original_output_fd);
if (original_error_fd != original_input_fd && original_error_fd != original_output_fd)
safe_close_above_stdio(original_error_fd);
/* Close the copies we moved > 2 */
for (i = 0; i < 3; i++)
safe_close(copy_fd[i]);
/* Close our null fd, if it's > 2 */
safe_close_above_stdio(null_fd);
return r;
}
int fd_reopen(int fd, int flags) {
char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)];
int new_fd;
/* Reopens the specified fd with new flags. This is useful for convert an O_PATH fd into a regular one, or to
* turn O_RDWR fds into O_RDONLY fds.
*
* This doesn't work on sockets (since they cannot be open()ed, ever).
*
* This implicitly resets the file read index to 0. */
xsprintf(procfs_path, "/proc/self/fd/%i", fd);
new_fd = open(procfs_path, flags);
if (new_fd < 0)
return -errno;
return new_fd;
}
#endif /* NM_IGNORED */
src/systemd/src/basic/fd-util.h
View file @ c4048d4d
......@@ -35,6 +35,13 @@ int close_nointr(int fd);
int safe_close(int fd);
void safe_close_pair(int p[]);
static inline int safe_close_above_stdio(int fd) {
if (fd < 3) /* Don't close stdin/stdout/stderr, but still invalidate the fd by returning -1 */
return -1;
return safe_close(fd);
}
void close_many(const int fds[], unsigned n_fd);
int fclose_nointr(FILE *f);
......@@ -64,7 +71,6 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(DIR*, closedir);
int fd_nonblock(int fd, bool nonblock);
int fd_cloexec(int fd, bool cloexec);
void stdio_unset_cloexec(void);
int close_all_fds(const int except[], unsigned n_except);
......@@ -93,3 +99,19 @@ int acquire_data_fd(const void *data, size_t size, unsigned flags);
IN_SET(r, ENOTCONN, ECONNRESET, ECONNREFUSED, ECONNABORTED, EPIPE, ENETUNREACH)
int fd_move_above_stdio(int fd);
int rearrange_stdio(int original_input_fd, int original_output_fd, int original_error_fd);
static inline int make_null_stdio(void) {
return rearrange_stdio(-1, -1, -1);
}
/* Like TAKE_PTR() but for file descriptors, resetting them to -1 */
#define TAKE_FD(fd) \
({ \
int _fd_ = (fd); \
(fd) = -1; \
_fd_; \
})
int fd_reopen(int fd, int flags);
src/systemd/src/basic/fileio.c
View file @ c4048d4d
......@@ -334,8 +334,7 @@ int read_full_stream(FILE *f, char **contents, size_t *size) {
}
buf[l] = 0;
*contents = buf;
buf = NULL; /* do not free */
*contents = TAKE_PTR(buf);
if (size)
*size = l;
......@@ -367,11 +366,11 @@ static int parse_env_file_internal(
void *userdata,
int *n_pushed) {
_cleanup_free_ char *contents = NULL, *key = NULL;
size_t key_alloc = 0, n_key = 0, value_alloc = 0, n_value = 0, last_value_whitespace = (size_t) -1, last_key_whitespace = (size_t) -1;
char *p, *value = NULL;
int r;
_cleanup_free_ char *contents = NULL, *key = NULL, *value = NULL;
unsigned line = 1;
char *p;
int r;
enum {
PRE_KEY,
......@@ -408,10 +407,8 @@ static int parse_env_file_internal(
state = KEY;
last_key_whitespace = (size_t) -1;
if (!GREEDY_REALLOC(key, key_alloc, n_key+2)) {
r = -ENOMEM;
goto fail;
}
if (!GREEDY_REALLOC(key, key_alloc, n_key+2))
return -ENOMEM;
key[n_key++] = c;
}
......@@ -431,10 +428,8 @@ static int parse_env_file_internal(
else if (last_key_whitespace == (size_t) -1)
last_key_whitespace = n_key;
if (!GREEDY_REALLOC(key, key_alloc, n_key+2)) {
r = -ENOMEM;
goto fail;
}
if (!GREEDY_REALLOC(key, key_alloc, n_key+2))
return -ENOMEM;
key[n_key++] = c;
}
......@@ -456,7 +451,7 @@ static int parse_env_file_internal(
r = push(fname, line, key, value, userdata, n_pushed);
if (r < 0)
goto fail;
return r;
n_key = 0;
value = NULL;
......@@ -471,10 +466,8 @@ static int parse_env_file_internal(
else if (!strchr(WHITESPACE, c)) {
state = VALUE;
if (!GREEDY_REALLOC(value, value_alloc, n_value+2)) {
r = -ENOMEM;
goto fail;
}
if (!GREEDY_REALLOC(value, value_alloc, n_value+2))
return -ENOMEM;
value[n_value++] = c;
}
......@@ -501,7 +494,7 @@ static int parse_env_file_internal(
r = push(fname, line, key, value, userdata, n_pushed);
if (r < 0)
goto fail;
return r;
n_key = 0;
value = NULL;
......@@ -516,10 +509,8 @@ static int parse_env_file_internal(
else if (last_value_whitespace == (size_t) -1)
last_value_whitespace = n_value;
if (!GREEDY_REALLOC(value, value_alloc, n_value+2)) {
r = -ENOMEM;
goto fail;
}
if (!GREEDY_REALLOC(value, value_alloc, n_value+2))
return -ENOMEM;
value[n_value++] = c;
}
......@@ -531,10 +522,8 @@ static int parse_env_file_internal(
if (!strchr(newline, c)) {
/* Escaped newlines we eat up entirely */
if (!GREEDY_REALLOC(value, value_alloc, n_value+2)) {
r = -ENOMEM;
goto fail;
}
if (!GREEDY_REALLOC(value, value_alloc, n_value+2))
return -ENOMEM;
value[n_value++] = c;
}
......@@ -546,10 +535,8 @@ static int parse_env_file_internal(
else if (c == '\\')
state = SINGLE_QUOTE_VALUE_ESCAPE;
else {
if (!GREEDY_REALLOC(value, value_alloc, n_value+2)) {
r = -ENOMEM;
goto fail;
}
if (!GREEDY_REALLOC(value, value_alloc, n_value+2))
return -ENOMEM;
value[n_value++] = c;
}
......@@ -560,10 +547,8 @@ static int parse_env_file_internal(
state = SINGLE_QUOTE_VALUE;
if (!strchr(newline, c)) {
if (!GREEDY_REALLOC(value, value_alloc, n_value+2)) {
r = -ENOMEM;
goto fail;
}
if (!GREEDY_REALLOC(value, value_alloc, n_value+2))
return -ENOMEM;
value[n_value++] = c;
}
......@@ -575,10 +560,8 @@ static int parse_env_file_internal(
else if (c == '\\')
state = DOUBLE_QUOTE_VALUE_ESCAPE;
else {
if (!GREEDY_REALLOC(value, value_alloc, n_value+2)) {
r = -ENOMEM;
goto fail;
}
if (!GREEDY_REALLOC(value, value_alloc, n_value+2))
return -ENOMEM;
value[n_value++] = c;
}
......@@ -589,10 +572,8 @@ static int parse_env_file_internal(
state = DOUBLE_QUOTE_VALUE;
if (!strchr(newline, c)) {
if (!GREEDY_REALLOC(value, value_alloc, n_value+2)) {
r = -ENOMEM;
goto fail;
}
if (!GREEDY_REALLOC(value, value_alloc, n_value+2))
return -ENOMEM;
value[n_value++] = c;
}
......@@ -637,14 +618,12 @@ static int parse_env_file_internal(
r = push(fname, line, key, value, userdata, n_pushed);
if (r < 0)
goto fail;
return r;
value = NULL;
}
return 0;
fail:
free(value);
return r;
}
static int check_utf8ness_and_warn(
......@@ -1465,8 +1444,7 @@ int open_tmpfile_linkable(const char *target, int flags, char **ret_path) {
if (fd < 0)
return -errno;
*ret_path = tmp;
tmp = NULL;
*ret_path = TAKE_PTR(tmp);
return fd;
}
......@@ -1552,8 +1530,7 @@ int read_nul_string(FILE *f, char **ret) {
return -ENOMEM;
}
*ret = x;
x = NULL;
*ret = TAKE_PTR(x);
return 0;
}
......
src/systemd/src/basic/fs-util.c
View file @ c4048d4d
......@@ -465,10 +465,8 @@ int get_files_in_directory(const char *path, char ***list) {
n++;
}
if (list) {
*list = l;
l = NULL; /* avoid freeing */
}
if (list)
*list = TAKE_PTR(l);
return n;
}
......@@ -586,6 +584,10 @@ int inotify_add_watch_fd(int fd, int what, uint32_t mask) {
return r;
}
static bool noop_root(const char *root) {
return isempty(root) || path_equal(root, "/");
}
static bool safe_transition(const struct stat *a, const struct stat *b) {
/* Returns true if the transition from a to b is safe, i.e. that we never transition from unprivileged to
* privileged files or directories. Why bother? So that unprivileged code can't symlink to privileged files
......@@ -636,9 +638,19 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags,
* specified path. */
/* A root directory of "/" or "" is identical to none */
if (isempty(original_root) || path_equal(original_root, "/"))
if (noop_root(original_root))
original_root = NULL;
if (!original_root && !ret && (flags & (CHASE_NONEXISTENT|CHASE_NO_AUTOFS|CHASE_SAFE|CHASE_OPEN)) == CHASE_OPEN) {
/* Shortcut the CHASE_OPEN case if the caller isn't interested in the actual path and has no root set
* and doesn't care about any of the other special features we provide either. */
r = open(path, O_PATH|O_CLOEXEC);
if (r < 0)
return -errno;
return r;
}
if (original_root) {
r = path_make_absolute_cwd(original_root, &root);
if (r < 0)
......@@ -692,8 +704,10 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags,
/* Just a single slash? Then we reached the end. */
if (path_equal(first, "/")) {
/* Preserve the trailing slash */
if (!strextend(&done, "/", NULL))
return -ENOMEM;
if (flags & CHASE_TRAIL_SLASH)
if (!strextend(&done, "/", NULL))
return -ENOMEM;
break;
}
......@@ -739,8 +753,7 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags,
}
safe_close(fd);
fd = fd_parent;
fd_parent = -1;
fd = TAKE_FD(fd_parent);
continue;
}
......@@ -845,10 +858,9 @@ int chase_symlinks(const char *path, const char *original_root, unsigned flags,
}
/* If this is not a symlink, then let's just add the name we read to what we already verified. */
if (!done) {
done = first;
first = NULL;
} else {