From 2fd79b158944467849f2417034955ebc31a5512b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 29 Apr 2025 14:47:59 +0200 Subject: [PATCH 1/8] coredump: restore compatibility with older patterns This was broken in f45b8015513d38ee5f7cc361db9c5b88c9aae704. Unfortunately the review does not talk about backward compatibility at all. There are two places where it matters: - During upgrades, the replacement of kernel.core_pattern is asynchronous. For example, during rpm upgrades, it would be updated a post-transaction file trigger. In other scenarios, the update might only happen after reboot. We have a potentially long window where the old pattern is in place. We need to capture coredumps during upgrades too. - With --backtrace. The interface of --backtrace, in hindsight, is not great. But there are users of --backtrace which were written to use a specific set of arguments, and we can't just break compatiblity. One example is systemd-coredump-python, but there are also reports of users using --backtrace to generate coredump logs. Thus, we require the original set of args, and will use the additional args if found. A test is added to verify that --backtrace works with and without the optional args. (cherry picked from commit ded0aac389e647d35bce7ec4a48e718d77c0435b) (cherry picked from commit f9b8b75c11bba9b63096904be98cc529c304eb97) (cherry picked from commit 385a33b043406ad79a7207f3906c3b15192a3333) --- src/coredump/coredump.c | 21 ++++++++++++++------- test/units/testsuite-74.coredump.sh | 18 +++++++++++------- 2 files changed, 25 insertions(+), 14 deletions(-) diff --git a/src/coredump/coredump.c b/src/coredump/coredump.c index b6ca6f03b0e..026e0111cef 100644 --- a/src/coredump/coredump.c +++ b/src/coredump/coredump.c @@ -95,8 +95,12 @@ enum { META_ARGV_SIGNAL, /* %s: number of signal causing dump */ META_ARGV_TIMESTAMP, /* %t: time of dump, expressed as seconds since the Epoch (we expand this to μs granularity) */ META_ARGV_RLIMIT, /* %c: core file size soft resource limit */ - META_ARGV_HOSTNAME, /* %h: hostname */ + _META_ARGV_REQUIRED, + /* The fields below were added to kernel/core_pattern at later points, so they might be missing. */ + META_ARGV_HOSTNAME = _META_ARGV_REQUIRED, /* %h: hostname */ _META_ARGV_MAX, + /* If new fields are added, they should be added here, to maintain compatibility + * with callers which don't know about the new fields. */ /* The following indexes are cached for a couple of special fields we use (and * thereby need to be retrieved quickly) for naming coredump files, and attaching @@ -107,7 +111,7 @@ enum { _META_MANDATORY_MAX, /* The rest are similar to the previous ones except that we won't fail if one of - * them is missing. */ + * them is missing in a message sent over the socket. */ META_EXE = _META_MANDATORY_MAX, META_UNIT, @@ -1169,14 +1173,17 @@ static int gather_pid_metadata_from_argv( assert(context); /* We gather all metadata that were passed via argv[] into an array of iovecs that - * we'll forward to the socket unit */ + * we'll forward to the socket unit. + * + * We require at least _META_ARGV_REQUIRED args, but will accept more. + * We know how to parse _META_ARGV_MAX args. The rest will be ignored. */ - if (argc < _META_ARGV_MAX) + if (argc < _META_ARGV_REQUIRED) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "Not enough arguments passed by the kernel (%i, expected %i).", - argc, _META_ARGV_MAX); + "Not enough arguments passed by the kernel (%i, expected between %i and %i).", + argc, _META_ARGV_REQUIRED, _META_ARGV_MAX); - for (int i = 0; i < _META_ARGV_MAX; i++) { + for (int i = 0; i < MIN(argc, _META_ARGV_MAX); i++) { t = argv[i]; diff --git a/test/units/testsuite-74.coredump.sh b/test/units/testsuite-74.coredump.sh index 6552643ee96..d9945b61d41 100755 --- a/test/units/testsuite-74.coredump.sh +++ b/test/units/testsuite-74.coredump.sh @@ -186,14 +186,18 @@ rm -f /tmp/core.{output,redirected} (! "${UNPRIV_CMD[@]}" coredumpctl dump "$CORE_TEST_BIN" >/dev/null) # --backtrace mode -# Pass one of the existing journal coredump records to systemd-coredump and -# use our PID as the source to make matching the coredump later easier -# systemd-coredump args: PID UID GID SIGNUM TIMESTAMP CORE_SOFT_RLIMIT HOSTNAME +# Pass one of the existing journal coredump records to systemd-coredump. +# Use our PID as the source to be able to create a PIDFD and to make matching easier. +# systemd-coredump args: PID UID GID SIGNUM TIMESTAMP CORE_SOFT_RLIMIT [HOSTNAME] journalctl -b -n 1 --output=export --output-fields=MESSAGE,COREDUMP COREDUMP_EXE="/usr/bin/test-dump" | - /usr/lib/systemd/systemd-coredump --backtrace $$ 0 0 6 1679509994 12345 mymachine -# Wait a bit for the coredump to get processed -timeout 30 bash -c "while [[ \$(coredumpctl list -q --no-legend $$ | wc -l) -eq 0 ]]; do sleep 1; done" -coredumpctl info "$$" + /usr/lib/systemd/systemd-coredump --backtrace $$ 0 0 6 1679509900 12345 +journalctl -b -n 1 --output=export --output-fields=MESSAGE,COREDUMP COREDUMP_EXE="/usr/bin/test-dump" | + /usr/lib/systemd/systemd-coredump --backtrace $$ 0 0 6 1679509901 12345 mymachine +# Wait a bit for the coredumps to get processed +timeout 30 bash -c "while [[ \$(coredumpctl list -q --no-legend $$ | wc -l) -lt 2 ]]; do sleep 1; done" +coredumpctl info $$ +coredumpctl info COREDUMP_TIMESTAMP=1679509900000000 +coredumpctl info COREDUMP_TIMESTAMP=1679509901000000 coredumpctl info COREDUMP_HOSTNAME="mymachine" # This used to cause a stack overflow From 1f8bfff1712d92cadb8e9df134f1b3a9fecec617 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Fri, 9 May 2025 16:33:12 +0900 Subject: [PATCH 2/8] TEST-73-LOCALE: skip lv keymap and friends The following failure should be in libxkbcommon and/or sanitizer. There is nothing we can do here. Let's skip it. ``` TEST-73-LOCALE.sh[3733]: + assert_rc 0 localectl set-keymap lv TEST-73-LOCALE.sh[6699]: + set +ex TEST-73-LOCALE.sh[6700]: Failed to set keymap: Remote peer disconnected TEST-73-LOCALE.sh[6703]: FAIL: expected: '0' actual: '1' TEST-73-LOCALE.sh[157]: + rm -f /etc/dbus-1/system.d/systemd-localed-read-only.conf [FAILED] Failed to start TEST-73-LOCALE.service - TEST-73-LOCALE. ``` ``` ==3719==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fa51f161000 at pc 0x7fa521250be4 bp 0x7ffe49130a80 sp 0x7ffe49130240 READ of size 19126 at 0x7fa51f161000 thread T0 #0 0x7fa521250be3 in strndup (/usr/lib/clang/20/lib/x86_64-redhat-linux-gnu/libclang_rt.asan.so+0x50be3) (BuildId: aa6231e817f72469c44a6c6cee9f0694a87db7fb) #1 0x7fa51f128325 (/lib64/libxkbcommon.so.0+0x1c325) (BuildId: 72e8cb985db37963272d140f7b2aee551c465ff5) #2 0x7fa51f121952 (/lib64/libxkbcommon.so.0+0x15952) (BuildId: 72e8cb985db37963272d140f7b2aee551c465ff5) #3 0x7fa51f123d3a (/lib64/libxkbcommon.so.0+0x17d3a) (BuildId: 72e8cb985db37963272d140f7b2aee551c465ff5) #4 0x7fa51f117c86 (/lib64/libxkbcommon.so.0+0xbc86) (BuildId: 72e8cb985db37963272d140f7b2aee551c465ff5) #5 0x7fa51f12548f (/lib64/libxkbcommon.so.0+0x1948f) (BuildId: 72e8cb985db37963272d140f7b2aee551c465ff5) #6 0x7fa51f125c9e (/lib64/libxkbcommon.so.0+0x19c9e) (BuildId: 72e8cb985db37963272d140f7b2aee551c465ff5) #7 0x7fa51f126a59 (/lib64/libxkbcommon.so.0+0x1aa59) (BuildId: 72e8cb985db37963272d140f7b2aee551c465ff5) #8 0x7fa51f12cec6 (/lib64/libxkbcommon.so.0+0x20ec6) (BuildId: 72e8cb985db37963272d140f7b2aee551c465ff5) #9 0x7fa51f12e3c2 (/lib64/libxkbcommon.so.0+0x223c2) (BuildId: 72e8cb985db37963272d140f7b2aee551c465ff5) #10 0x7fa51f12a4e5 in xkb_keymap_new_from_names (/lib64/libxkbcommon.so.0+0x1e4e5) (BuildId: 72e8cb985db37963272d140f7b2aee551c465ff5) #11 0x5574dd63f864 in verify_xkb_rmlvo /usr/src/debug/systemd/src/locale/xkbcommon-util.c:69:14 (snip) ``` (cherry picked from commit 18609909d93a4d17e962b47e51fffe38845e99f5) (cherry picked from commit 5d7d60b8dd01282adbe89084b479a51aaff4cf47) (cherry picked from commit 0c27a6f4b40d0e888cd93aa6120e379c88b8e0c4) --- test/units/testsuite-73.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/test/units/testsuite-73.sh b/test/units/testsuite-73.sh index 2e11ce2c511..f78295ba93a 100755 --- a/test/units/testsuite-73.sh +++ b/test/units/testsuite-73.sh @@ -240,6 +240,10 @@ testcase_vc_keymap() { for i in $(localectl list-keymaps); do # set VC keymap + + # Skip lv keymap and friends, otherwise the sanitizer detects heap-buffer-overflow in libxkbcommon. + [[ "$i" =~ ^lv ]] && continue + assert_rc 0 localectl set-keymap "$i" output=$(localectl) From 1c9019cd5dc8fbaf763d31e200e62f8e16c0c78f Mon Sep 17 00:00:00 2001 From: Mike Yuan Date: Wed, 14 May 2025 18:47:16 +0200 Subject: [PATCH 3/8] man/systemd-run: --wait shows more than CPU accounting data (cherry picked from commit 72594d6771a68fbb7d5ebe1d004f4d942a1fac97) (cherry picked from commit b7acbc464b38e1bee42a993b1bd0346d8e5c186f) (cherry picked from commit ec41f08261f0243e0c8b463cbb7f82eebde45e07) --- man/systemd-run.xml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/man/systemd-run.xml b/man/systemd-run.xml index 776dc772936..c4406469f73 100644 --- a/man/systemd-run.xml +++ b/man/systemd-run.xml @@ -470,9 +470,10 @@ start request for the transient unit is verified, enqueued, and waited for. Subsequently the invoked unit is monitored, and it is waited until it is deactivated again (most likely because the specified command completed). On exit, terse information about the unit's runtime is shown, including total runtime (as well as - CPU usage, if was set) and the exit code and status of the main - process. This output may be suppressed with . This option may not be combined with - , or the various path, socket, or timer options. + CPU, memory, IO, and IP accounting data, if the corresponding cgroup accounting settings are enabled) + and the exit code and status of the main process. This output may be suppressed with . + This option may not be combined with , or the various + path, socket, or timer options. From 756c84d173a39d31c4cdf1dd63e9383903f0db8d Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 15 May 2025 09:44:02 +0200 Subject: [PATCH 4/8] man: correct version information when $REMOTE_ADDR/$REMOTE_PORT where added This was in commit 3b1c524154c876aecebc98787975cc2943100210, i.e. in the v220 cycle. (cherry picked from commit 3bdcd994cd707bcf34664edaa21afff6025d15d2) (cherry picked from commit 89b4f52775fdd455990a54094bf61d5f71c7d4ed) (cherry picked from commit f9f66bef6d98e7bab1ff27ed268ec529f2ef205f) --- man/systemd.exec.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 7971951514a..b612accc516 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -4096,7 +4096,7 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX unit with Accept=yes), these environment variables contain the IP address and port number of the remote peer of the socket connection. - + From d4b113af8844764b64cf375256d9c108f6752d3e Mon Sep 17 00:00:00 2001 From: TheHillBright <150074496+TheHillBright@users.noreply.github.com> Date: Wed, 21 May 2025 18:38:12 +0800 Subject: [PATCH 5/8] journald: clarify doc for usage-related values cap (#37528) The old description makes users wrongly assume that the cap of 4G applied, even when the user specifies a value that will result in higher than 4G. This commit avoids this misunderstanding. (cherry picked from commit 33084145315029775748a89da836465783d65bb3) (cherry picked from commit 137d765b2d01dc93a0ec182654ddf4b9b4114bcf) (cherry picked from commit a7490f121fbecf34d2201d40c238073e1263009c) --- man/journald.conf.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/journald.conf.xml b/man/journald.conf.xml index e150d04dcff..6cc940ac0c3 100644 --- a/man/journald.conf.xml +++ b/man/journald.conf.xml @@ -266,7 +266,7 @@ and use the smaller of the two values. The first pair defaults to 10% and the second to 15% of - the size of the respective file system, but each value is + the size of the respective file system, but each of the calculated default values is capped to 4G. If the file system is nearly full and either SystemKeepFree= or RuntimeKeepFree= are violated when From e425b317854fb12e3e1131954e0c2c810eec00bf Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 23 May 2025 12:15:45 +0200 Subject: [PATCH 6/8] homed: generate proper error if we cannot create mountpoint for homedir Let's make this easier to debug. (When this failed for me due to disk full it took me a bit to figure out what was going on.) (cherry picked from commit 5b759bf5fd3a915a5b4756590caff7faf43a9693) (cherry picked from commit 8158c87c36d5725818a2a9cda4270b8839553f86) (cherry picked from commit 6d33cf046a2064dd11ca9a1ee6d8f2d2356f4f10) --- src/home/homework-mount.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/home/homework-mount.c b/src/home/homework-mount.c index 28f09b939fe..97e26b9d7e0 100644 --- a/src/home/homework-mount.c +++ b/src/home/homework-mount.c @@ -142,7 +142,9 @@ int home_move_mount(const char *mount_suffix, const char *target) { } else d = HOME_RUNTIME_WORK_DIR; - (void) mkdir_p(target, 0700); + r = mkdir_p(target, 0700); + if (r < 0) + return log_error_errno(r, "Failed to create directory '%s': %m", target); r = mount_nofollow_verbose(LOG_ERR, d, target, NULL, MS_BIND, NULL); if (r < 0) From 78ed58a6650e8752d0b0ca1dc60ff13c58f29845 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 27 May 2025 14:56:32 +0100 Subject: [PATCH 7/8] test: fix test_qdisc_tbf regex with iproute2 v6.15 iproute2 v6.15 fixed some rounding errors in the reported stats: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=d947f365602b30657d1b797e7464000d0ab88d5a so the current regex doesn't work anymore. Fix it to check for both old and new values. systemd-networkd-tests.py[523]: FAIL: test_qdisc_tbf (__main__.NetworkdTCTests.test_qdisc_tbf) systemd-networkd-tests.py[523]: ---------------------------------------------------------------------- systemd-networkd-tests.py[523]: Traceback (most recent call last): systemd-networkd-tests.py[523]: File "/usr/lib/systemd/tests/testdata/test-network/systemd-networkd-tests.py", line 5402, in test_qdisc_tbf systemd-networkd-tests.py[523]: self.assertRegex(output, 'rate 1Gbit burst 5000b peakrate 100Gbit minburst 987500b lat 70(.0)?ms') systemd-networkd-tests.py[523]: ~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ systemd-networkd-tests.py[523]: AssertionError: Regex didn't match: 'rate 1Gbit burst 5000b peakrate 100Gbit minburst 987500b lat 70(.0)?ms' not found in 'qdisc tbf 35: root refcnt 2 rate 1Gbit burst 5000b peakrate 100Gbit minburst 999200b lat 70ms \nqdisc pfifo 37: parent 35: limit 100000p' (cherry picked from commit f9a85b74903f5588d08f54ea7d9b53edc639b824) (cherry picked from commit 6e67969b10d111177f72a53f9f7158bf9f14d2a3) (cherry picked from commit 587f84aad9628733d31a9be0ce78f43ba3e1c3d6) --- test/test-network/systemd-networkd-tests.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/test-network/systemd-networkd-tests.py b/test/test-network/systemd-networkd-tests.py index ba3af61f5e0..bd9c896c8d3 100755 --- a/test/test-network/systemd-networkd-tests.py +++ b/test/test-network/systemd-networkd-tests.py @@ -4272,7 +4272,7 @@ def test_qdisc_tbf(self): output = check_output('tc qdisc show dev dummy98') print(output) self.assertRegex(output, 'qdisc tbf 35: root') - self.assertRegex(output, 'rate 1Gbit burst 5000b peakrate 100Gbit minburst 987500b lat 70(.0)?ms') + self.assertRegex(output, 'rate 1Gbit burst 5000b peakrate 100Gbit minburst (987500b|999200b) lat 70(.0)?ms') @expectedFailureIfModuleIsNotAvailable('sch_teql') def test_qdisc_teql(self): From 345253f935d6f1b0928866804618c51f29f53cef Mon Sep 17 00:00:00 2001 From: Mike Yuan Date: Sat, 17 May 2025 16:59:32 +0200 Subject: [PATCH 8/8] core/manager: do not pop gc_unit_queue before unit_gc_sweep() Follow-up for 52e3671bf7e6321c58c6d3a6c8ad8e167259a569 unit_gc_sweep() might try to add the unit to gc queue again. While that becomes no-op as Unit.in_gc_queue is not cleared yet, it induces minor inconsistency of states. (cherry picked from commit 741a184a31127305fb4363833ca9d97a1057fc68) (cherry picked from commit 9645e946f9e323965116d89fce8009cc86418c9d) (cherry picked from commit 4dde8c94854754c1cb43d5d0adb5cb8085853c40) --- src/core/manager.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/core/manager.c b/src/core/manager.c index 9448cde3726..bb5815d4337 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -1364,7 +1364,6 @@ static void unit_gc_sweep(Unit *u, unsigned gc_marker) { static unsigned manager_dispatch_gc_unit_queue(Manager *m) { unsigned n = 0, gc_marker; - Unit *u; assert(m); @@ -1376,11 +1375,13 @@ static unsigned manager_dispatch_gc_unit_queue(Manager *m) { gc_marker = m->gc_marker; - while ((u = LIST_POP(gc_queue, m->gc_unit_queue))) { + Unit *u; + while ((u = m->gc_unit_queue)) { assert(u->in_gc_queue); unit_gc_sweep(u, gc_marker); + LIST_REMOVE(gc_queue, m->gc_unit_queue, u); u->in_gc_queue = false; n++;